1 /*
2 * Copyright (C) 2008 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #define LOG_TAG "CameraService"
18 #define ATRACE_TAG ATRACE_TAG_CAMERA
19 //#define LOG_NDEBUG 0
20
21 #include <algorithm>
22 #include <climits>
23 #include <stdio.h>
24 #include <cstdlib>
25 #include <cstring>
26 #include <ctime>
27 #include <iostream>
28 #include <sstream>
29 #include <string>
30 #include <sys/types.h>
31 #include <inttypes.h>
32 #include <pthread.h>
33 #include <poll.h>
34
35 #include <android/hardware/ICamera.h>
36 #include <android/hardware/ICameraClient.h>
37
38 #include <aidl/AidlCameraService.h>
39 #include <android-base/macros.h>
40 #include <android-base/parseint.h>
41 #include <android/companion/virtualnative/IVirtualDeviceManagerNative.h>
42 #include <binder/ActivityManager.h>
43 #include <binder/AppOpsManager.h>
44 #include <binder/IPCThreadState.h>
45 #include <binder/MemoryBase.h>
46 #include <binder/MemoryHeapBase.h>
47 #include <binder/PermissionController.h>
48 #include <binder/IResultReceiver.h>
49 #include <binderthreadstate/CallerUtils.h>
50 #include <com_android_internal_camera_flags.h>
51 #include <cutils/atomic.h>
52 #include <cutils/properties.h>
53 #include <cutils/misc.h>
54 #include <gui/Surface.h>
55 #include <hardware/hardware.h>
56 #include "hidl/HidlCameraService.h"
57 #include <hidl/HidlTransportSupport.h>
58 #include <hwbinder/IPCThreadState.h>
59 #include <memunreachable/memunreachable.h>
60 #include <media/AudioSystem.h>
61 #include <media/IMediaHTTPService.h>
62 #include <media/mediaplayer.h>
63 #include <mediautils/BatteryNotifier.h>
64 #include <processinfo/ProcessInfoService.h>
65 #include <utils/Errors.h>
66 #include <utils/Log.h>
67 #include <utils/String16.h>
68 #include <utils/SystemClock.h>
69 #include <utils/Trace.h>
70 #include <utils/CallStack.h>
71 #include <private/android_filesystem_config.h>
72 #include <system/camera_vendor_tags.h>
73 #include <system/camera_metadata.h>
74 #include <binder/IServiceManager.h>
75 #include <binder/IActivityManager.h>
76 #include <camera/CameraUtils.h>
77 #include <camera/StringUtils.h>
78
79 #include <system/camera.h>
80
81 #include "CameraService.h"
82 #include "api1/Camera2Client.h"
83 #include "api2/CameraDeviceClient.h"
84 #include "utils/CameraServiceProxyWrapper.h"
85 #include "utils/CameraTraces.h"
86 #include "utils/SessionConfigurationUtils.h"
87 #include "utils/TagMonitor.h"
88 #include "utils/Utils.h"
89
90 namespace {
91 const char* kActivityServiceName = "activity";
92 const char* kSensorPrivacyServiceName = "sensor_privacy";
93 const char* kAppopsServiceName = "appops";
94 const char* kProcessInfoServiceName = "processinfo";
95 const char* kVirtualDeviceBackCameraId = "0";
96 const char* kVirtualDeviceFrontCameraId = "1";
97 const char* kUnknownPackageName = "<unknown>";
98
appOpModeToPermissionResult(int32_t res)99 android::PermissionChecker::PermissionResult appOpModeToPermissionResult(int32_t res) {
100 switch (res) {
101 case android::AppOpsManager::MODE_ERRORED:
102 return android::PermissionChecker::PERMISSION_HARD_DENIED;
103 case android::AppOpsManager::MODE_IGNORED:
104 return android::PermissionChecker::PERMISSION_SOFT_DENIED;
105 case android::AppOpsManager::MODE_ALLOWED:
106 return android::PermissionChecker::PERMISSION_GRANTED;
107 }
108
109 ALOGE("%s: Unexpected appOpMode %d", __FUNCTION__, res);
110 return android::PermissionChecker::PERMISSION_HARD_DENIED;
111 }
112 } // namespace anonymous
113
114 namespace android {
115
116 using namespace camera3;
117 using namespace camera3::SessionConfigurationUtils;
118
119 using binder::Status;
120 using companion::virtualnative::IVirtualDeviceManagerNative;
121 using frameworks::cameraservice::service::V2_0::implementation::HidlCameraService;
122 using frameworks::cameraservice::service::implementation::AidlCameraService;
123 using hardware::ICamera;
124 using hardware::ICameraClient;
125 using hardware::ICameraServiceListener;
126 using hardware::camera2::ICameraInjectionCallback;
127 using hardware::camera2::ICameraInjectionSession;
128 using hardware::camera2::utils::CameraIdAndSessionConfiguration;
129 using hardware::camera2::utils::ConcurrentCameraIdCombination;
130
131 namespace flags = com::android::internal::camera::flags;
132
133 // ----------------------------------------------------------------------------
134 // Logging support -- this is for debugging only
135 // Use "adb shell dumpsys media.camera -v 1" to change it.
136 volatile int32_t gLogLevel = 0;
137
138 #define LOG1(...) ALOGD_IF(gLogLevel >= 1, __VA_ARGS__);
139 #define LOG2(...) ALOGD_IF(gLogLevel >= 2, __VA_ARGS__);
140
setLogLevel(int level)141 static void setLogLevel(int level) {
142 android_atomic_write(level, &gLogLevel);
143 }
144
format_as(CameraService::StatusInternal s)145 int32_t format_as(CameraService::StatusInternal s) {
146 return fmt::underlying(s);
147 }
148
149 // ----------------------------------------------------------------------------
150
151 // Permission strings (references to AttributionAndPermissionUtils for brevity)
152 static const std::string &sDumpPermission =
153 AttributionAndPermissionUtils::sDumpPermission;
154 static const std::string &sManageCameraPermission =
155 AttributionAndPermissionUtils::sManageCameraPermission;
156 static const std::string &sCameraSendSystemEventsPermission =
157 AttributionAndPermissionUtils::sCameraSendSystemEventsPermission;
158 static const std::string &sCameraInjectExternalCameraPermission =
159 AttributionAndPermissionUtils::sCameraInjectExternalCameraPermission;
160
161 // Constant integer for FGS Logging, used to denote the API type for logger
162 static const int LOG_FGS_CAMERA_API = 1;
163 const char *sFileName = "lastOpenSessionDumpFile";
164 static constexpr int32_t kSystemNativeClientScore = resource_policy::PERCEPTIBLE_APP_ADJ;
165 static constexpr int32_t kSystemNativeClientState =
166 ActivityManager::PROCESS_STATE_PERSISTENT_UI;
167 static const std::string kServiceName("cameraserver");
168
169 const std::string CameraService::kOfflineDevice("offline-");
170 const std::string CameraService::kWatchAllClientsFlag("all");
171
172 constexpr int32_t kInvalidDeviceId = -1;
173
174 // Set to keep track of logged service error events.
175 static std::set<std::string> sServiceErrorEventSet;
176
CameraService(std::shared_ptr<CameraServiceProxyWrapper> cameraServiceProxyWrapper,std::shared_ptr<AttributionAndPermissionUtils> attributionAndPermissionUtils)177 CameraService::CameraService(
178 std::shared_ptr<CameraServiceProxyWrapper> cameraServiceProxyWrapper,
179 std::shared_ptr<AttributionAndPermissionUtils> attributionAndPermissionUtils) :
180 AttributionAndPermissionUtilsEncapsulator(attributionAndPermissionUtils == nullptr ?
181 std::make_shared<AttributionAndPermissionUtils>()\
182 : attributionAndPermissionUtils),
183 mCameraServiceProxyWrapper(cameraServiceProxyWrapper == nullptr ?
184 std::make_shared<CameraServiceProxyWrapper>() : cameraServiceProxyWrapper),
185 mEventLog(DEFAULT_EVENT_LOG_LENGTH),
186 mNumberOfCameras(0),
187 mNumberOfCamerasWithoutSystemCamera(0),
188 mSoundRef(0), mInitialized(false),
189 mAudioRestriction(hardware::camera2::ICameraDeviceUser::AUDIO_RESTRICTION_NONE) {
190 ALOGI("CameraService started (pid=%d)", getpid());
191 mAttributionAndPermissionUtils->setCameraService(this);
192 mServiceLockWrapper = std::make_shared<WaitableMutexWrapper>(&mServiceLock);
193 mMemFd = memfd_create(sFileName, MFD_ALLOW_SEALING);
194 if (mMemFd == -1) {
195 ALOGE("%s: Error while creating the file: %s", __FUNCTION__, sFileName);
196 }
197 }
198
199 // Enable processes with isolated AID to request the binder
instantiate()200 void CameraService::instantiate() {
201 CameraService::publish(true);
202 }
203
onServiceRegistration(const String16 & name,const sp<IBinder> &)204 void CameraService::onServiceRegistration(const String16& name, const sp<IBinder>&) {
205 if (name != toString16(kAppopsServiceName)) {
206 return;
207 }
208
209 ALOGV("appops service registered. setting camera audio restriction");
210 mAppOps.setCameraAudioRestriction(mAudioRestriction);
211 }
212
onFirstRef()213 void CameraService::onFirstRef()
214 {
215 ALOGI("CameraService process starting");
216
217 BnCameraService::onFirstRef();
218
219 // Update battery life tracking if service is restarting
220 BatteryNotifier& notifier(BatteryNotifier::getInstance());
221 notifier.noteResetCamera();
222 notifier.noteResetFlashlight();
223
224 status_t res = INVALID_OPERATION;
225
226 res = enumerateProviders();
227 if (res == OK) {
228 mInitialized = true;
229 }
230
231 mUidPolicy = new UidPolicy(this);
232 mUidPolicy->registerSelf();
233 mSensorPrivacyPolicy = new SensorPrivacyPolicy(this, mAttributionAndPermissionUtils);
234 mSensorPrivacyPolicy->registerSelf();
235 mInjectionStatusListener = new InjectionStatusListener(this);
236
237 // appops function setCamerAudioRestriction uses getService which
238 // is blocking till the appops service is ready. To enable early
239 // boot availability for cameraservice, use checkService which is
240 // non blocking and register for notifications
241 sp<IServiceManager> sm = defaultServiceManager();
242 sp<IBinder> binder = sm->checkService(toString16(kAppopsServiceName));
243 if (!binder) {
244 sm->registerForNotifications(toString16(kAppopsServiceName), this);
245 } else {
246 mAppOps.setCameraAudioRestriction(mAudioRestriction);
247 }
248
249 sp<HidlCameraService> hcs = HidlCameraService::getInstance(this);
250 if (hcs->registerAsService() != android::OK) {
251 // Deprecated, so it will fail to register on newer devices
252 ALOGW("%s: Did not register default android.frameworks.cameraservice.service@2.2",
253 __FUNCTION__);
254 }
255
256 if (!AidlCameraService::registerService(this)) {
257 ALOGE("%s: Failed to register default AIDL VNDK CameraService", __FUNCTION__);
258 }
259
260 // This needs to be last call in this function, so that it's as close to
261 // ServiceManager::addService() as possible.
