1 /* 2 * Copyright (C) 2008 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #ifndef ANDROID_SERVERS_CAMERA_CAMERASERVICE_H 18 #define ANDROID_SERVERS_CAMERA_CAMERASERVICE_H 19 20 #include <android/hardware/BnCameraService.h> 21 #include <android/hardware/BnSensorPrivacyListener.h> 22 #include <android/hardware/ICameraServiceListener.h> 23 #include <android/hardware/camera2/BnCameraInjectionSession.h> 24 #include <android/hardware/camera2/ICameraInjectionCallback.h> 25 26 #include <cutils/multiuser.h> 27 #include <utils/Vector.h> 28 #include <utils/KeyedVector.h> 29 #include <binder/ActivityManager.h> 30 #include <binder/AppOpsManager.h> 31 #include <binder/BinderService.h> 32 #include <binder/IAppOpsCallback.h> 33 #include <binder/IUidObserver.h> 34 #include <hardware/camera.h> 35 #include <sensorprivacy/SensorPrivacyManager.h> 36 37 #include <android/hardware/camera/common/1.0/types.h> 38 39 #include <camera/VendorTagDescriptor.h> 40 #include <camera/CaptureResult.h> 41 #include <camera/CameraParameters.h> 42 #include <camera/camera2/ConcurrentCamera.h> 43 44 #include "CameraFlashlight.h" 45 46 #include "common/CameraProviderManager.h" 47 #include "media/RingBuffer.h" 48 #include "utils/AutoConditionLock.h" 49 #include "utils/ClientManager.h" 50 51 #include <set> 52 #include <string> 53 #include <list> 54 #include <map> 55 #include <memory> 56 #include <optional> 57 #include <utility> 58 #include <unordered_map> 59 #include <unordered_set> 60 61 namespace android { 62 63 extern volatile int32_t gLogLevel; 64 65 class MemoryHeapBase; 66 class MediaPlayer; 67 68 class CameraService : 69 public BinderService<CameraService>, 70 public virtual ::android::hardware::BnCameraService, 71 public virtual IBinder::DeathRecipient, 72 public virtual CameraProviderManager::StatusListener 73 { 74 friend class BinderService<CameraService>; 75 friend class CameraOfflineSessionClient; 76 public: 77 class Client; 78 class BasicClient; 79 class OfflineClient; 80 81 // The effective API level. The Camera2 API running in LEGACY mode counts as API_1. 82 enum apiLevel { 83 API_1 = 1, 84 API_2 = 2 85 }; 86 87 // 3 second busy timeout when other clients are connecting 88 static const nsecs_t DEFAULT_CONNECT_TIMEOUT_NS = 3000000000; 89 90 // 1 second busy timeout when other clients are disconnecting 91 static const nsecs_t DEFAULT_DISCONNECT_TIMEOUT_NS = 1000000000; 92 93 // Default number of messages to store in eviction log 94 static const size_t DEFAULT_EVENT_LOG_LENGTH = 100; 95 96 // Event log ID 97 static const int SN_EVENT_LOG_ID = 0x534e4554; 98 99 // Implementation of BinderService<T> getServiceName()100 static char const* getServiceName() { return "media.camera"; } 101 102 CameraService(); 103 virtual ~CameraService(); 104 105 ///////////////////////////////////////////////////////////////////// 106 // HAL Callbacks - implements CameraProviderManager::StatusListener 107 108 virtual void onDeviceStatusChanged(const String8 &cameraId, 109 hardware::camera::common::V1_0::CameraDeviceStatus newHalStatus) override; 110 virtual void onDeviceStatusChanged(const String8 &cameraId, 111 const String8 &physicalCameraId, 112 hardware::camera::common::V1_0::CameraDeviceStatus newHalStatus) override; 113 virtual void onTorchStatusChanged(const String8& cameraId, 114 hardware::camera::common::V1_0::TorchModeStatus newStatus) override; 115 virtual void onNewProviderRegistered() override; 116 117 ///////////////////////////////////////////////////////////////////// 118 // ICameraService 119 virtual binder::Status getNumberOfCameras(int32_t type, int32_t* numCameras); 120 121 virtual binder::Status getCameraInfo(int cameraId, 122 hardware::CameraInfo* cameraInfo); 123 virtual binder::Status getCameraCharacteristics(const String16& cameraId, 124 int targetSdkVersion, CameraMetadata* cameraInfo); 125 virtual binder::Status getCameraVendorTagDescriptor( 126 /*out*/ 127 hardware::camera2::params::VendorTagDescriptor* desc); 128 virtual binder::Status getCameraVendorTagCache( 129 /*out*/ 130 hardware::camera2::params::VendorTagDescriptorCache* cache); 131 132 virtual binder::Status connect(const sp<hardware::ICameraClient>& cameraClient, 133 int32_t cameraId, const String16& clientPackageName, 134 int32_t clientUid, int clientPid, int targetSdkVersion, 135 /*out*/ 136 sp<hardware::ICamera>* device); 137 138 virtual binder::Status connectDevice( 139 const sp<hardware::camera2::ICameraDeviceCallbacks>& cameraCb, const String16& cameraId, 140 const String16& clientPackageName, const std::optional<String16>& clientFeatureId, 141 int32_t clientUid, int scoreOffset, int targetSdkVersion, 142 /*out*/ 143 sp<hardware::camera2::ICameraDeviceUser>* device); 144 145 virtual binder::Status addListener(const sp<hardware::ICameraServiceListener>& listener, 146 /*out*/ 147 std::vector<hardware::CameraStatus>* cameraStatuses); 148 virtual binder::Status removeListener( 149 const sp<hardware::ICameraServiceListener>& listener); 150 151 virtual binder::Status getConcurrentCameraIds( 152 /*out*/ 153 std::vector<hardware::camera2::utils::ConcurrentCameraIdCombination>* concurrentCameraIds); 154 155 virtual binder::Status isConcurrentSessionConfigurationSupported( 156 const std::vector<hardware::camera2::utils::CameraIdAndSessionConfiguration>& sessions, 157 int targetSdkVersion, /*out*/bool* supported); 158 159 virtual binder::Status getLegacyParameters( 160 int32_t cameraId, 161 /*out*/ 162 String16* parameters); 163 164 virtual binder::Status setTorchMode(const String16& cameraId, bool enabled, 165 const sp<IBinder>& clientBinder); 166 167 virtual binder::Status notifySystemEvent(int32_t eventId, 168 const std::vector<int32_t>& args); 169 170 virtual binder::Status notifyDeviceStateChange(int64_t newState); 171 172 virtual binder::Status notifyDisplayConfigurationChange(); 