RIL - Scan network - get all neighboring cell identity - privileged app
426 views
Skip to first unread message
vit...@1-family.net
Jul 25, 2018, 10:35:05 AM7/25/18
to android-platform
Hello everyone,
I would appreciate any suggestion for a problem I'm struggling with:
I'm developing a privileged system app to scan the network and get identity of all neighboring cells.
I've tried using the new TelephonyManager.requestNetworkScan API in Android P for this task.
After executing the API on Pixel 2, I get scan results, but they don't contain a valid cell identity information. All values, such as mnc, earfcn/uarfcn, bandwidth, etc return either as 0, null or max int.
Traced it through the layers to ril, seems that the modem returns the results this way.
telephonyManager.getAllCellInfo does have valid identity results, but only of 6 specific cells, and cannot be refreshed.
Tried to send AT commands directly to the modem (Snapdragon X16 LTE), and successfully managed to get neighboring cell operators,
but not relevant identity information, and can't find proper documentation anywhere for the right AT command to send.
extract from radio's logcat:
Would really appreciate any idea!
I would appreciate any suggestion for a problem I'm struggling with:
I'm developing a privileged system app to scan the network and get identity of all neighboring cells.
I've tried using the new TelephonyManager.requestNetworkScan API in Android P for this task.
After executing the API on Pixel 2, I get scan results, but they don't contain a valid cell identity information. All values, such as mnc, earfcn/uarfcn, bandwidth, etc return either as 0, null or max int.
Traced it through the layers to ril, seems that the modem returns the results this way.
telephonyManager.getAllCellInfo does have valid identity results, but only of 6 specific cells, and cannot be refreshed.
Tried to send AT commands directly to the modem (Snapdragon X16 LTE), and successfully managed to get neighboring cell operators,
but not relevant identity information, and can't find proper documentation anywhere for the right AT command to send.
Ruled out SIM issue - the same error happens with 3 different SIMs, successfully scanning the network form settings app for example.
An extract of the code:
TelephonyManager telephonyManager = (TelephonyManager) getApplicationContext()
.getSystemService(Context.TELEPHONY_SERVICE);
radioAccessSpecifiers = new RadioAccessSpecifier[1];
radioAccessSpecifiers[0] = new RadioAccessSpecifier(
AccessNetworkConstants.AccessNetworkType.EUTRAN,
null,
null);
networkScanRequest = new NetworkScanRequest(
NetworkScanRequest.SCAN_TYPE_ONE_SHOT,
radioAccessSpecifiers,
30,
300,
true,
3,
null);
telephonyManager.requestNetworkScan(networkScanRequest, AsyncTask.SERIAL_EXECUTOR,new RadioCallback());extract from radio's logcat:
07-24 17:33:15.339 1584 1584 D RILJ : [4548]> RIL_REQUEST_START_NETWORK_SCAN [SUB0]
07-24
17:33:15.347 1584 1708 D RILJ : [4548]<
RIL_REQUEST_START_NETWORK_SCAN
com.android.internal.telephony.NetworkScanResult@1f [SUB0]
07-24 17:33:32.035 938 1233 D RILC : networkScanResultInd
07-24 17:33:32.053 1584 1708 D RILJ : Unsol response received; Sending ack to ril.cpp [SUB0]
07-24 17:33:32.054 1584 1708 W CellIdentityLte: invalid MNC format: 1
07-24 17:33:32.055 1584 1708 W CellIdentityLte: invalid MNC format: 2
07-24 17:33:32.056 1584 1708 W CellIdentityLte: invalid MNC format: 8
07-24 17:33:32.057 1584 1708 W CellIdentityLte: invalid MNC format: 7
07-24 17:33:32.058 1584 1708 W CellIdentityLte: invalid MNC format: 3
07-24 17:33:32.059 1584 1708 W CellIdentityLte: invalid MNC format: 9
07-24
17:33:32.062 1584 1708 D RILJ : [UNSL]<
RIL_UNSOL_NETWORK_SCAN_RESULT
com.android.internal.telephony.NetworkScanResult@a046359e [SUB0]
07-24 17:33:32.080 6254 6342 D TelephonyScanManager: onResults: [Landroid.telephony.CellInfo;@cccc91c
07-24 17:33:32.082 6254 6343 D TelephonyScanManager: onCompleteWould really appreciate any idea!
Avtar Singh
Jul 25, 2018, 4:49:10 PM7/25/18
to android-...@googlegroups.com
I don’t think there is an easy way to achieve this. You may have to work at the native service level (C/C++), and may be with the RIL driver which, even in Pixel-2, should be proprietary.
I may be wrong- situation might have changed over the last couple of years.
- Av
--
You received this message because you are subscribed to the Google Groups "android-platform" group.
To unsubscribe from this group and stop receiving emails from it, send an email to android-platfo...@googlegroups.com.
To post to this group, send email to android-...@googlegroups.com.
Visit this group at https://groups.google.com/group/android-platform.
For more options, visit https://groups.google.com/d/optout.
Vitaliy Freidovich
Jul 26, 2018, 8:20:11 AM7/26/18
to android-...@googlegroups.com
Hi Avtar,
Thx for your repsonse!
I don't mind working on that level,
currently I'm not convinced if I could get better results executing the request directly, and wonder if the modem (qualcomm x16 lte) has this capability at all.. I went over all the AT commands the modem is reporting to support, and with the lack of documentation didn't find the right one so far..
How would you have approached it?
Thx!
VitaliyAvtar Singh
Jul 26, 2018, 2:30:33 PM7/26/18
to android-...@googlegroups.com
Hi Vitaliy,
RIL drivers are proprietary AFAIK, and the communication of the RIL daemon with the HAL and the system service is kept minimal/jumbled up by design. I dont think even modifying the log levels will help much, unless you modify the code that receives the output of RIL and try to decode/hack it somehow.
I dont have any specific suggestion to offer about any approach- unless you have some access to the communication driver or chipset (relationship with qualcomm?). That could be a decent starting point.
There are other experts in this group- I hope someone replies.
Iba You
Jul 26, 2018, 3:00:49 PM7/26/18
to android-...@googlegroups.com
เมื่อ 27 ก.ค. 2018 02:30 น. "Avtar Singh" <s.a...@gmail.com> เขียนว่า
Reply all
Reply to author
Forward
0 new messages