262 mCameraServiceProxyWrapper->pingCameraServiceProxy();
263 ALOGI("CameraService pinged cameraservice proxy");
264 }
265
enumerateProviders()266 status_t CameraService::enumerateProviders() {
267 status_t res;
268
269 std::vector<std::string> deviceIds;
270 std::unordered_map<std::string, std::set<std::string>> unavailPhysicalIds;
271 {
272 Mutex::Autolock l(mServiceLock);
273
274 if (nullptr == mCameraProviderManager.get()) {
275 mCameraProviderManager = new CameraProviderManager();
276 res = mCameraProviderManager->initialize(this);
277 if (res != OK) {
278 ALOGE("%s: Unable to initialize camera provider manager: %s (%d)",
279 __FUNCTION__, strerror(-res), res);
280 logServiceError("Unable to initialize camera provider manager",
281 ERROR_DISCONNECTED);
282 return res;
283 }
284 }
285
286 // Setup vendor tags before we call get_camera_info the first time
287 // because HAL might need to setup static vendor keys in get_camera_info
288 // TODO: maybe put this into CameraProviderManager::initialize()?
289 mCameraProviderManager->setUpVendorTags();
290
291 if (nullptr == mFlashlight.get()) {
292 mFlashlight = new CameraFlashlight(mCameraProviderManager, this);
293 }
294
295 res = mFlashlight->findFlashUnits();
296 if (res != OK) {
297 ALOGE("Failed to enumerate flash units: %s (%d)", strerror(-res), res);
298 }
299
300 deviceIds = mCameraProviderManager->getCameraDeviceIds(&unavailPhysicalIds);
301 }
302
303 for (auto& cameraId : deviceIds) {
304 if (getCameraState(cameraId) == nullptr) {
305 onDeviceStatusChanged(cameraId, CameraDeviceStatus::PRESENT);
306 }
307 if (unavailPhysicalIds.count(cameraId) > 0) {
308 for (const auto& physicalId : unavailPhysicalIds[cameraId]) {
309 onDeviceStatusChanged(cameraId, physicalId, CameraDeviceStatus::NOT_PRESENT);
310 }
311 }
312 }
313
314 // Derive primary rear/front cameras, and filter their charactierstics.
315 // This needs to be done after all cameras are enumerated and camera ids are sorted.
316 if (SessionConfigurationUtils::IS_PERF_CLASS) {
317 // Assume internal cameras are advertised from the same
318 // provider. If multiple providers are registered at different time,
319 // and each provider contains multiple internal color cameras, the current
320 // logic may filter the characteristics of more than one front/rear color
321 // cameras.
322 Mutex::Autolock l(mServiceLock);
323 filterSPerfClassCharacteristicsLocked();
324 }
325
326 return OK;
327 }
328
broadcastTorchModeStatus(const std::string & cameraId,TorchModeStatus status,SystemCameraKind systemCameraKind)329 void CameraService::broadcastTorchModeStatus(const std::string& cameraId, TorchModeStatus status,
330 SystemCameraKind systemCameraKind) {
331 // Get the device id and app-visible camera id for the given HAL-visible camera id.
332 auto [deviceId, mappedCameraId] =
333 mVirtualDeviceCameraIdMapper.getDeviceIdAndMappedCameraIdPair(cameraId);
334
335 Mutex::Autolock lock(mStatusListenerLock);
336 for (auto& i : mListenerList) {
337 if (shouldSkipStatusUpdates(systemCameraKind, i->isVendorListener(), i->getListenerPid(),
338 i->getListenerUid())) {
339 ALOGV("%s: Skipping torch callback for system-only camera device %s",
340 __FUNCTION__, cameraId.c_str());
341 continue;
342 }
343
344 auto ret = i->getListener()->onTorchStatusChanged(mapToInterface(status),
345 mappedCameraId, deviceId);
346 i->handleBinderStatus(ret, "%s: Failed to trigger onTorchStatusChanged for %d:%d: %d",
347 __FUNCTION__, i->getListenerUid(), i->getListenerPid(), ret.exceptionCode());
348 }
349 }
350
~CameraService()351 CameraService::~CameraService() {
352 VendorTagDescriptor::clearGlobalVendorTagDescriptor();
353 mUidPolicy->unregisterSelf();
354 mSensorPrivacyPolicy->unregisterSelf();
355 mInjectionStatusListener->removeListener();
356 }
357
onNewProviderRegistered()358 void CameraService::onNewProviderRegistered() {
359 enumerateProviders();
360 }
361
filterAPI1SystemCameraLocked(const std::vector<std::string> & normalDeviceIds)362 void CameraService::filterAPI1SystemCameraLocked(
363 const std::vector<std::string> &normalDeviceIds) {
364 mNormalDeviceIdsWithoutSystemCamera.clear();
365 for (auto &cameraId : normalDeviceIds) {
366 CameraMetadata cameraInfo;
367 status_t res = mCameraProviderManager->getCameraCharacteristics(
368 cameraId, false, &cameraInfo,
369 hardware::ICameraService::ROTATION_OVERRIDE_NONE);
370 int32_t deviceId = kDefaultDeviceId;
371 if (res != OK) {
372 ALOGW("%s: Not able to get camera characteristics for camera id %s",
373 __FUNCTION__, cameraId.c_str());
374 } else {
375 deviceId = getDeviceId(cameraInfo);
376 }
377 // Cameras associated with non-default device id's (i.e., virtual cameras) can never be
378 // system cameras, so skip for non-default device id's.
379 if (deviceId != kDefaultDeviceId) {
380 continue;
381 }
382
383 SystemCameraKind deviceKind = SystemCameraKind::PUBLIC;
384 if (getSystemCameraKind(cameraId, &deviceKind) != OK) {
385 ALOGE("%s: Invalid camera id %s, skipping", __FUNCTION__, cameraId.c_str());
386 continue;
387 }
388 if (deviceKind == SystemCameraKind::SYSTEM_ONLY_CAMERA) {
389 // All system camera ids will necessarily come after public camera
390 // device ids as per the HAL interface contract.
391 break;
392 }
393 mNormalDeviceIdsWithoutSystemCamera.push_back(cameraId);
394 }
395 ALOGV("%s: number of API1 compatible public cameras is %zu", __FUNCTION__,
396 mNormalDeviceIdsWithoutSystemCamera.size());
397 }
398
getSystemCameraKind(const std::string & cameraId,SystemCameraKind * kind) const399 status_t CameraService::getSystemCameraKind(const std::string& cameraId,
400 SystemCameraKind *kind) const {
401 auto state = getCameraState(cameraId);
402 if (state != nullptr) {
403 *kind = state->getSystemCameraKind();
404 return OK;
405 }
406 // Hidden physical camera ids won't have CameraState
407 return mCameraProviderManager->getSystemCameraKind(cameraId, kind);
408 }
409
updateCameraNumAndIds()410 void CameraService::updateCameraNumAndIds() {
411 Mutex::Autolock l(mServiceLock);
412 std::pair<int, int> systemAndNonSystemCameras = mCameraProviderManager->getCameraCount();
413 // Excludes hidden secure cameras
414 mNumberOfCameras =
415 systemAndNonSystemCameras.first + systemAndNonSystemCameras.second;
416 mNumberOfCamerasWithoutSystemCamera = systemAndNonSystemCameras.second;
417 mNormalDeviceIds =
418 mCameraProviderManager->getAPI1CompatibleCameraDeviceIds();
419 filterAPI1SystemCameraLocked(mNormalDeviceIds);
420 }
421
filterSPerfClassCharacteristicsLocked()422 void CameraService::filterSPerfClassCharacteristicsLocked() {
423 // To claim to be S Performance primary cameras, the cameras must be
424 // backward compatible. So performance class primary camera Ids must be API1
425 // compatible.
426 bool firstRearCameraSeen = false, firstFrontCameraSeen = false;
427 for (const auto& cameraId : mNormalDeviceIdsWithoutSystemCamera) {
428 int facing = -1;
429 int orientation = 0;
430 int portraitRotation;
431 getDeviceVersion(cameraId,
432 /*rotationOverride*/hardware::ICameraService::ROTATION_OVERRIDE_NONE,
433 /*out*/&portraitRotation, /*out*/&facing, /*out*/&orientation);
434 if (facing == -1) {
435 ALOGE("%s: Unable to get camera device \"%s\" facing", __FUNCTION__, cameraId.c_str());
436 return;
437 }
438
439 if ((facing == hardware::CAMERA_FACING_BACK && !firstRearCameraSeen) ||
440 (facing == hardware::CAMERA_FACING_FRONT && !firstFrontCameraSeen)) {
441 status_t res = mCameraProviderManager->filterSmallJpegSizes(cameraId);
442 if (res == OK) {
443 mPerfClassPrimaryCameraIds.insert(cameraId);
444 } else {
445 ALOGE("%s: Failed to filter small JPEG sizes for performance class primary "
446 "camera %s: %s(%d)", __FUNCTION__, cameraId.c_str(), strerror(-res), res);
447 break;
448 }
449
450 if (facing == hardware::CAMERA_FACING_BACK) {
451 firstRearCameraSeen = true;
452 }
453 if (facing == hardware::CAMERA_FACING_FRONT) {
454 firstFrontCameraSeen = true;
455 }
456 }
457
458 if (firstRearCameraSeen && firstFrontCameraSeen) {
459 break;
460 }
461 }
462 }
463
addStates(const std::string & cameraId)464 void CameraService::addStates(const std::string& cameraId) {
465 CameraResourceCost cost;
466 status_t res = mCameraProviderManager->getResourceCost(cameraId, &cost);
467 if (res != OK) {
468 ALOGE("Failed to query device resource cost: %s (%d)", strerror(-res), res);
469 return;
470 }
471 SystemCameraKind deviceKind = SystemCameraKind::PUBLIC;
472 res = mCameraProviderManager->getSystemCameraKind(cameraId, &deviceKind);
473 if (res != OK) {
474 ALOGE("Failed to query device kind: %s (%d)", strerror(-res), res);
475 return;
476 }
477 std::vector<std::string> physicalCameraIds;
478 mCameraProviderManager->isLogicalCamera(cameraId, &physicalCameraIds);
479 std::set<std::string> conflicting;
480 for (size_t i = 0; i < cost.conflictingDevices.size(); i++) {
481 conflicting.emplace(cost.conflictingDevices[i]);
482 }
483
484 {
485 Mutex::Autolock lock(mCameraStatesLock);
486 mCameraStates.emplace(cameraId, std::make_shared<CameraState>(cameraId, cost.resourceCost,
487 conflicting, deviceKind, physicalCameraIds));
488 }
489
490 if (mFlashlight->hasFlashUnit(cameraId)) {
491 Mutex::Autolock al(mTorchStatusMutex);
492 mTorchStatusMap.add(cameraId, TorchModeStatus::AVAILABLE_OFF);
493
494 broadcastTorchModeStatus(cameraId, TorchModeStatus::AVAILABLE_OFF, deviceKind);
495 }
496
497 updateCameraNumAndIds();
498 logDeviceAdded(cameraId, "Device added");
499 }
500
removeStates(const std::string & cameraId)501 void CameraService::removeStates(const std::string& cameraId) {
502 updateCameraNumAndIds();
503 if (mFlashlight->hasFlashUnit(cameraId)) {
504 Mutex::Autolock al(mTorchStatusMutex);
505 mTorchStatusMap.removeItem(cameraId);
506 }
507
508 {
509 Mutex::Autolock lock(mCameraStatesLock);
510 mCameraStates.erase(cameraId);
511 }
512 }
513
onDeviceStatusChanged(const std::string & cameraId,CameraDeviceStatus newHalStatus)514 void CameraService::onDeviceStatusChanged(const std::string& cameraId,
515 CameraDeviceStatus newHalStatus) {