173 174 // OK = supports api of that version, -EOPNOTSUPP = does not support 175 virtual binder::Status supportsCameraApi( 176 const String16& cameraId, int32_t apiVersion, 177 /*out*/ 178 bool *isSupported); 179 180 virtual binder::Status isHiddenPhysicalCamera( 181 const String16& cameraId, 182 /*out*/ 183 bool *isSupported); 184 185 virtual binder::Status injectCamera( 186 const String16& packageName, const String16& internalCamId, 187 const String16& externalCamId, 188 const sp<hardware::camera2::ICameraInjectionCallback>& callback, 189 /*out*/ 190 sp<hardware::camera2::ICameraInjectionSession>* cameraInjectionSession); 191 192 // Extra permissions checks 193 virtual status_t onTransact(uint32_t code, const Parcel& data, 194 Parcel* reply, uint32_t flags); 195 196 virtual status_t dump(int fd, const Vector<String16>& args); 197 198 virtual status_t shellCommand(int in, int out, int err, const Vector<String16>& args); 199 200 binder::Status addListenerHelper(const sp<hardware::ICameraServiceListener>& listener, 201 /*out*/ 202 std::vector<hardware::CameraStatus>* cameraStatuses, bool isVendor = false, 203 bool isProcessLocalTest = false); 204 205 // Monitored UIDs availability notification 206 void notifyMonitoredUids(); 207 208 // Stores current open session device info in temp file. 209 void cacheDump(); 210 211 // Register an offline client for a given active camera id 212 status_t addOfflineClient(String8 cameraId, sp<BasicClient> offlineClient); 213 214 ///////////////////////////////////////////////////////////////////// 215 // Client functionality 216 217 enum sound_kind { 218 SOUND_SHUTTER = 0, 219 SOUND_RECORDING_START = 1, 220 SOUND_RECORDING_STOP = 2, 221 NUM_SOUNDS 222 }; 223 224 void playSound(sound_kind kind); 225 void loadSoundLocked(sound_kind kind); 226 void decreaseSoundRef(); 227 void increaseSoundRef(); 228 229 ///////////////////////////////////////////////////////////////////// 230 // CameraDeviceFactory functionality 231 int getDeviceVersion(const String8& cameraId, int* facing = nullptr, 232 int* orientation = nullptr); 233 234 ///////////////////////////////////////////////////////////////////// 235 // Methods to be used in CameraService class tests only 236 // 237 // CameraService class test method only - clear static variables in the 238 // cameraserver process, which otherwise might affect multiple test runs. 239 void clearCachedVariables(); 240 241 // Add test listener, linkToDeath won't be called since this is for process 242 // local testing. 243 binder::Status addListenerTest(const sp<hardware::ICameraServiceListener>& listener, 244 /*out*/ 245 std::vector<hardware::CameraStatus>* cameraStatuses); 246 247 ///////////////////////////////////////////////////////////////////// 248 // Shared utilities 249 static binder::Status filterGetInfoErrorCode(status_t err); 250 251 ///////////////////////////////////////////////////////////////////// 252 // CameraClient functionality 253 254 class BasicClient : public virtual RefBase { 255 friend class CameraService; 256 public: 257 virtual status_t initialize(sp<CameraProviderManager> manager, 258 const String8& monitorTags) = 0; 259 virtual binder::Status disconnect(); 260 261 // because we can't virtually inherit IInterface, which breaks 262 // virtual inheritance 263 virtual sp<IBinder> asBinderWrapper() = 0; 264 265 // Return the remote callback binder object (e.g. ICameraDeviceCallbacks) getRemote()266 sp<IBinder> getRemote() { 267 return mRemoteBinder; 268 } 269 270 // Disallows dumping over binder interface 271 virtual status_t dump(int fd, const Vector<String16>& args); 272 // Internal dump method to be called by CameraService 273 virtual status_t dumpClient(int fd, const Vector<String16>& args) = 0; 274 275 // Return the package name for this client 276 virtual String16 getPackageName() const; 277 278 // Return the camera facing for this client 279 virtual int getCameraFacing() const; 280 281 // Return the camera orientation for this client 282 virtual int getCameraOrientation() const; 283 284 // Notify client about a fatal error 285 virtual void notifyError(int32_t errorCode, 286 const CaptureResultExtras& resultExtras) = 0; 287 288 // Get the UID of the application client using this 289 virtual uid_t getClientUid() const; 290 291 // Get the PID of the application client using this 292 virtual int getClientPid() const; 293 294 // Check what API level is used for this client. This is used to determine which 295 // superclass this can be cast to. 296 virtual bool canCastToApiClient(apiLevel level) const; 297 298 // Block the client form using the camera 299 virtual void block(); 300 301 // set audio restriction from client 302 // Will call into camera service and hold mServiceLock 303 virtual status_t setAudioRestriction(int32_t mode); 304 305 // Get current global audio restriction setting 306 // Will call into camera service and hold mServiceLock 307 virtual int32_t getServiceAudioRestriction() const; 308 309 // Get current audio restriction setting for this client 310 virtual int32_t getAudioRestriction() const; 311 312 static bool isValidAudioRestriction(int32_t mode); 313 314 // Override rotate-and-crop AUTO behavior 315 virtual status_t setRotateAndCropOverride(uint8_t rotateAndCrop) = 0; 316 317 // Whether the client supports camera muting (black only output) 318 virtual bool supportsCameraMute() = 0; 319 320 // Set/reset camera mute 321 virtual status_t setCameraMute(bool enabled) = 0; 322 323 protected: 324 BasicClient(const sp<CameraService>& cameraService, 325 const sp<IBinder>& remoteCallback, 326 const String16& clientPackageName, 327 const std::optional<String16>& clientFeatureId, 328 const String8& cameraIdStr, 329 int cameraFacing, 330 int sensorOrientation, 331 int clientPid, 332 uid_t clientUid, 333 int servicePid); 334 335 virtual ~BasicClient(); 336 337 // the instance is in the middle of destruction. When this is set, 338 // the instance should not be accessed from callback. 