1 /*
2 * Copyright (C) 2008 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #define LOG_TAG "CameraService"
18 #define ATRACE_TAG ATRACE_TAG_CAMERA
19 //#define LOG_NDEBUG 0
20
21 #include <algorithm>
22 #include <climits>
23 #include <stdio.h>
24 #include <cstring>
25 #include <ctime>
26 #include <string>
27 #include <sys/types.h>
28 #include <inttypes.h>
29 #include <pthread.h>
30
31 #include <android/hardware/ICamera.h>
32 #include <android/hardware/ICameraClient.h>
33
34 #include <android-base/macros.h>
35 #include <android-base/parseint.h>
36 #include <android-base/stringprintf.h>
37 #include <binder/ActivityManager.h>
38 #include <binder/AppOpsManager.h>
39 #include <binder/IPCThreadState.h>
40 #include <binder/IServiceManager.h>
41 #include <binder/MemoryBase.h>
42 #include <binder/MemoryHeapBase.h>
43 #include <binder/PermissionController.h>
44 #include <binder/ProcessInfoService.h>
45 #include <binder/IResultReceiver.h>
46 #include <cutils/atomic.h>
47 #include <cutils/properties.h>
48 #include <cutils/misc.h>
49 #include <gui/Surface.h>
50 #include <hardware/hardware.h>
51 #include "hidl/HidlCameraService.h"
52 #include <hidl/HidlTransportSupport.h>
53 #include <hwbinder/IPCThreadState.h>
54 #include <memunreachable/memunreachable.h>
55 #include <media/AudioSystem.h>
56 #include <media/IMediaHTTPService.h>
57 #include <media/mediaplayer.h>
58 #include <mediautils/BatteryNotifier.h>
59 #include <sensorprivacy/SensorPrivacyManager.h>
60 #include <utils/Errors.h>
61 #include <utils/Log.h>
62 #include <utils/String16.h>
63 #include <utils/SystemClock.h>
64 #include <utils/Trace.h>
65 #include <private/android_filesystem_config.h>
66 #include <system/camera_vendor_tags.h>
67 #include <system/camera_metadata.h>
68
69 #include <system/camera.h>
70
71 #include "CameraService.h"
72 #include "api1/CameraClient.h"
73 #include "api1/Camera2Client.h"
74 #include "api2/CameraDeviceClient.h"
75 #include "utils/CameraTraces.h"
76 #include "utils/TagMonitor.h"
77 #include "utils/CameraThreadState.h"
78
79 namespace {
80 const char* kPermissionServiceName = "permission";
81 }; // namespace anonymous
82
83 namespace android {
84
85 using base::StringPrintf;
86 using binder::Status;
87 using frameworks::cameraservice::service::V2_0::implementation::HidlCameraService;
88 using hardware::ICamera;
89 using hardware::ICameraClient;
90 using hardware::ICameraServiceProxy;
91 using hardware::ICameraServiceListener;
92 using hardware::camera::common::V1_0::CameraDeviceStatus;
93 using hardware::camera::common::V1_0::TorchModeStatus;
94
95 // ----------------------------------------------------------------------------
96 // Logging support -- this is for debugging only
97 // Use "adb shell dumpsys media.camera -v 1" to change it.
98 volatile int32_t gLogLevel = 0;
99
100 #define LOG1(...) ALOGD_IF(gLogLevel >= 1, __VA_ARGS__);
101 #define LOG2(...) ALOGD_IF(gLogLevel >= 2, __VA_ARGS__);
102
setLogLevel(int level)103 static void setLogLevel(int level) {
104 android_atomic_write(level, &gLogLevel);
105 }
106
107 // Convenience methods for constructing binder::Status objects for error returns
108
109 #define STATUS_ERROR(errorCode, errorString) \
110 binder::Status::fromServiceSpecificError(errorCode, \
111 String8::format("%s:%d: %s", __FUNCTION__, __LINE__, errorString))
112
113 #define STATUS_ERROR_FMT(errorCode, errorString, ...) \
114 binder::Status::fromServiceSpecificError(errorCode, \
115 String8::format("%s:%d: " errorString, __FUNCTION__, __LINE__, \
116 __VA_ARGS__))
117
118 // ----------------------------------------------------------------------------
119
120 static const String16 sManageCameraPermission("android.permission.MANAGE_CAMERA");
121
122 // Matches with PERCEPTIBLE_APP_ADJ in ProcessList.java
123 static constexpr int32_t kVendorClientScore = 200;
124 // Matches with PROCESS_STATE_PERSISTENT_UI in ActivityManager.java
125 static constexpr int32_t kVendorClientState = 1;
126
127 Mutex CameraService::sProxyMutex;
128 sp<hardware::ICameraServiceProxy> CameraService::sCameraServiceProxy;
129
CameraService()130 CameraService::CameraService() :
131 mEventLog(DEFAULT_EVENT_LOG_LENGTH),
132 mNumberOfCameras(0),
133 mSoundRef(0), mInitialized(false) {
134 ALOGI("CameraService started (pid=%d)", getpid());
135 mServiceLockWrapper = std::make_shared<WaitableMutexWrapper>(&mServiceLock);
136 }
137
onFirstRef()138 void CameraService::onFirstRef()
139 {
140 ALOGI("CameraService process starting");
141
142 BnCameraService::onFirstRef();
143
144 // Update battery life tracking if service is restarting
145 BatteryNotifier& notifier(BatteryNotifier::getInstance());
146 notifier.noteResetCamera();
147 notifier.noteResetFlashlight();
148
149 status_t res = INVALID_OPERATION;
150
151 res = enumerateProviders();
152 if (res == OK) {
153 mInitialized = true;
154 }
155
156 CameraService::pingCameraServiceProxy();
157
158 mUidPolicy = new UidPolicy(this);
159 mUidPolicy->registerSelf();
160 mSensorPrivacyPolicy = new SensorPrivacyPolicy(this);
161 mSensorPrivacyPolicy->registerSelf();
162 sp<HidlCameraService> hcs = HidlCameraService::getInstance(this);
163 if (hcs->registerAsService() != android::OK) {
164 ALOGE("%s: Failed to register default android.frameworks.cameraservice.service@1.0",
165 __FUNCTION__);
166 }
167 }
168
enumerateProviders()169 status_t CameraService::enumerateProviders() {
170 status_t res;
171
172 std::vector<std::string> deviceIds;
173 {
174 Mutex::Autolock l(mServiceLock);
175
176 if (nullptr == mCameraProviderManager.get()) {
177 mCameraProviderManager = new CameraProviderManager();
178 res = mCameraProviderManager->initialize(this);
179 if (res != OK) {
180 ALOGE("%s: Unable to initialize camera provider manager: %s (%d)",
181 __FUNCTION__, strerror(-res), res);
182 return res;
183 }
184 }
185
186
187 // Setup vendor tags before we call get_camera_info the first time
188 // because HAL might need to setup static vendor keys in get_camera_info
189 // TODO: maybe put this into CameraProviderManager::initialize()?
190 mCameraProviderManager->setUpVendorTags();
191
192 if (nullptr == mFlashlight.get()) {
193 mFlashlight = new CameraFlashlight(mCameraProviderManager, this);
194 }
195
196 res = mFlashlight->findFlashUnits();
197 if (res != OK) {
198 ALOGE("Failed to enumerate flash units: %s (%d)", strerror(-res), res);
199 }
200
201 deviceIds = mCameraProviderManager->getCameraDeviceIds();
202 }
203
204
205 for (auto& cameraId : deviceIds) {
206 String8 id8 = String8(cameraId.c_str());
207 if (getCameraState(id8) == nullptr) {
208 onDeviceStatusChanged(id8, CameraDeviceStatus::PRESENT);
209 }
210 }
211
212 return OK;
213 }
214
getCameraServiceProxy()215 sp<ICameraServiceProxy> CameraService::getCameraServiceProxy() {
216 #ifndef __BRILLO__
217 Mutex::Autolock al(sProxyMutex);
218 if (sCameraServiceProxy == nullptr) {
219 sp<IServiceManager> sm = defaultServiceManager();
220 // Use checkService because cameraserver normally starts before the
221 // system server and the proxy service. So the long timeout that getService
222 // has before giving up is inappropriate.
223 sp<IBinder> binder = sm->checkService(String16("media.camera.proxy"));
224 if (binder != nullptr) {
225 sCameraServiceProxy = interface_cast<ICameraServiceProxy>(binder);
226 }
227 }
228 #endif
229 return sCameraServiceProxy;
230 }
231
pingCameraServiceProxy()232 void CameraService::pingCameraServiceProxy() {
233 sp<ICameraServiceProxy> proxyBinder = getCameraServiceProxy();
234 if (proxyBinder == nullptr) return;
235 proxyBinder->pingForUserUpdate();
236 }
237
broadcastTorchModeStatus(const String8 & cameraId,TorchModeStatus status)238 void CameraService::broadcastTorchModeStatus(const String8& cameraId, TorchModeStatus status) {
239 Mutex::Autolock lock(mStatusListenerLock);
240
241 for (auto& i : mListenerList) {
242 i.second->getListener()->onTorchStatusChanged(mapToInterface(status), String16{cameraId});
243 }
244 }
245
~CameraService()246 CameraService::~CameraService() {
247 VendorTagDescriptor::clearGlobalVendorTagDescriptor();
248 mUidPolicy->unregisterSelf();
249 mSensorPrivacyPolicy->unregisterSelf();
250 }
251
onNewProviderRegistered()252 void CameraService::onNewProviderRegistered() {
253 enumerateProviders();
254 }
255
updateCameraNumAndIds()256 void CameraService::updateCameraNumAndIds() {
257 Mutex::Autolock l(mServiceLock);
258 mNumberOfCameras = mCameraProviderManager->getCameraCount();
259 mNormalDeviceIds =
260 mCameraProviderManager->getAPI1CompatibleCameraDeviceIds();
261 }
262
addStates(const String8 id)263 void CameraService::addStates(const String8 id) {
264 std::string cameraId(id.c_str());
265 hardware::camera::common::V1_0::CameraResourceCost cost;
266 status_t res = mCameraProviderManager->getResourceCost(cameraId, &cost);
267 if (res != OK) {
268 ALOGE("Failed to query device resource cost: %s (%d)", strerror(-res), res);
269 return;
270 }
271 std::set<String8> conflicting;
272 for (size_t i = 0; i < cost.conflictingDevices.size(); i++) {
273 conflicting.emplace(String8(cost.conflictingDevices[i].c_str()));
274 }
275
276 {
277 Mutex::Autolock lock(mCameraStatesLock);
278 mCameraStates.emplace(id, std::make_shared<CameraState>(id, cost.resourceCost,
279 conflicting));
280 }
281
282 if (mFlashlight->hasFlashUnit(id)) {
283 Mutex::Autolock al(mTorchStatusMutex);
284 mTorchStatusMap.add(id, TorchModeStatus::AVAILABLE_OFF);
285
286 broadcastTorchModeStatus(id, TorchModeStatus::AVAILABLE_OFF);
287 }
288
289 updateCameraNumAndIds();
290 logDeviceAdded(id, "Device added");
291 }
292
removeStates(const String8 id)293 void CameraService::removeStates(const String8 id) {
294 updateCameraNumAndIds();
295 if (mFlashlight->hasFlashUnit(id)) {
296 Mutex::Autolock al(mTorchStatusMutex);
297 mTorchStatusMap.removeItem(id);
298 }
299
300 {
301 Mutex::Autolock lock(mCameraStatesLock);
302 mCameraStates.erase(id);
303 }
304 }
305
onDeviceStatusChanged(const String8 & id,CameraDeviceStatus newHalStatus)306 void CameraService::onDeviceStatusChanged(const String8& id,
307 CameraDeviceStatus newHalStatus) {
308 ALOGI("%s: Status changed for cameraId=%s, newStatus=%d", __FUNCTION__,
309 id.string(), newHalStatus);
310
311 StatusInternal newStatus = mapToInternal(newHalStatus);
312
313 std::shared_ptr<CameraState> state = getCameraState(id);
314
315 if (state == nullptr) {
316 if (newStatus == StatusInternal::PRESENT) {
317 ALOGI("%s: Unknown camera ID %s, a new camera is added",
318 __FUNCTION__, id.string());
319
320 // First add as absent to make sure clients are notified below
321 addStates(id);
322
323 updateStatus(newStatus, id);
324 } else {
325 ALOGE("%s: Bad camera ID %s", __FUNCTION__, id.string());
326 }
327 return;
328 }
329
330 StatusInternal oldStatus = state->getStatus();
331
332 if (oldStatus == newStatus) {
333 ALOGE("%s: State transition to the same status %#x not allowed", __FUNCTION__, newStatus);
334 return;
335 }
336
337 if (newStatus == StatusInternal::NOT_PRESENT) {
338 logDeviceRemoved(id, String8::format("Device status changed from %d to %d", oldStatus,
339 newStatus));
340
341 // Set the device status to NOT_PRESENT, clients will no longer be able to connect
342 // to this device until the status changes
343 updateStatus(StatusInternal::NOT_PRESENT, id);
344
345 sp<BasicClient> clientToDisconnect;
346 {
347 // Don't do this in updateStatus to avoid deadlock over mServiceLock
348 Mutex::Autolock lock(mServiceLock);
349
350 // Remove cached shim parameters
351 state->setShimParams(CameraParameters());
352
353 // Remove the client from the list of active clients, if there is one
354 clientToDisconnect = removeClientLocked(id);
355 }
356
357 // Disconnect client
358 if (clientToDisconnect.get() != nullptr) {
359 ALOGI("%s: Client for camera ID %s evicted due to device status change from HAL",
360 __FUNCTION__, id.string());
361 // Notify the client of disconnection
362 clientToDisconnect->notifyError(
363 hardware::camera2::ICameraDeviceCallbacks::ERROR_CAMERA_DISCONNECTED,
364 CaptureResultExtras{});
365 // Ensure not in binder RPC so client disconnect PID checks work correctly
366 LOG_ALWAYS_FATAL_IF(CameraThreadState::getCallingPid() != getpid(),
367 "onDeviceStatusChanged must be called from the camera service process!");
368 clientToDisconnect->disconnect();
369 }
370
371 removeStates(id);
372 } else {
373 if (oldStatus == StatusInternal::NOT_PRESENT) {
374 logDeviceAdded(id, String8::format("Device status changed from %d to %d", oldStatus,
375 newStatus));
376 }
377 updateStatus(newStatus, id);
378 }
379
380 }
381
onTorchStatusChanged(const String8 & cameraId,TorchModeStatus newStatus)382 void CameraService::onTorchStatusChanged(const String8& cameraId,
383 TorchModeStatus newStatus) {
384 Mutex::Autolock al(mTorchStatusMutex);
385 onTorchStatusChangedLocked(cameraId, newStatus);
386 }
387
onTorchStatusChangedLocked(const String8 & cameraId,TorchModeStatus newStatus)388 void CameraService::onTorchStatusChangedLocked(const String8& cameraId,
389 TorchModeStatus newStatus) {
390 ALOGI("%s: Torch status changed for cameraId=%s, newStatus=%d",
391 __FUNCTION__, cameraId.string(), newStatus);
392
393 TorchModeStatus status;
394 status_t res = getTorchStatusLocked(cameraId, &status);
395 if (res) {
396 ALOGE("%s: cannot get torch status of camera %s: %s (%d)",
397 __FUNCTION__, cameraId.string(), strerror(-res), res);
398 return;
399 }
400 if (status == newStatus) {
401 return;
402 }
403
404 res = setTorchStatusLocked(cameraId, newStatus);
405 if (res) {
406 ALOGE("%s: Failed to set the torch status to %d: %s (%d)", __FUNCTION__,
407 (uint32_t)newStatus, strerror(-res), res);
408 return;
409 }
410
411 {
412 // Update battery life logging for flashlight
413 Mutex::Autolock al(mTorchUidMapMutex);
414 auto iter = mTorchUidMap.find(cameraId);
415 if (iter != mTorchUidMap.end()) {
416 int oldUid = iter->second.second;
417 int newUid = iter->second.first;
418 BatteryNotifier& notifier(BatteryNotifier::getInstance());
419 if (oldUid != newUid) {
420 // If the UID has changed, log the status and update current UID in mTorchUidMap
421 if (status == TorchModeStatus::AVAILABLE_ON) {
422 notifier.noteFlashlightOff(cameraId, oldUid);
423 }
424 if (newStatus == TorchModeStatus::AVAILABLE_ON) {
425 notifier.noteFlashlightOn(cameraId, newUid);
426 }
427 iter->second.second = newUid;
428 } else {
429 // If the UID has not changed, log the status
430 if (newStatus == TorchModeStatus::AVAILABLE_ON) {
431 notifier.noteFlashlightOn(cameraId, oldUid);
432 } else {
433 notifier.noteFlashlightOff(cameraId, oldUid);
434 }
435 }
436 }
437 }
438
439 broadcastTorchModeStatus(cameraId, newStatus);
440 }
441
getNumberOfCameras(int32_t type,int32_t * numCameras)442 Status CameraService::getNumberOfCameras(int32_t type, int32_t* numCameras) {
443 ATRACE_CALL();
444 Mutex::Autolock l(mServiceLock);
445 switch (type) {
446 case CAMERA_TYPE_BACKWARD_COMPATIBLE:
447 *numCameras = static_cast<int>(mNormalDeviceIds.size());
448 break;
449 case CAMERA_TYPE_ALL:
450 *numCameras = mNumberOfCameras;
451 break;
452 default:
453 ALOGW("%s: Unknown camera type %d",
454 __FUNCTION__, type);
455 return STATUS_ERROR_FMT(ERROR_ILLEGAL_ARGUMENT,
456 "Unknown camera type %d", type);
457 }
458 return Status::ok();
459 }
460
getCameraInfo(int cameraId,CameraInfo * cameraInfo)461 Status CameraService::getCameraInfo(int cameraId,
462 CameraInfo* cameraInfo) {
463 ATRACE_CALL();
464 Mutex::Autolock l(mServiceLock);
465
466 if (!mInitialized) {
467 return STATUS_ERROR(ERROR_DISCONNECTED,
468 "Camera subsystem is not available");
469 }
470
471 if (cameraId < 0 || cameraId >= mNumberOfCameras) {
472 return STATUS_ERROR(ERROR_ILLEGAL_ARGUMENT,
473 "CameraId is not valid");
474 }
475
476 Status ret = Status::ok();
477 status_t err = mCameraProviderManager->getCameraInfo(
478 cameraIdIntToStrLocked(cameraId), cameraInfo);
479 if (err != OK) {
480 ret = STATUS_ERROR_FMT(ERROR_INVALID_OPERATION,
481 "Error retrieving camera info from device %d: %s (%d)", cameraId,
482 strerror(-err), err);
483 }
484
485 return ret;
486 }
487
cameraIdIntToStrLocked(int cameraIdInt)488 std::string CameraService::cameraIdIntToStrLocked(int cameraIdInt) {
489 if (cameraIdInt < 0 || cameraIdInt >= static_cast<int>(mNormalDeviceIds.size())) {
490 ALOGE("%s: input id %d invalid: valid range (0, %zu)",
491 __FUNCTION__, cameraIdInt, mNormalDeviceIds.size());
492 return std::string{};
493 }
494
495 return mNormalDeviceIds[cameraIdInt];
496 }
497
cameraIdIntToStr(int cameraIdInt)498 String8 CameraService::cameraIdIntToStr(int cameraIdInt) {
499 Mutex::Autolock lock(mServiceLock);
500 return String8(cameraIdIntToStrLocked(cameraIdInt).c_str());
501 }
502
getCameraCharacteristics(const String16 & cameraId,CameraMetadata * cameraInfo)503 Status CameraService::getCameraCharacteristics(const String16& cameraId,
504 CameraMetadata* cameraInfo) {
505 ATRACE_CALL();
506 if (!cameraInfo) {
507 ALOGE("%s: cameraInfo is NULL", __FUNCTION__);
508 return STATUS_ERROR(ERROR_ILLEGAL_ARGUMENT, "cameraInfo is NULL");
509 }
510
511 if (!mInitialized) {
512 ALOGE("%s: Camera HAL couldn't be initialized", __FUNCTION__);
513 return STATUS_ERROR(ERROR_DISCONNECTED,
514 "Camera subsystem is not available");;
515 }
516
517 Status ret{};
518
519 status_t res = mCameraProviderManager->getCameraCharacteristics(
520 String8(cameraId).string(), cameraInfo);
521 if (res != OK) {
522 return STATUS_ERROR_FMT(ERROR_INVALID_OPERATION, "Unable to retrieve camera "
523 "characteristics for device %s: %s (%d)", String8(cameraId).string(),
524 strerror(-res), res);
525 }
526
527 int callingPid = CameraThreadState::getCallingPid();
528 int callingUid = CameraThreadState::getCallingUid();
529 std::vector<int32_t> tagsRemoved;
530 // If it's not calling from cameraserver, check the permission.