516 ALOGI("%s: Status changed for cameraId=%s, newStatus=%d", __FUNCTION__,
517 cameraId.c_str(), eToI(newHalStatus));
518
519 StatusInternal newStatus = mapToInternal(newHalStatus);
520
521 std::shared_ptr<CameraState> state = getCameraState(cameraId);
522
523 if (state == nullptr) {
524 if (newStatus == StatusInternal::PRESENT) {
525 ALOGI("%s: Unknown camera ID %s, a new camera is added",
526 __FUNCTION__, cameraId.c_str());
527
528 // First add as absent to make sure clients are notified below
529 addStates(cameraId);
530
531 updateStatus(newStatus, cameraId);
532 } else {
533 ALOGE("%s: Bad camera ID %s", __FUNCTION__, cameraId.c_str());
534 }
535 return;
536 }
537
538 StatusInternal oldStatus = state->getStatus();
539
540 if (oldStatus == newStatus) {
541 ALOGE("%s: State transition to the same status %#x not allowed", __FUNCTION__,
542 eToI(newStatus));
543 return;
544 }
545
546 if (newStatus == StatusInternal::NOT_PRESENT) {
547 logDeviceRemoved(cameraId, fmt::format("Device status changed from {} to {}",
548 oldStatus, newStatus));
549 // Set the device status to NOT_PRESENT, clients will no longer be able to connect
550 // to this device until the status changes
551 updateStatus(StatusInternal::NOT_PRESENT, cameraId);
552 mVirtualDeviceCameraIdMapper.removeCamera(cameraId);
553
554 std::vector<sp<BasicClient>> clientsToDisconnectOnline, clientsToDisconnectOffline;
555 {
556 // Don't do this in updateStatus to avoid deadlock over mServiceLock
557 Mutex::Autolock lock(mServiceLock);
558
559 // Remove cached shim parameters
560 state->setShimParams(CameraParameters());
561
562 // Remove online as well as offline client from the list of active clients,
563 // if they are present
564 clientsToDisconnectOnline = removeClientsLocked(cameraId);
565 clientsToDisconnectOffline = removeClientsLocked(kOfflineDevice + cameraId);
566 }
567
568 disconnectClients(cameraId, clientsToDisconnectOnline);
569 disconnectClients(kOfflineDevice + cameraId, clientsToDisconnectOffline);
570
571 removeStates(cameraId);
572 } else {
573 if (oldStatus == StatusInternal::NOT_PRESENT) {
574 logDeviceAdded(cameraId, fmt::format("Device status changed from {} to {}",
575 oldStatus, newStatus));
576 }
577 updateStatus(newStatus, cameraId);
578 }
579 }
580
onDeviceStatusChanged(const std::string & id,const std::string & physicalId,CameraDeviceStatus newHalStatus)581 void CameraService::onDeviceStatusChanged(const std::string& id,
582 const std::string& physicalId,
583 CameraDeviceStatus newHalStatus) {
584 ALOGI("%s: Status changed for cameraId=%s, physicalCameraId=%s, newStatus=%d",
585 __FUNCTION__, id.c_str(), physicalId.c_str(), eToI(newHalStatus));
586
587 StatusInternal newStatus = mapToInternal(newHalStatus);
588
589 std::shared_ptr<CameraState> state = getCameraState(id);
590
591 if (state == nullptr) {
592 ALOGE("%s: Physical camera id %s status change on a non-present ID %s",
593 __FUNCTION__, physicalId.c_str(), id.c_str());
594 return;
595 }
596
597 StatusInternal logicalCameraStatus = state->getStatus();
598 if (logicalCameraStatus != StatusInternal::PRESENT &&
599 logicalCameraStatus != StatusInternal::NOT_AVAILABLE) {
600 ALOGE("%s: Physical camera id %s status %d change for an invalid logical camera state %d",
601 __FUNCTION__, physicalId.c_str(), eToI(newHalStatus), eToI(logicalCameraStatus));
602 return;
603 }
604
605 bool updated = false;
606 if (newStatus == StatusInternal::PRESENT) {
607 updated = state->removeUnavailablePhysicalId(physicalId);
608 } else {
609 updated = state->addUnavailablePhysicalId(physicalId);
610 }
611
612 if (updated) {
613 std::string idCombo = id + " : " + physicalId;
614 if (newStatus == StatusInternal::PRESENT) {
615 logDeviceAdded(idCombo, fmt::format("Device status changed to {}", newStatus));
616 } else {
617 logDeviceRemoved(idCombo, fmt::format("Device status changed to {}", newStatus));
618 }
619 // Avoid calling getSystemCameraKind() with mStatusListenerLock held (b/141756275)
620 SystemCameraKind deviceKind = SystemCameraKind::PUBLIC;
621 if (getSystemCameraKind(id, &deviceKind) != OK) {
622 ALOGE("%s: Invalid camera id %s, skipping", __FUNCTION__, id.c_str());
623 return;
624 }
625 Mutex::Autolock lock(mStatusListenerLock);
626 for (auto& listener : mListenerList) {
627 if (shouldSkipStatusUpdates(deviceKind, listener->isVendorListener(),
628 listener->getListenerPid(), listener->getListenerUid())) {
629 ALOGV("Skipping discovery callback for system-only camera device %s",
630 id.c_str());
631 continue;
632 }
633 auto ret = listener->getListener()->onPhysicalCameraStatusChanged(
634 mapToInterface(newStatus), id, physicalId, kDefaultDeviceId);
635 listener->handleBinderStatus(ret,
636 "%s: Failed to trigger onPhysicalCameraStatusChanged for %d:%d: %d",
637 __FUNCTION__, listener->getListenerUid(), listener->getListenerPid(),
638 ret.exceptionCode());
639 }
640 }
641 }
642
disconnectClients(const std::string & id,std::vector<sp<BasicClient>> clientsToDisconnect)643 void CameraService::disconnectClients(const std::string& id,
644 std::vector<sp<BasicClient>> clientsToDisconnect) {
645 for (auto& client : clientsToDisconnect) {
646 disconnectClient(id, client);
647 }
648 }
649
disconnectClient(const std::string & id,sp<BasicClient> clientToDisconnect)650 void CameraService::disconnectClient(const std::string& id, sp<BasicClient> clientToDisconnect) {
651 if (clientToDisconnect.get() != nullptr) {
652 ALOGI("%s: Client for camera ID %s evicted due to device status change from HAL",
653 __FUNCTION__, id.c_str());
654 // Notify the client of disconnection
655 clientToDisconnect->notifyError(
656 hardware::camera2::ICameraDeviceCallbacks::ERROR_CAMERA_DISCONNECTED,
657 CaptureResultExtras{});
658 clientToDisconnect->disconnect();
659 }
660 }
661
onTorchStatusChanged(const std::string & cameraId,TorchModeStatus newStatus)662 void CameraService::onTorchStatusChanged(const std::string& cameraId,
663 TorchModeStatus newStatus) {
664 SystemCameraKind systemCameraKind = SystemCameraKind::PUBLIC;
665 status_t res = getSystemCameraKind(cameraId, &systemCameraKind);
666 if (res != OK) {
667 ALOGE("%s: Could not get system camera kind for camera id %s", __FUNCTION__,
668 cameraId.c_str());
669 return;
670 }
671 Mutex::Autolock al(mTorchStatusMutex);
672 onTorchStatusChangedLocked(cameraId, newStatus, systemCameraKind);
673 }
674
onTorchStatusChanged(const std::string & cameraId,TorchModeStatus newStatus,SystemCameraKind systemCameraKind)675 void CameraService::onTorchStatusChanged(const std::string& cameraId,
676 TorchModeStatus newStatus, SystemCameraKind systemCameraKind) {
677 Mutex::Autolock al(mTorchStatusMutex);
678 onTorchStatusChangedLocked(cameraId, newStatus, systemCameraKind);
679 }
680
broadcastTorchStrengthLevel(const std::string & cameraId,int32_t newStrengthLevel)681 void CameraService::broadcastTorchStrengthLevel(const std::string& cameraId,
682 int32_t newStrengthLevel) {
683 // Get the device id and app-visible camera id for the given HAL-visible camera id.
684 auto [deviceId, mappedCameraId] =
685 mVirtualDeviceCameraIdMapper.getDeviceIdAndMappedCameraIdPair(cameraId);
686
687 Mutex::Autolock lock(mStatusListenerLock);
688 for (auto& i : mListenerList) {
689 auto ret = i->getListener()->onTorchStrengthLevelChanged(mappedCameraId,
690 newStrengthLevel, deviceId);
691 i->handleBinderStatus(ret,
692 "%s: Failed to trigger onTorchStrengthLevelChanged for %d:%d: %d", __FUNCTION__,
693 i->getListenerUid(), i->getListenerPid(), ret.exceptionCode());
694 }
695 }
696
onTorchStatusChangedLocked(const std::string & cameraId,TorchModeStatus newStatus,SystemCameraKind systemCameraKind)697 void CameraService::onTorchStatusChangedLocked(const std::string& cameraId,
698 TorchModeStatus newStatus, SystemCameraKind systemCameraKind) {
699 ALOGI("%s: Torch status changed for cameraId=%s, newStatus=%d",
700 __FUNCTION__, cameraId.c_str(), eToI(newStatus));
701
702 TorchModeStatus status;
703 status_t res = getTorchStatusLocked(cameraId, &status);
704 if (res) {
705 ALOGE("%s: cannot get torch status of camera %s: %s (%d)",
706 __FUNCTION__, cameraId.c_str(), strerror(-res), res);
707 return;
708 }
709 if (status == newStatus) {
710 return;
711 }
712
713 res = setTorchStatusLocked(cameraId, newStatus);
714 if (res) {
715 ALOGE("%s: Failed to set the torch status to %d: %s (%d)", __FUNCTION__,
716 (uint32_t)newStatus, strerror(-res), res);
717 return;
718 }
719
720 {
721 // Update battery life logging for flashlight
722 Mutex::Autolock al(mTorchUidMapMutex);
723 auto iter = mTorchUidMap.find(cameraId);
724 if (iter != mTorchUidMap.end()) {
725 int oldUid = iter->second.second;
726 int newUid = iter->second.first;
727 BatteryNotifier& notifier(BatteryNotifier::getInstance());
728 if (oldUid != newUid) {
729 // If the UID has changed, log the status and update current UID in mTorchUidMap
730 if (status == TorchModeStatus::AVAILABLE_ON) {
731 notifier.noteFlashlightOff(toString8(cameraId), oldUid);
732 }
733 if (newStatus == TorchModeStatus::AVAILABLE_ON) {
734 notifier.noteFlashlightOn(toString8(cameraId), newUid);
735 }
736 iter->second.second = newUid;
737 } else {
738 // If the UID has not changed, log the status
739 if (newStatus == TorchModeStatus::AVAILABLE_ON) {
740 notifier.noteFlashlightOn(toString8(cameraId), oldUid);
741 } else {
742 notifier.noteFlashlightOff(toString8(cameraId), oldUid);
743 }
744 }
745 }
746 }
747 broadcastTorchModeStatus(cameraId, newStatus, systemCameraKind);
748 }
749
isAutomotiveExteriorSystemCamera(const std::string & cam_id) const750 bool CameraService::isAutomotiveExteriorSystemCamera(const std::string& cam_id) const {
751 // Returns false if this is not an automotive device type.
752 if (!isAutomotiveDevice())
753 return false;
754
755 // Returns false if no camera id is provided.
756 if (cam_id.empty())
757 return false;
758
759 SystemCameraKind systemCameraKind = SystemCameraKind::PUBLIC;
760 if (getSystemCameraKind(cam_id, &systemCameraKind) != OK) {
761 // This isn't a known camera ID, so it's not a system camera.