339 // CameraService's mClientLock should be acquired to access this. 340 // - subclasses should set this to true in their destructors. 341 bool mDestructionStarted; 342 343 // these are initialized in the constructor. 344 static sp<CameraService> sCameraService; 345 const String8 mCameraIdStr; 346 const int mCameraFacing; 347 const int mOrientation; 348 String16 mClientPackageName; 349 std::optional<String16> mClientFeatureId; 350 pid_t mClientPid; 351 const uid_t mClientUid; 352 const pid_t mServicePid; 353 bool mDisconnected; 354 bool mUidIsTrusted; 355 356 mutable Mutex mAudioRestrictionLock; 357 int32_t mAudioRestriction; 358 359 // - The app-side Binder interface to receive callbacks from us 360 sp<IBinder> mRemoteBinder; // immutable after constructor 361 362 // Permissions management methods for camera lifecycle 363 364 // Notify rest of system/apps about camera opening, and check appops 365 virtual status_t startCameraOps(); 366 // Notify rest of system/apps about camera starting to stream data, and confirm appops 367 virtual status_t startCameraStreamingOps(); 368 // Notify rest of system/apps about camera stopping streaming data 369 virtual status_t finishCameraStreamingOps(); 370 // Notify rest of system/apps about camera closing 371 virtual status_t finishCameraOps(); 372 // Handle errors for start/checkOps 373 virtual status_t handleAppOpMode(int32_t mode); 374 // Just notify camera appops to trigger unblocking dialog if sensor 375 // privacy is enabled and camera mute is not supported 376 virtual status_t noteAppOp(); 377 378 std::unique_ptr<AppOpsManager> mAppOpsManager = nullptr; 379 380 class OpsCallback : public BnAppOpsCallback { 381 public: 382 explicit OpsCallback(wp<BasicClient> client); 383 virtual void opChanged(int32_t op, const String16& packageName); 384 385 private: 386 wp<BasicClient> mClient; 387 388 }; // class OpsCallback 389 390 sp<OpsCallback> mOpsCallback; 391 // Track whether checkOps was called successfully, to avoid 392 // finishing what we didn't start, on camera open. 393 bool mOpsActive; 394 // Track whether startOps was called successfully on start of 395 // camera streaming. 396 bool mOpsStreaming; 397 398 // IAppOpsCallback interface, indirected through opListener 399 virtual void opChanged(int32_t op, const String16& packageName); 400 }; // class BasicClient 401 402 class Client : public hardware::BnCamera, public BasicClient 403 { 404 public: 405 typedef hardware::ICameraClient TCamCallbacks; 406 407 // ICamera interface (see ICamera for details) 408 virtual binder::Status disconnect(); 409 virtual status_t connect(const sp<hardware::ICameraClient>& client) = 0; 410 virtual status_t lock() = 0; 411 virtual status_t unlock() = 0; 412 virtual status_t setPreviewTarget(const sp<IGraphicBufferProducer>& bufferProducer)=0; 413 virtual void setPreviewCallbackFlag(int flag) = 0; 414 virtual status_t setPreviewCallbackTarget( 415 const sp<IGraphicBufferProducer>& callbackProducer) = 0; 416 virtual status_t startPreview() = 0; 417 virtual void stopPreview() = 0; 418 virtual bool previewEnabled() = 0; 419 virtual status_t setVideoBufferMode(int32_t videoBufferMode) = 0; 420 virtual status_t startRecording() = 0; 421 virtual void stopRecording() = 0; 422 virtual bool recordingEnabled() = 0; 423 virtual void releaseRecordingFrame(const sp<IMemory>& mem) = 0; 424 virtual status_t autoFocus() = 0; 425 virtual status_t cancelAutoFocus() = 0; 426 virtual status_t takePicture(int msgType) = 0; 427 virtual status_t setParameters(const String8& params) = 0; 428 virtual String8 getParameters() const = 0; 429 virtual status_t sendCommand(int32_t cmd, int32_t arg1, int32_t arg2) = 0; 430 virtual status_t setVideoTarget(const sp<IGraphicBufferProducer>& bufferProducer) = 0; 431 432 // Interface used by CameraService 433 Client(const sp<CameraService>& cameraService, 434 const sp<hardware::ICameraClient>& cameraClient, 435 const String16& clientPackageName, 436 const std::optional<String16>& clientFeatureId, 437 const String8& cameraIdStr, 438 int api1CameraId, 439 int cameraFacing, 440 int sensorOrientation, 441 int clientPid, 442 uid_t clientUid, 443 int servicePid); 444 ~Client(); 445 446 // return our camera client getRemoteCallback()447 const sp<hardware::ICameraClient>& getRemoteCallback() { 448 return mRemoteCallback; 449 } 450 asBinderWrapper()451 virtual sp<IBinder> asBinderWrapper() { 452 return asBinder(this); 453 } 454 455 virtual void notifyError(int32_t errorCode, 456 const CaptureResultExtras& resultExtras); 457 458 // Check what API level is used for this client. This is used to determine which 459 // superclass this can be cast to. 460 virtual bool canCastToApiClient(apiLevel level) const; 461 setImageDumpMask(int)462 void setImageDumpMask(int /*mask*/) { } 463 protected: 464 // Initialized in constructor 465 466 // - The app-side Binder interface to receive callbacks from us 467 sp<hardware::ICameraClient> mRemoteCallback; 468 469 int mCameraId; // All API1 clients use integer camera IDs 470 }; // class Client 471 472 /** 473 * A listener class that implements the LISTENER interface for use with a ClientManager, and 474 * implements the following methods: 475 * void onClientRemoved(const ClientDescriptor<KEY, VALUE>& descriptor); 476 * void onClientAdded(const ClientDescriptor<KEY, VALUE>& descriptor); 477 */ 478 class ClientEventListener { 479 public: 480 void onClientAdded(const resource_policy::ClientDescriptor<String8, 481 sp<CameraService::BasicClient>>& descriptor); 482 void onClientRemoved(const resource_policy::ClientDescriptor<String8, 483 sp<CameraService::BasicClient>>& descriptor); 484 }; // class ClientEventListener 485 486 typedef std::shared_ptr<resource_policy::ClientDescriptor<String8, 487 sp<CameraService::BasicClient>>> DescriptorPtr; 488 489 /** 490 * A container class for managing active camera clients that are using HAL devices. Active 491 * clients are represented by ClientDescriptor objects that contain strong pointers to the 492 * actual BasicClient subclass binder interface implementation. 