531 if ((callingPid != getpid()) &&
532 !checkPermission(String16("android.permission.CAMERA"), callingPid, callingUid)) {
533 res = cameraInfo->removePermissionEntries(
534 mCameraProviderManager->getProviderTagIdLocked(String8(cameraId).string()),
535 &tagsRemoved);
536 if (res != OK) {
537 cameraInfo->clear();
538 return STATUS_ERROR_FMT(ERROR_INVALID_OPERATION, "Failed to remove camera"
539 " characteristics needing camera permission for device %s: %s (%d)",
540 String8(cameraId).string(), strerror(-res), res);
541 }
542 }
543
544 if (!tagsRemoved.empty()) {
545 res = cameraInfo->update(ANDROID_REQUEST_CHARACTERISTIC_KEYS_NEEDING_PERMISSION,
546 tagsRemoved.data(), tagsRemoved.size());
547 if (res != OK) {
548 cameraInfo->clear();
549 return STATUS_ERROR_FMT(ERROR_INVALID_OPERATION, "Failed to insert camera "
550 "keys needing permission for device %s: %s (%d)", String8(cameraId).string(),
551 strerror(-res), res);
552 }
553 }
554
555 return ret;
556 }
557
getFormattedCurrentTime()558 String8 CameraService::getFormattedCurrentTime() {
559 time_t now = time(nullptr);
560 char formattedTime[64];
561 strftime(formattedTime, sizeof(formattedTime), "%m-%d %H:%M:%S", localtime(&now));
562 return String8(formattedTime);
563 }
564
getCameraVendorTagDescriptor(hardware::camera2::params::VendorTagDescriptor * desc)565 Status CameraService::getCameraVendorTagDescriptor(
566 /*out*/
567 hardware::camera2::params::VendorTagDescriptor* desc) {
568 ATRACE_CALL();
569 if (!mInitialized) {
570 ALOGE("%s: Camera HAL couldn't be initialized", __FUNCTION__);
571 return STATUS_ERROR(ERROR_DISCONNECTED, "Camera subsystem not available");
572 }
573 sp<VendorTagDescriptor> globalDescriptor = VendorTagDescriptor::getGlobalVendorTagDescriptor();
574 if (globalDescriptor != nullptr) {
575 *desc = *(globalDescriptor.get());
576 }
577 return Status::ok();
578 }
579
getCameraVendorTagCache(hardware::camera2::params::VendorTagDescriptorCache * cache)580 Status CameraService::getCameraVendorTagCache(
581 /*out*/ hardware::camera2::params::VendorTagDescriptorCache* cache) {
582 ATRACE_CALL();
583 if (!mInitialized) {
584 ALOGE("%s: Camera HAL couldn't be initialized", __FUNCTION__);
585 return STATUS_ERROR(ERROR_DISCONNECTED,
586 "Camera subsystem not available");
587 }
588 sp<VendorTagDescriptorCache> globalCache =
589 VendorTagDescriptorCache::getGlobalVendorTagCache();
590 if (globalCache != nullptr) {
591 *cache = *(globalCache.get());
592 }
593 return Status::ok();
594 }
595
getDeviceVersion(const String8 & cameraId,int * facing)596 int CameraService::getDeviceVersion(const String8& cameraId, int* facing) {
597 ATRACE_CALL();
598
599 int deviceVersion = 0;
600
601 status_t res;
602 hardware::hidl_version maxVersion{0,0};
603 res = mCameraProviderManager->getHighestSupportedVersion(cameraId.string(),
604 &maxVersion);
605 if (res != OK) return -1;
606 deviceVersion = HARDWARE_DEVICE_API_VERSION(maxVersion.get_major(), maxVersion.get_minor());
607
608 hardware::CameraInfo info;
609 if (facing) {
610 res = mCameraProviderManager->getCameraInfo(cameraId.string(), &info);
611 if (res != OK) return -1;
612 *facing = info.facing;
613 }
614
615 return deviceVersion;
616 }
617
filterGetInfoErrorCode(status_t err)618 Status CameraService::filterGetInfoErrorCode(status_t err) {
619 switch(err) {
620 case NO_ERROR:
621 return Status::ok();
622 case BAD_VALUE:
623 return STATUS_ERROR(ERROR_ILLEGAL_ARGUMENT,
624 "CameraId is not valid for HAL module");
625 case NO_INIT:
626 return STATUS_ERROR(ERROR_DISCONNECTED,
627 "Camera device not available");
628 default:
629 return STATUS_ERROR_FMT(ERROR_INVALID_OPERATION,
630 "Camera HAL encountered error %d: %s",
631 err, strerror(-err));
632 }
633 }
634
makeClient(const sp<CameraService> & cameraService,const sp<IInterface> & cameraCb,const String16 & packageName,const String8 & cameraId,int api1CameraId,int facing,int clientPid,uid_t clientUid,int servicePid,int halVersion,int deviceVersion,apiLevel effectiveApiLevel,sp<BasicClient> * client)635 Status CameraService::makeClient(const sp<CameraService>& cameraService,
636 const sp<IInterface>& cameraCb, const String16& packageName, const String8& cameraId,
637 int api1CameraId, int facing, int clientPid, uid_t clientUid, int servicePid,
638 int halVersion, int deviceVersion, apiLevel effectiveApiLevel,
639 /*out*/sp<BasicClient>* client) {
640
641 if (halVersion < 0 || halVersion == deviceVersion) {
642 // Default path: HAL version is unspecified by caller, create CameraClient
643 // based on device version reported by the HAL.
644 switch(deviceVersion) {
645 case CAMERA_DEVICE_API_VERSION_1_0:
646 if (effectiveApiLevel == API_1) { // Camera1 API route
647 sp<ICameraClient> tmp = static_cast<ICameraClient*>(cameraCb.get());
648 *client = new CameraClient(cameraService, tmp, packageName,
649 api1CameraId, facing, clientPid, clientUid,
650 getpid());
651 } else { // Camera2 API route
652 ALOGW("Camera using old HAL version: %d", deviceVersion);
653 return STATUS_ERROR_FMT(ERROR_DEPRECATED_HAL,
654 "Camera device \"%s\" HAL version %d does not support camera2 API",
655 cameraId.string(), deviceVersion);
656 }
657 break;
658 case CAMERA_DEVICE_API_VERSION_3_0:
659 case CAMERA_DEVICE_API_VERSION_3_1:
660 case CAMERA_DEVICE_API_VERSION_3_2:
661 case CAMERA_DEVICE_API_VERSION_3_3:
662 case CAMERA_DEVICE_API_VERSION_3_4:
663 case CAMERA_DEVICE_API_VERSION_3_5:
664 if (effectiveApiLevel == API_1) { // Camera1 API route
665 sp<ICameraClient> tmp = static_cast<ICameraClient*>(cameraCb.get());
666 *client = new Camera2Client(cameraService, tmp, packageName,
667 cameraId, api1CameraId,
668 facing, clientPid, clientUid,
669 servicePid);
670 } else { // Camera2 API route
671 sp<hardware::camera2::ICameraDeviceCallbacks> tmp =
672 static_cast<hardware::camera2::ICameraDeviceCallbacks*>(cameraCb.get());
673 *client = new CameraDeviceClient(cameraService, tmp, packageName, cameraId,
674 facing, clientPid, clientUid, servicePid);
675 }
676 break;
677 default:
678 // Should not be reachable
679 ALOGE("Unknown camera device HAL version: %d", deviceVersion);
680 return STATUS_ERROR_FMT(ERROR_INVALID_OPERATION,
681 "Camera device \"%s\" has unknown HAL version %d",
682 cameraId.string(), deviceVersion);
683 }
684 } else {
685 // A particular HAL version is requested by caller. Create CameraClient
686 // based on the requested HAL version.
687 if (deviceVersion > CAMERA_DEVICE_API_VERSION_1_0 &&
688 halVersion == CAMERA_DEVICE_API_VERSION_1_0) {
689 // Only support higher HAL version device opened as HAL1.0 device.
690 sp<ICameraClient> tmp = static_cast<ICameraClient*>(cameraCb.get());
691 *client = new CameraClient(cameraService, tmp, packageName,
692 api1CameraId, facing, clientPid, clientUid,
693 servicePid);
694 } else {
695 // Other combinations (e.g. HAL3.x open as HAL2.x) are not supported yet.
696 ALOGE("Invalid camera HAL version %x: HAL %x device can only be"
697 " opened as HAL %x device", halVersion, deviceVersion,
698 CAMERA_DEVICE_API_VERSION_1_0);
699 return STATUS_ERROR_FMT(ERROR_ILLEGAL_ARGUMENT,
700 "Camera device \"%s\" (HAL version %d) cannot be opened as HAL version %d",
701 cameraId.string(), deviceVersion, halVersion);
702 }
703 }
704 return Status::ok();
705 }
706
toString(std::set<userid_t> intSet)707 String8 CameraService::toString(std::set<userid_t> intSet) {
708 String8 s("");
709 bool first = true;
710 for (userid_t i : intSet) {
711 if (first) {
712 s.appendFormat("%d", i);
713 first = false;
714 } else {
715 s.appendFormat(", %d", i);
716 }
717 }
718 return s;
719 }
720
mapToInterface(TorchModeStatus status)721 int32_t CameraService::mapToInterface(TorchModeStatus status) {
722 int32_t serviceStatus = ICameraServiceListener::TORCH_STATUS_NOT_AVAILABLE;
723 switch (status) {
724 case TorchModeStatus::NOT_AVAILABLE:
725 serviceStatus = ICameraServiceListener::TORCH_STATUS_NOT_AVAILABLE;
726 break;
727 case TorchModeStatus::AVAILABLE_OFF:
728 serviceStatus = ICameraServiceListener::TORCH_STATUS_AVAILABLE_OFF;
729 break;
730 case TorchModeStatus::AVAILABLE_ON:
731 serviceStatus = ICameraServiceListener::TORCH_STATUS_AVAILABLE_ON;
732 break;
733 default:
734 ALOGW("Unknown new flash status: %d", status);
735 }
736 return serviceStatus;
737 }
738
mapToInternal(CameraDeviceStatus status)739 CameraService::StatusInternal CameraService::mapToInternal(CameraDeviceStatus status) {
740 StatusInternal serviceStatus = StatusInternal::NOT_PRESENT;
741 switch (status) {
742 case CameraDeviceStatus::NOT_PRESENT:
743 serviceStatus = StatusInternal::NOT_PRESENT;
744 break;
745 case CameraDeviceStatus::PRESENT:
746 serviceStatus = StatusInternal::PRESENT;
747 break;
748 case CameraDeviceStatus::ENUMERATING:
749 serviceStatus = StatusInternal::ENUMERATING;
750 break;
751 default:
752 ALOGW("Unknown new HAL device status: %d", status);
753 }
754 return serviceStatus;
755 }
756
mapToInterface(StatusInternal status)757 int32_t CameraService::mapToInterface(StatusInternal status) {
758 int32_t serviceStatus = ICameraServiceListener::STATUS_NOT_PRESENT;
759 switch (status) {
760 case StatusInternal::NOT_PRESENT:
761 serviceStatus = ICameraServiceListener::STATUS_NOT_PRESENT;
762 break;
763 case StatusInternal::PRESENT:
764 serviceStatus = ICameraServiceListener::STATUS_PRESENT;
765 break;
766 case StatusInternal::ENUMERATING:
767 serviceStatus = ICameraServiceListener::STATUS_ENUMERATING;
768 break;
769 case StatusInternal::NOT_AVAILABLE:
770 serviceStatus = ICameraServiceListener::STATUS_NOT_AVAILABLE;
771 break;
772 case StatusInternal::UNKNOWN:
773 serviceStatus = ICameraServiceListener::STATUS_UNKNOWN;
774 break;
775 default:
776 ALOGW("Unknown new internal device status: %d", status);
777 }
778 return serviceStatus;
779 }
780
initializeShimMetadata(int cameraId)781 Status CameraService::initializeShimMetadata(int cameraId) {
782 int uid = CameraThreadState::getCallingUid();
783
784 String16 internalPackageName("cameraserver");
785 String8 id = String8::format("%d", cameraId);
786 Status ret = Status::ok();
787 sp<Client> tmp = nullptr;
788 if (!(ret = connectHelper<ICameraClient,Client>(
789 sp<ICameraClient>{nullptr}, id, cameraId,
790 static_cast<int>(CAMERA_HAL_API_VERSION_UNSPECIFIED),
791 internalPackageName, uid, USE_CALLING_PID,
792 API_1, /*shimUpdateOnly*/ true, /*out*/ tmp)
793 ).isOk()) {
794 ALOGE("%s: Error initializing shim metadata: %s", __FUNCTION__, ret.toString8().string());
795 }
796 return ret;
797 }
798
getLegacyParametersLazy(int cameraId,CameraParameters * parameters)799 Status CameraService::getLegacyParametersLazy(int cameraId,
800 /*out*/
801 CameraParameters* parameters) {
802
803 ALOGV("%s: for cameraId: %d", __FUNCTION__, cameraId);
804
805 Status ret = Status::ok();
806
807 if (parameters == NULL) {
808 ALOGE("%s: parameters must not be null", __FUNCTION__);
809 return STATUS_ERROR(ERROR_ILLEGAL_ARGUMENT, "Parameters must not be null");
810 }
811
812 String8 id = String8::format("%d", cameraId);
813
814 // Check if we already have parameters
815 {
816 // Scope for service lock
817 Mutex::Autolock lock(mServiceLock);
818 auto cameraState = getCameraState(id);
819 if (cameraState == nullptr) {
820 ALOGE("%s: Invalid camera ID: %s", __FUNCTION__, id.string());
821 return STATUS_ERROR_FMT(ERROR_ILLEGAL_ARGUMENT,
822 "Invalid camera ID: %s", id.string());
823 }
824 CameraParameters p = cameraState->getShimParams();
825 if (!p.isEmpty()) {
826 *parameters = p;
827 return ret;
828 }
829 }
830
831 int64_t token = CameraThreadState::clearCallingIdentity();
832 ret = initializeShimMetadata(cameraId);
833 CameraThreadState::restoreCallingIdentity(token);
834 if (!ret.isOk()) {
835 // Error already logged by callee
836 return ret;
837 }
838
839 // Check for parameters again
840 {
841 // Scope for service lock
842 Mutex::Autolock lock(mServiceLock);
843 auto cameraState = getCameraState(id);
844 if (cameraState == nullptr) {
845 ALOGE("%s: Invalid camera ID: %s", __FUNCTION__, id.string());
846 return STATUS_ERROR_FMT(ERROR_ILLEGAL_ARGUMENT,
847 "Invalid camera ID: %s", id.string());
848 }
849 CameraParameters p = cameraState->getShimParams();
850 if (!p.isEmpty()) {
851 *parameters = p;
852 return ret;
853 }
854 }
855
856 ALOGE("%s: Parameters were not initialized, or were empty. Device may not be present.",
857 __FUNCTION__);
858 return STATUS_ERROR(ERROR_INVALID_OPERATION, "Unable to initialize legacy parameters");
859 }
860
861 // Can camera service trust the caller based on the calling UID?
isTrustedCallingUid(uid_t uid)862 static bool isTrustedCallingUid(uid_t uid) {
863 switch (uid) {
864 case AID_MEDIA: // mediaserver
865 case AID_CAMERASERVER: // cameraserver
866 case AID_RADIO: // telephony
867 return true;
868 default:
869 return false;
870 }
871 }
872
getUidForPackage(String16 packageName,int userId,uid_t & uid,int err)873 static status_t getUidForPackage(String16 packageName, int userId, /*inout*/uid_t& uid, int err) {
874 PermissionController pc;
875 uid = pc.getPackageUid(packageName, 0);
876 if (uid <= 0) {
877 ALOGE("Unknown package: '%s'", String8(packageName).string());
878 dprintf(err, "Unknown package: '%s'\n", String8(packageName).string());
879 return BAD_VALUE;
880 }
881
882 if (userId < 0) {
883 ALOGE("Invalid user: %d", userId);
884 dprintf(err, "Invalid user: %d\n", userId);
885 return BAD_VALUE;
886 }
887
888 uid = multiuser_get_uid(userId, uid);
889 return NO_ERROR;
890 }
891
validateConnectLocked(const String8 & cameraId,const String8 & clientName8,int & clientUid,int & clientPid,int & originalClientPid) const892 Status CameraService::validateConnectLocked(const String8& cameraId,
893 const String8& clientName8, /*inout*/int& clientUid, /*inout*/int& clientPid,
894 /*out*/int& originalClientPid) const {
895
896 #ifdef __BRILLO__
897 UNUSED(clientName8);
898 UNUSED(clientUid);
899 UNUSED(clientPid);
900 UNUSED(originalClientPid);
901 #else
902 Status allowed = validateClientPermissionsLocked(cameraId, clientName8, clientUid, clientPid,
903 originalClientPid);
904 if (!allowed.isOk()) {
905 return allowed;
906 }
907 #endif // __BRILLO__
908
909 int callingPid = CameraThreadState::getCallingPid();
910
911 if (!mInitialized) {
912 ALOGE("CameraService::connect X (PID %d) rejected (camera HAL module not loaded)",
913 callingPid);
914 return STATUS_ERROR_FMT(ERROR_DISCONNECTED,
915 "No camera HAL module available to open camera device \"%s\"", cameraId.string());
916 }
917
918 if (getCameraState(cameraId) == nullptr) {
919 ALOGE("CameraService::connect X (PID %d) rejected (invalid camera ID %s)", callingPid,
920 cameraId.string());
921 return STATUS_ERROR_FMT(ERROR_DISCONNECTED,
922 "No camera device with ID \"%s\" available", cameraId.string());
923 }
924
925 status_t err = checkIfDeviceIsUsable(cameraId);
926 if (err != NO_ERROR) {
927 switch(err) {
928 case -ENODEV:
929 case -EBUSY:
930 return STATUS_ERROR_FMT(ERROR_DISCONNECTED,
931 "No camera device with ID \"%s\" currently available", cameraId.string());
932 default:
933 return STATUS_ERROR_FMT(ERROR_INVALID_OPERATION,
934 "Unknown error connecting to ID \"%s\"", cameraId.string());
935 }
936 }
937 return Status::ok();
938 }
939
validateClientPermissionsLocked(const String8 & cameraId,const String8 & clientName8,int & clientUid,int & clientPid,int & originalClientPid) const940 Status CameraService::validateClientPermissionsLocked(const String8& cameraId,
941 const String8& clientName8, int& clientUid, int& clientPid,
942 /*out*/int& originalClientPid) const {
943 int callingPid = CameraThreadState::getCallingPid();
944 int callingUid = CameraThreadState::getCallingUid();
945
946 // Check if we can trust clientUid
947 if (clientUid == USE_CALLING_UID) {
948 clientUid = callingUid;
949 } else if (!isTrustedCallingUid(callingUid)) {
950 ALOGE("CameraService::connect X (calling PID %d, calling UID %d) rejected "
951 "(don't trust clientUid %d)", callingPid, callingUid, clientUid);
952 return STATUS_ERROR_FMT(ERROR_PERMISSION_DENIED,
953 "Untrusted caller (calling PID %d, UID %d) trying to "
954 "forward camera access to camera %s for client %s (PID %d, UID %d)",
955 callingPid, callingUid, cameraId.string(),
956 clientName8.string(), clientUid, clientPid);
957 }
958
959 // Check if we can trust clientPid
960 if (clientPid == USE_CALLING_PID) {
961 clientPid = callingPid;
962 } else if (!isTrustedCallingUid(callingUid)) {
963 ALOGE("CameraService::connect X (calling PID %d, calling UID %d) rejected "
964 "(don't trust clientPid %d)", callingPid, callingUid, clientPid);
965 return STATUS_ERROR_FMT(ERROR_PERMISSION_DENIED,
966 "Untrusted caller (calling PID %d, UID %d) trying to "
967 "forward camera access to camera %s for client %s (PID %d, UID %d)",
968 callingPid, callingUid, cameraId.string(),
969 clientName8.string(), clientUid, clientPid);
970 }
971
972 // If it's not calling from cameraserver, check the permission.