762 ALOGE("%s: Unknown camera id %s, ", __FUNCTION__, cam_id.c_str());
763 return false;
764 }
765
766 if (systemCameraKind != SystemCameraKind::SYSTEM_ONLY_CAMERA) {
767 ALOGE("%s: camera id %s is not a system camera", __FUNCTION__, cam_id.c_str());
768 return false;
769 }
770
771 CameraMetadata cameraInfo;
772 status_t res = mCameraProviderManager->getCameraCharacteristics(
773 cam_id, false, &cameraInfo, hardware::ICameraService::ROTATION_OVERRIDE_NONE);
774 if (res != OK){
775 ALOGE("%s: Not able to get camera characteristics for camera id %s",__FUNCTION__,
776 cam_id.c_str());
777 return false;
778 }
779
780 camera_metadata_entry auto_location = cameraInfo.find(ANDROID_AUTOMOTIVE_LOCATION);
781 if (auto_location.count != 1)
782 return false;
783
784 uint8_t location = auto_location.data.u8[0];
785 if ((location != ANDROID_AUTOMOTIVE_LOCATION_EXTERIOR_FRONT) &&
786 (location != ANDROID_AUTOMOTIVE_LOCATION_EXTERIOR_REAR) &&
787 (location != ANDROID_AUTOMOTIVE_LOCATION_EXTERIOR_LEFT) &&
788 (location != ANDROID_AUTOMOTIVE_LOCATION_EXTERIOR_RIGHT)) {
789 return false;
790 }
791
792 return true;
793 }
794
getNumberOfCameras(int32_t type,const AttributionSourceState & clientAttribution,int32_t devicePolicy,int32_t * numCameras)795 Status CameraService::getNumberOfCameras(int32_t type,
796 const AttributionSourceState& clientAttribution, int32_t devicePolicy,
797 int32_t* numCameras) {
798 ATRACE_CALL();
799 if (clientAttribution.deviceId != kDefaultDeviceId
800 && (devicePolicy != IVirtualDeviceManagerNative::DEVICE_POLICY_DEFAULT)) {
801 *numCameras = mVirtualDeviceCameraIdMapper.getNumberOfCameras(clientAttribution.deviceId);
802 return Status::ok();
803 }
804
805 Mutex::Autolock l(mServiceLock);
806 bool hasSystemCameraPermissions =
807 hasPermissionsForSystemCamera(std::string(), getCallingPid(),
808 getCallingUid());
809 switch (type) {
810 case CAMERA_TYPE_BACKWARD_COMPATIBLE:
811 if (hasSystemCameraPermissions) {
812 *numCameras = static_cast<int>(mNormalDeviceIds.size());
813 } else {
814 *numCameras = static_cast<int>(mNormalDeviceIdsWithoutSystemCamera.size());
815 }
816 break;
817 case CAMERA_TYPE_ALL:
818 if (hasSystemCameraPermissions) {
819 *numCameras = mNumberOfCameras;
820 } else {
821 *numCameras = mNumberOfCamerasWithoutSystemCamera;
822 }
823 break;
824 default:
825 ALOGW("%s: Unknown camera type %d",
826 __FUNCTION__, type);
827 return STATUS_ERROR_FMT(ERROR_ILLEGAL_ARGUMENT,
828 "Unknown camera type %d", type);
829 }
830 return Status::ok();
831 }
832
createDefaultRequest(const std::string & unresolvedCameraId,int templateId,const AttributionSourceState & clientAttribution,int32_t devicePolicy,hardware::camera2::impl::CameraMetadataNative * request)833 Status CameraService::createDefaultRequest(const std::string& unresolvedCameraId, int templateId,
834 const AttributionSourceState& clientAttribution, int32_t devicePolicy,
835 /* out */
836 hardware::camera2::impl::CameraMetadataNative* request) {
837 ATRACE_CALL();
838
839 if (!mInitialized) {
840 ALOGE("%s: Camera subsystem is not available", __FUNCTION__);
841 logServiceError("Camera subsystem is not available", ERROR_DISCONNECTED);
842 return STATUS_ERROR(ERROR_DISCONNECTED, "Camera subsystem is not available");
843 }
844
845 std::optional<std::string> cameraIdOptional =
846 resolveCameraId(unresolvedCameraId, clientAttribution.deviceId, devicePolicy);
847 if (!cameraIdOptional.has_value()) {
848 std::string msg = fmt::sprintf("Camera %s: Invalid camera id for device id %d",
849 unresolvedCameraId.c_str(), clientAttribution.deviceId);
850 ALOGE("%s: %s", __FUNCTION__, msg.c_str());
851 return STATUS_ERROR(CameraService::ERROR_ILLEGAL_ARGUMENT, msg.c_str());
852 }
853 std::string cameraId = cameraIdOptional.value();
854
855 binder::Status res;
856 if (request == nullptr) {
857 res = STATUS_ERROR_FMT(CameraService::ERROR_INVALID_OPERATION,
858 "Camera %s: Error creating default request", cameraId.c_str());
859 return res;
860 }
861 camera_request_template_t tempId = camera_request_template_t::CAMERA_TEMPLATE_COUNT;
862 res = SessionConfigurationUtils::mapRequestTemplateFromClient(
863 cameraId, templateId, &tempId);
864 if (!res.isOk()) {
865 ALOGE("%s: Camera %s: failed to map request Template %d",
866 __FUNCTION__, cameraId.c_str(), templateId);
867 return res;
868 }
869
870 if (shouldRejectSystemCameraConnection(cameraId)) {
871 return STATUS_ERROR_FMT(ERROR_INVALID_OPERATION, "Unable to create default"
872 "request for system only device %s: ", cameraId.c_str());
873 }
874
875 CameraMetadata metadata;
876 status_t err = mCameraProviderManager->createDefaultRequest(cameraId, tempId, &metadata);
877 if (err == OK) {
878 request->swap(metadata);
879 } else if (err == BAD_VALUE) {
880 res = STATUS_ERROR_FMT(CameraService::ERROR_ILLEGAL_ARGUMENT,
881 "Camera %s: Template ID %d is invalid or not supported: %s (%d)",
882 cameraId.c_str(), templateId, strerror(-err), err);
883 } else {
884 res = STATUS_ERROR_FMT(CameraService::ERROR_INVALID_OPERATION,
885 "Camera %s: Error creating default request for template %d: %s (%d)",
886 cameraId.c_str(), templateId, strerror(-err), err);
887 }
888 return res;
889 }
890
isSessionConfigurationWithParametersSupported(const std::string & unresolvedCameraId,int targetSdkVersion,const SessionConfiguration & sessionConfiguration,const AttributionSourceState & clientAttribution,int32_t devicePolicy,bool * supported)891 Status CameraService::isSessionConfigurationWithParametersSupported(
892 const std::string& unresolvedCameraId, int targetSdkVersion,
893 const SessionConfiguration& sessionConfiguration,
894 const AttributionSourceState& clientAttribution, int32_t devicePolicy,
895 /*out*/ bool* supported) {
896 ATRACE_CALL();
897
898 if (!mInitialized) {
899 ALOGE("%s: Camera HAL couldn't be initialized", __FUNCTION__);
900 logServiceError("Camera subsystem is not available", ERROR_DISCONNECTED);
901 return STATUS_ERROR(ERROR_DISCONNECTED, "Camera subsystem is not available");
902 }
903
904 std::optional<std::string> cameraIdOptional =
905 resolveCameraId(unresolvedCameraId, clientAttribution.deviceId, devicePolicy);
906 if (!cameraIdOptional.has_value()) {
907 std::string msg = fmt::sprintf("Camera %s: Invalid camera id for device id %d",
908 unresolvedCameraId.c_str(), clientAttribution.deviceId);
909 ALOGE("%s: %s", __FUNCTION__, msg.c_str());
910 return STATUS_ERROR(CameraService::ERROR_ILLEGAL_ARGUMENT, msg.c_str());
911 }
912 std::string cameraId = cameraIdOptional.value();
913
914 if (supported == nullptr) {
915 std::string msg = fmt::sprintf("Camera %s: Invalid 'support' input!",
916 unresolvedCameraId.c_str());
917 ALOGE("%s: %s", __FUNCTION__, msg.c_str());
918 return STATUS_ERROR(CameraService::ERROR_ILLEGAL_ARGUMENT, msg.c_str());
919 }
920
921 if (shouldRejectSystemCameraConnection(cameraId)) {
922 return STATUS_ERROR_FMT(ERROR_INVALID_OPERATION, "Unable to query "
923 "session configuration with parameters support for system only device %s: ",
924 cameraId.c_str());
925 }
926
927 bool overrideForPerfClass = SessionConfigurationUtils::targetPerfClassPrimaryCamera(
928 mPerfClassPrimaryCameraIds, cameraId, targetSdkVersion);
929
930 auto ret = isSessionConfigurationWithParametersSupportedUnsafe(cameraId,
931 sessionConfiguration, overrideForPerfClass, supported);
932 if (flags::analytics_24q3()) {
933 mCameraServiceProxyWrapper->logFeatureCombinationQuery(cameraId,
934 getCallingUid(), sessionConfiguration, ret);
935 }
936 return ret;
937 }
938
isSessionConfigurationWithParametersSupportedUnsafe(const std::string & cameraId,const SessionConfiguration & sessionConfiguration,bool overrideForPerfClass,bool * supported)939 Status CameraService::isSessionConfigurationWithParametersSupportedUnsafe(
940 const std::string& cameraId, const SessionConfiguration& sessionConfiguration,
941 bool overrideForPerfClass, /*out*/ bool* supported) {
942 *supported = false;
943 status_t ret = mCameraProviderManager->isSessionConfigurationSupported(
944 cameraId, sessionConfiguration, overrideForPerfClass,
945 /*checkSessionParams=*/true, supported);
946 binder::Status res;
947 switch (ret) {
948 case OK:
949 // Expected. Do Nothing.