493 * 494 * This class manages the eviction behavior for the camera clients. See the parent class 495 * implementation in utils/ClientManager for the specifics of this behavior. 496 */ 497 class CameraClientManager : public resource_policy::ClientManager<String8, 498 sp<CameraService::BasicClient>, ClientEventListener> { 499 public: 500 CameraClientManager(); 501 virtual ~CameraClientManager(); 502 503 /** 504 * Return a strong pointer to the active BasicClient for this camera ID, or an empty 505 * if none exists. 506 */ 507 sp<CameraService::BasicClient> getCameraClient(const String8& id) const; 508 509 /** 510 * Return a string describing the current state. 511 */ 512 String8 toString() const; 513 514 /** 515 * Make a ClientDescriptor object wrapping the given BasicClient strong pointer. 516 */ 517 static DescriptorPtr makeClientDescriptor(const String8& key, const sp<BasicClient>& value, 518 int32_t cost, const std::set<String8>& conflictingKeys, int32_t score, 519 int32_t ownerId, int32_t state, int oomScoreOffset); 520 521 /** 522 * Make a ClientDescriptor object wrapping the given BasicClient strong pointer with 523 * values intialized from a prior ClientDescriptor. 524 */ 525 static DescriptorPtr makeClientDescriptor(const sp<BasicClient>& value, 526 const CameraService::DescriptorPtr& partial, int oomScoreOffset); 527 528 }; // class CameraClientManager 529 530 int32_t updateAudioRestriction(); 531 int32_t updateAudioRestrictionLocked(); 532 533 private: 534 535 typedef hardware::camera::common::V1_0::CameraDeviceStatus CameraDeviceStatus; 536 537 /** 538 * Typesafe version of device status, containing both the HAL-layer and the service interface- 539 * layer values. 540 */ 541 enum class StatusInternal : int32_t { 542 NOT_PRESENT = static_cast<int32_t>(CameraDeviceStatus::NOT_PRESENT), 543 PRESENT = static_cast<int32_t>(CameraDeviceStatus::PRESENT), 544 ENUMERATING = static_cast<int32_t>(CameraDeviceStatus::ENUMERATING), 545 NOT_AVAILABLE = static_cast<int32_t>(hardware::ICameraServiceListener::STATUS_NOT_AVAILABLE), 546 UNKNOWN = static_cast<int32_t>(hardware::ICameraServiceListener::STATUS_UNKNOWN) 547 }; 548 549 /** 550 * Container class for the state of each logical camera device, including: ID, status, and 551 * dependencies on other devices. The mapping of camera ID -> state saved in mCameraStates 552 * represents the camera devices advertised by the HAL (and any USB devices, when we add 553 * those). 554 * 555 * This container does NOT represent an active camera client. These are represented using 556 * the ClientDescriptors stored in mActiveClientManager. 557 */ 558 class CameraState { 559 public: 560 561 /** 562 * Make a new CameraState and set the ID, cost, and conflicting devices using the values 563 * returned in the HAL's camera_info struct for each device. 564 */ 565 CameraState(const String8& id, int cost, const std::set<String8>& conflicting, 566 SystemCameraKind deviceKind); 567 virtual ~CameraState(); 568 569 /** 570 * Return the status for this device. 571 * 572 * This method acquires mStatusLock. 573 */ 574 StatusInternal getStatus() const; 575 576 /** 577 * This function updates the status for this camera device, unless the given status 578 * is in the given list of rejected status states, and execute the function passed in 579 * with a signature onStatusUpdateLocked(const String8&, int32_t) 580 * if the status has changed. 581 * 582 * This method is idempotent, and will not result in the function passed to 583 * onStatusUpdateLocked being called more than once for the same arguments. 584 * This method aquires mStatusLock. 585 */ 586 template<class Func> 587 void updateStatus(StatusInternal status, 588 const String8& cameraId, 589 std::initializer_list<StatusInternal> rejectSourceStates, 590 Func onStatusUpdatedLocked); 591 592 /** 593 * Return the last set CameraParameters object generated from the information returned by 594 * the HAL for this device (or an empty CameraParameters object if none has been set). 595 */ 596 CameraParameters getShimParams() const; 597 598 /** 599 * Set the CameraParameters for this device. 600 */ 601 void setShimParams(const CameraParameters& params); 602 603 /** 604 * Return the resource_cost advertised by the HAL for this device. 605 */ 606 int getCost() const; 607 608 /** 609 * Return a set of the IDs of conflicting devices advertised by the HAL for this device. 610 */ 611 std::set<String8> getConflicting() const; 612 613 /** 614 * Return the ID of this camera device. 615 */ 616 String8 getId() const; 617 618 /** 619 * Return the kind (SystemCameraKind) of this camera device. 620 */ 621 SystemCameraKind getSystemCameraKind() const; 622 623 /** 624 * Add/Remove the unavailable physical camera ID. 625 */ 626 bool addUnavailablePhysicalId(const String8& physicalId); 627 bool removeUnavailablePhysicalId(const String8& physicalId); 628 629 /** 630 * Return the unavailable physical ids for this device. 631 * 632 * This method acquires mStatusLock. 633 */ 634 std::vector<String8> getUnavailablePhysicalIds() const; 635 private: 636 const String8 mId; 637 StatusInternal mStatus; // protected by mStatusLock 638 const int mCost; 639 std::set<String8> mConflicting; 640 std::set<String8> mUnavailablePhysicalIds; 641 mutable Mutex mStatusLock; 642 CameraParameters mShimParams; 643 const SystemCameraKind mSystemCameraKind; 644 }; // class CameraState 645 646 // Observer for UID lifecycle enforcing that UIDs in idle 647 // state cannot use the camera to protect user privacy. 