973 if (callingPid != getpid() &&
974 !checkPermission(String16("android.permission.CAMERA"), clientPid, clientUid)) {
975 ALOGE("Permission Denial: can't use the camera pid=%d, uid=%d", clientPid, clientUid);
976 return STATUS_ERROR_FMT(ERROR_PERMISSION_DENIED,
977 "Caller \"%s\" (PID %d, UID %d) cannot open camera \"%s\" without camera permission",
978 clientName8.string(), clientUid, clientPid, cameraId.string());
979 }
980
981 // Make sure the UID is in an active state to use the camera
982 if (!mUidPolicy->isUidActive(callingUid, String16(clientName8))) {
983 int32_t procState = mUidPolicy->getProcState(callingUid);
984 ALOGE("Access Denial: can't use the camera from an idle UID pid=%d, uid=%d",
985 clientPid, clientUid);
986 return STATUS_ERROR_FMT(ERROR_DISABLED,
987 "Caller \"%s\" (PID %d, UID %d) cannot open camera \"%s\" from background ("
988 "calling UID %d proc state %" PRId32 ")",
989 clientName8.string(), clientUid, clientPid, cameraId.string(),
990 callingUid, procState);
991 }
992
993 // If sensor privacy is enabled then prevent access to the camera
994 if (mSensorPrivacyPolicy->isSensorPrivacyEnabled()) {
995 ALOGE("Access Denial: cannot use the camera when sensor privacy is enabled");
996 return STATUS_ERROR_FMT(ERROR_DISABLED,
997 "Caller \"%s\" (PID %d, UID %d) cannot open camera \"%s\" when sensor privacy "
998 "is enabled", clientName8.string(), clientUid, clientPid, cameraId.string());
999 }
1000
1001 // Only use passed in clientPid to check permission. Use calling PID as the client PID that's
1002 // connected to camera service directly.
1003 originalClientPid = clientPid;
1004 clientPid = callingPid;
1005
1006 userid_t clientUserId = multiuser_get_user_id(clientUid);
1007
1008 // Only allow clients who are being used by the current foreground device user, unless calling
1009 // from our own process OR the caller is using the cameraserver's HIDL interface.
1010 if (!hardware::IPCThreadState::self()->isServingCall() && callingPid != getpid() &&
1011 (mAllowedUsers.find(clientUserId) == mAllowedUsers.end())) {
1012 ALOGE("CameraService::connect X (PID %d) rejected (cannot connect from "
1013 "device user %d, currently allowed device users: %s)", callingPid, clientUserId,
1014 toString(mAllowedUsers).string());
1015 return STATUS_ERROR_FMT(ERROR_PERMISSION_DENIED,
1016 "Callers from device user %d are not currently allowed to connect to camera \"%s\"",
1017 clientUserId, cameraId.string());
1018 }
1019
1020 return Status::ok();
1021 }
1022
checkIfDeviceIsUsable(const String8 & cameraId) const1023 status_t CameraService::checkIfDeviceIsUsable(const String8& cameraId) const {
1024 auto cameraState = getCameraState(cameraId);
1025 int callingPid = CameraThreadState::getCallingPid();
1026 if (cameraState == nullptr) {
1027 ALOGE("CameraService::connect X (PID %d) rejected (invalid camera ID %s)", callingPid,
1028 cameraId.string());
1029 return -ENODEV;
1030 }
1031
1032 StatusInternal currentStatus = cameraState->getStatus();
1033 if (currentStatus == StatusInternal::NOT_PRESENT) {
1034 ALOGE("CameraService::connect X (PID %d) rejected (camera %s is not connected)",
1035 callingPid, cameraId.string());
1036 return -ENODEV;
1037 } else if (currentStatus == StatusInternal::ENUMERATING) {
1038 ALOGE("CameraService::connect X (PID %d) rejected, (camera %s is initializing)",
1039 callingPid, cameraId.string());
1040 return -EBUSY;
1041 }
1042
1043 return NO_ERROR;
1044 }
1045
finishConnectLocked(const sp<BasicClient> & client,const CameraService::DescriptorPtr & desc)1046 void CameraService::finishConnectLocked(const sp<BasicClient>& client,
1047 const CameraService::DescriptorPtr& desc) {
1048
1049 // Make a descriptor for the incoming client
1050 auto clientDescriptor = CameraService::CameraClientManager::makeClientDescriptor(client, desc);
1051 auto evicted = mActiveClientManager.addAndEvict(clientDescriptor);
1052
1053 logConnected(desc->getKey(), static_cast<int>(desc->getOwnerId()),
1054 String8(client->getPackageName()));
1055
1056 if (evicted.size() > 0) {
1057 // This should never happen - clients should already have been removed in disconnect
1058 for (auto& i : evicted) {
1059 ALOGE("%s: Invalid state: Client for camera %s was not removed in disconnect",
1060 __FUNCTION__, i->getKey().string());
1061 }
1062
1063 LOG_ALWAYS_FATAL("%s: Invalid state for CameraService, clients not evicted properly",
1064 __FUNCTION__);
1065 }
1066
1067 // And register a death notification for the client callback. Do
1068 // this last to avoid Binder policy where a nested Binder
1069 // transaction might be pre-empted to service the client death
1070 // notification if the client process dies before linkToDeath is
1071 // invoked.
1072 sp<IBinder> remoteCallback = client->getRemote();
1073 if (remoteCallback != nullptr) {
1074 remoteCallback->linkToDeath(this);
1075 }
1076 }
1077
handleEvictionsLocked(const String8 & cameraId,int clientPid,apiLevel effectiveApiLevel,const sp<IBinder> & remoteCallback,const String8 & packageName,sp<BasicClient> * client,std::shared_ptr<resource_policy::ClientDescriptor<String8,sp<BasicClient>>> * partial)1078 status_t CameraService::handleEvictionsLocked(const String8& cameraId, int clientPid,
1079 apiLevel effectiveApiLevel, const sp<IBinder>& remoteCallback, const String8& packageName,
1080 /*out*/
1081 sp<BasicClient>* client,
1082 std::shared_ptr<resource_policy::ClientDescriptor<String8, sp<BasicClient>>>* partial) {
1083 ATRACE_CALL();
1084 status_t ret = NO_ERROR;
1085 std::vector<DescriptorPtr> evictedClients;
1086 DescriptorPtr clientDescriptor;
1087 {
1088 if (effectiveApiLevel == API_1) {
1089 // If we are using API1, any existing client for this camera ID with the same remote
1090 // should be returned rather than evicted to allow MediaRecorder to work properly.
1091
1092 auto current = mActiveClientManager.get(cameraId);
1093 if (current != nullptr) {
1094 auto clientSp = current->getValue();
1095 if (clientSp.get() != nullptr) { // should never be needed
1096 if (!clientSp->canCastToApiClient(effectiveApiLevel)) {
1097 ALOGW("CameraService connect called from same client, but with a different"
1098 " API level, evicting prior client...");
1099 } else if (clientSp->getRemote() == remoteCallback) {
1100 ALOGI("CameraService::connect X (PID %d) (second call from same"
1101 " app binder, returning the same client)", clientPid);
1102 *client = clientSp;
1103 return NO_ERROR;
1104 }
1105 }
1106 }
1107 }
1108
1109 // Get current active client PIDs
1110 std::vector<int> ownerPids(mActiveClientManager.getAllOwners());
1111 ownerPids.push_back(clientPid);
1112
1113 std::vector<int> priorityScores(ownerPids.size());
1114 std::vector<int> states(ownerPids.size());
1115
1116 // Get priority scores of all active PIDs
1117 status_t err = ProcessInfoService::getProcessStatesScoresFromPids(
1118 ownerPids.size(), &ownerPids[0], /*out*/&states[0],
1119 /*out*/&priorityScores[0]);
1120 if (err != OK) {
1121 ALOGE("%s: Priority score query failed: %d",
1122 __FUNCTION__, err);
1123 return err;
1124 }
1125
1126 // Update all active clients' priorities
1127 std::map<int,resource_policy::ClientPriority> pidToPriorityMap;
1128 for (size_t i = 0; i < ownerPids.size() - 1; i++) {
1129 pidToPriorityMap.emplace(ownerPids[i],
1130 resource_policy::ClientPriority(priorityScores[i], states[i],
1131 /* isVendorClient won't get copied over*/ false));
1132 }
1133 mActiveClientManager.updatePriorities(pidToPriorityMap);
1134
1135 // Get state for the given cameraId
1136 auto state = getCameraState(cameraId);
1137 if (state == nullptr) {
1138 ALOGE("CameraService::connect X (PID %d) rejected (no camera device with ID %s)",
1139 clientPid, cameraId.string());
1140 // Should never get here because validateConnectLocked should have errored out
1141 return BAD_VALUE;
1142 }
1143
1144 // Make descriptor for incoming client
1145 clientDescriptor = CameraClientManager::makeClientDescriptor(cameraId,
1146 sp<BasicClient>{nullptr}, static_cast<int32_t>(state->getCost()),
1147 state->getConflicting(),
1148 priorityScores[priorityScores.size() - 1],
1149 clientPid,
1150 states[states.size() - 1]);
1151
1152 // Find clients that would be evicted
1153 auto evicted = mActiveClientManager.wouldEvict(clientDescriptor);
1154
1155 // If the incoming client was 'evicted,' higher priority clients have the camera in the
1156 // background, so we cannot do evictions
1157 if (std::find(evicted.begin(), evicted.end(), clientDescriptor) != evicted.end()) {
1158 ALOGE("CameraService::connect X (PID %d) rejected (existing client(s) with higher"
1159 " priority).", clientPid);
1160
1161 sp<BasicClient> clientSp = clientDescriptor->getValue();
1162 String8 curTime = getFormattedCurrentTime();
1163 auto incompatibleClients =
1164 mActiveClientManager.getIncompatibleClients(clientDescriptor);
1165
1166 String8 msg = String8::format("%s : DENIED connect device %s client for package %s "
1167 "(PID %d, score %d state %d) due to eviction policy", curTime.string(),
1168 cameraId.string(), packageName.string(), clientPid,
1169 priorityScores[priorityScores.size() - 1],
1170 states[states.size() - 1]);
1171
1172 for (auto& i : incompatibleClients) {
1173 msg.appendFormat("\n - Blocked by existing device %s client for package %s"
1174 "(PID %" PRId32 ", score %" PRId32 ", state %" PRId32 ")",
1175 i->getKey().string(),
1176 String8{i->getValue()->getPackageName()}.string(),
1177 i->getOwnerId(), i->getPriority().getScore(),
1178 i->getPriority().getState());
1179 ALOGE(" Conflicts with: Device %s, client package %s (PID %"
1180 PRId32 ", score %" PRId32 ", state %" PRId32 ")", i->getKey().string(),
1181 String8{i->getValue()->getPackageName()}.string(), i->getOwnerId(),
1182 i->getPriority().getScore(), i->getPriority().getState());
1183 }
1184
1185 // Log the client's attempt
1186 Mutex::Autolock l(mLogLock);
1187 mEventLog.add(msg);
1188
1189 return -EBUSY;
1190 }
1191
1192 for (auto& i : evicted) {
1193 sp<BasicClient> clientSp = i->getValue();
1194 if (clientSp.get() == nullptr) {
1195 ALOGE("%s: Invalid state: Null client in active client list.", __FUNCTION__);
1196
1197 // TODO: Remove this
1198 LOG_ALWAYS_FATAL("%s: Invalid state for CameraService, null client in active list",
1199 __FUNCTION__);
1200 mActiveClientManager.remove(i);
1201 continue;
1202 }
1203
1204 ALOGE("CameraService::connect evicting conflicting client for camera ID %s",
1205 i->getKey().string());
1206 evictedClients.push_back(i);
1207
1208 // Log the clients evicted
1209 logEvent(String8::format("EVICT device %s client held by package %s (PID"
1210 " %" PRId32 ", score %" PRId32 ", state %" PRId32 ")\n - Evicted by device %s client for"
1211 " package %s (PID %d, score %" PRId32 ", state %" PRId32 ")",
1212 i->getKey().string(), String8{clientSp->getPackageName()}.string(),
1213 i->getOwnerId(), i->getPriority().getScore(),
1214 i->getPriority().getState(), cameraId.string(),
1215 packageName.string(), clientPid,
1216 priorityScores[priorityScores.size() - 1],
1217 states[states.size() - 1]));
1218
1219 // Notify the client of disconnection
1220 clientSp->notifyError(hardware::camera2::ICameraDeviceCallbacks::ERROR_CAMERA_DISCONNECTED,
1221 CaptureResultExtras());
1222 }
1223 }
1224
1225 // Do not hold mServiceLock while disconnecting clients, but retain the condition blocking
1226 // other clients from connecting in mServiceLockWrapper if held
1227 mServiceLock.unlock();
1228
1229 // Clear caller identity temporarily so client disconnect PID checks work correctly
1230 int64_t token = CameraThreadState::clearCallingIdentity();
1231
1232 // Destroy evicted clients
1233 for (auto& i : evictedClients) {
1234 // Disconnect is blocking, and should only have returned when HAL has cleaned up
1235 i->getValue()->disconnect(); // Clients will remove themselves from the active client list
1236 }
1237
1238 CameraThreadState::restoreCallingIdentity(token);
1239
1240 for (const auto& i : evictedClients) {
1241 ALOGV("%s: Waiting for disconnect to complete for client for device %s (PID %" PRId32 ")",
1242 __FUNCTION__, i->getKey().string(), i->getOwnerId());
1243 ret = mActiveClientManager.waitUntilRemoved(i, DEFAULT_DISCONNECT_TIMEOUT_NS);
1244 if (ret == TIMED_OUT) {
1245 ALOGE("%s: Timed out waiting for client for device %s to disconnect, "
1246 "current clients:\n%s", __FUNCTION__, i->getKey().string(),
1247 mActiveClientManager.toString().string());
1248 return -EBUSY;
1249 }
1250 if (ret != NO_ERROR) {
1251 ALOGE("%s: Received error waiting for client for device %s to disconnect: %s (%d), "
1252 "current clients:\n%s", __FUNCTION__, i->getKey().string(), strerror(-ret),
1253 ret, mActiveClientManager.toString().string());
1254 return ret;
1255 }
1256 }
1257
1258 evictedClients.clear();
1259
1260 // Once clients have been disconnected, relock
1261 mServiceLock.lock();
1262
1263 // Check again if the device was unplugged or something while we weren't holding mServiceLock
1264 if ((ret = checkIfDeviceIsUsable(cameraId)) != NO_ERROR) {
1265 return ret;
1266 }
1267
1268 *partial = clientDescriptor;
1269 return NO_ERROR;
1270 }
1271
connect(const sp<ICameraClient> & cameraClient,int api1CameraId,const String16 & clientPackageName,int clientUid,int clientPid,sp<ICamera> * device)1272 Status CameraService::connect(
1273 const sp<ICameraClient>& cameraClient,
1274 int api1CameraId,
1275 const String16& clientPackageName,
1276 int clientUid,
1277 int clientPid,
1278 /*out*/
1279 sp<ICamera>* device) {
1280
1281 ATRACE_CALL();
1282 Status ret = Status::ok();
1283
1284 String8 id = cameraIdIntToStr(api1CameraId);
1285 sp<Client> client = nullptr;
1286 ret = connectHelper<ICameraClient,Client>(cameraClient, id, api1CameraId,
1287 CAMERA_HAL_API_VERSION_UNSPECIFIED, clientPackageName, clientUid, clientPid, API_1,
1288 /*shimUpdateOnly*/ false, /*out*/client);
1289
1290 if(!ret.isOk()) {
1291 logRejected(id, CameraThreadState::getCallingPid(), String8(clientPackageName),
1292 ret.toString8());
1293 return ret;
1294 }
1295
1296 *device = client;
1297 return ret;
1298 }
1299
connectLegacy(const sp<ICameraClient> & cameraClient,int api1CameraId,int halVersion,const String16 & clientPackageName,int clientUid,sp<ICamera> * device)1300 Status CameraService::connectLegacy(
1301 const sp<ICameraClient>& cameraClient,
1302 int api1CameraId, int halVersion,
1303 const String16& clientPackageName,
1304 int clientUid,
1305 /*out*/
1306 sp<ICamera>* device) {
1307
1308 ATRACE_CALL();
1309 String8 id = cameraIdIntToStr(api1CameraId);
1310
1311 Status ret = Status::ok();
1312 sp<Client> client = nullptr;
1313 ret = connectHelper<ICameraClient,Client>(cameraClient, id, api1CameraId, halVersion,
1314 clientPackageName, clientUid, USE_CALLING_PID, API_1, /*shimUpdateOnly*/ false,
1315 /*out*/client);
1316
1317 if(!ret.isOk()) {
1318 logRejected(id, CameraThreadState::getCallingPid(), String8(clientPackageName),
1319 ret.toString8());
1320 return ret;
1321 }
1322
1323 *device = client;
1324 return ret;
1325 }
1326
shouldRejectHiddenCameraConnection(const String8 & cameraId)1327 bool CameraService::shouldRejectHiddenCameraConnection(const String8 & cameraId) {
1328 // If the thread serving this call is not a hwbinder thread and the caller
1329 // isn't the cameraserver itself, and the camera id being requested is to be
1330 // publically hidden, we should reject the connection.