950 return Status::ok();
951 case INVALID_OPERATION: {
952 std::string msg = fmt::sprintf(
953 "Camera %s: Session configuration with parameters supported query not "
954 "supported!",
955 cameraId.c_str());
956 ALOGW("%s: %s", __FUNCTION__, msg.c_str());
957 logServiceError(msg, CameraService::ERROR_INVALID_OPERATION);
958 *supported = false;
959 return STATUS_ERROR(CameraService::ERROR_INVALID_OPERATION, msg.c_str());
960 }
961 break;
962 case NAME_NOT_FOUND: {
963 std::string msg = fmt::sprintf("Camera %s: Unknown camera ID.", cameraId.c_str());
964 ALOGW("%s: %s", __FUNCTION__, msg.c_str());
965 logServiceError(msg, CameraService::ERROR_ILLEGAL_ARGUMENT);
966 *supported = false;
967 return STATUS_ERROR(CameraService::ERROR_ILLEGAL_ARGUMENT, msg.c_str());
968 }
969 break;
970 default: {
971 std::string msg = fmt::sprintf(
972 "Unable to retrieve session configuration support for camera "
973 "device %s: Error: %s (%d)",
974 cameraId.c_str(), strerror(-ret), ret);
975 ALOGE("%s: %s", __FUNCTION__, msg.c_str());
976 logServiceError(msg, CameraService::ERROR_ILLEGAL_ARGUMENT);
977 *supported = false;
978 return STATUS_ERROR(CameraService::ERROR_ILLEGAL_ARGUMENT, msg.c_str());
979 }
980 break;
981 }
982 }
983
getSessionCharacteristics(const std::string & unresolvedCameraId,int targetSdkVersion,int rotationOverride,const SessionConfiguration & sessionConfiguration,const AttributionSourceState & clientAttribution,int32_t devicePolicy,CameraMetadata * outMetadata)984 Status CameraService::getSessionCharacteristics(const std::string& unresolvedCameraId,
985 int targetSdkVersion, int rotationOverride,
986 const SessionConfiguration& sessionConfiguration,
987 const AttributionSourceState& clientAttribution, int32_t devicePolicy,
988 /*out*/ CameraMetadata* outMetadata) {
989 ATRACE_CALL();
990
991 if (outMetadata == nullptr) {
992 std::string msg =
993 fmt::sprintf("Camera %s: Invalid 'outMetadata' input!", unresolvedCameraId.c_str());
994 ALOGE("%s: %s", __FUNCTION__, msg.c_str());
995 return STATUS_ERROR(CameraService::ERROR_ILLEGAL_ARGUMENT, msg.c_str());
996 }
997
998 if (!mInitialized) {
999 ALOGE("%s: Camera HAL couldn't be initialized", __FUNCTION__);
1000 logServiceError("Camera subsystem is not available", ERROR_DISCONNECTED);
1001 return STATUS_ERROR(ERROR_DISCONNECTED, "Camera subsystem is not available");
1002 }
1003
1004 std::optional<std::string> cameraIdOptional =
1005 resolveCameraId(unresolvedCameraId, clientAttribution.deviceId, devicePolicy);
1006 if (!cameraIdOptional.has_value()) {
1007 std::string msg = fmt::sprintf("Camera %s: Invalid camera id for device id %d",
1008 unresolvedCameraId.c_str(), clientAttribution.deviceId);
1009 ALOGE("%s: %s", __FUNCTION__, msg.c_str());
1010 return STATUS_ERROR(CameraService::ERROR_ILLEGAL_ARGUMENT, msg.c_str());
1011 }
1012 std::string cameraId = cameraIdOptional.value();
1013
1014 if (shouldRejectSystemCameraConnection(cameraId)) {
1015 return STATUS_ERROR_FMT(ERROR_INVALID_OPERATION,
1016 "Unable to retrieve camera"
1017 "characteristics for system only device %s: ",
1018 cameraId.c_str());
1019 }
1020
1021 bool overrideForPerfClass = SessionConfigurationUtils::targetPerfClassPrimaryCamera(
1022 mPerfClassPrimaryCameraIds, cameraId, targetSdkVersion);
1023
1024 bool sessionConfigSupported;
1025 Status res = isSessionConfigurationWithParametersSupportedUnsafe(
1026 cameraId, sessionConfiguration, overrideForPerfClass, &sessionConfigSupported);
1027 if (!res.isOk()) {
1028 // isSessionConfigurationWithParametersSupportedUnsafe should log what went wrong and
1029 // report the correct Status to send to the client. Simply forward the error to
1030 // the client.
1031 outMetadata->clear();
1032 return res;
1033 }
1034
1035 if (!sessionConfigSupported) {
1036 std::string msg = fmt::sprintf("Session configuration not supported for camera device %s.",
1037 cameraId.c_str());
1038 outMetadata->clear();
1039 return STATUS_ERROR(CameraService::ERROR_ILLEGAL_ARGUMENT, msg.c_str());
1040 }
1041
1042 status_t ret = mCameraProviderManager->getSessionCharacteristics(
1043 cameraId, sessionConfiguration, overrideForPerfClass, rotationOverride, outMetadata);
1044
1045 switch (ret) {
1046 case OK:
1047 // Expected, no handling needed.
1048 break;
1049 case INVALID_OPERATION: {
1050 std::string msg = fmt::sprintf(
1051 "Camera %s: Session characteristics query not supported!",
1052 cameraId.c_str());
1053 ALOGW("%s: %s", __FUNCTION__, msg.c_str());
1054 logServiceError(msg, CameraService::ERROR_INVALID_OPERATION);
1055 outMetadata->clear();
1056 return STATUS_ERROR(CameraService::ERROR_INVALID_OPERATION, msg.c_str());
1057 }
1058 break;
1059 case NAME_NOT_FOUND: {
1060 std::string msg = fmt::sprintf(
1061 "Camera %s: Unknown camera ID.",
1062 cameraId.c_str());
1063 ALOGW("%s: %s", __FUNCTION__, msg.c_str());
1064 logServiceError(msg, CameraService::ERROR_ILLEGAL_ARGUMENT);
1065 outMetadata->clear();
1066 return STATUS_ERROR(CameraService::ERROR_ILLEGAL_ARGUMENT, msg.c_str());
1067 }
1068 break;
1069 default: {
1070 std::string msg = fmt::sprintf(
1071 "Unable to retrieve session characteristics for camera device %s: "
1072 "Error: %s (%d)",
1073 cameraId.c_str(), strerror(-ret), ret);
1074 ALOGE("%s: %s", __FUNCTION__, msg.c_str());
1075 logServiceError(msg, CameraService::ERROR_INVALID_OPERATION);
1076 outMetadata->clear();
1077 return STATUS_ERROR(CameraService::ERROR_INVALID_OPERATION, msg.c_str());
1078 }
1079 }
1080
1081 res = filterSensitiveMetadataIfNeeded(cameraId, outMetadata);
1082 if (flags::analytics_24q3()) {
1083 mCameraServiceProxyWrapper->logSessionCharacteristicsQuery(cameraId,
1084 getCallingUid(), sessionConfiguration, res);
1085 }
1086 return res;
1087 }
1088
filterSensitiveMetadataIfNeeded(const std::string & cameraId,CameraMetadata * metadata)1089 Status CameraService::filterSensitiveMetadataIfNeeded(
1090 const std::string& cameraId, CameraMetadata* metadata) {
1091 int callingPid = getCallingPid();
1092 int callingUid = getCallingUid();
1093
1094 if (callingPid == getpid()) {
1095 // Caller is cameraserver; no need to remove keys
1096 return Status::ok();
1097 }
1098
1099 SystemCameraKind deviceKind = SystemCameraKind::PUBLIC;
1100 if (getSystemCameraKind(cameraId, &deviceKind) != OK) {
1101 ALOGE("%s: Couldn't get camera kind for camera id %s", __FUNCTION__, cameraId.c_str());
1102 metadata->clear();
1103 return STATUS_ERROR_FMT(ERROR_INVALID_OPERATION,
1104 "Unable to retrieve camera kind for device %s", cameraId.c_str());
1105 }
1106 if (deviceKind == SystemCameraKind::SYSTEM_ONLY_CAMERA) {
1107 // Attempting to query system only camera without system camera permission would have
1108 // failed the shouldRejectSystemCameraConnection in the caller. So if we get here
1109 // for a system only camera, then the caller has the required permission.
1110 // No need to remove keys
1111 return Status::ok();
1112 }
1113
1114 std::vector<int32_t> tagsRemoved;
1115 // Get the device id that owns this camera.
1116 auto [cameraOwnerDeviceId, _] = mVirtualDeviceCameraIdMapper.getDeviceIdAndMappedCameraIdPair(
1117 cameraId);
1118 bool hasCameraPermission = hasPermissionsForCamera(cameraId, callingPid, callingUid,
1119 cameraOwnerDeviceId);
1120 if (hasCameraPermission) {
1121 // Caller has camera permission; no need to remove keys
1122 return Status::ok();
1123 }
1124
1125 status_t ret = metadata->removePermissionEntries(
1126 mCameraProviderManager->getProviderTagIdLocked(cameraId), &tagsRemoved);
1127 if (ret != OK) {
1128 metadata->clear();
1129 return STATUS_ERROR_FMT(ERROR_INVALID_OPERATION,
1130 "Failed to remove camera characteristics needing camera permission "
1131 "for device %s:%s (%d)",
1132 cameraId.c_str(), strerror(-ret), ret);
1133 }
1134
1135 if (!tagsRemoved.empty()) {
1136 ret = metadata->update(ANDROID_REQUEST_CHARACTERISTIC_KEYS_NEEDING_PERMISSION,
1137 tagsRemoved.data(), tagsRemoved.size());
1138 if (ret != OK) {
1139 metadata->clear();
1140 return STATUS_ERROR_FMT(
1141 ERROR_INVALID_OPERATION,
1142 "Failed to insert camera keys needing permission for device %s: %s (%d)",
1143 cameraId.c_str(), strerror(-ret), ret);
1144 }
1145 }
1146 return Status::ok();
1147 }
1148
injectSessionParams(const std::string & cameraId,const CameraMetadata & sessionParams)1149 Status CameraService::injectSessionParams(
1150 const std::string& cameraId,
1151 const CameraMetadata& sessionParams) {
1152 if (!checkCallingPermission(toString16(sCameraInjectExternalCameraPermission))) {
1153 const int pid = getCallingPid();
1154 const int uid = getCallingUid();
1155 ALOGE("%s: Permission Denial: can't inject session params pid=%d, uid=%d",
1156 __FUNCTION__, pid, uid);
1157 return STATUS_ERROR(ERROR_PERMISSION_DENIED,
1158 "Permission Denial: no permission to inject session params");
1159 }
1160
1161 // Do not allow session params injection for a virtual camera.
1162 auto [deviceId, _] = mVirtualDeviceCameraIdMapper.getDeviceIdAndMappedCameraIdPair(cameraId);
1163 if (deviceId != kDefaultDeviceId) {
1164 return STATUS_ERROR(ERROR_ILLEGAL_ARGUMENT,
1165 "Cannot inject session params for a virtual camera");
1166 }
1167
1168 std::unique_ptr<AutoConditionLock> serviceLockWrapper =
1169 AutoConditionLock::waitAndAcquire(mServiceLockWrapper);
1170
1171 auto clientDescriptor = mActiveClientManager.get(cameraId);
1172 if (clientDescriptor == nullptr) {
1173 ALOGI("%s: No active client for camera id %s", __FUNCTION__, cameraId.c_str());
1174 return STATUS_ERROR_FMT(ERROR_INVALID_OPERATION,
1175 "No active client for camera id %s", cameraId.c_str());
1176 }
1177
1178 sp<BasicClient> clientSp = clientDescriptor->getValue();
1179 status_t res = clientSp->injectSessionParams(sessionParams);
1180
1181 if (res != OK) {
1182 return STATUS_ERROR_FMT(ERROR_INVALID_OPERATION,
1183 "Error injecting session params into camera \"%s\": %s (%d)",
1184 cameraId.c_str(), strerror(-res), res);
1185 }
1186 return Status::ok();
1187 }
1188
resolveCameraId(const std::string & inputCameraId,int32_t deviceId,int32_t devicePolicy)1189 std::optional<std::string> CameraService::resolveCameraId(
1190 const std::string& inputCameraId,
1191 int32_t deviceId,
1192 int32_t devicePolicy) {
1193 if ((deviceId == kDefaultDeviceId)
1194 || (devicePolicy == IVirtualDeviceManagerNative::DEVICE_POLICY_DEFAULT)) {
1195 auto [storedDeviceId, _] =
1196 mVirtualDeviceCameraIdMapper.getDeviceIdAndMappedCameraIdPair(inputCameraId);
1197 if (storedDeviceId != kDefaultDeviceId) {
1198 // Trying to access a virtual camera from default-policy device context, we should fail.