648 class UidPolicy : public BnUidObserver, public virtual IBinder::DeathRecipient { 649 public: UidPolicy(sp<CameraService> service)650 explicit UidPolicy(sp<CameraService> service) 651 : mRegistered(false), mService(service) {} 652 653 void registerSelf(); 654 void unregisterSelf(); 655 656 bool isUidActive(uid_t uid, String16 callingPackage); 657 int32_t getProcState(uid_t uid); 658 659 void onUidGone(uid_t uid, bool disabled); 660 void onUidActive(uid_t uid); 661 void onUidIdle(uid_t uid, bool disabled); 662 void onUidStateChanged(uid_t uid, int32_t procState, int64_t procStateSeq, 663 int32_t capability); 664 665 void addOverrideUid(uid_t uid, String16 callingPackage, bool active); 666 void removeOverrideUid(uid_t uid, String16 callingPackage); 667 668 void registerMonitorUid(uid_t uid); 669 void unregisterMonitorUid(uid_t uid); 670 671 // IBinder::DeathRecipient implementation 672 virtual void binderDied(const wp<IBinder> &who); 673 private: 674 bool isUidActiveLocked(uid_t uid, String16 callingPackage); 675 int32_t getProcStateLocked(uid_t uid); 676 void updateOverrideUid(uid_t uid, String16 callingPackage, bool active, bool insert); 677 678 Mutex mUidLock; 679 bool mRegistered; 680 ActivityManager mAm; 681 wp<CameraService> mService; 682 std::unordered_set<uid_t> mActiveUids; 683 // Monitored uid map to cached procState and refCount pair 684 std::unordered_map<uid_t, std::pair<int32_t, size_t>> mMonitoredUids; 685 std::unordered_map<uid_t, bool> mOverrideUids; 686 }; // class UidPolicy 687 688 // If sensor privacy is enabled then all apps, including those that are active, should be 689 // prevented from accessing the camera. 690 class SensorPrivacyPolicy : public hardware::BnSensorPrivacyListener, 691 public virtual IBinder::DeathRecipient { 692 public: SensorPrivacyPolicy(wp<CameraService> service)693 explicit SensorPrivacyPolicy(wp<CameraService> service) 694 : mService(service), mSensorPrivacyEnabled(false), mRegistered(false) {} 695 696 void registerSelf(); 697 void unregisterSelf(); 698 699 bool isSensorPrivacyEnabled(); 700 bool isCameraPrivacyEnabled(userid_t userId); 701 702 binder::Status onSensorPrivacyChanged(bool enabled); 703 704 // IBinder::DeathRecipient implementation 705 virtual void binderDied(const wp<IBinder> &who); 706 707 private: 708 SensorPrivacyManager mSpm; 709 wp<CameraService> mService; 710 Mutex mSensorPrivacyLock; 711 bool mSensorPrivacyEnabled; 712 bool mRegistered; 713 714 bool hasCameraPrivacyFeature(); 715 }; 716 717 sp<UidPolicy> mUidPolicy; 718 719 sp<SensorPrivacyPolicy> mSensorPrivacyPolicy; 720 721 // Delay-load the Camera HAL module 722 virtual void onFirstRef(); 723 724 // Eumerate all camera providers in the system 725 status_t enumerateProviders(); 726 727 // Add/remove a new camera to camera and torch state lists or remove an unplugged one 728 // Caller must not hold mServiceLock 729 void addStates(const String8 id); 730 void removeStates(const String8 id); 731 732 // Check if we can connect, before we acquire the service lock. 733 // The returned originalClientPid is the PID of the original process that wants to connect to 734 // camera. 735 // The returned clientPid is the PID of the client that directly connects to camera. 736 // originalClientPid and clientPid are usually the same except when the application uses 737 // mediaserver to connect to camera (using MediaRecorder to connect to camera). In that case, 738 // clientPid is the PID of mediaserver and originalClientPid is the PID of the application. 739 binder::Status validateConnectLocked(const String8& cameraId, const String8& clientName8, 740 /*inout*/int& clientUid, /*inout*/int& clientPid, /*out*/int& originalClientPid) const; 741 binder::Status validateClientPermissionsLocked(const String8& cameraId, const String8& clientName8, 742 /*inout*/int& clientUid, /*inout*/int& clientPid, /*out*/int& originalClientPid) const; 743 744 // Handle active client evictions, and update service state. 745 // Only call with with mServiceLock held. 746 status_t handleEvictionsLocked(const String8& cameraId, int clientPid, 747 apiLevel effectiveApiLevel, const sp<IBinder>& remoteCallback, const String8& packageName, 748 int scoreOffset, 749 /*out*/ 750 sp<BasicClient>* client, 751 std::shared_ptr<resource_policy::ClientDescriptor<String8, sp<BasicClient>>>* partial); 752 753 // Should an operation attempt on a cameraId be rejected ? (this can happen 754 // under various conditions. For example if a camera device is advertised as 755 // system only or hidden secure camera, amongst possible others. 756 bool shouldRejectSystemCameraConnection(const String8 & cameraId) const; 757 758 // Should a device status update be skipped for a particular camera device ? (this can happen 759 // under various conditions. For example if a camera device is advertised as 760 // system only or hidden secure camera, amongst possible others. 761 static bool shouldSkipStatusUpdates(SystemCameraKind systemCameraKind, bool isVendorListener, 762 int clientPid, int clientUid); 763 764 // Gets the kind of camera device (i.e public, hidden secure or system only) 765 // getSystemCameraKind() needs mInterfaceMutex which might lead to deadlocks 766 // if held along with mStatusListenerLock (depending on lock ordering, b/141756275), it is 767 // recommended that we don't call this function with mStatusListenerLock held. 768 status_t getSystemCameraKind(const String8& cameraId, SystemCameraKind *kind) const; 769 770 // Update the set of API1Compatible camera devices without including system 771 // cameras and secure cameras. This is used for hiding system only cameras 772 // from clients using camera1 api and not having android.permission.SYSTEM_CAMERA. 