1331 if (!hardware::IPCThreadState::self()->isServingCall() &&
1332 CameraThreadState::getCallingPid() != getpid() &&
1333 mCameraProviderManager->isPublicallyHiddenSecureCamera(cameraId.c_str())) {
1334 return true;
1335 }
1336 return false;
1337 }
1338
connectDevice(const sp<hardware::camera2::ICameraDeviceCallbacks> & cameraCb,const String16 & cameraId,const String16 & clientPackageName,int clientUid,sp<hardware::camera2::ICameraDeviceUser> * device)1339 Status CameraService::connectDevice(
1340 const sp<hardware::camera2::ICameraDeviceCallbacks>& cameraCb,
1341 const String16& cameraId,
1342 const String16& clientPackageName,
1343 int clientUid,
1344 /*out*/
1345 sp<hardware::camera2::ICameraDeviceUser>* device) {
1346
1347 ATRACE_CALL();
1348 Status ret = Status::ok();
1349 String8 id = String8(cameraId);
1350 sp<CameraDeviceClient> client = nullptr;
1351
1352 ret = connectHelper<hardware::camera2::ICameraDeviceCallbacks,CameraDeviceClient>(cameraCb, id,
1353 /*api1CameraId*/-1,
1354 CAMERA_HAL_API_VERSION_UNSPECIFIED, clientPackageName,
1355 clientUid, USE_CALLING_PID, API_2, /*shimUpdateOnly*/ false, /*out*/client);
1356
1357 if(!ret.isOk()) {
1358 logRejected(id, CameraThreadState::getCallingPid(), String8(clientPackageName),
1359 ret.toString8());
1360 return ret;
1361 }
1362
1363 *device = client;
1364 return ret;
1365 }
1366
1367 template<class CALLBACK, class CLIENT>
connectHelper(const sp<CALLBACK> & cameraCb,const String8 & cameraId,int api1CameraId,int halVersion,const String16 & clientPackageName,int clientUid,int clientPid,apiLevel effectiveApiLevel,bool shimUpdateOnly,sp<CLIENT> & device)1368 Status CameraService::connectHelper(const sp<CALLBACK>& cameraCb, const String8& cameraId,
1369 int api1CameraId, int halVersion, const String16& clientPackageName, int clientUid,
1370 int clientPid, apiLevel effectiveApiLevel, bool shimUpdateOnly,
1371 /*out*/sp<CLIENT>& device) {
1372 binder::Status ret = binder::Status::ok();
1373
1374 String8 clientName8(clientPackageName);
1375
1376 int originalClientPid = 0;
1377
1378 ALOGI("CameraService::connect call (PID %d \"%s\", camera ID %s) for HAL version %s and "
1379 "Camera API version %d", clientPid, clientName8.string(), cameraId.string(),
1380 (halVersion == -1) ? "default" : std::to_string(halVersion).c_str(),
1381 static_cast<int>(effectiveApiLevel));
1382
1383 if (shouldRejectHiddenCameraConnection(cameraId)) {
1384 ALOGW("Attempting to connect to system-only camera id %s, connection rejected",
1385 cameraId.c_str());
1386 return STATUS_ERROR_FMT(ERROR_DISCONNECTED,
1387 "No camera device with ID \"%s\" currently available",
1388 cameraId.string());
1389
1390 }
1391 sp<CLIENT> client = nullptr;
1392 {
1393 // Acquire mServiceLock and prevent other clients from connecting
1394 std::unique_ptr<AutoConditionLock> lock =
1395 AutoConditionLock::waitAndAcquire(mServiceLockWrapper, DEFAULT_CONNECT_TIMEOUT_NS);
1396
1397 if (lock == nullptr) {
1398 ALOGE("CameraService::connect (PID %d) rejected (too many other clients connecting)."
1399 , clientPid);
1400 return STATUS_ERROR_FMT(ERROR_MAX_CAMERAS_IN_USE,
1401 "Cannot open camera %s for \"%s\" (PID %d): Too many other clients connecting",
1402 cameraId.string(), clientName8.string(), clientPid);
1403 }
1404
1405 // Enforce client permissions and do basic sanity checks
1406 if(!(ret = validateConnectLocked(cameraId, clientName8,
1407 /*inout*/clientUid, /*inout*/clientPid, /*out*/originalClientPid)).isOk()) {
1408 return ret;
1409 }
1410
1411 // Check the shim parameters after acquiring lock, if they have already been updated and
1412 // we were doing a shim update, return immediately
1413 if (shimUpdateOnly) {
1414 auto cameraState = getCameraState(cameraId);
1415 if (cameraState != nullptr) {
1416 if (!cameraState->getShimParams().isEmpty()) return ret;
1417 }
1418 }
1419
1420 status_t err;
1421
1422 sp<BasicClient> clientTmp = nullptr;
1423 std::shared_ptr<resource_policy::ClientDescriptor<String8, sp<BasicClient>>> partial;
1424 if ((err = handleEvictionsLocked(cameraId, originalClientPid, effectiveApiLevel,
1425 IInterface::asBinder(cameraCb), clientName8, /*out*/&clientTmp,
1426 /*out*/&partial)) != NO_ERROR) {
1427 switch (err) {
1428 case -ENODEV:
1429 return STATUS_ERROR_FMT(ERROR_DISCONNECTED,
1430 "No camera device with ID \"%s\" currently available",
1431 cameraId.string());
1432 case -EBUSY:
1433 return STATUS_ERROR_FMT(ERROR_CAMERA_IN_USE,
1434 "Higher-priority client using camera, ID \"%s\" currently unavailable",
1435 cameraId.string());
1436 default:
1437 return STATUS_ERROR_FMT(ERROR_INVALID_OPERATION,
1438 "Unexpected error %s (%d) opening camera \"%s\"",
1439 strerror(-err), err, cameraId.string());
1440 }
1441 }
1442
1443 if (clientTmp.get() != nullptr) {
1444 // Handle special case for API1 MediaRecorder where the existing client is returned
1445 device = static_cast<CLIENT*>(clientTmp.get());
1446 return ret;
1447 }
1448
1449 // give flashlight a chance to close devices if necessary.
1450 mFlashlight->prepareDeviceOpen(cameraId);
1451
1452 int facing = -1;
1453 int deviceVersion = getDeviceVersion(cameraId, /*out*/&facing);
1454 if (facing == -1) {
1455 ALOGE("%s: Unable to get camera device \"%s\" facing", __FUNCTION__, cameraId.string());
1456 return STATUS_ERROR_FMT(ERROR_INVALID_OPERATION,
1457 "Unable to get camera device \"%s\" facing", cameraId.string());
1458 }
1459
1460 sp<BasicClient> tmp = nullptr;
1461 if(!(ret = makeClient(this, cameraCb, clientPackageName,
1462 cameraId, api1CameraId, facing,
1463 clientPid, clientUid, getpid(),
1464 halVersion, deviceVersion, effectiveApiLevel,
1465 /*out*/&tmp)).isOk()) {
1466 return ret;
1467 }
1468 client = static_cast<CLIENT*>(tmp.get());
1469
1470 LOG_ALWAYS_FATAL_IF(client.get() == nullptr, "%s: CameraService in invalid state",
1471 __FUNCTION__);
1472
1473 err = client->initialize(mCameraProviderManager, mMonitorTags);
1474 if (err != OK) {
1475 ALOGE("%s: Could not initialize client from HAL.", __FUNCTION__);
1476 // Errors could be from the HAL module open call or from AppOpsManager
1477 switch(err) {
1478 case BAD_VALUE:
1479 return STATUS_ERROR_FMT(ERROR_ILLEGAL_ARGUMENT,
1480 "Illegal argument to HAL module for camera \"%s\"", cameraId.string());
1481 case -EBUSY:
1482 return STATUS_ERROR_FMT(ERROR_CAMERA_IN_USE,
1483 "Camera \"%s\" is already open", cameraId.string());
1484 case -EUSERS:
1485 return STATUS_ERROR_FMT(ERROR_MAX_CAMERAS_IN_USE,
1486 "Too many cameras already open, cannot open camera \"%s\"",
1487 cameraId.string());
1488 case PERMISSION_DENIED:
1489 return STATUS_ERROR_FMT(ERROR_PERMISSION_DENIED,
1490 "No permission to open camera \"%s\"", cameraId.string());
1491 case -EACCES:
1492 return STATUS_ERROR_FMT(ERROR_DISABLED,
1493 "Camera \"%s\" disabled by policy", cameraId.string());
1494 case -ENODEV:
1495 default:
1496 return STATUS_ERROR_FMT(ERROR_INVALID_OPERATION,
1497 "Failed to initialize camera \"%s\": %s (%d)", cameraId.string(),
1498 strerror(-err), err);
1499 }
1500 }
1501
1502 // Update shim paremeters for legacy clients
1503 if (effectiveApiLevel == API_1) {
1504 // Assume we have always received a Client subclass for API1
1505 sp<Client> shimClient = reinterpret_cast<Client*>(client.get());
1506 String8 rawParams = shimClient->getParameters();
1507 CameraParameters params(rawParams);
1508
1509 auto cameraState = getCameraState(cameraId);
1510 if (cameraState != nullptr) {
1511 cameraState->setShimParams(params);
1512 } else {
1513 ALOGE("%s: Cannot update shim parameters for camera %s, no such device exists.",
1514 __FUNCTION__, cameraId.string());
1515 }
1516 }
1517
1518 if (shimUpdateOnly) {
1519 // If only updating legacy shim parameters, immediately disconnect client
1520 mServiceLock.unlock();
1521 client->disconnect();
1522 mServiceLock.lock();
1523 } else {
1524 // Otherwise, add client to active clients list
1525 finishConnectLocked(client, partial);
1526 }
1527 } // lock is destroyed, allow further connect calls
1528
1529 // Important: release the mutex here so the client can call back into the service from its
1530 // destructor (can be at the end of the call)
1531 device = client;
1532 return ret;
1533 }
1534
setTorchMode(const String16 & cameraId,bool enabled,const sp<IBinder> & clientBinder)1535 Status CameraService::setTorchMode(const String16& cameraId, bool enabled,
1536 const sp<IBinder>& clientBinder) {
1537 Mutex::Autolock lock(mServiceLock);
1538
1539 ATRACE_CALL();
1540 if (enabled && clientBinder == nullptr) {
1541 ALOGE("%s: torch client binder is NULL", __FUNCTION__);
1542 return STATUS_ERROR(ERROR_ILLEGAL_ARGUMENT,
1543 "Torch client Binder is null");
1544 }
1545
1546 String8 id = String8(cameraId.string());
1547 int uid = CameraThreadState::getCallingUid();
1548
1549 // verify id is valid.
1550 auto state = getCameraState(id);
1551 if (state == nullptr) {
1552 ALOGE("%s: camera id is invalid %s", __FUNCTION__, id.string());
1553 return STATUS_ERROR_FMT(ERROR_ILLEGAL_ARGUMENT,
1554 "Camera ID \"%s\" is a not valid camera ID", id.string());
1555 }
1556
1557 StatusInternal cameraStatus = state->getStatus();
1558 if (cameraStatus != StatusInternal::PRESENT &&
1559 cameraStatus != StatusInternal::NOT_AVAILABLE) {
1560 ALOGE("%s: camera id is invalid %s, status %d", __FUNCTION__, id.string(), (int)cameraStatus);
1561 return STATUS_ERROR_FMT(ERROR_ILLEGAL_ARGUMENT,
1562 "Camera ID \"%s\" is a not valid camera ID", id.string());
1563 }
1564
1565 {
1566 Mutex::Autolock al(mTorchStatusMutex);
1567 TorchModeStatus status;
1568 status_t err = getTorchStatusLocked(id, &status);
1569 if (err != OK) {
1570 if (err == NAME_NOT_FOUND) {
1571 return STATUS_ERROR_FMT(ERROR_ILLEGAL_ARGUMENT,
1572 "Camera \"%s\" does not have a flash unit", id.string());
1573 }
1574 ALOGE("%s: getting current torch status failed for camera %s",
1575 __FUNCTION__, id.string());
1576 return STATUS_ERROR_FMT(ERROR_INVALID_OPERATION,
1577 "Error updating torch status for camera \"%s\": %s (%d)", id.string(),
1578 strerror(-err), err);
1579 }
1580
1581 if (status == TorchModeStatus::NOT_AVAILABLE) {
1582 if (cameraStatus == StatusInternal::NOT_AVAILABLE) {
1583 ALOGE("%s: torch mode of camera %s is not available because "
1584 "camera is in use", __FUNCTION__, id.string());
1585 return STATUS_ERROR_FMT(ERROR_CAMERA_IN_USE,
1586 "Torch for camera \"%s\" is not available due to an existing camera user",
1587 id.string());
1588 } else {
1589 ALOGE("%s: torch mode of camera %s is not available due to "
1590 "insufficient resources", __FUNCTION__, id.string());
1591 return STATUS_ERROR_FMT(ERROR_MAX_CAMERAS_IN_USE,
1592 "Torch for camera \"%s\" is not available due to insufficient resources",
1593 id.string());
1594 }
1595 }
1596 }
1597
1598 {
1599 // Update UID map - this is used in the torch status changed callbacks, so must be done
1600 // before setTorchMode
1601 Mutex::Autolock al(mTorchUidMapMutex);
1602 if (mTorchUidMap.find(id) == mTorchUidMap.end()) {
1603 mTorchUidMap[id].first = uid;
1604 mTorchUidMap[id].second = uid;
1605 } else {
1606 // Set the pending UID
1607 mTorchUidMap[id].first = uid;
1608 }
1609 }
1610
1611 status_t err = mFlashlight->setTorchMode(id, enabled);
1612
1613 if (err != OK) {
1614 int32_t errorCode;
1615 String8 msg;
1616 switch (err) {
1617 case -ENOSYS:
1618 msg = String8::format("Camera \"%s\" has no flashlight",
1619 id.string());
1620 errorCode = ERROR_ILLEGAL_ARGUMENT;
1621 break;
1622 default:
1623 msg = String8::format(
1624 "Setting torch mode of camera \"%s\" to %d failed: %s (%d)",
1625 id.string(), enabled, strerror(-err), err);
1626 errorCode = ERROR_INVALID_OPERATION;
1627 }
1628 ALOGE("%s: %s", __FUNCTION__, msg.string());
1629 return STATUS_ERROR(errorCode, msg.string());
1630 }
1631
1632 {
1633 // update the link to client's death
1634 Mutex::Autolock al(mTorchClientMapMutex);
1635 ssize_t index = mTorchClientMap.indexOfKey(id);
1636 if (enabled) {
1637 if (index == NAME_NOT_FOUND) {
1638 mTorchClientMap.add(id, clientBinder);
1639 } else {
1640 mTorchClientMap.valueAt(index)->unlinkToDeath(this);
1641 mTorchClientMap.replaceValueAt(index, clientBinder);
1642 }
1643 clientBinder->linkToDeath(this);
1644 } else if (index != NAME_NOT_FOUND) {
1645 mTorchClientMap.valueAt(index)->unlinkToDeath(this);
1646 }
1647 }
1648
1649 int clientPid = CameraThreadState::getCallingPid();
1650 const char *id_cstr = id.c_str();
1651 const char *torchState = enabled ? "on" : "off";
1652 ALOGI("Torch for camera id %s turned %s for client PID %d", id_cstr, torchState, clientPid);
1653 logTorchEvent(id_cstr, torchState , clientPid);
1654 return Status::ok();
1655 }
1656
notifySystemEvent(int32_t eventId,const std::vector<int32_t> & args)1657 Status CameraService::notifySystemEvent(int32_t eventId,
1658 const std::vector<int32_t>& args) {
1659 const int pid = CameraThreadState::getCallingPid();
1660 const int selfPid = getpid();
1661
1662 // Permission checks
1663 if (pid != selfPid) {
1664 // Ensure we're being called by system_server, or similar process with
1665 // permissions to notify the camera service about system events
1666 if (!checkCallingPermission(
1667 String16("android.permission.CAMERA_SEND_SYSTEM_EVENTS"))) {
1668 const int uid = CameraThreadState::getCallingUid();
1669 ALOGE("Permission Denial: cannot send updates to camera service about system"
1670 " events from pid=%d, uid=%d", pid, uid);
1671 return STATUS_ERROR_FMT(ERROR_PERMISSION_DENIED,
1672 "No permission to send updates to camera service about system events"
1673 " from pid=%d, uid=%d", pid, uid);
1674 }
1675 }
1676
1677 ATRACE_CALL();
1678
1679 switch(eventId) {
1680 case ICameraService::EVENT_USER_SWITCHED: {
1681 // Try to register for UID and sensor privacy policy updates, in case we're recovering
1682 // from a system server crash
1683 mUidPolicy->registerSelf();
1684 mSensorPrivacyPolicy->registerSelf();
1685 doUserSwitch(/*newUserIds*/ args);
1686 break;
1687 }
1688 case ICameraService::EVENT_NONE:
1689 default: {
1690 ALOGW("%s: Received invalid system event from system_server: %d", __FUNCTION__,
1691 eventId);
1692 break;
1693 }
1694 }
1695 return Status::ok();
1696 }
1697
notifyMonitoredUids()1698 void CameraService::notifyMonitoredUids() {
1699 Mutex::Autolock lock(mStatusListenerLock);
1700
1701 for (const auto& it : mListenerList) {
1702 auto ret = it.second->getListener()->onCameraAccessPrioritiesChanged();
1703 if (!ret.isOk()) {
1704 ALOGE("%s: Failed to trigger permission callback: %d", __FUNCTION__,
1705 ret.exceptionCode());
1706 }
1707 }
1708 }
1709
notifyDeviceStateChange(int64_t newState)1710 Status CameraService::notifyDeviceStateChange(int64_t newState) {
1711 const int pid = CameraThreadState::getCallingPid();
1712 const int selfPid = getpid();
1713
1714 // Permission checks
1715 if (pid != selfPid) {
1716 // Ensure we're being called by system_server, or similar process with
1717 // permissions to notify the camera service about system events
1718 if (!checkCallingPermission(
1719 String16("android.permission.CAMERA_SEND_SYSTEM_EVENTS"))) {
1720 const int uid = CameraThreadState::getCallingUid();
1721 ALOGE("Permission Denial: cannot send updates to camera service about device"
1722 " state changes from pid=%d, uid=%d", pid, uid);
1723 return STATUS_ERROR_FMT(ERROR_PERMISSION_DENIED,
1724 "No permission to send updates to camera service about device state"
1725 " changes from pid=%d, uid=%d", pid, uid);
1726 }
1727 }
1728
1729 ATRACE_CALL();
1730
1731 using hardware::camera::provider::V2_5::DeviceState;
1732 hardware::hidl_bitfield<DeviceState> newDeviceState{};
1733 if (newState & ICameraService::DEVICE_STATE_BACK_COVERED) {
1734 newDeviceState |= DeviceState::BACK_COVERED;
1735 }
1736 if (newState & ICameraService::DEVICE_STATE_FRONT_COVERED) {
1737 newDeviceState |= DeviceState::FRONT_COVERED;
1738 }
1739 if (newState & ICameraService::DEVICE_STATE_FOLDED) {
1740 newDeviceState |= DeviceState::FOLDED;
1741 }
1742 // Only map vendor bits directly
1743 uint64_t vendorBits = static_cast<uint64_t>(newState) & 0xFFFFFFFF00000000l;
1744 newDeviceState |= vendorBits;
1745
1746 ALOGV("%s: New device state 0x%" PRIx64, __FUNCTION__, newDeviceState);
1747 Mutex::Autolock l(mServiceLock);
1748 mCameraProviderManager->notifyDeviceStateChange(newDeviceState);
1749
1750 return Status::ok();
1751 }
1752
addListener(const sp<ICameraServiceListener> & listener,std::vector<hardware::CameraStatus> * cameraStatuses)1753 Status CameraService::addListener(const sp<ICameraServiceListener>& listener,
1754 /*out*/
1755 std::vector<hardware::CameraStatus> *cameraStatuses) {
1756 return addListenerHelper(listener, cameraStatuses);
1757 }
1758
addListenerHelper(const sp<ICameraServiceListener> & listener,std::vector<hardware::CameraStatus> * cameraStatuses,bool isVendorListener)1759 Status CameraService::addListenerHelper(const sp<ICameraServiceListener>& listener,
1760 /*out*/