1199 std::string msg = fmt::sprintf("Camera %s: Invalid camera id for device id %d",
1200 inputCameraId.c_str(), deviceId);
1201 ALOGE("%s: %s", __FUNCTION__, msg.c_str());
1202 return std::nullopt;
1203 }
1204 return inputCameraId;
1205 }
1206
1207 return mVirtualDeviceCameraIdMapper.getActualCameraId(deviceId, inputCameraId);
1208 }
1209
getCameraInfo(int cameraId,int rotationOverride,const AttributionSourceState & clientAttribution,int32_t devicePolicy,CameraInfo * cameraInfo)1210 Status CameraService::getCameraInfo(int cameraId, int rotationOverride,
1211 const AttributionSourceState& clientAttribution, int32_t devicePolicy,
1212 CameraInfo* cameraInfo) {
1213 ATRACE_CALL();
1214 Mutex::Autolock l(mServiceLock);
1215 std::string cameraIdStr =
1216 cameraIdIntToStrLocked(cameraId, clientAttribution.deviceId, devicePolicy);
1217 if (cameraIdStr.empty()) {
1218 std::string msg = fmt::sprintf("Camera %d: Invalid camera id for device id %d",
1219 cameraId, clientAttribution.deviceId);
1220 ALOGE("%s: %s", __FUNCTION__, msg.c_str());
1221 return STATUS_ERROR(CameraService::ERROR_ILLEGAL_ARGUMENT, msg.c_str());
1222 }
1223
1224 if (shouldRejectSystemCameraConnection(cameraIdStr)) {
1225 return STATUS_ERROR_FMT(ERROR_INVALID_OPERATION, "Unable to retrieve camera"
1226 "characteristics for system only device %s: ", cameraIdStr.c_str());
1227 }
1228
1229 if (!mInitialized) {
1230 logServiceError("Camera subsystem is not available", ERROR_DISCONNECTED);
1231 return STATUS_ERROR(ERROR_DISCONNECTED,
1232 "Camera subsystem is not available");
1233 }
1234 bool hasSystemCameraPermissions = hasPermissionsForSystemCamera(std::to_string(cameraId),
1235 getCallingPid(), getCallingUid());
1236 int cameraIdBound = mNumberOfCamerasWithoutSystemCamera;
1237 if (hasSystemCameraPermissions) {
1238 cameraIdBound = mNumberOfCameras;
1239 }
1240 if (cameraId < 0 || cameraId >= cameraIdBound) {
1241 return STATUS_ERROR(ERROR_ILLEGAL_ARGUMENT,
1242 "CameraId is not valid");
1243 }
1244
1245 Status ret = Status::ok();
1246 int portraitRotation;
1247 status_t err = mCameraProviderManager->getCameraInfo(
1248 cameraIdStr, rotationOverride, &portraitRotation, cameraInfo);
1249 if (err != OK) {
1250 ret = STATUS_ERROR_FMT(ERROR_INVALID_OPERATION,
1251 "Error retrieving camera info from device %d: %s (%d)", cameraId,
1252 strerror(-err), err);
1253 logServiceError(std::string("Error retrieving camera info from device ")
1254 + std::to_string(cameraId), ERROR_INVALID_OPERATION);
1255 }
1256
1257 return ret;
1258 }
1259
cameraIdIntToStrLocked(int cameraIdInt,int32_t deviceId,int32_t devicePolicy)1260 std::string CameraService::cameraIdIntToStrLocked(int cameraIdInt,
1261 int32_t deviceId, int32_t devicePolicy) {
1262 if (deviceId != kDefaultDeviceId
1263 && (devicePolicy != IVirtualDeviceManagerNative::DEVICE_POLICY_DEFAULT)) {
1264 std::optional<std::string> cameraIdOptional =
1265 mVirtualDeviceCameraIdMapper.getActualCameraId(cameraIdInt, deviceId);
1266 return cameraIdOptional.has_value() ? cameraIdOptional.value() : std::string{};
1267 }
1268
1269 const std::vector<std::string> *cameraIds = &mNormalDeviceIdsWithoutSystemCamera;
1270 auto callingPid = getCallingPid();
1271 auto callingUid = getCallingUid();
1272 bool systemCameraPermissions = hasPermissionsForSystemCamera(std::to_string(cameraIdInt),
1273 callingPid, callingUid, /* checkCameraPermissions= */ false);
1274 if (systemCameraPermissions || getpid() == callingPid) {
1275 cameraIds = &mNormalDeviceIds;
1276 }
1277 if (cameraIdInt < 0 || cameraIdInt >= static_cast<int>(cameraIds->size())) {
1278 ALOGE("%s: input id %d invalid: valid range (0, %zu)",
1279 __FUNCTION__, cameraIdInt, cameraIds->size());
1280 return std::string{};
1281 }
1282
1283 return (*cameraIds)[cameraIdInt];
1284 }
1285
cameraIdIntToStr(int cameraIdInt,int32_t deviceId,int32_t devicePolicy)1286 std::string CameraService::cameraIdIntToStr(int cameraIdInt, int32_t deviceId,
1287 int32_t devicePolicy) {
1288 Mutex::Autolock lock(mServiceLock);
1289 return cameraIdIntToStrLocked(cameraIdInt, deviceId, devicePolicy);
1290 }
1291
getCameraCharacteristics(const std::string & unresolvedCameraId,int targetSdkVersion,int rotationOverride,const AttributionSourceState & clientAttribution,int32_t devicePolicy,CameraMetadata * cameraInfo)1292 Status CameraService::getCameraCharacteristics(const std::string& unresolvedCameraId,
1293 int targetSdkVersion, int rotationOverride, const AttributionSourceState& clientAttribution,
1294 int32_t devicePolicy, CameraMetadata* cameraInfo) {
1295 ATRACE_CALL();
1296
1297 if (!cameraInfo) {
1298 ALOGE("%s: cameraInfo is NULL", __FUNCTION__);
1299 return STATUS_ERROR(ERROR_ILLEGAL_ARGUMENT, "cameraInfo is NULL");
1300 }
1301
1302 if (!mInitialized) {
1303 ALOGE("%s: Camera HAL couldn't be initialized", __FUNCTION__);
1304 logServiceError("Camera subsystem is not available", ERROR_DISCONNECTED);
1305 return STATUS_ERROR(ERROR_DISCONNECTED,
1306 "Camera subsystem is not available");;
1307 }
1308
1309 std::optional<std::string> cameraIdOptional =
1310 resolveCameraId(unresolvedCameraId, clientAttribution.deviceId, devicePolicy);
1311 if (!cameraIdOptional.has_value()) {
1312 std::string msg = fmt::sprintf("Camera %s: Invalid camera id for device id %d",
1313 unresolvedCameraId.c_str(), clientAttribution.deviceId);
1314 ALOGE("%s: %s", __FUNCTION__, msg.c_str());
1315 return STATUS_ERROR(CameraService::ERROR_ILLEGAL_ARGUMENT, msg.c_str());
1316 }
1317 std::string cameraId = cameraIdOptional.value();
1318
1319 if (shouldRejectSystemCameraConnection(cameraId)) {
1320 return STATUS_ERROR_FMT(ERROR_INVALID_OPERATION, "Unable to retrieve camera"
1321 "characteristics for system only device %s: ", cameraId.c_str());
1322 }
1323
1324 bool overrideForPerfClass =
1325 SessionConfigurationUtils::targetPerfClassPrimaryCamera(mPerfClassPrimaryCameraIds,
1326 cameraId, targetSdkVersion);
1327 status_t res = mCameraProviderManager->getCameraCharacteristics(
1328 cameraId, overrideForPerfClass, cameraInfo, rotationOverride);
1329 if (res != OK) {
1330 if (res == NAME_NOT_FOUND) {
1331 return STATUS_ERROR_FMT(ERROR_ILLEGAL_ARGUMENT, "Unable to retrieve camera "
1332 "characteristics for unknown device %s: %s (%d)", cameraId.c_str(),
1333 strerror(-res), res);
1334 } else {
1335 logServiceError(fmt::sprintf("Unable to retrieve camera characteristics for device %s.",
1336 cameraId.c_str()), ERROR_INVALID_OPERATION);
1337 return STATUS_ERROR_FMT(ERROR_INVALID_OPERATION, "Unable to retrieve camera "
1338 "characteristics for device %s: %s (%d)", cameraId.c_str(),
1339 strerror(-res), res);
1340 }
1341 }
1342
1343 return filterSensitiveMetadataIfNeeded(cameraId, cameraInfo);
1344 }
1345
getTorchStrengthLevel(const std::string & unresolvedCameraId,const AttributionSourceState & clientAttribution,int32_t devicePolicy,int32_t * torchStrength)1346 Status CameraService::getTorchStrengthLevel(const std::string& unresolvedCameraId,
1347 const AttributionSourceState& clientAttribution,
1348 int32_t devicePolicy, int32_t* torchStrength) {
1349 ATRACE_CALL();
1350 Mutex::Autolock l(mServiceLock);
1351
1352 std::optional<std::string> cameraIdOptional = resolveCameraId(unresolvedCameraId,
1353 clientAttribution.deviceId, devicePolicy);
1354 if (!cameraIdOptional.has_value()) {
1355 std::string msg = fmt::sprintf("Camera %s: Invalid camera id for device id %d",
1356 unresolvedCameraId.c_str(), clientAttribution.deviceId);
1357 ALOGE("%s: %s", __FUNCTION__, msg.c_str());
1358 return STATUS_ERROR(CameraService::ERROR_ILLEGAL_ARGUMENT, msg.c_str());
1359 }
1360 std::string cameraId = cameraIdOptional.value();
1361
1362 if (!mInitialized) {
1363 ALOGE("%s: Camera HAL couldn't be initialized.", __FUNCTION__);
1364 return STATUS_ERROR(ERROR_DISCONNECTED, "Camera HAL couldn't be initialized.");
1365 }
1366
1367 if (torchStrength == NULL) {
1368 ALOGE("%s: strength level must not be null.", __FUNCTION__);
1369 return STATUS_ERROR(ERROR_ILLEGAL_ARGUMENT, "Strength level should not be null.");
1370 }
1371
1372 status_t res = mCameraProviderManager->getTorchStrengthLevel(cameraId, torchStrength);
1373 if (res != OK) {
1374 return STATUS_ERROR_FMT(ERROR_INVALID_OPERATION, "Unable to retrieve torch "
1375 "strength level for device %s: %s (%d)", cameraId.c_str(),
1376 strerror(-res), res);
1377 }
1378 ALOGI("%s: Torch strength level is: %d", __FUNCTION__, *torchStrength);
1379 return Status::ok();
1380 }
1381
getFormattedCurrentTime()1382 std::string CameraService::getFormattedCurrentTime() {
1383 time_t now = time(nullptr);
1384 char formattedTime[64];
1385 strftime(formattedTime, sizeof(formattedTime), "%m-%d %H:%M:%S", localtime(&now));
1386 return std::string(formattedTime);
1387 }
1388
getCameraVendorTagDescriptor(hardware::camera2::params::VendorTagDescriptor * desc)1389 Status CameraService::getCameraVendorTagDescriptor(
1390 /*out*/
1391 hardware::camera2::params::VendorTagDescriptor* desc) {
1392 ATRACE_CALL();
1393 if (!mInitialized) {
1394 ALOGE("%s: Camera HAL couldn't be initialized", __FUNCTION__);
1395 return STATUS_ERROR(ERROR_DISCONNECTED, "Camera subsystem not available");
1396 }
1397 sp<VendorTagDescriptor> globalDescriptor = VendorTagDescriptor::getGlobalVendorTagDescriptor();
1398 if (globalDescriptor != nullptr) {
1399 *desc = *(globalDescriptor.get());
1400 }
1401 return Status::ok();
1402 }
1403
getCameraVendorTagCache(hardware::camera2::params::VendorTagDescriptorCache * cache)1404 Status CameraService::getCameraVendorTagCache(