773 // This function expects @param normalDeviceIds, to have normalDeviceIds 774 // sorted in alpha-numeric order. 775 void filterAPI1SystemCameraLocked(const std::vector<std::string> &normalDeviceIds); 776 777 // Single implementation shared between the various connect calls 778 template<class CALLBACK, class CLIENT> 779 binder::Status connectHelper(const sp<CALLBACK>& cameraCb, const String8& cameraId, 780 int api1CameraId, const String16& clientPackageName, 781 const std::optional<String16>& clientFeatureId, int clientUid, int clientPid, 782 apiLevel effectiveApiLevel, bool shimUpdateOnly, int scoreOffset, int targetSdkVersion, 783 /*out*/sp<CLIENT>& device); 784 785 // Lock guarding camera service state 786 Mutex mServiceLock; 787 788 // Condition to use with mServiceLock, used to handle simultaneous connect calls from clients 789 std::shared_ptr<WaitableMutexWrapper> mServiceLockWrapper; 790 791 // Return NO_ERROR if the device with a give ID can be connected to 792 status_t checkIfDeviceIsUsable(const String8& cameraId) const; 793 794 // Container for managing currently active application-layer clients 795 CameraClientManager mActiveClientManager; 796 797 // Adds client logs during open session to the file pointed by fd. 798 void dumpOpenSessionClientLogs(int fd, const Vector<String16>& args, const String8& cameraId); 799 800 // Adds client logs during closed session to the file pointed by fd. 801 void dumpClosedSessionClientLogs(int fd, const String8& cameraId); 802 803 // Mapping from camera ID -> state for each device, map is protected by mCameraStatesLock 804 std::map<String8, std::shared_ptr<CameraState>> mCameraStates; 805 806 // Mutex guarding mCameraStates map 807 mutable Mutex mCameraStatesLock; 808 809 // Circular buffer for storing event logging for dumps 810 RingBuffer<String8> mEventLog; 811 Mutex mLogLock; 812 813 // The last monitored tags set by client 814 String8 mMonitorTags; 815 816 // Currently allowed user IDs 817 std::set<userid_t> mAllowedUsers; 818 819 /** 820 * Get the camera state for a given camera id. 821 * 822 * This acquires mCameraStatesLock. 823 */ 824 std::shared_ptr<CameraService::CameraState> getCameraState(const String8& cameraId) const; 825 826 /** 827 * Evict client who's remote binder has died. Returns true if this client was in the active 828 * list and was disconnected. 829 * 830 * This method acquires mServiceLock. 831 */ 832 bool evictClientIdByRemote(const wp<IBinder>& cameraClient); 833 834 /** 835 * Remove the given client from the active clients list; does not disconnect the client. 836 * 837 * This method acquires mServiceLock. 838 */ 839 void removeByClient(const BasicClient* client); 840 841 /** 842 * Add new client to active clients list after conflicting clients have disconnected using the 843 * values set in the partial descriptor passed in to construct the actual client descriptor. 844 * This is typically called at the end of a connect call. 845 * 846 * This method must be called with mServiceLock held. 847 */ 848 void finishConnectLocked(const sp<BasicClient>& client, const DescriptorPtr& desc, 849 int oomScoreOffset); 850 851 /** 852 * Returns the underlying camera Id string mapped to a camera id int 853 * Empty string is returned when the cameraIdInt is invalid. 854 */ 855 String8 cameraIdIntToStr(int cameraIdInt); 856 857 /** 858 * Returns the underlying camera Id string mapped to a camera id int 859 * Empty string is returned when the cameraIdInt is invalid. 860 */ 861 std::string cameraIdIntToStrLocked(int cameraIdInt); 862 863 /** 864 * Remove a single client corresponding to the given camera id from the list of active clients. 865 * If none exists, return an empty strongpointer. 866 * 867 * This method must be called with mServiceLock held. 868 */ 869 sp<CameraService::BasicClient> removeClientLocked(const String8& cameraId); 870 871 /** 872 * Handle a notification that the current device user has changed. 873 */ 874 void doUserSwitch(const std::vector<int32_t>& newUserIds); 875 876 /** 877 * Add an event log message. 878 */ 879 void logEvent(const char* event); 880 881 /** 882 * Add an event log message that a client has been disconnected. 883 */ 884 void logDisconnected(const char* cameraId, int clientPid, const char* clientPackage); 885 886 /** 887 * Add an event log message that a client has been disconnected from offline device. 888 */ 889 void logDisconnectedOffline(const char* cameraId, int clientPid, const char* clientPackage); 890 891 /** 892 * Add an event log message that an offline client has been connected. 893 */ 894 void logConnectedOffline(const char* cameraId, int clientPid, 895 const char* clientPackage); 896 897 /** 898 * Add an event log message that a client has been connected. 899 */ 900 void logConnected(const char* cameraId, int clientPid, const char* clientPackage); 901 902 /** 903 * Add an event log message that a client's connect attempt has been rejected. 904 */ 905 void logRejected(const char* cameraId, int clientPid, const char* clientPackage, 906 const char* reason); 907 908 /** 909 * Add an event log message when a client calls setTorchMode succesfully. 910 */ 911 void logTorchEvent(const char* cameraId, const char *torchState, int clientPid); 912 913 /** 914 * Add an event log message that the current device user has been switched. 