1761 std::vector<hardware::CameraStatus> *cameraStatuses,
1762 bool isVendorListener) {
1763
1764 ATRACE_CALL();
1765
1766 ALOGV("%s: Add listener %p", __FUNCTION__, listener.get());
1767
1768 if (listener == nullptr) {
1769 ALOGE("%s: Listener must not be null", __FUNCTION__);
1770 return STATUS_ERROR(ERROR_ILLEGAL_ARGUMENT, "Null listener given to addListener");
1771 }
1772
1773 Mutex::Autolock lock(mServiceLock);
1774
1775 {
1776 Mutex::Autolock lock(mStatusListenerLock);
1777 for (const auto &it : mListenerList) {
1778 if (IInterface::asBinder(it.second->getListener()) == IInterface::asBinder(listener)) {
1779 ALOGW("%s: Tried to add listener %p which was already subscribed",
1780 __FUNCTION__, listener.get());
1781 return STATUS_ERROR(ERROR_ALREADY_EXISTS, "Listener already registered");
1782 }
1783 }
1784
1785 auto clientUid = CameraThreadState::getCallingUid();
1786 sp<ServiceListener> serviceListener = new ServiceListener(this, listener, clientUid);
1787 auto ret = serviceListener->initialize();
1788 if (ret != NO_ERROR) {
1789 String8 msg = String8::format("Failed to initialize service listener: %s (%d)",
1790 strerror(-ret), ret);
1791 ALOGE("%s: %s", __FUNCTION__, msg.string());
1792 return STATUS_ERROR(ERROR_ILLEGAL_ARGUMENT, msg.string());
1793 }
1794 mListenerList.emplace_back(isVendorListener, serviceListener);
1795 mUidPolicy->registerMonitorUid(clientUid);
1796 }
1797
1798 /* Collect current devices and status */
1799 {
1800 Mutex::Autolock lock(mCameraStatesLock);
1801 for (auto& i : mCameraStates) {
1802 if (!isVendorListener &&
1803 mCameraProviderManager->isPublicallyHiddenSecureCamera(i.first.c_str())) {
1804 ALOGV("Cannot add public listener for hidden system-only %s for pid %d",
1805 i.first.c_str(), CameraThreadState::getCallingPid());
1806 continue;
1807 }
1808 cameraStatuses->emplace_back(i.first, mapToInterface(i.second->getStatus()));
1809 }
1810 }
1811
1812 /*
1813 * Immediately signal current torch status to this listener only
1814 * This may be a subset of all the devices, so don't include it in the response directly
1815 */
1816 {
1817 Mutex::Autolock al(mTorchStatusMutex);
1818 for (size_t i = 0; i < mTorchStatusMap.size(); i++ ) {
1819 String16 id = String16(mTorchStatusMap.keyAt(i).string());
1820 listener->onTorchStatusChanged(mapToInterface(mTorchStatusMap.valueAt(i)), id);
1821 }
1822 }
1823
1824 return Status::ok();
1825 }
1826
removeListener(const sp<ICameraServiceListener> & listener)1827 Status CameraService::removeListener(const sp<ICameraServiceListener>& listener) {
1828 ATRACE_CALL();
1829
1830 ALOGV("%s: Remove listener %p", __FUNCTION__, listener.get());
1831
1832 if (listener == 0) {
1833 ALOGE("%s: Listener must not be null", __FUNCTION__);
1834 return STATUS_ERROR(ERROR_ILLEGAL_ARGUMENT, "Null listener given to removeListener");
1835 }
1836
1837 Mutex::Autolock lock(mServiceLock);
1838
1839 {
1840 Mutex::Autolock lock(mStatusListenerLock);
1841 for (auto it = mListenerList.begin(); it != mListenerList.end(); it++) {
1842 if (IInterface::asBinder(it->second->getListener()) == IInterface::asBinder(listener)) {
1843 mUidPolicy->unregisterMonitorUid(it->second->getListenerUid());
1844 IInterface::asBinder(listener)->unlinkToDeath(it->second);
1845 mListenerList.erase(it);
1846 return Status::ok();
1847 }
1848 }
1849 }
1850
1851 ALOGW("%s: Tried to remove a listener %p which was not subscribed",
1852 __FUNCTION__, listener.get());
1853
1854 return STATUS_ERROR(ERROR_ILLEGAL_ARGUMENT, "Unregistered listener given to removeListener");
1855 }
1856
getLegacyParameters(int cameraId,String16 * parameters)1857 Status CameraService::getLegacyParameters(int cameraId, /*out*/String16* parameters) {
1858
1859 ATRACE_CALL();
1860 ALOGV("%s: for camera ID = %d", __FUNCTION__, cameraId);
1861
1862 if (parameters == NULL) {
1863 ALOGE("%s: parameters must not be null", __FUNCTION__);
1864 return STATUS_ERROR(ERROR_ILLEGAL_ARGUMENT, "Parameters must not be null");
1865 }
1866
1867 Status ret = Status::ok();
1868
1869 CameraParameters shimParams;
1870 if (!(ret = getLegacyParametersLazy(cameraId, /*out*/&shimParams)).isOk()) {
1871 // Error logged by caller
1872 return ret;
1873 }
1874
1875 String8 shimParamsString8 = shimParams.flatten();
1876 String16 shimParamsString16 = String16(shimParamsString8);
1877
1878 *parameters = shimParamsString16;
1879
1880 return ret;
1881 }
1882
supportsCameraApi(const String16 & cameraId,int apiVersion,bool * isSupported)1883 Status CameraService::supportsCameraApi(const String16& cameraId, int apiVersion,
1884 /*out*/ bool *isSupported) {
1885 ATRACE_CALL();
1886
1887 const String8 id = String8(cameraId);
1888
1889 ALOGV("%s: for camera ID = %s", __FUNCTION__, id.string());
1890
1891 switch (apiVersion) {
1892 case API_VERSION_1:
1893 case API_VERSION_2:
1894 break;
1895 default:
1896 String8 msg = String8::format("Unknown API version %d", apiVersion);
1897 ALOGE("%s: %s", __FUNCTION__, msg.string());
1898 return STATUS_ERROR(ERROR_ILLEGAL_ARGUMENT, msg.string());
1899 }
1900
1901 int deviceVersion = getDeviceVersion(id);
1902 switch (deviceVersion) {
1903 case CAMERA_DEVICE_API_VERSION_1_0:
1904 case CAMERA_DEVICE_API_VERSION_3_0:
1905 case CAMERA_DEVICE_API_VERSION_3_1:
1906 if (apiVersion == API_VERSION_2) {
1907 ALOGV("%s: Camera id %s uses HAL version %d <3.2, doesn't support api2 without shim",
1908 __FUNCTION__, id.string(), deviceVersion);
1909 *isSupported = false;
1910 } else { // if (apiVersion == API_VERSION_1) {
1911 ALOGV("%s: Camera id %s uses older HAL before 3.2, but api1 is always supported",
1912 __FUNCTION__, id.string());
1913 *isSupported = true;
1914 }
1915 break;
1916 case CAMERA_DEVICE_API_VERSION_3_2:
1917 case CAMERA_DEVICE_API_VERSION_3_3:
1918 case CAMERA_DEVICE_API_VERSION_3_4:
1919 case CAMERA_DEVICE_API_VERSION_3_5:
1920 ALOGV("%s: Camera id %s uses HAL3.2 or newer, supports api1/api2 directly",
1921 __FUNCTION__, id.string());
1922 *isSupported = true;
1923 break;
1924 case -1: {
1925 String8 msg = String8::format("Unknown camera ID %s", id.string());
1926 ALOGE("%s: %s", __FUNCTION__, msg.string());
1927 return STATUS_ERROR(ERROR_ILLEGAL_ARGUMENT, msg.string());
1928 }
1929 default: {
1930 String8 msg = String8::format("Unknown device version %x for device %s",
1931 deviceVersion, id.string());
1932 ALOGE("%s: %s", __FUNCTION__, msg.string());
1933 return STATUS_ERROR(ERROR_INVALID_OPERATION, msg.string());
1934 }
1935 }
1936
1937 return Status::ok();
1938 }
1939
isHiddenPhysicalCamera(const String16 & cameraId,bool * isSupported)1940 Status CameraService::isHiddenPhysicalCamera(const String16& cameraId,
1941 /*out*/ bool *isSupported) {
1942 ATRACE_CALL();
1943
1944 const String8 id = String8(cameraId);
1945
1946 ALOGV("%s: for camera ID = %s", __FUNCTION__, id.string());
1947 *isSupported = mCameraProviderManager->isHiddenPhysicalCamera(id.string());
1948
1949 return Status::ok();
1950 }
1951
removeByClient(const BasicClient * client)1952 void CameraService::removeByClient(const BasicClient* client) {
1953 Mutex::Autolock lock(mServiceLock);
1954 for (auto& i : mActiveClientManager.getAll()) {
1955 auto clientSp = i->getValue();
1956 if (clientSp.get() == client) {
1957 mActiveClientManager.remove(i);
1958 }
1959 }
1960 }
1961
evictClientIdByRemote(const wp<IBinder> & remote)1962 bool CameraService::evictClientIdByRemote(const wp<IBinder>& remote) {
1963 bool ret = false;
1964 {
1965 // Acquire mServiceLock and prevent other clients from connecting
1966 std::unique_ptr<AutoConditionLock> lock =
1967 AutoConditionLock::waitAndAcquire(mServiceLockWrapper);
1968
1969
1970 std::vector<sp<BasicClient>> evicted;
1971 for (auto& i : mActiveClientManager.getAll()) {
1972 auto clientSp = i->getValue();
1973 if (clientSp.get() == nullptr) {
1974 ALOGE("%s: Dead client still in mActiveClientManager.", __FUNCTION__);
1975 mActiveClientManager.remove(i);
1976 continue;
1977 }
1978 if (remote == clientSp->getRemote()) {
1979 mActiveClientManager.remove(i);
1980 evicted.push_back(clientSp);
1981
1982 // Notify the client of disconnection
1983 clientSp->notifyError(
1984 hardware::camera2::ICameraDeviceCallbacks::ERROR_CAMERA_DISCONNECTED,
1985 CaptureResultExtras());
1986 }
1987 }
1988
1989 // Do not hold mServiceLock while disconnecting clients, but retain the condition blocking
1990 // other clients from connecting in mServiceLockWrapper if held
1991 mServiceLock.unlock();
1992
1993 // Do not clear caller identity, remote caller should be client proccess
1994
1995 for (auto& i : evicted) {
1996 if (i.get() != nullptr) {
1997 i->disconnect();
1998 ret = true;
1999 }
2000 }
2001
2002 // Reacquire mServiceLock
2003 mServiceLock.lock();
2004
2005 } // lock is destroyed, allow further connect calls
2006
2007 return ret;
2008 }
2009
getCameraState(const String8 & cameraId) const2010 std::shared_ptr<CameraService::CameraState> CameraService::getCameraState(
2011 const String8& cameraId) const {
2012 std::shared_ptr<CameraState> state;
2013 {
2014 Mutex::Autolock lock(mCameraStatesLock);
2015 auto iter = mCameraStates.find(cameraId);
2016 if (iter != mCameraStates.end()) {
2017 state = iter->second;
2018 }
2019 }
2020 return state;
2021 }
2022
removeClientLocked(const String8 & cameraId)2023 sp<CameraService::BasicClient> CameraService::removeClientLocked(const String8& cameraId) {
2024 // Remove from active clients list
2025 auto clientDescriptorPtr = mActiveClientManager.remove(cameraId);
2026 if (clientDescriptorPtr == nullptr) {
2027 ALOGW("%s: Could not evict client, no client for camera ID %s", __FUNCTION__,
2028 cameraId.string());
2029 return sp<BasicClient>{nullptr};
2030 }
2031
2032 return clientDescriptorPtr->getValue();
2033 }
2034
doUserSwitch(const std::vector<int32_t> & newUserIds)2035 void CameraService::doUserSwitch(const std::vector<int32_t>& newUserIds) {
2036 // Acquire mServiceLock and prevent other clients from connecting
2037 std::unique_ptr<AutoConditionLock> lock =
2038 AutoConditionLock::waitAndAcquire(mServiceLockWrapper);
2039
2040 std::set<userid_t> newAllowedUsers;
2041 for (size_t i = 0; i < newUserIds.size(); i++) {
2042 if (newUserIds[i] < 0) {
2043 ALOGE("%s: Bad user ID %d given during user switch, ignoring.",
2044 __FUNCTION__, newUserIds[i]);
2045 return;
2046 }
2047 newAllowedUsers.insert(static_cast<userid_t>(newUserIds[i]));
2048 }
2049
2050
2051 if (newAllowedUsers == mAllowedUsers) {
2052 ALOGW("%s: Received notification of user switch with no updated user IDs.", __FUNCTION__);
2053 return;
2054 }
2055
2056 logUserSwitch(mAllowedUsers, newAllowedUsers);
2057
2058 mAllowedUsers = std::move(newAllowedUsers);
2059
2060 // Current user has switched, evict all current clients.
2061 std::vector<sp<BasicClient>> evicted;
2062 for (auto& i : mActiveClientManager.getAll()) {
2063 auto clientSp = i->getValue();
2064
2065 if (clientSp.get() == nullptr) {
2066 ALOGE("%s: Dead client still in mActiveClientManager.", __FUNCTION__);
2067 continue;
2068 }
2069
2070 // Don't evict clients that are still allowed.
2071 uid_t clientUid = clientSp->getClientUid();
2072 userid_t clientUserId = multiuser_get_user_id(clientUid);
2073 if (mAllowedUsers.find(clientUserId) != mAllowedUsers.end()) {
2074 continue;
2075 }
2076
2077 evicted.push_back(clientSp);
2078
2079 String8 curTime = getFormattedCurrentTime();
2080
2081 ALOGE("Evicting conflicting client for camera ID %s due to user change",
2082 i->getKey().string());
2083
2084 // Log the clients evicted
2085 logEvent(String8::format("EVICT device %s client held by package %s (PID %"
2086 PRId32 ", score %" PRId32 ", state %" PRId32 ")\n - Evicted due"
2087 " to user switch.", i->getKey().string(),
2088 String8{clientSp->getPackageName()}.string(),
2089 i->getOwnerId(), i->getPriority().getScore(),
2090 i->getPriority().getState()));
2091
2092 }
2093
2094 // Do not hold mServiceLock while disconnecting clients, but retain the condition
2095 // blocking other clients from connecting in mServiceLockWrapper if held.
2096 mServiceLock.unlock();
2097
2098 // Clear caller identity temporarily so client disconnect PID checks work correctly
2099 int64_t token = CameraThreadState::clearCallingIdentity();
2100
2101 for (auto& i : evicted) {
2102 i->disconnect();
2103 }
2104
2105 CameraThreadState::restoreCallingIdentity(token);
2106
2107 // Reacquire mServiceLock
2108 mServiceLock.lock();
2109 }
2110
logEvent(const char * event)2111 void CameraService::logEvent(const char* event) {
2112 String8 curTime = getFormattedCurrentTime();
2113 Mutex::Autolock l(mLogLock);
2114 mEventLog.add(String8::format("%s : %s", curTime.string(), event));
2115 }
2116
logDisconnected(const char * cameraId,int clientPid,const char * clientPackage)2117 void CameraService::logDisconnected(const char* cameraId, int clientPid,
2118 const char* clientPackage) {
2119 // Log the clients evicted
2120 logEvent(String8::format("DISCONNECT device %s client for package %s (PID %d)", cameraId,
2121 clientPackage, clientPid));
2122 }
2123
logConnected(const char * cameraId,int clientPid,const char * clientPackage)2124 void CameraService::logConnected(const char* cameraId, int clientPid,
2125 const char* clientPackage) {
2126 // Log the clients evicted
2127 logEvent(String8::format("CONNECT device %s client for package %s (PID %d)", cameraId,
2128 clientPackage, clientPid));
2129 }
2130
logRejected(const char * cameraId,int clientPid,const char * clientPackage,const char * reason)2131 void CameraService::logRejected(const char* cameraId, int clientPid,
2132 const char* clientPackage, const char* reason) {
2133 // Log the client rejected
2134 logEvent(String8::format("REJECT device %s client for package %s (PID %d), reason: (%s)",
2135 cameraId, clientPackage, clientPid, reason));
2136 }
2137
logTorchEvent(const char * cameraId,const char * torchState,int clientPid)2138 void CameraService::logTorchEvent(const char* cameraId, const char *torchState, int clientPid) {
2139 // Log torch event
2140 logEvent(String8::format("Torch for camera id %s turned %s for client PID %d", cameraId,
2141 torchState, clientPid));
2142 }
2143
logUserSwitch(const std::set<userid_t> & oldUserIds,const std::set<userid_t> & newUserIds)2144 void CameraService::logUserSwitch(const std::set<userid_t>& oldUserIds,
2145 const std::set<userid_t>& newUserIds) {
2146 String8 newUsers = toString(newUserIds);
2147 String8 oldUsers = toString(oldUserIds);
2148 if (oldUsers.size() == 0) {
2149 oldUsers = "<None>";
2150 }
2151 // Log the new and old users
2152 logEvent(String8::format("USER_SWITCH previous allowed user IDs: %s, current allowed user IDs: %s",
2153 oldUsers.string(), newUsers.string()));
2154 }
2155
logDeviceRemoved(const char * cameraId,const char * reason)2156 void CameraService::logDeviceRemoved(const char* cameraId, const char* reason) {
2157 // Log the device removal
2158 logEvent(String8::format("REMOVE device %s, reason: (%s)", cameraId, reason));
2159 }
2160
logDeviceAdded(const char * cameraId,const char * reason)2161 void CameraService::logDeviceAdded(const char* cameraId, const char* reason) {
2162 // Log the device removal
2163 logEvent(String8::format("ADD device %s, reason: (%s)", cameraId, reason));
2164 }
2165
logClientDied(int clientPid,const char * reason)2166 void CameraService::logClientDied(int clientPid, const char* reason) {
2167 // Log the device removal
2168 logEvent(String8::format("DIED client(s) with PID %d, reason: (%s)", clientPid, reason));
2169 }
2170
logServiceError(const char * msg,int errorCode)2171 void CameraService::logServiceError(const char* msg, int errorCode) {
2172 String8 curTime = getFormattedCurrentTime();
2173 logEvent(String8::format("SERVICE ERROR: %s : %d (%s)", msg, errorCode, strerror(-errorCode)));
2174 }
2175
onTransact(uint32_t code,const Parcel & data,Parcel * reply,uint32_t flags)2176 status_t CameraService::onTransact(uint32_t code, const Parcel& data, Parcel* reply,
2177 uint32_t flags) {
2178
2179 // Permission checks
2180 switch (code) {
2181 case SHELL_COMMAND_TRANSACTION: {
2182 int in = data.readFileDescriptor();
2183 int out = data.readFileDescriptor();
2184 int err = data.readFileDescriptor();
2185 int argc = data.readInt32();
2186 Vector<String16> args;
2187 for (int i = 0; i < argc && data.dataAvail() > 0; i++) {
2188 args.add(data.readString16());
2189 }
2190 sp<IBinder> unusedCallback;
2191 sp<IResultReceiver> resultReceiver;
2192 status_t status;
2193 if ((status = data.readNullableStrongBinder(&unusedCallback)) != NO_ERROR) {
2194 return status;
2195 }
2196 if ((status = data.readNullableStrongBinder(&resultReceiver)) != NO_ERROR) {
2197 return status;
2198 }
2199 status = shellCommand(in, out, err, args);
2200 if (resultReceiver != nullptr) {
2201 resultReceiver->send(status);
2202 }
2203 return NO_ERROR;
2204 }
2205 }
2206
2207 return BnCameraService::onTransact(code, data, reply, flags);
2208 }
2209
2210 // We share the media players for shutter and recording sound for all clients.