1405 /*out*/ hardware::camera2::params::VendorTagDescriptorCache* cache) {
1406 ATRACE_CALL();
1407 if (!mInitialized) {
1408 ALOGE("%s: Camera HAL couldn't be initialized", __FUNCTION__);
1409 return STATUS_ERROR(ERROR_DISCONNECTED,
1410 "Camera subsystem not available");
1411 }
1412 sp<VendorTagDescriptorCache> globalCache =
1413 VendorTagDescriptorCache::getGlobalVendorTagCache();
1414 if (globalCache != nullptr) {
1415 *cache = *(globalCache.get());
1416 }
1417 return Status::ok();
1418 }
1419
clearCachedVariables()1420 void CameraService::clearCachedVariables() {
1421 BasicClient::BasicClient::sCameraService = nullptr;
1422 }
1423
getDeviceVersion(const std::string & cameraId,int rotationOverride,int * portraitRotation,int * facing,int * orientation)1424 std::pair<int, IPCTransport> CameraService::getDeviceVersion(const std::string& cameraId,
1425 int rotationOverride, int* portraitRotation, int* facing,
1426 int* orientation) {
1427 ATRACE_CALL();
1428
1429 int deviceVersion = 0;
1430
1431 status_t res;
1432 hardware::hidl_version maxVersion{0,0};
1433 IPCTransport transport = IPCTransport::INVALID;
1434 res = mCameraProviderManager->getHighestSupportedVersion(cameraId, &maxVersion, &transport);
1435 if (res != OK || transport == IPCTransport::INVALID) {
1436 ALOGE("%s: Unable to get highest supported version for camera id %s", __FUNCTION__,
1437 cameraId.c_str());
1438 return std::make_pair(-1, IPCTransport::INVALID) ;
1439 }
1440 deviceVersion = HARDWARE_DEVICE_API_VERSION(maxVersion.get_major(), maxVersion.get_minor());
1441
1442 hardware::CameraInfo info;
1443 if (facing) {
1444 res = mCameraProviderManager->getCameraInfo(cameraId, rotationOverride,
1445 portraitRotation, &info);
1446 if (res != OK) {
1447 return std::make_pair(-1, IPCTransport::INVALID);
1448 }
1449 *facing = info.facing;
1450 if (orientation) {
1451 *orientation = info.orientation;
1452 }
1453 }
1454
1455 return std::make_pair(deviceVersion, transport);
1456 }
1457
filterGetInfoErrorCode(status_t err)1458 Status CameraService::filterGetInfoErrorCode(status_t err) {
1459 switch(err) {
1460 case NO_ERROR:
1461 return Status::ok();
1462 case BAD_VALUE:
1463 return STATUS_ERROR(ERROR_ILLEGAL_ARGUMENT,
1464 "CameraId is not valid for HAL module");
1465 case NO_INIT:
1466 return STATUS_ERROR(ERROR_DISCONNECTED,
1467 "Camera device not available");
1468 default:
1469 return STATUS_ERROR_FMT(ERROR_INVALID_OPERATION,
1470 "Camera HAL encountered error %d: %s",
1471 err, strerror(-err));
1472 }
1473 }
1474
makeClient(const sp<CameraService> & cameraService,const sp<IInterface> & cameraCb,const AttributionSourceState & clientAttribution,int callingPid,bool systemNativeClient,const std::string & cameraId,int api1CameraId,int facing,int sensorOrientation,int servicePid,std::pair<int,IPCTransport> deviceVersionAndTransport,apiLevel effectiveApiLevel,bool overrideForPerfClass,int rotationOverride,bool forceSlowJpegMode,const std::string & originalCameraId,bool sharedMode,bool isVendorClient,sp<BasicClient> * client)1475 Status CameraService::makeClient(
1476 const sp<CameraService>& cameraService, const sp<IInterface>& cameraCb,
1477 const AttributionSourceState& clientAttribution, int callingPid, bool systemNativeClient,
1478 const std::string& cameraId, int api1CameraId, int facing, int sensorOrientation,
1479 int servicePid, std::pair<int, IPCTransport> deviceVersionAndTransport,
1480 apiLevel effectiveApiLevel, bool overrideForPerfClass, int rotationOverride,
1481 bool forceSlowJpegMode, const std::string& originalCameraId, bool sharedMode,
1482 bool isVendorClient,
1483 /*out*/sp<BasicClient>* client) {
1484 // For HIDL devices
1485 if (deviceVersionAndTransport.second == IPCTransport::HIDL) {
1486 // Create CameraClient based on device version reported by the HAL.
1487 int deviceVersion = deviceVersionAndTransport.first;
1488 switch(deviceVersion) {
1489 case CAMERA_DEVICE_API_VERSION_1_0:
1490 ALOGE("Camera using old HAL version: %d", deviceVersion);
1491 return STATUS_ERROR_FMT(ERROR_DEPRECATED_HAL,
1492 "Camera device \"%s\" HAL version %d no longer supported",
1493 cameraId.c_str(), deviceVersion);
1494 break;
1495 case CAMERA_DEVICE_API_VERSION_3_0:
1496 case CAMERA_DEVICE_API_VERSION_3_1:
1497 case CAMERA_DEVICE_API_VERSION_3_2:
1498 case CAMERA_DEVICE_API_VERSION_3_3:
1499 case CAMERA_DEVICE_API_VERSION_3_4:
1500 case CAMERA_DEVICE_API_VERSION_3_5:
1501 case CAMERA_DEVICE_API_VERSION_3_6:
1502 case CAMERA_DEVICE_API_VERSION_3_7:
1503 break;
1504 default:
1505 // Should not be reachable
1506 ALOGE("Unknown camera device HAL version: %d", deviceVersion);
1507 return STATUS_ERROR_FMT(ERROR_INVALID_OPERATION,
1508 "Camera device \"%s\" has unknown HAL version %d",
1509 cameraId.c_str(), deviceVersion);
1510 }
1511 }
1512 if (effectiveApiLevel == API_1) { // Camera1 API route
1513 sp<ICameraClient> tmp = static_cast<ICameraClient*>(cameraCb.get());
1514 *client = new Camera2Client(cameraService, tmp, cameraService->mCameraServiceProxyWrapper,
1515 cameraService->mAttributionAndPermissionUtils,
1516 clientAttribution, callingPid, cameraId, api1CameraId, facing,
1517 sensorOrientation, servicePid, overrideForPerfClass,
1518 rotationOverride, forceSlowJpegMode, /*sharedMode*/false);
1519 ALOGI("%s: Camera1 API (legacy), rotationOverride %d, forceSlowJpegMode %d",
1520 __FUNCTION__, rotationOverride, forceSlowJpegMode);
1521 } else { // Camera2 API route
1522 sp<hardware::camera2::ICameraDeviceCallbacks> tmp =
1523 static_cast<hardware::camera2::ICameraDeviceCallbacks*>(cameraCb.get());
1524 *client = new CameraDeviceClient(
1525 cameraService, tmp, cameraService->mCameraServiceProxyWrapper,
1526 cameraService->mAttributionAndPermissionUtils, clientAttribution, callingPid,
1527 systemNativeClient, cameraId, facing, sensorOrientation, servicePid,
1528 overrideForPerfClass, rotationOverride, originalCameraId, sharedMode,
1529 isVendorClient);
1530 ALOGI("%s: Camera2 API, rotationOverride %d", __FUNCTION__, rotationOverride);
1531 }
1532 return Status::ok();
1533 }
1534
toString(std::set<userid_t> intSet)1535 std::string CameraService::toString(std::set<userid_t> intSet) {
1536 std::ostringstream s;
1537 bool first = true;
1538 for (userid_t i : intSet) {
1539 if (first) {
1540 s << std::to_string(i);
1541 first = false;
1542 } else {
1543 s << ", " << std::to_string(i);
1544 }
1545 }
1546 return s.str();
1547 }
1548
mapToInterface(TorchModeStatus status)1549 int32_t CameraService::mapToInterface(TorchModeStatus status) {
1550 int32_t serviceStatus = ICameraServiceListener::TORCH_STATUS_NOT_AVAILABLE;
1551 switch (status) {
1552 case TorchModeStatus::NOT_AVAILABLE:
1553 serviceStatus = ICameraServiceListener::TORCH_STATUS_NOT_AVAILABLE;
1554 break;
1555 case TorchModeStatus::AVAILABLE_OFF:
1556 serviceStatus = ICameraServiceListener::TORCH_STATUS_AVAILABLE_OFF;
1557 break;
1558 case TorchModeStatus::AVAILABLE_ON:
1559 serviceStatus = ICameraServiceListener::TORCH_STATUS_AVAILABLE_ON;
1560 break;
1561 default:
1562 ALOGW("Unknown new flash status: %d", eToI(status));
1563 }
1564 return serviceStatus;
1565 }
1566
mapToInternal(CameraDeviceStatus status)1567 CameraService::StatusInternal CameraService::mapToInternal(CameraDeviceStatus status) {
1568 StatusInternal serviceStatus = StatusInternal::NOT_PRESENT;
1569 switch (status) {
1570 case CameraDeviceStatus::NOT_PRESENT:
1571 serviceStatus = StatusInternal::NOT_PRESENT;
1572 break;
1573 case CameraDeviceStatus::PRESENT:
1574 serviceStatus = StatusInternal::PRESENT;
1575 break;
1576 case CameraDeviceStatus::ENUMERATING:
1577 serviceStatus = StatusInternal::ENUMERATING;
1578 break;
1579 default:
1580 ALOGW("Unknown new HAL device status: %d", eToI(status));
1581 }
1582 return serviceStatus;
1583 }
1584
mapToInterface(StatusInternal status)1585 int32_t CameraService::mapToInterface(StatusInternal status) {
1586 int32_t serviceStatus = ICameraServiceListener::STATUS_NOT_PRESENT;
1587 switch (status) {
1588 case StatusInternal::NOT_PRESENT:
1589 serviceStatus = ICameraServiceListener::STATUS_NOT_PRESENT;
1590 break;
1591 case StatusInternal::PRESENT:
1592 serviceStatus = ICameraServiceListener::STATUS_PRESENT;
1593 break;
1594 case StatusInternal::ENUMERATING:
1595 serviceStatus = ICameraServiceListener::STATUS_ENUMERATING;
1596 break;
1597 case StatusInternal::NOT_AVAILABLE:
1598 serviceStatus = ICameraServiceListener::STATUS_NOT_AVAILABLE;
1599 break;
1600 case StatusInternal::UNKNOWN:
1601 serviceStatus = ICameraServiceListener::STATUS_UNKNOWN;
1602 break;
1603 default:
1604 ALOGW("Unknown new internal device status: %d", eToI(status));
1605 }
1606 return serviceStatus;
1607 }
1608
initializeShimMetadata(int cameraId)1609 Status CameraService::initializeShimMetadata(int cameraId) {
1610 int uid = getCallingUid();
1611
1612 std::string cameraIdStr = std::to_string(cameraId);
1613 Status ret = Status::ok();
1614 sp<Client> tmp = nullptr;
1615
1616 int callingPid = getCallingPid();
1617 logConnectionAttempt(callingPid, kServiceName, cameraIdStr, API_1);
1618
1619 AttributionSourceState clientAttribution =
1620 buildAttributionSource(callingPid, uid, kServiceName, kDefaultDeviceId);
1621
1622 if (!(ret = connectHelper<ICameraClient, Client>(
1623 sp<ICameraClient>{nullptr}, cameraIdStr, cameraId, clientAttribution,
1624 /*systemNativeClient*/ false, API_1, /*shimUpdateOnly*/ true,
1625 /*oomScoreOffset*/ 0,
1626 /*targetSdkVersion*/ __ANDROID_API_FUTURE__,
1627 /*rotationOverride*/