915 */ 916 void logUserSwitch(const std::set<userid_t>& oldUserIds, 917 const std::set<userid_t>& newUserIds); 918 919 /** 920 * Add an event log message that a device has been removed by the HAL 921 */ 922 void logDeviceRemoved(const char* cameraId, const char* reason); 923 924 /** 925 * Add an event log message that a device has been added by the HAL 926 */ 927 void logDeviceAdded(const char* cameraId, const char* reason); 928 929 /** 930 * Add an event log message that a client has unexpectedly died. 931 */ 932 void logClientDied(int clientPid, const char* reason); 933 934 /** 935 * Add a event log message that a serious service-level error has occured 936 * The errorCode should be one of the Android Errors 937 */ 938 void logServiceError(const char* msg, int errorCode); 939 940 /** 941 * Dump the event log to an FD 942 */ 943 void dumpEventLog(int fd); 944 945 /** 946 * This method will acquire mServiceLock 947 */ 948 void updateCameraNumAndIds(); 949 950 /** 951 * Filter camera characteristics for S Performance class primary cameras. 952 * mServiceLock should be locked. 953 */ 954 void filterSPerfClassCharacteristicsLocked(); 955 956 // File descriptor to temp file used for caching previous open 957 // session dumpsys info. 958 int mMemFd; 959 960 // Number of camera devices (excluding hidden secure cameras) 961 int mNumberOfCameras; 962 // Number of camera devices (excluding hidden secure cameras and 963 // system cameras) 964 int mNumberOfCamerasWithoutSystemCamera; 965 966 std::vector<std::string> mNormalDeviceIds; 967 std::vector<std::string> mNormalDeviceIdsWithoutSystemCamera; 968 std::set<std::string> mPerfClassPrimaryCameraIds; 969 970 // sounds 971 sp<MediaPlayer> newMediaPlayer(const char *file); 972 973 Mutex mSoundLock; 974 sp<MediaPlayer> mSoundPlayer[NUM_SOUNDS]; 975 int mSoundRef; // reference count (release all MediaPlayer when 0) 976 977 // Basic flag on whether the camera subsystem is in a usable state 978 bool mInitialized; 979 980 sp<CameraProviderManager> mCameraProviderManager; 981 982 class ServiceListener : public virtual IBinder::DeathRecipient { 983 public: ServiceListener(sp<CameraService> parent,sp<hardware::ICameraServiceListener> listener,int uid,int pid,bool isVendorClient,bool openCloseCallbackAllowed)984 ServiceListener(sp<CameraService> parent, sp<hardware::ICameraServiceListener> listener, 985 int uid, int pid, bool isVendorClient, bool openCloseCallbackAllowed) 986 : mParent(parent), mListener(listener), mListenerUid(uid), mListenerPid(pid), 987 mIsVendorListener(isVendorClient), 988 mOpenCloseCallbackAllowed(openCloseCallbackAllowed) { } 989 initialize(bool isProcessLocalTest)990 status_t initialize(bool isProcessLocalTest) { 991 if (isProcessLocalTest) { 992 return OK; 993 } 994 return IInterface::asBinder(mListener)->linkToDeath(this); 995 } 996 binderDied(const wp<IBinder> &)997 virtual void binderDied(const wp<IBinder> &/*who*/) { 998 auto parent = mParent.promote(); 999 if (parent.get() != nullptr) { 1000 parent->removeListener(mListener); 1001 } 1002 } 1003 getListenerUid()1004 int getListenerUid() { return mListenerUid; } getListenerPid()1005 int getListenerPid() { return mListenerPid; } getListener()1006 sp<hardware::ICameraServiceListener> getListener() { return mListener; } isVendorListener()1007 bool isVendorListener() { return mIsVendorListener; } isOpenCloseCallbackAllowed()1008 bool isOpenCloseCallbackAllowed() { return mOpenCloseCallbackAllowed; } 1009 1010 private: 1011 wp<CameraService> mParent; 1012 sp<hardware::ICameraServiceListener> mListener; 1013 int mListenerUid = -1; 1014 int mListenerPid = -1; 1015 bool mIsVendorListener = false; 1016 bool mOpenCloseCallbackAllowed = false; 1017 }; 1018 1019 // Guarded by mStatusListenerMutex 1020 std::vector<sp<ServiceListener>> mListenerList; 1021 1022 Mutex mStatusListenerLock; 1023 1024 /** 1025 * Update the status for the given camera id (if that device exists), and broadcast the 1026 * status update to all current ICameraServiceListeners if the status has changed. Any 1027 * statuses in rejectedSourceStates will be ignored. 1028 * 1029 * This method must be idempotent. 1030 * This method acquires mStatusLock and mStatusListenerLock. 1031 */ 1032 void updateStatus(StatusInternal status, 1033 const String8& cameraId, 1034 std::initializer_list<StatusInternal> 1035 rejectedSourceStates); 1036 void updateStatus(StatusInternal status, 1037 const String8& cameraId); 1038 1039 /** 1040 * Update the opened/closed status of the given camera id. 1041 * 1042 * This method acqiures mStatusListenerLock. 1043 */ 1044 void updateOpenCloseStatus(const String8& cameraId, bool open, const String16& packageName); 1045 1046 // flashlight control 1047 sp<CameraFlashlight> mFlashlight; 1048 // guard mTorchStatusMap 1049 Mutex mTorchStatusMutex; 1050 // guard mTorchClientMap 1051 Mutex mTorchClientMapMutex; 1052 // guard mTorchUidMap 1053 Mutex mTorchUidMapMutex; 1054 // camera id -> torch status 1055 KeyedVector<String8, hardware::camera::common::V1_0::TorchModeStatus> 1056 mTorchStatusMap; 1057 // camera id -> torch client binder 1058 // only store the last client that turns on each camera's torch mode 1059 KeyedVector<String8, sp<IBinder>> mTorchClientMap; 1060 // camera id -> [incoming uid, current uid] pair 1061 std::map<String8, std::pair<int, int>> mTorchUidMap; 1062 1063 // check and handle if torch client's process has died 1064 void handleTorchClientBinderDied(const wp<IBinder> &who); 1065 1066 // handle torch mode status change and invoke callbacks. mTorchStatusMutex 1067 // should be locked. 1068 void onTorchStatusChangedLocked(const String8& cameraId, 1069 hardware::camera::common::V1_0::TorchModeStatus newStatus, 1070 SystemCameraKind systemCameraKind); 1071 1072 // get a camera's torch status. mTorchStatusMutex should be locked. 1073 status_t getTorchStatusLocked(const String8 &cameraId, 1074 hardware::camera::common::V1_0::TorchModeStatus *status) const; 1075 1076 // set a camera's torch status. mTorchStatusMutex should be locked. 1077 status_t setTorchStatusLocked(const String8 &cameraId, 1078 hardware::camera::common::V1_0::TorchModeStatus status); 1079 1080 // notify physical camera status when the physical camera is public. 