2211 // A reference count is kept to determine when we will actually release the
2212 // media players.
2213
newMediaPlayer(const char * file)2214 sp<MediaPlayer> CameraService::newMediaPlayer(const char *file) {
2215 sp<MediaPlayer> mp = new MediaPlayer();
2216 status_t error;
2217 if ((error = mp->setDataSource(NULL /* httpService */, file, NULL)) == NO_ERROR) {
2218 mp->setAudioStreamType(AUDIO_STREAM_ENFORCED_AUDIBLE);
2219 error = mp->prepare();
2220 }
2221 if (error != NO_ERROR) {
2222 ALOGE("Failed to load CameraService sounds: %s", file);
2223 mp->disconnect();
2224 mp.clear();
2225 return nullptr;
2226 }
2227 return mp;
2228 }
2229
increaseSoundRef()2230 void CameraService::increaseSoundRef() {
2231 Mutex::Autolock lock(mSoundLock);
2232 mSoundRef++;
2233 }
2234
loadSoundLocked(sound_kind kind)2235 void CameraService::loadSoundLocked(sound_kind kind) {
2236 ATRACE_CALL();
2237
2238 LOG1("CameraService::loadSoundLocked ref=%d", mSoundRef);
2239 if (SOUND_SHUTTER == kind && mSoundPlayer[SOUND_SHUTTER] == NULL) {
2240 mSoundPlayer[SOUND_SHUTTER] = newMediaPlayer("/product/media/audio/ui/camera_click.ogg");
2241 if (mSoundPlayer[SOUND_SHUTTER] == nullptr) {
2242 mSoundPlayer[SOUND_SHUTTER] = newMediaPlayer("/system/media/audio/ui/camera_click.ogg");
2243 }
2244 } else if (SOUND_RECORDING_START == kind && mSoundPlayer[SOUND_RECORDING_START] == NULL) {
2245 mSoundPlayer[SOUND_RECORDING_START] = newMediaPlayer("/product/media/audio/ui/VideoRecord.ogg");
2246 if (mSoundPlayer[SOUND_RECORDING_START] == nullptr) {
2247 mSoundPlayer[SOUND_RECORDING_START] =
2248 newMediaPlayer("/system/media/audio/ui/VideoRecord.ogg");
2249 }
2250 } else if (SOUND_RECORDING_STOP == kind && mSoundPlayer[SOUND_RECORDING_STOP] == NULL) {
2251 mSoundPlayer[SOUND_RECORDING_STOP] = newMediaPlayer("/product/media/audio/ui/VideoStop.ogg");
2252 if (mSoundPlayer[SOUND_RECORDING_STOP] == nullptr) {
2253 mSoundPlayer[SOUND_RECORDING_STOP] = newMediaPlayer("/system/media/audio/ui/VideoStop.ogg");
2254 }
2255 }
2256 }
2257
decreaseSoundRef()2258 void CameraService::decreaseSoundRef() {
2259 Mutex::Autolock lock(mSoundLock);
2260 LOG1("CameraService::decreaseSoundRef ref=%d", mSoundRef);
2261 if (--mSoundRef) return;
2262
2263 for (int i = 0; i < NUM_SOUNDS; i++) {
2264 if (mSoundPlayer[i] != 0) {
2265 mSoundPlayer[i]->disconnect();
2266 mSoundPlayer[i].clear();
2267 }
2268 }
2269 }
2270
playSound(sound_kind kind)2271 void CameraService::playSound(sound_kind kind) {
2272 ATRACE_CALL();
2273
2274 LOG1("playSound(%d)", kind);
2275 Mutex::Autolock lock(mSoundLock);
2276 loadSoundLocked(kind);
2277 sp<MediaPlayer> player = mSoundPlayer[kind];
2278 if (player != 0) {
2279 player->seekTo(0);
2280 player->start();
2281 }
2282 }
2283
2284 // ----------------------------------------------------------------------------
2285
Client(const sp<CameraService> & cameraService,const sp<ICameraClient> & cameraClient,const String16 & clientPackageName,const String8 & cameraIdStr,int api1CameraId,int cameraFacing,int clientPid,uid_t clientUid,int servicePid)2286 CameraService::Client::Client(const sp<CameraService>& cameraService,
2287 const sp<ICameraClient>& cameraClient,
2288 const String16& clientPackageName,
2289 const String8& cameraIdStr,
2290 int api1CameraId, int cameraFacing,
2291 int clientPid, uid_t clientUid,
2292 int servicePid) :
2293 CameraService::BasicClient(cameraService,
2294 IInterface::asBinder(cameraClient),
2295 clientPackageName,
2296 cameraIdStr, cameraFacing,
2297 clientPid, clientUid,
2298 servicePid),
2299 mCameraId(api1CameraId)
2300 {
2301 int callingPid = CameraThreadState::getCallingPid();
2302 LOG1("Client::Client E (pid %d, id %d)", callingPid, mCameraId);
2303
2304 mRemoteCallback = cameraClient;
2305
2306 cameraService->increaseSoundRef();
2307
2308 LOG1("Client::Client X (pid %d, id %d)", callingPid, mCameraId);
2309 }
2310
2311 // tear down the client
~Client()2312 CameraService::Client::~Client() {
2313 ALOGV("~Client");
2314 mDestructionStarted = true;
2315
2316 sCameraService->decreaseSoundRef();
2317 // unconditionally disconnect. function is idempotent
2318 Client::disconnect();
2319 }
2320
2321 sp<CameraService> CameraService::BasicClient::BasicClient::sCameraService;
2322
BasicClient(const sp<CameraService> & cameraService,const sp<IBinder> & remoteCallback,const String16 & clientPackageName,const String8 & cameraIdStr,int cameraFacing,int clientPid,uid_t clientUid,int servicePid)2323 CameraService::BasicClient::BasicClient(const sp<CameraService>& cameraService,
2324 const sp<IBinder>& remoteCallback,
2325 const String16& clientPackageName,
2326 const String8& cameraIdStr, int cameraFacing,
2327 int clientPid, uid_t clientUid,
2328 int servicePid):
2329 mCameraIdStr(cameraIdStr), mCameraFacing(cameraFacing),
2330 mClientPackageName(clientPackageName), mClientPid(clientPid), mClientUid(clientUid),
2331 mServicePid(servicePid),
2332 mDisconnected(false),
2333 mRemoteBinder(remoteCallback)
2334 {
2335 if (sCameraService == nullptr) {
2336 sCameraService = cameraService;
2337 }
2338 mOpsActive = false;
2339 mDestructionStarted = false;
2340
2341 // In some cases the calling code has no access to the package it runs under.
2342 // For example, NDK camera API.
2343 // In this case we will get the packages for the calling UID and pick the first one
2344 // for attributing the app op. This will work correctly for runtime permissions
2345 // as for legacy apps we will toggle the app op for all packages in the UID.
2346 // The caveat is that the operation may be attributed to the wrong package and
2347 // stats based on app ops may be slightly off.
2348 if (mClientPackageName.size() <= 0) {
2349 sp<IServiceManager> sm = defaultServiceManager();
2350 sp<IBinder> binder = sm->getService(String16(kPermissionServiceName));
2351 if (binder == 0) {
2352 ALOGE("Cannot get permission service");
2353 // Leave mClientPackageName unchanged (empty) and the further interaction
2354 // with camera will fail in BasicClient::startCameraOps
2355 return;
2356 }
2357
2358 sp<IPermissionController> permCtrl = interface_cast<IPermissionController>(binder);
2359 Vector<String16> packages;
2360
2361 permCtrl->getPackagesForUid(mClientUid, packages);
2362
2363 if (packages.isEmpty()) {
2364 ALOGE("No packages for calling UID");
2365 // Leave mClientPackageName unchanged (empty) and the further interaction
2366 // with camera will fail in BasicClient::startCameraOps
2367 return;
2368 }
2369 mClientPackageName = packages[0];
2370 }
2371 if (hardware::IPCThreadState::self()->isServingCall()) {
2372 std::string vendorClient =
2373 StringPrintf("vendor.client.pid<%d>", CameraThreadState::getCallingPid());
2374 mClientPackageName = String16(vendorClient.c_str());
2375 } else {
2376 mAppOpsManager = std::make_unique<AppOpsManager>();
2377 }
2378 }
2379
~BasicClient()2380 CameraService::BasicClient::~BasicClient() {
2381 ALOGV("~BasicClient");
2382 mDestructionStarted = true;
2383 }
2384
disconnect()2385 binder::Status CameraService::BasicClient::disconnect() {
2386 binder::Status res = Status::ok();
2387 if (mDisconnected) {
2388 return res;
2389 }
2390 mDisconnected = true;
2391
2392 sCameraService->removeByClient(this);
2393 sCameraService->logDisconnected(mCameraIdStr, mClientPid, String8(mClientPackageName));
2394 sCameraService->mCameraProviderManager->removeRef(CameraProviderManager::DeviceMode::CAMERA,
2395 mCameraIdStr.c_str());
2396
2397 sp<IBinder> remote = getRemote();
2398 if (remote != nullptr) {
2399 remote->unlinkToDeath(sCameraService);
2400 }
2401
2402 finishCameraOps();
2403 // Notify flashlight that a camera device is closed.
2404 sCameraService->mFlashlight->deviceClosed(mCameraIdStr);
2405 ALOGI("%s: Disconnected client for camera %s for PID %d", __FUNCTION__, mCameraIdStr.string(),
2406 mClientPid);
2407
2408 // client shouldn't be able to call into us anymore
2409 mClientPid = 0;
2410
2411 return res;
2412 }
2413
dump(int,const Vector<String16> &)2414 status_t CameraService::BasicClient::dump(int, const Vector<String16>&) {
2415 // No dumping of clients directly over Binder,
2416 // must go through CameraService::dump
2417 android_errorWriteWithInfoLog(SN_EVENT_LOG_ID, "26265403",
2418 CameraThreadState::getCallingUid(), NULL, 0);
2419 return OK;
2420 }
2421
getPackageName() const2422 String16 CameraService::BasicClient::getPackageName() const {
2423 return mClientPackageName;
2424 }
2425
2426
getClientPid() const2427 int CameraService::BasicClient::getClientPid() const {
2428 return mClientPid;
2429 }
2430
getClientUid() const2431 uid_t CameraService::BasicClient::getClientUid() const {
2432 return mClientUid;
2433 }
2434
canCastToApiClient(apiLevel level) const2435 bool CameraService::BasicClient::canCastToApiClient(apiLevel level) const {
2436 // Defaults to API2.
2437 return level == API_2;
2438 }
2439
startCameraOps()2440 status_t CameraService::BasicClient::startCameraOps() {
2441 ATRACE_CALL();
2442
2443 {
2444 ALOGV("%s: Start camera ops, package name = %s, client UID = %d",
2445 __FUNCTION__, String8(mClientPackageName).string(), mClientUid);
2446 }
2447 if (mAppOpsManager != nullptr) {
2448 // Notify app ops that the camera is not available
2449 mOpsCallback = new OpsCallback(this);
2450 int32_t res;
2451 mAppOpsManager->startWatchingMode(AppOpsManager::OP_CAMERA,
2452 mClientPackageName, mOpsCallback);
2453 res = mAppOpsManager->startOpNoThrow(AppOpsManager::OP_CAMERA,
2454 mClientUid, mClientPackageName, /*startIfModeDefault*/ false);
2455
2456 if (res == AppOpsManager::MODE_ERRORED) {
2457 ALOGI("Camera %s: Access for \"%s\" has been revoked",
2458 mCameraIdStr.string(), String8(mClientPackageName).string());
2459 return PERMISSION_DENIED;
2460 }
2461
2462 if (res == AppOpsManager::MODE_IGNORED) {
2463 ALOGI("Camera %s: Access for \"%s\" has been restricted",
2464 mCameraIdStr.string(), String8(mClientPackageName).string());
2465 // Return the same error as for device policy manager rejection
2466 return -EACCES;
2467 }
2468 }
2469
2470 mOpsActive = true;
2471
2472 // Transition device availability listeners from PRESENT -> NOT_AVAILABLE
2473 sCameraService->updateStatus(StatusInternal::NOT_AVAILABLE, mCameraIdStr);
2474
2475 int apiLevel = hardware::ICameraServiceProxy::CAMERA_API_LEVEL_1;
2476 if (canCastToApiClient(API_2)) {
2477 apiLevel = hardware::ICameraServiceProxy::CAMERA_API_LEVEL_2;
2478 }
2479 // Transition device state to OPEN
2480 sCameraService->updateProxyDeviceState(ICameraServiceProxy::CAMERA_STATE_OPEN,
2481 mCameraIdStr, mCameraFacing, mClientPackageName, apiLevel);
2482
2483 sCameraService->mUidPolicy->registerMonitorUid(mClientUid);
2484
2485 return OK;
2486 }
2487
finishCameraOps()2488 status_t CameraService::BasicClient::finishCameraOps() {
2489 ATRACE_CALL();
2490
2491 // Check if startCameraOps succeeded, and if so, finish the camera op
2492 if (mOpsActive) {
2493 // Notify app ops that the camera is available again
2494 if (mAppOpsManager != nullptr) {
2495 mAppOpsManager->finishOp(AppOpsManager::OP_CAMERA, mClientUid,
2496 mClientPackageName);
2497 mOpsActive = false;
2498 }
2499 // This function is called when a client disconnects. This should
2500 // release the camera, but actually only if it was in a proper
2501 // functional state, i.e. with status NOT_AVAILABLE
2502 std::initializer_list<StatusInternal> rejected = {StatusInternal::PRESENT,
2503 StatusInternal::ENUMERATING, StatusInternal::NOT_PRESENT};
2504
2505 // Transition to PRESENT if the camera is not in either of the rejected states
2506 sCameraService->updateStatus(StatusInternal::PRESENT,
2507 mCameraIdStr, rejected);
2508
2509 int apiLevel = hardware::ICameraServiceProxy::CAMERA_API_LEVEL_1;
2510 if (canCastToApiClient(API_2)) {
2511 apiLevel = hardware::ICameraServiceProxy::CAMERA_API_LEVEL_2;
2512 }
2513 // Transition device state to CLOSED
2514 sCameraService->updateProxyDeviceState(ICameraServiceProxy::CAMERA_STATE_CLOSED,
2515 mCameraIdStr, mCameraFacing, mClientPackageName, apiLevel);
2516 }
2517 // Always stop watching, even if no camera op is active
2518 if (mOpsCallback != nullptr && mAppOpsManager != nullptr) {
2519 mAppOpsManager->stopWatchingMode(mOpsCallback);
2520 }
2521 mOpsCallback.clear();
2522
2523 sCameraService->mUidPolicy->unregisterMonitorUid(mClientUid);
2524
2525 return OK;
2526 }
2527
opChanged(int32_t op,const String16 &)2528 void CameraService::BasicClient::opChanged(int32_t op, const String16&) {
2529 ATRACE_CALL();
2530 if (mAppOpsManager == nullptr) {
2531 return;
2532 }
2533 if (op != AppOpsManager::OP_CAMERA) {
2534 ALOGW("Unexpected app ops notification received: %d", op);
2535 return;
2536 }
2537
2538 int32_t res;
2539 res = mAppOpsManager->checkOp(AppOpsManager::OP_CAMERA,
2540 mClientUid, mClientPackageName);
2541 ALOGV("checkOp returns: %d, %s ", res,
2542 res == AppOpsManager::MODE_ALLOWED ? "ALLOWED" :
2543 res == AppOpsManager::MODE_IGNORED ? "IGNORED" :
2544 res == AppOpsManager::MODE_ERRORED ? "ERRORED" :
2545 "UNKNOWN");
2546
2547 if (res != AppOpsManager::MODE_ALLOWED) {
2548 ALOGI("Camera %s: Access for \"%s\" revoked", mCameraIdStr.string(),
2549 String8(mClientPackageName).string());
2550 block();
2551 }
2552 }
2553
block()2554 void CameraService::BasicClient::block() {
2555 ATRACE_CALL();
2556
2557 // Reset the client PID to allow server-initiated disconnect,
2558 // and to prevent further calls by client.