1081 // Expects mStatusListenerLock to be locked. 1082 void notifyPhysicalCameraStatusLocked(int32_t status, const String16& physicalCameraId, 1083 const std::list<String16>& logicalCameraIds, SystemCameraKind deviceKind); 1084 1085 // get list of logical cameras which are backed by physicalCameraId 1086 std::list<String16> getLogicalCameras(const String8& physicalCameraId); 1087 1088 1089 // IBinder::DeathRecipient implementation 1090 virtual void binderDied(const wp<IBinder> &who); 1091 1092 /** 1093 * Initialize and cache the metadata used by the HAL1 shim for a given cameraId. 1094 * 1095 * Sets Status to a service-specific error on failure 1096 */ 1097 binder::Status initializeShimMetadata(int cameraId); 1098 1099 /** 1100 * Get the cached CameraParameters for the camera. If they haven't been 1101 * cached yet, then initialize them for the first time. 1102 * 1103 * Sets Status to a service-specific error on failure 1104 */ 1105 binder::Status getLegacyParametersLazy(int cameraId, /*out*/CameraParameters* parameters); 1106 1107 // Blocks all clients from the UID 1108 void blockClientsForUid(uid_t uid); 1109 1110 // Blocks all active clients. 1111 void blockAllClients(); 1112 1113 // Overrides the UID state as if it is idle 1114 status_t handleSetUidState(const Vector<String16>& args, int err); 1115 1116 // Clears the override for the UID state 1117 status_t handleResetUidState(const Vector<String16>& args, int err); 1118 1119 // Gets the UID state 1120 status_t handleGetUidState(const Vector<String16>& args, int out, int err); 1121 1122 // Set the rotate-and-crop AUTO override behavior 1123 status_t handleSetRotateAndCrop(const Vector<String16>& args); 1124 1125 // Get the rotate-and-crop AUTO override behavior 1126 status_t handleGetRotateAndCrop(int out); 1127 1128 // Set the mask for image dump to disk 1129 status_t handleSetImageDumpMask(const Vector<String16>& args); 1130 1131 // Get the mask for image dump to disk 1132 status_t handleGetImageDumpMask(int out); 1133 1134 // Set the camera mute state 1135 status_t handleSetCameraMute(const Vector<String16>& args); 1136 1137 // Prints the shell command help 1138 status_t printHelp(int out); 1139 1140 /** 1141 * Get the current system time as a formatted string. 1142 */ 1143 static String8 getFormattedCurrentTime(); 1144 1145 static binder::Status makeClient(const sp<CameraService>& cameraService, 1146 const sp<IInterface>& cameraCb, const String16& packageName, 1147 const std::optional<String16>& featureId, const String8& cameraId, int api1CameraId, 1148 int facing, int sensorOrientation, int clientPid, uid_t clientUid, int servicePid, 1149 int deviceVersion, apiLevel effectiveApiLevel, bool overrideForPerfClass, 1150 /*out*/sp<BasicClient>* client); 1151 1152 status_t checkCameraAccess(const String16& opPackageName); 1153 1154 static String8 toString(std::set<userid_t> intSet); 1155 static int32_t mapToInterface(hardware::camera::common::V1_0::TorchModeStatus status); 1156 static StatusInternal mapToInternal(hardware::camera::common::V1_0::CameraDeviceStatus status); 1157 static int32_t mapToInterface(StatusInternal status); 1158 1159 1160 void broadcastTorchModeStatus(const String8& cameraId, 1161 hardware::camera::common::V1_0::TorchModeStatus status, 1162 SystemCameraKind systemCameraKind); 1163 1164 void disconnectClient(const String8& id, sp<BasicClient> clientToDisconnect); 1165 1166 // Regular online and offline devices must not be in conflict at camera service layer. 1167 // Use separate keys for offline devices. 1168 static const String8 kOfflineDevice; 1169 1170 // TODO: right now each BasicClient holds one AppOpsManager instance. 1171 // We can refactor the code so all of clients share this instance 1172 AppOpsManager mAppOps; 1173 1174 // Aggreated audio restriction mode for all camera clients 1175 int32_t mAudioRestriction; 1176 1177 // Current override cmd rotate-and-crop mode; AUTO means no override 1178 uint8_t mOverrideRotateAndCropMode = ANDROID_SCALER_ROTATE_AND_CROP_AUTO; 1179 1180 // Current image dump mask 1181 uint8_t mImageDumpMask = 0; 1182 1183 // Current camera mute mode 1184 bool mOverrideCameraMuteMode = false; 1185 1186 /** 1187 * A listener class that implements the IBinder::DeathRecipient interface 1188 * for use to call back the error state injected by the external camera, and 1189 * camera service can kill the injection when binder signals process death. 1190 */ 1191 class InjectionStatusListener : public virtual IBinder::DeathRecipient { 1192 public: InjectionStatusListener(sp<CameraService> parent)1193 InjectionStatusListener(sp<CameraService> parent) : mParent(parent) {} 1194 1195 void addListener(const sp<hardware::camera2::ICameraInjectionCallback>& callback); 1196 void removeListener(); 1197 void notifyInjectionError(int errorCode); 1198 1199 // IBinder::DeathRecipient implementation 1200 virtual void binderDied(const wp<IBinder>& who); 1201 1202 private: 1203 Mutex mListenerLock; 1204 wp<CameraService> mParent; 1205 sp<hardware::camera2::ICameraInjectionCallback> mCameraInjectionCallback; 1206 }; 1207 1208 sp<InjectionStatusListener> mInjectionStatusListener; 1209 1210 /** 1211 * A class that implements the hardware::camera2::BnCameraInjectionSession interface 1212 */ 1213 class CameraInjectionSession : public hardware::camera2::BnCameraInjectionSession { 1214 public: CameraInjectionSession(sp<CameraService> parent)1215 CameraInjectionSession(sp<CameraService> parent) : mParent(parent) {} ~CameraInjectionSession()1216 virtual ~CameraInjectionSession() {} 1217 binder::Status stopInjection() override; 1218 1219 private: 1220 Mutex mInjectionSessionLock; 1221 wp<CameraService> mParent; 1222 }; 1223 1224 void stopInjectionImpl(); 1225 }; 1226 1227 } // namespace android 1228 1229 #endif 1230