2559 mClientPid = CameraThreadState::getCallingPid();
2560 CaptureResultExtras resultExtras; // a dummy result (invalid)
2561 notifyError(hardware::camera2::ICameraDeviceCallbacks::ERROR_CAMERA_DISABLED, resultExtras);
2562 disconnect();
2563 }
2564
2565 // ----------------------------------------------------------------------------
2566
notifyError(int32_t errorCode,const CaptureResultExtras & resultExtras)2567 void CameraService::Client::notifyError(int32_t errorCode,
2568 const CaptureResultExtras& resultExtras) {
2569 (void) resultExtras;
2570 if (mRemoteCallback != NULL) {
2571 int32_t api1ErrorCode = CAMERA_ERROR_RELEASED;
2572 if (errorCode == hardware::camera2::ICameraDeviceCallbacks::ERROR_CAMERA_DISABLED) {
2573 api1ErrorCode = CAMERA_ERROR_DISABLED;
2574 }
2575 mRemoteCallback->notifyCallback(CAMERA_MSG_ERROR, api1ErrorCode, 0);
2576 } else {
2577 ALOGE("mRemoteCallback is NULL!!");
2578 }
2579 }
2580
2581 // NOTE: function is idempotent
disconnect()2582 binder::Status CameraService::Client::disconnect() {
2583 ALOGV("Client::disconnect");
2584 return BasicClient::disconnect();
2585 }
2586
canCastToApiClient(apiLevel level) const2587 bool CameraService::Client::canCastToApiClient(apiLevel level) const {
2588 return level == API_1;
2589 }
2590
OpsCallback(wp<BasicClient> client)2591 CameraService::Client::OpsCallback::OpsCallback(wp<BasicClient> client):
2592 mClient(client) {
2593 }
2594
opChanged(int32_t op,const String16 & packageName)2595 void CameraService::Client::OpsCallback::opChanged(int32_t op,
2596 const String16& packageName) {
2597 sp<BasicClient> client = mClient.promote();
2598 if (client != NULL) {
2599 client->opChanged(op, packageName);
2600 }
2601 }
2602
2603 // ----------------------------------------------------------------------------
2604 // UidPolicy
2605 // ----------------------------------------------------------------------------
2606
registerSelf()2607 void CameraService::UidPolicy::registerSelf() {
2608 Mutex::Autolock _l(mUidLock);
2609
2610 ActivityManager am;
2611 if (mRegistered) return;
2612 am.registerUidObserver(this, ActivityManager::UID_OBSERVER_GONE
2613 | ActivityManager::UID_OBSERVER_IDLE
2614 | ActivityManager::UID_OBSERVER_ACTIVE | ActivityManager::UID_OBSERVER_PROCSTATE,
2615 ActivityManager::PROCESS_STATE_UNKNOWN,
2616 String16("cameraserver"));
2617 status_t res = am.linkToDeath(this);
2618 if (res == OK) {
2619 mRegistered = true;
2620 ALOGV("UidPolicy: Registered with ActivityManager");
2621 }
2622 }
2623
unregisterSelf()2624 void CameraService::UidPolicy::unregisterSelf() {
2625 Mutex::Autolock _l(mUidLock);
2626
2627 ActivityManager am;
2628 am.unregisterUidObserver(this);
2629 am.unlinkToDeath(this);
2630 mRegistered = false;
2631 mActiveUids.clear();
2632 ALOGV("UidPolicy: Unregistered with ActivityManager");
2633 }
2634
onUidGone(uid_t uid,bool disabled)2635 void CameraService::UidPolicy::onUidGone(uid_t uid, bool disabled) {
2636 onUidIdle(uid, disabled);
2637 }
2638
onUidActive(uid_t uid)2639 void CameraService::UidPolicy::onUidActive(uid_t uid) {
2640 Mutex::Autolock _l(mUidLock);
2641 mActiveUids.insert(uid);
2642 }
2643
onUidIdle(uid_t uid,bool)2644 void CameraService::UidPolicy::onUidIdle(uid_t uid, bool /* disabled */) {
2645 bool deleted = false;
2646 {
2647 Mutex::Autolock _l(mUidLock);
2648 if (mActiveUids.erase(uid) > 0) {
2649 deleted = true;
2650 }
2651 }
2652 if (deleted) {
2653 sp<CameraService> service = mService.promote();
2654 if (service != nullptr) {
2655 service->blockClientsForUid(uid);
2656 }
2657 }
2658 }
2659
onUidStateChanged(uid_t uid,int32_t procState,int64_t)2660 void CameraService::UidPolicy::onUidStateChanged(uid_t uid, int32_t procState,
2661 int64_t /*procStateSeq*/) {
2662 bool procStateChange = false;
2663 {
2664 Mutex::Autolock _l(mUidLock);
2665 if ((mMonitoredUids.find(uid) != mMonitoredUids.end()) &&
2666 (mMonitoredUids[uid].first != procState)) {
2667 mMonitoredUids[uid].first = procState;
2668 procStateChange = true;
2669 }
2670 }
2671
2672 if (procStateChange) {
2673 sp<CameraService> service = mService.promote();
2674 if (service != nullptr) {
2675 service->notifyMonitoredUids();
2676 }
2677 }
2678 }
2679
registerMonitorUid(uid_t uid)2680 void CameraService::UidPolicy::registerMonitorUid(uid_t uid) {
2681 Mutex::Autolock _l(mUidLock);
2682 auto it = mMonitoredUids.find(uid);
2683 if (it != mMonitoredUids.end()) {
2684 it->second.second++;
2685 } else {
2686 mMonitoredUids.emplace(
2687 std::pair<uid_t, std::pair<int32_t, size_t>> (uid,
2688 std::pair<int32_t, size_t> (ActivityManager::PROCESS_STATE_NONEXISTENT, 1)));
2689 }
2690 }
2691
unregisterMonitorUid(uid_t uid)2692 void CameraService::UidPolicy::unregisterMonitorUid(uid_t uid) {
2693 Mutex::Autolock _l(mUidLock);
2694 auto it = mMonitoredUids.find(uid);
2695 if (it != mMonitoredUids.end()) {
2696 it->second.second--;
2697 if (it->second.second == 0) {
2698 mMonitoredUids.erase(it);
2699 }
2700 } else {
2701 ALOGE("%s: Trying to unregister uid: %d which is not monitored!", __FUNCTION__, uid);
2702 }
2703 }
2704
isUidActive(uid_t uid,String16 callingPackage)2705 bool CameraService::UidPolicy::isUidActive(uid_t uid, String16 callingPackage) {
2706 Mutex::Autolock _l(mUidLock);
2707 return isUidActiveLocked(uid, callingPackage);
2708 }
2709
2710 static const int64_t kPollUidActiveTimeoutTotalMillis = 300;
2711 static const int64_t kPollUidActiveTimeoutMillis = 50;
2712
isUidActiveLocked(uid_t uid,String16 callingPackage)2713 bool CameraService::UidPolicy::isUidActiveLocked(uid_t uid, String16 callingPackage) {
2714 // Non-app UIDs are considered always active
2715 // If activity manager is unreachable, assume everything is active
2716 if (uid < FIRST_APPLICATION_UID || !mRegistered) {
2717 return true;
2718 }
2719 auto it = mOverrideUids.find(uid);
2720 if (it != mOverrideUids.end()) {
2721 return it->second;
2722 }
2723 bool active = mActiveUids.find(uid) != mActiveUids.end();
2724 if (!active) {
2725 // We want active UIDs to always access camera with their first attempt since
2726 // there is no guarantee the app is robustly written and would retry getting
2727 // the camera on failure. The inverse case is not a problem as we would take
2728 // camera away soon once we get the callback that the uid is no longer active.
2729 ActivityManager am;
2730 // Okay to access with a lock held as UID changes are dispatched without
2731 // a lock and we are a higher level component.
2732 int64_t startTimeMillis = 0;
2733 do {
2734 // TODO: Fix this b/109950150!
2735 // Okay this is a hack. There is a race between the UID turning active and
2736 // activity being resumed. The proper fix is very risky, so we temporary add
2737 // some polling which should happen pretty rarely anyway as the race is hard
2738 // to hit.
2739 active = mActiveUids.find(uid) != mActiveUids.end();
2740 if (!active) active = am.isUidActive(uid, callingPackage);
2741 if (active) {
2742 break;
2743 }
2744 if (startTimeMillis <= 0) {
2745 startTimeMillis = uptimeMillis();
2746 }
2747 int64_t ellapsedTimeMillis = uptimeMillis() - startTimeMillis;
2748 int64_t remainingTimeMillis = kPollUidActiveTimeoutTotalMillis - ellapsedTimeMillis;
2749 if (remainingTimeMillis <= 0) {
2750 break;
2751 }
2752 remainingTimeMillis = std::min(kPollUidActiveTimeoutMillis, remainingTimeMillis);
2753
2754 mUidLock.unlock();
2755 usleep(remainingTimeMillis * 1000);
2756 mUidLock.lock();
2757 } while (true);
2758
2759 if (active) {
2760 // Now that we found out the UID is actually active, cache that
2761 mActiveUids.insert(uid);
2762 }
2763 }
2764 return active;
2765 }
2766
getProcState(uid_t uid)2767 int32_t CameraService::UidPolicy::getProcState(uid_t uid) {
2768 Mutex::Autolock _l(mUidLock);
2769 return getProcStateLocked(uid);
2770 }
2771
getProcStateLocked(uid_t uid)2772 int32_t CameraService::UidPolicy::getProcStateLocked(uid_t uid) {
2773 int32_t procState = ActivityManager::PROCESS_STATE_UNKNOWN;
2774 if (mMonitoredUids.find(uid) != mMonitoredUids.end()) {
2775 procState = mMonitoredUids[uid].first;
2776 }
2777 return procState;
2778 }
2779
addOverrideUid(uid_t uid,String16 callingPackage,bool active)2780 void CameraService::UidPolicy::UidPolicy::addOverrideUid(uid_t uid,
2781 String16 callingPackage, bool active) {
2782 updateOverrideUid(uid, callingPackage, active, true);
2783 }
2784
removeOverrideUid(uid_t uid,String16 callingPackage)2785 void CameraService::UidPolicy::removeOverrideUid(uid_t uid, String16 callingPackage) {
2786 updateOverrideUid(uid, callingPackage, false, false);
2787 }
2788
binderDied(const wp<IBinder> &)2789 void CameraService::UidPolicy::binderDied(const wp<IBinder>& /*who*/) {
2790 Mutex::Autolock _l(mUidLock);
2791 ALOGV("UidPolicy: ActivityManager has died");
2792 mRegistered = false;
2793 mActiveUids.clear();
2794 }
2795
updateOverrideUid(uid_t uid,String16 callingPackage,bool active,bool insert)2796 void CameraService::UidPolicy::updateOverrideUid(uid_t uid, String16 callingPackage,
2797 bool active, bool insert) {
2798 bool wasActive = false;
2799 bool isActive = false;
2800 {
2801 Mutex::Autolock _l(mUidLock);
2802 wasActive = isUidActiveLocked(uid, callingPackage);
2803 mOverrideUids.erase(uid);
2804 if (insert) {
2805 mOverrideUids.insert(std::pair<uid_t, bool>(uid, active));
2806 }
2807 isActive = isUidActiveLocked(uid, callingPackage);
2808 }
2809 if (wasActive != isActive && !isActive) {
2810 sp<CameraService> service = mService.promote();
2811 if (service != nullptr) {
2812 service->blockClientsForUid(uid);
2813 }
2814 }
2815 }
2816
2817 // ----------------------------------------------------------------------------
2818 // SensorPrivacyPolicy
2819 // ----------------------------------------------------------------------------
registerSelf()2820 void CameraService::SensorPrivacyPolicy::registerSelf() {
2821 Mutex::Autolock _l(mSensorPrivacyLock);
2822 if (mRegistered) {
2823 return;
2824 }
2825 SensorPrivacyManager spm;
2826 spm.addSensorPrivacyListener(this);
2827 mSensorPrivacyEnabled = spm.isSensorPrivacyEnabled();
2828 status_t res = spm.linkToDeath(this);
2829 if (res == OK) {
2830 mRegistered = true;
2831 ALOGV("SensorPrivacyPolicy: Registered with SensorPrivacyManager");
2832 }
2833 }
2834
unregisterSelf()2835 void CameraService::SensorPrivacyPolicy::unregisterSelf() {
2836 Mutex::Autolock _l(mSensorPrivacyLock);
2837 SensorPrivacyManager spm;
2838 spm.removeSensorPrivacyListener(this);
2839 spm.unlinkToDeath(this);
2840 mRegistered = false;
2841 ALOGV("SensorPrivacyPolicy: Unregistered with SensorPrivacyManager");
2842 }
2843
isSensorPrivacyEnabled()2844 bool CameraService::SensorPrivacyPolicy::isSensorPrivacyEnabled() {
2845 Mutex::Autolock _l(mSensorPrivacyLock);
2846 return mSensorPrivacyEnabled;
2847 }
2848
onSensorPrivacyChanged(bool enabled)2849 binder::Status CameraService::SensorPrivacyPolicy::onSensorPrivacyChanged(bool enabled) {
2850 {
2851 Mutex::Autolock _l(mSensorPrivacyLock);
2852 mSensorPrivacyEnabled = enabled;
2853 }
2854 // if sensor privacy is enabled then block all clients from accessing the camera
2855 if (enabled) {
2856 sp<CameraService> service = mService.promote();
2857 if (service != nullptr) {
2858 service->blockAllClients();
2859 }
2860 }
2861 return binder::Status::ok();
2862 }
2863
binderDied(const wp<IBinder> &)2864 void CameraService::SensorPrivacyPolicy::binderDied(const wp<IBinder>& /*who*/) {
2865 Mutex::Autolock _l(mSensorPrivacyLock);
2866 ALOGV("SensorPrivacyPolicy: SensorPrivacyManager has died");
2867 mRegistered = false;
2868 }
2869
2870 // ----------------------------------------------------------------------------
2871 // CameraState
2872 // ----------------------------------------------------------------------------
2873
CameraState(const String8 & id,int cost,const std::set<String8> & conflicting)2874 CameraService::CameraState::CameraState(const String8& id, int cost,
2875 const std::set<String8>& conflicting) : mId(id),
2876 mStatus(StatusInternal::NOT_PRESENT), mCost(cost), mConflicting(conflicting) {}
2877
~CameraState()2878 CameraService::CameraState::~CameraState() {}
2879
getStatus() const2880 CameraService::StatusInternal CameraService::CameraState::getStatus() const {
2881 Mutex::Autolock lock(mStatusLock);
2882 return mStatus;
2883 }
2884
getShimParams() const2885 CameraParameters CameraService::CameraState::getShimParams() const {
2886 return mShimParams;
2887 }
2888
setShimParams(const CameraParameters & params)2889 void CameraService::CameraState::setShimParams(const CameraParameters& params) {
2890 mShimParams = params;
2891 }
2892
getCost() const2893 int CameraService::CameraState::getCost() const {
2894 return mCost;
2895 }
2896
getConflicting() const2897 std::set<String8> CameraService::CameraState::getConflicting() const {
2898 return mConflicting;
2899 }
2900
getId() const2901 String8 CameraService::CameraState::getId() const {
2902 return mId;
2903 }
2904
2905 // ----------------------------------------------------------------------------
2906 // ClientEventListener
2907 // ----------------------------------------------------------------------------
2908
onClientAdded(const resource_policy::ClientDescriptor<String8,sp<CameraService::BasicClient>> & descriptor)2909 void CameraService::ClientEventListener::onClientAdded(
2910 const resource_policy::ClientDescriptor<String8,
2911 sp<CameraService::BasicClient>>& descriptor) {
2912 const auto& basicClient = descriptor.getValue();
2913 if (basicClient.get() != nullptr) {
2914 BatteryNotifier& notifier(BatteryNotifier::getInstance());
2915 notifier.noteStartCamera(descriptor.getKey(),
2916 static_cast<int>(basicClient->getClientUid()));
2917 }
2918 }
2919
onClientRemoved(const resource_policy::ClientDescriptor<String8,sp<CameraService::BasicClient>> & descriptor)2920 void CameraService::ClientEventListener::onClientRemoved(
2921 const resource_policy::ClientDescriptor<String8,
2922 sp<CameraService::BasicClient>>& descriptor) {
2923 const auto& basicClient = descriptor.getValue();
2924 if (basicClient.get() != nullptr) {
2925 BatteryNotifier& notifier(BatteryNotifier::getInstance());
2926 notifier.noteStopCamera(descriptor.getKey(),
2927 static_cast<int>(basicClient->getClientUid()));
2928 }
2929 }
2930
2931
2932 // ----------------------------------------------------------------------------
2933 // CameraClientManager
2934 // ----------------------------------------------------------------------------
2935
CameraClientManager()2936 CameraService::CameraClientManager::CameraClientManager() {
2937 setListener(std::make_shared<ClientEventListener>());
2938 }
2939
~CameraClientManager()2940 CameraService::CameraClientManager::~CameraClientManager() {}
2941
getCameraClient(const String8 & id) const2942 sp<CameraService::BasicClient> CameraService::CameraClientManager::getCameraClient(
2943 const String8& id) const {
2944 auto descriptor = get(id);
2945 if (descriptor == nullptr) {
2946 return sp<BasicClient>{nullptr};
2947 }
2948 return descriptor->getValue();
2949 }
2950
toString() const2951 String8 CameraService::CameraClientManager::toString() const {
2952 auto all = getAll();
2953 String8 ret("[");
2954 bool hasAny = false;
2955 for (auto& i : all) {
2956 hasAny = true;
2957 String8 key = i->getKey();
2958 int32_t cost = i->getCost();
2959 int32_t pid = i->getOwnerId();
2960 int32_t score = i->getPriority().getScore();
2961 int32_t state = i->getPriority().getState();
2962 auto conflicting = i->getConflicting();
2963 auto clientSp = i->getValue();
2964 String8 packageName;
2965 userid_t clientUserId = 0;
2966 if (clientSp.get() != nullptr) {
2967 packageName = String8{clientSp->getPackageName()};
2968 uid_t clientUid = clientSp->getClientUid();
2969 clientUserId = multiuser_get_user_id(clientUid);
2970 }
2971 ret.appendFormat("\n(Camera ID: %s, Cost: %" PRId32 ", PID: %" PRId32 ", Score: %"
2972 PRId32 ", State: %" PRId32, key.string(), cost, pid, score, state);
2973
2974 if (clientSp.get() != nullptr) {
2975 ret.appendFormat("User Id: %d, ", clientUserId);
2976 }
2977 if (packageName.size() != 0) {
2978 ret.appendFormat("Client Package Name: %s", packageName.string());
2979 }
2980
2981 ret.append(", Conflicting Client Devices: {");
2982 for (auto& j : conflicting) {
2983 ret.appendFormat("%s, ", j.string());
2984 }
2985 ret.append("})");
2986 }
2987 if (hasAny) ret.append("\n");
2988 ret.append("]\n");
2989 return ret;
2990 }
2991
makeClientDescriptor(const String8 & key,const sp<BasicClient> & value,int32_t cost,const std::set<String8> & conflictingKeys,int32_t score,int32_t ownerId,int32_t state)2992 CameraService::DescriptorPtr CameraService::CameraClientManager::makeClientDescriptor(
2993 const String8& key, const sp<BasicClient>& value, int32_t cost,
2994 const std::set<String8>& conflictingKeys, int32_t score, int32_t ownerId,
2995 int32_t state) {
2996
2997 bool isVendorClient = hardware::IPCThreadState::self()->isServingCall();
2998 int32_t score_adj = isVendorClient ? kVendorClientScore : score;
2999 int32_t state_adj = isVendorClient ? kVendorClientState: state;
3000
3001 return std::make_shared<resource_policy::ClientDescriptor<String8, sp<BasicClient>>>(
3002 key, value, cost, conflictingKeys, score_adj, ownerId, state_adj, isVendorClient);
3003 }
3004
makeClientDescriptor(const sp<BasicClient> & value,const CameraService::DescriptorPtr & partial)3005 CameraService::DescriptorPtr CameraService::CameraClientManager::makeClientDescriptor(
3006 const sp<BasicClient>& value, const CameraService::DescriptorPtr& partial) {
3007 return makeClientDescriptor(partial->getKey(), value, partial->getCost(),
3008 partial->getConflicting(), partial->getPriority().getScore(),
3009 partial->getOwnerId(), partial->getPriority().getState());
3010 }
3011
3012 // ----------------------------------------------------------------------------
3013
3014 static const int kDumpLockRetries = 50;
3015 static const int kDumpLockSleep = 60000;
3016
tryLock(Mutex & mutex)3017 static bool tryLock(Mutex& mutex)
3018 {
3019 bool locked = false;
3020 for (int i = 0; i < kDumpLockRetries; ++i) {
3021 if (mutex.tryLock() == NO_ERROR) {
3022 locked = true;
3023 break;
3024 }
3025 usleep(kDumpLockSleep);
3026 }
3027 return locked;
3028 }
3029
dump(int fd,const Vector<String16> & args)3030 status_t CameraService::dump(int fd, const Vector<String16>& args) {
3031 ATRACE_CALL();
3032
3033 if (checkCallingPermission(String16("android.permission.DUMP")) == false) {
3034 dprintf(fd, "Permission Denial: can't dump CameraService from pid=%d, uid=%d\n",
3035 CameraThreadState::getCallingPid(),
3036 CameraThreadState::getCallingUid());
3037 return NO_ERROR;
3038 }
3039 bool locked = tryLock(mServiceLock);
3040 // failed to lock - CameraService is probably deadlocked
3041 if (!locked) {
3042 dprintf(fd, "!! CameraService may be deadlocked !!\n");
3043 }
3044
3045 if (!mInitialized) {
3046 dprintf(fd, "!! No camera HAL available !!\n");
3047
3048 // Dump event log for error information
3049 dumpEventLog(fd);
3050
3051 if (locked) mServiceLock.unlock();
3052 return NO_ERROR;
3053 }
3054 dprintf(fd, "\n== Service global info: ==\n\n");
3055 dprintf(fd, "Number of camera devices: %d\n", mNumberOfCameras);
3056 dprintf(fd, "Number of normal camera devices: %zu\n", mNormalDeviceIds.size());
3057 for (size_t i = 0; i < mNormalDeviceIds.size(); i++) {
3058 dprintf(fd, " Device %zu maps to \"%s\"\n", i, mNormalDeviceIds[i].c_str());
3059 }
3060 String8 activeClientString = mActiveClientManager.toString();
3061 dprintf(fd, "Active Camera Clients:\n%s", activeClientString.string());
3062 dprintf(fd, "Allowed user IDs: %s\n", toString(mAllowedUsers).string());
3063
3064 dumpEventLog(fd);
3065
3066 bool stateLocked = tryLock(mCameraStatesLock);
3067 if (!stateLocked) {
3068 dprintf(fd, "CameraStates in use, may be deadlocked\n");
3069 }
3070
3071 int argSize = args.size();
3072 for (int i = 0; i < argSize; i++) {
3073 if (args[i] == TagMonitor::kMonitorOption) {
3074 if (i + 1 < argSize) {
3075 mMonitorTags = String8(args[i + 1]);
3076 }
3077 break;
3078 }
3079 }
3080
3081 for (auto& state : mCameraStates) {
3082 String8 cameraId = state.first;
3083
3084 dprintf(fd, "== Camera device %s dynamic info: ==\n", cameraId.string());
3085
3086 CameraParameters p = state.second->getShimParams();
3087 if (!p.isEmpty()) {
3088 dprintf(fd, " Camera1 API shim is using parameters:\n ");
3089 p.dump(fd, args);
3090 }
3091
3092 auto clientDescriptor = mActiveClientManager.get(cameraId);
3093 if (clientDescriptor != nullptr) {
3094 dprintf(fd, " Device %s is open. Client instance dump:\n",
3095 cameraId.string());
3096 dprintf(fd, " Client priority score: %d state: %d\n",
3097 clientDescriptor->getPriority().getScore(),
3098 clientDescriptor->getPriority().getState());
3099 dprintf(fd, " Client PID: %d\n", clientDescriptor->getOwnerId());
3100
3101 auto client = clientDescriptor->getValue();
3102 dprintf(fd, " Client package: %s\n",
3103 String8(client->getPackageName()).string());
3104
3105 client->dumpClient(fd, args);
3106 } else {
3107 dprintf(fd, " Device %s is closed, no client instance\n",
3108 cameraId.string());
3109 }
3110
3111 }
3112
3113 if (stateLocked) mCameraStatesLock.unlock();
3114
3115 if (locked) mServiceLock.unlock();
3116
3117 mCameraProviderManager->dump(fd, args);
3118
3119 dprintf(fd, "\n== Vendor tags: ==\n\n");
3120
3121 sp<VendorTagDescriptor> desc = VendorTagDescriptor::getGlobalVendorTagDescriptor();
3122 if (desc == NULL) {
3123 sp<VendorTagDescriptorCache> cache =
3124 VendorTagDescriptorCache::getGlobalVendorTagCache();
3125 if (cache == NULL) {
3126 dprintf(fd, "No vendor tags.\n");
3127 } else {
3128 cache->dump(fd, /*verbosity*/2, /*indentation*/2);
3129 }
3130 } else {
3131 desc->dump(fd, /*verbosity*/2, /*indentation*/2);
3132 }
3133
3134 // Dump camera traces if there were any
3135 dprintf(fd, "\n");
3136 camera3::CameraTraces::dump(fd, args);
3137
3138 // Process dump arguments, if any
3139 int n = args.size();
3140 String16 verboseOption("-v");
3141 String16 unreachableOption("--unreachable");
3142 for (int i = 0; i < n; i++) {
3143 if (args[i] == verboseOption) {
3144 // change logging level
3145 if (i + 1 >= n) continue;
3146 String8 levelStr(args[i+1]);
3147 int level = atoi(levelStr.string());
3148 dprintf(fd, "\nSetting log level to %d.\n", level);
3149 setLogLevel(level);
3150 } else if (args[i] == unreachableOption) {
3151 // Dump memory analysis
3152 // TODO - should limit be an argument parameter?
3153 UnreachableMemoryInfo info;
3154 bool success = GetUnreachableMemory(info, /*limit*/ 10000);
3155 if (!success) {
3156 dprintf(fd, "\n== Unable to dump unreachable memory. "
3157 "Try disabling SELinux enforcement. ==\n");
3158 } else {
3159 dprintf(fd, "\n== Dumping unreachable memory: ==\n");
3160 std::string s = info.ToString(/*log_contents*/ true);
3161 write(fd, s.c_str(), s.size());
3162 }
3163 }
3164 }
3165 return NO_ERROR;
3166 }
3167
dumpEventLog(int fd)3168 void CameraService::dumpEventLog(int fd) {
3169 dprintf(fd, "\n== Camera service events log (most recent at top): ==\n");
3170
3171 Mutex::Autolock l(mLogLock);
3172 for (const auto& msg : mEventLog) {
3173 dprintf(fd, " %s\n", msg.string());
3174 }
3175
3176 if (mEventLog.size() == DEFAULT_EVENT_LOG_LENGTH) {
3177 dprintf(fd, " ...\n");
3178 } else if (mEventLog.size() == 0) {
3179 dprintf(fd, " [no events yet]\n");
3180 }
3181 dprintf(fd, "\n");
3182 }
3183
handleTorchClientBinderDied(const wp<IBinder> & who)3184 void CameraService::handleTorchClientBinderDied(const wp<IBinder> &who) {
3185 Mutex::Autolock al(mTorchClientMapMutex);
3186 for (size_t i = 0; i < mTorchClientMap.size(); i++) {
3187 if (mTorchClientMap[i] == who) {
3188 // turn off the torch mode that was turned on by dead client
3189 String8 cameraId = mTorchClientMap.keyAt(i);
3190 status_t res = mFlashlight->setTorchMode(cameraId, false);
3191 if (res) {
3192 ALOGE("%s: torch client died but couldn't turn off torch: "
3193 "%s (%d)", __FUNCTION__, strerror(-res), res);
3194 return;
3195 }
3196 mTorchClientMap.removeItemsAt(i);
3197 break;
3198 }
3199 }
3200 }
3201
binderDied(const wp<IBinder> & who)3202 /*virtual*/void CameraService::binderDied(const wp<IBinder> &who) {
3203
3204 /**
3205 * While tempting to promote the wp<IBinder> into a sp, it's actually not supported by the
3206 * binder driver
3207 */
3208 // PID here is approximate and can be wrong.
3209 logClientDied(CameraThreadState::getCallingPid(), String8("Binder died unexpectedly"));
3210
3211 // check torch client
3212 handleTorchClientBinderDied(who);
3213
3214 // check camera device client
3215 if(!evictClientIdByRemote(who)) {
3216 ALOGV("%s: Java client's binder death already cleaned up (normal case)", __FUNCTION__);
3217 return;
3218 }
3219
3220 ALOGE("%s: Java client's binder died, removing it from the list of active clients",
3221 __FUNCTION__);
3222 }
3223
updateStatus(StatusInternal status,const String8 & cameraId)3224 void CameraService::updateStatus(StatusInternal status, const String8& cameraId) {
3225 updateStatus(status, cameraId, {});
3226 }
3227
updateStatus(StatusInternal status,const String8 & cameraId,std::initializer_list<StatusInternal> rejectSourceStates)3228 void CameraService::updateStatus(StatusInternal status, const String8& cameraId,
3229 std::initializer_list<StatusInternal> rejectSourceStates) {
3230 // Do not lock mServiceLock here or can get into a deadlock from
3231 // connect() -> disconnect -> updateStatus
3232
3233 auto state = getCameraState(cameraId);
3234
3235 if (state == nullptr) {
3236 ALOGW("%s: Could not update the status for %s, no such device exists", __FUNCTION__,
3237 cameraId.string());
3238 return;
3239 }
3240
3241 // Update the status for this camera state, then send the onStatusChangedCallbacks to each
3242 // of the listeners with both the mStatusStatus and mStatusListenerLock held
3243 state->updateStatus(status, cameraId, rejectSourceStates, [this]
3244 (const String8& cameraId, StatusInternal status) {
3245
3246 if (status != StatusInternal::ENUMERATING) {
3247 // Update torch status if it has a flash unit.
3248 Mutex::Autolock al(mTorchStatusMutex);
3249 TorchModeStatus torchStatus;
3250 if (getTorchStatusLocked(cameraId, &torchStatus) !=
3251 NAME_NOT_FOUND) {
3252 TorchModeStatus newTorchStatus =
3253 status == StatusInternal::PRESENT ?
3254 TorchModeStatus::AVAILABLE_OFF :
3255 TorchModeStatus::NOT_AVAILABLE;
3256 if (torchStatus != newTorchStatus) {
3257 onTorchStatusChangedLocked(cameraId, newTorchStatus);
3258 }
3259 }
3260 }
3261
3262 Mutex::Autolock lock(mStatusListenerLock);
3263
3264 for (auto& listener : mListenerList) {
3265 if (!listener.first &&
3266 mCameraProviderManager->isPublicallyHiddenSecureCamera(cameraId.c_str())) {
3267 ALOGV("Skipping camera discovery callback for system-only camera %s",
3268 cameraId.c_str());
3269 continue;
3270 }
3271 listener.second->getListener()->onStatusChanged(mapToInterface(status),
3272 String16(cameraId));
3273 }
3274 });
3275 }
3276
3277 template<class Func>
updateStatus(StatusInternal status,const String8 & cameraId,std::initializer_list<StatusInternal> rejectSourceStates,Func onStatusUpdatedLocked)3278 void CameraService::CameraState::updateStatus(StatusInternal status,
3279 const String8& cameraId,
3280 std::initializer_list<StatusInternal> rejectSourceStates,
3281 Func onStatusUpdatedLocked) {
3282 Mutex::Autolock lock(mStatusLock);
3283 StatusInternal oldStatus = mStatus;
3284 mStatus = status;
3285
3286 if (oldStatus == status) {
3287 return;
3288 }
3289
3290 ALOGV("%s: Status has changed for camera ID %s from %#x to %#x", __FUNCTION__,
3291 cameraId.string(), oldStatus, status);
3292
3293 if (oldStatus == StatusInternal::NOT_PRESENT &&
3294 (status != StatusInternal::PRESENT &&
3295 status != StatusInternal::ENUMERATING)) {
3296
3297 ALOGW("%s: From NOT_PRESENT can only transition into PRESENT or ENUMERATING",
3298 __FUNCTION__);
3299 mStatus = oldStatus;
3300 return;
3301 }
3302
3303 /**
3304 * Sometimes we want to conditionally do a transition.
3305 * For example if a client disconnects, we want to go to PRESENT
3306 * only if we weren't already in NOT_PRESENT or ENUMERATING.
3307 */
3308 for (auto& rejectStatus : rejectSourceStates) {
3309 if (oldStatus == rejectStatus) {
3310 ALOGV("%s: Rejecting status transition for Camera ID %s, since the source "
3311 "state was was in one of the bad states.", __FUNCTION__, cameraId.string());
3312 mStatus = oldStatus;
3313 return;
3314 }
3315 }
3316
3317 onStatusUpdatedLocked(cameraId, status);
3318 }
3319
updateProxyDeviceState(int newState,const String8 & cameraId,int facing,const String16 & clientName,int apiLevel)3320 void CameraService::updateProxyDeviceState(int newState,
3321 const String8& cameraId, int facing, const String16& clientName, int apiLevel) {
3322 sp<ICameraServiceProxy> proxyBinder = getCameraServiceProxy();
3323 if (proxyBinder == nullptr) return;
3324 String16 id(cameraId);
3325 proxyBinder->notifyCameraState(id, newState, facing, clientName, apiLevel);
3326 }
3327
getTorchStatusLocked(const String8 & cameraId,TorchModeStatus * status) const3328 status_t CameraService::getTorchStatusLocked(
3329 const String8& cameraId,
3330 TorchModeStatus *status) const {
3331 if (!status) {
3332 return BAD_VALUE;
3333 }
3334 ssize_t index = mTorchStatusMap.indexOfKey(cameraId);
3335 if (index == NAME_NOT_FOUND) {
3336 // invalid camera ID or the camera doesn't have a flash unit
3337 return NAME_NOT_FOUND;
3338 }
3339
3340 *status = mTorchStatusMap.valueAt(index);
3341 return OK;
3342 }
3343
setTorchStatusLocked(const String8 & cameraId,TorchModeStatus status)3344 status_t CameraService::setTorchStatusLocked(const String8& cameraId,
3345 TorchModeStatus status) {
3346 ssize_t index = mTorchStatusMap.indexOfKey(cameraId);
3347 if (index == NAME_NOT_FOUND) {
3348 return BAD_VALUE;
3349 }
3350 mTorchStatusMap.editValueAt(index) = status;
3351
3352 return OK;
3353 }
3354
blockClientsForUid(uid_t uid)3355 void CameraService::blockClientsForUid(uid_t uid) {
3356 const auto clients = mActiveClientManager.getAll();
3357 for (auto& current : clients) {
3358 if (current != nullptr) {
3359 const auto basicClient = current->getValue();
3360 if (basicClient.get() != nullptr && basicClient->getClientUid() == uid) {
3361 basicClient->block();
3362 }
3363 }
3364 }
3365 }
3366
blockAllClients()3367 void CameraService::blockAllClients() {
3368 const auto clients = mActiveClientManager.getAll();
3369 for (auto& current : clients) {
3370 if (current != nullptr) {
3371 const auto basicClient = current->getValue();
3372 if (basicClient.get() != nullptr) {
3373 basicClient->block();
3374 }
3375 }
3376 }
3377 }
3378
3379 // NOTE: This is a remote API - make sure all args are validated
shellCommand(int in,int out,int err,const Vector<String16> & args)3380 status_t CameraService::shellCommand(int in, int out, int err, const Vector<String16>& args) {
3381 if (!checkCallingPermission(sManageCameraPermission, nullptr, nullptr)) {
3382 return PERMISSION_DENIED;
3383 }
3384 if (in == BAD_TYPE || out == BAD_TYPE || err == BAD_TYPE) {
3385 return BAD_VALUE;
3386 }
3387 if (args.size() >= 3 && args[0] == String16("set-uid-state")) {
3388 return handleSetUidState(args, err);
3389 } else if (args.size() >= 2 && args[0] == String16("reset-uid-state")) {
3390 return handleResetUidState(args, err);
3391 } else if (args.size() >= 2 && args[0] == String16("get-uid-state")) {
3392 return handleGetUidState(args, out, err);
3393 } else if (args.size() == 1 && args[0] == String16("help")) {
3394 printHelp(out);
3395 return NO_ERROR;
3396 }
3397 printHelp(err);
3398 return BAD_VALUE;
3399 }
3400
handleSetUidState(const Vector<String16> & args,int err)3401 status_t CameraService::handleSetUidState(const Vector<String16>& args, int err) {
3402 String16 packageName = args[1];
3403
3404 bool active = false;
3405 if (args[2] == String16("active")) {
3406 active = true;
3407 } else if ((args[2] != String16("idle"))) {
3408 ALOGE("Expected active or idle but got: '%s'", String8(args[2]).string());
3409 return BAD_VALUE;
3410 }
3411
3412 int userId = 0;
3413 if (args.size() >= 5 && args[3] == String16("--user")) {
3414 userId = atoi(String8(args[4]));
3415 }
3416
3417 uid_t uid;
3418 if (getUidForPackage(packageName, userId, uid, err) == BAD_VALUE) {
3419 return BAD_VALUE;
3420 }
3421
3422 mUidPolicy->addOverrideUid(uid, packageName, active);
3423 return NO_ERROR;
3424 }
3425
handleResetUidState(const Vector<String16> & args,int err)3426 status_t CameraService::handleResetUidState(const Vector<String16>& args, int err) {
3427 String16 packageName = args[1];
3428
3429 int userId = 0;
3430 if (args.size() >= 4 && args[2] == String16("--user")) {
3431 userId = atoi(String8(args[3]));
3432 }
3433
3434 uid_t uid;
3435 if (getUidForPackage(packageName, userId, uid, err) == BAD_VALUE) {
3436 return BAD_VALUE;
3437 }
3438
3439 mUidPolicy->removeOverrideUid(uid, packageName);
3440 return NO_ERROR;
3441 }
3442
handleGetUidState(const Vector<String16> & args,int out,int err)3443 status_t CameraService::handleGetUidState(const Vector<String16>& args, int out, int err) {
3444 String16 packageName = args[1];
3445
3446 int userId = 0;
3447 if (args.size() >= 4 && args[2] == String16("--user")) {
3448 userId = atoi(String8(args[3]));
3449 }
3450
3451 uid_t uid;
3452 if (getUidForPackage(packageName, userId, uid, err) == BAD_VALUE) {
3453 return BAD_VALUE;
3454 }
3455
3456 if (mUidPolicy->isUidActive(uid, packageName)) {
3457 return dprintf(out, "active\n");
3458 } else {
3459 return dprintf(out, "idle\n");
3460 }
3461 }
3462
printHelp(int out)3463 status_t CameraService::printHelp(int out) {
3464 return dprintf(out, "Camera service commands:\n"
3465 " get-uid-state <PACKAGE> [--user USER_ID] gets the uid state\n"
3466 " set-uid-state <PACKAGE> <active|idle> [--user USER_ID] overrides the uid state\n"
3467 " reset-uid-state <PACKAGE> [--user USER_ID] clears the uid state override\n"
3468 " help print this message\n");
3469 }
3470
3471 }; // namespace android
3472