1628 hardware::ICameraService::ROTATION_OVERRIDE_OVERRIDE_TO_PORTRAIT,
1629 /*forceSlowJpegMode*/ false, cameraIdStr, /*isNonSystemNdk*/ false,
1630 /*sharedMode*/false, /*isVendorClient*/false,/*out*/ tmp))
1631 .isOk()) {
1632 ALOGE("%s: Error initializing shim metadata: %s", __FUNCTION__, ret.toString8().c_str());
1633 }
1634 return ret;
1635 }
1636
getLegacyParametersLazy(int cameraId,CameraParameters * parameters)1637 Status CameraService::getLegacyParametersLazy(int cameraId,
1638 /*out*/
1639 CameraParameters* parameters) {
1640
1641 ALOGV("%s: for cameraId: %d", __FUNCTION__, cameraId);
1642
1643 Status ret = Status::ok();
1644
1645 if (parameters == NULL) {
1646 ALOGE("%s: parameters must not be null", __FUNCTION__);
1647 return STATUS_ERROR(ERROR_ILLEGAL_ARGUMENT, "Parameters must not be null");
1648 }
1649
1650 std::string cameraIdStr = std::to_string(cameraId);
1651
1652 // Check if we already have parameters
1653 {
1654 // Scope for service lock
1655 Mutex::Autolock lock(mServiceLock);
1656 auto cameraState = getCameraState(cameraIdStr);
1657 if (cameraState == nullptr) {
1658 ALOGE("%s: Invalid camera ID: %s", __FUNCTION__, cameraIdStr.c_str());
1659 return STATUS_ERROR_FMT(ERROR_ILLEGAL_ARGUMENT,
1660 "Invalid camera ID: %s", cameraIdStr.c_str());
1661 }
1662 CameraParameters p = cameraState->getShimParams();
1663 if (!p.isEmpty()) {
1664 *parameters = p;
1665 return ret;
1666 }
1667 }
1668
1669 int64_t token = clearCallingIdentity();
1670 ret = initializeShimMetadata(cameraId);
1671 restoreCallingIdentity(token);
1672 if (!ret.isOk()) {
1673 // Error already logged by callee
1674 return ret;
1675 }
1676
1677 // Check for parameters again
1678 {
1679 // Scope for service lock
1680 Mutex::Autolock lock(mServiceLock);
1681 auto cameraState = getCameraState(cameraIdStr);
1682 if (cameraState == nullptr) {
1683 ALOGE("%s: Invalid camera ID: %s", __FUNCTION__, cameraIdStr.c_str());
1684 return STATUS_ERROR_FMT(ERROR_ILLEGAL_ARGUMENT,
1685 "Invalid camera ID: %s", cameraIdStr.c_str());
1686 }
1687 CameraParameters p = cameraState->getShimParams();
1688 if (!p.isEmpty()) {
1689 *parameters = p;
1690 return ret;
1691 }
1692 }
1693
1694 ALOGE("%s: Parameters were not initialized, or were empty. Device may not be present.",
1695 __FUNCTION__);
1696 return STATUS_ERROR(ERROR_INVALID_OPERATION, "Unable to initialize legacy parameters");
1697 }
1698
validateConnectLocked(const std::string & cameraId,const AttributionSourceState & clientAttribution,bool sharedMode) const1699 Status CameraService::validateConnectLocked(const std::string& cameraId,
1700 const AttributionSourceState& clientAttribution,
1701 bool sharedMode) const {
1702 #ifdef __BRILLO__
1703 UNUSED(clientAttribution);
1704 #else
1705 Status allowed = validateClientPermissionsLocked(cameraId, clientAttribution, sharedMode);
1706 if (!allowed.isOk()) {
1707 return allowed;
1708 }
1709 #endif // __BRILLO__
1710
1711 int callingPid = getCallingPid();
1712
1713 if (!mInitialized) {
1714 ALOGE("CameraService::connect X (PID %d) rejected (camera HAL module not loaded)",
1715 callingPid);
1716 return STATUS_ERROR_FMT(ERROR_DISCONNECTED,
1717 "No camera HAL module available to open camera device \"%s\"", cameraId.c_str());
1718 }
1719
1720 if (getCameraState(cameraId) == nullptr) {
1721 ALOGE("CameraService::connect X (PID %d) rejected (invalid camera ID %s)", callingPid,
1722 cameraId.c_str());
1723 return STATUS_ERROR_FMT(ERROR_DISCONNECTED,
1724 "No camera device with ID \"%s\" available", cameraId.c_str());
1725 }
1726
1727 status_t err = checkIfDeviceIsUsable(cameraId);
1728 if (err != NO_ERROR) {
1729 switch(err) {
1730 case -ENODEV:
1731 case -EBUSY:
1732 return STATUS_ERROR_FMT(ERROR_DISCONNECTED,
1733 "No camera device with ID \"%s\" currently available", cameraId.c_str());
1734 default:
1735 return STATUS_ERROR_FMT(ERROR_INVALID_OPERATION,
1736 "Unknown error connecting to ID \"%s\"", cameraId.c_str());
1737 }
1738 }
1739 return Status::ok();
1740 }
1741
validateClientPermissionsLocked(const std::string & cameraId,const AttributionSourceState & clientAttribution,bool sharedMode) const1742 Status CameraService::validateClientPermissionsLocked(
1743 const std::string& cameraId, const AttributionSourceState& clientAttribution,
1744 bool sharedMode) const {
1745 int callingPid = getCallingPid();
1746 int callingUid = getCallingUid();
1747
1748 int clientPid = clientAttribution.pid;
1749 int clientUid = clientAttribution.uid;
1750 const std::string clientName = clientAttribution.packageName.value_or(kUnknownPackageName);
1751
1752 if (shouldRejectSystemCameraConnection(cameraId)) {
1753 ALOGW("Attempting to connect to system-only camera id %s, connection rejected",
1754 cameraId.c_str());
1755 return STATUS_ERROR_FMT(ERROR_DISCONNECTED, "No camera device with ID \"%s\" is"
1756 "available", cameraId.c_str());
1757 }
1758 SystemCameraKind deviceKind = SystemCameraKind::PUBLIC;
1759 if (getSystemCameraKind(cameraId, &deviceKind) != OK) {
1760 ALOGE("%s: Invalid camera id %s, skipping", __FUNCTION__, cameraId.c_str());
1761 return STATUS_ERROR_FMT(ERROR_ILLEGAL_ARGUMENT, "No camera device with ID \"%s\""
1762 "found while trying to query device kind", cameraId.c_str());
1763 }
1764
1765 if (flags::camera_multi_client() && sharedMode
1766 && (deviceKind != SystemCameraKind::SYSTEM_ONLY_CAMERA)) {
1767 ALOGE("%s: camera id %s is not system camera. Device sharing only supported for"
1768 " system cameras.", __FUNCTION__, cameraId.c_str());
1769 return STATUS_ERROR_FMT(ERROR_ILLEGAL_ARGUMENT, "camera device sharing not supported for "
1770 "camera ID \"%s\"", cameraId.c_str());
1771 }
1772
1773 // Get the device id that owns this camera.
1774 auto [deviceId, _] = mVirtualDeviceCameraIdMapper.getDeviceIdAndMappedCameraIdPair(cameraId);
1775 AttributionSourceState clientAttributionWithDeviceId = clientAttribution;
1776 clientAttributionWithDeviceId.deviceId = deviceId;
1777
1778 // If it's not calling from cameraserver, check the permission if the
1779 // device isn't a system only camera (shouldRejectSystemCameraConnection already checks for
1780 // android.permission.SYSTEM_CAMERA for system only camera devices).
1781 bool checkPermissionForCamera =
1782 hasPermissionsForCamera(cameraId, clientAttributionWithDeviceId);
1783 if (callingPid != getpid() &&
1784 (deviceKind != SystemCameraKind::SYSTEM_ONLY_CAMERA) && !checkPermissionForCamera) {
1785 ALOGE("Permission Denial: can't use the camera pid=%d, uid=%d", clientPid, clientUid);
1786 return STATUS_ERROR_FMT(ERROR_PERMISSION_DENIED,
1787 "Caller \"%s\" (PID %d, UID %d) cannot open camera \"%s\" without camera permission",
1788 clientName.c_str(), clientPid, clientUid, cameraId.c_str());
1789 }
1790
1791 // Make sure the UID is in an active state to use the camera
1792 if (!mUidPolicy->isUidActive(callingUid, clientName)) {
1793 int32_t procState = mUidPolicy->getProcState(callingUid);
1794 ALOGE("Access Denial: can't use the camera from an idle UID pid=%d, uid=%d",
1795 clientPid, clientUid);
1796 return STATUS_ERROR_FMT(ERROR_DISABLED,
1797 "Caller \"%s\" (PID %d, UID %d) cannot open camera \"%s\" from background ("
1798 "calling UID %d proc state %" PRId32 ")",
1799 clientName.c_str(), clientPid, clientUid, cameraId.c_str(),
1800 callingUid, procState);
1801 }
1802
1803 // Automotive privileged client AID_AUTOMOTIVE_EVS using exterior system camera for use cases
1804 // such as rear view and surround view cannot be disabled and are exempt from sensor privacy
1805 // policy. In all other cases,if sensor privacy is enabled then prevent access to the camera.
1806 if ((!isAutomotivePrivilegedClient(callingUid) ||
1807 !isAutomotiveExteriorSystemCamera(cameraId)) &&
1808 mSensorPrivacyPolicy->isSensorPrivacyEnabled()) {
1809 ALOGE("Access Denial: cannot use the camera when sensor privacy is enabled");
1810 return STATUS_ERROR_FMT(ERROR_DISABLED,
1811 "Caller \"%s\" (PID %d, UID %d) cannot open camera \"%s\" when sensor privacy "
1812 "is enabled", clientName.c_str(), clientPid, clientUid, cameraId.c_str());
1813 }
1814
1815 userid_t clientUserId = multiuser_get_user_id(clientUid);
1816
1817 // Only use passed in clientPid to check permission. Use calling PID as the client PID that's
1818 // connected to camera service directly.
1819
1820 // For non-system clients : Only allow clients who are being used by the current foreground
1821 // device user, unless calling from our own process.
1822 if (!callerHasSystemUid() && callingPid != getpid() &&
1823 (mAllowedUsers.find(clientUserId) == mAllowedUsers.end())) {
1824 ALOGE("CameraService::connect X (PID %d) rejected (cannot connect from "
1825 "device user %d, currently allowed device users: %s)", callingPid, clientUserId,
1826 toString(mAllowedUsers).c_str());
1827 return STATUS_ERROR_FMT(ERROR_PERMISSION_DENIED,
1828 "Callers from device user %d are not currently allowed to connect to camera \"%s\"",
1829 clientUserId, cameraId.c_str());
1830 }
1831
1832 if (flags::camera_hsum_permission()) {
1833 // If the System User tries to access the camera when the device is running in
1834 // headless system user mode, ensure that client has the required permission
1835 // CAMERA_HEADLESS_SYSTEM_USER.
1836 if (isHeadlessSystemUserMode()
1837 && (clientUserId == USER_SYSTEM)
1838 && !hasPermissionsForCameraHeadlessSystemUser(cameraId, callingPid, callingUid)) {
1839 ALOGE("Permission Denial: can't use the camera pid=%d, uid=%d", callingPid, clientUid);
1840 return STATUS_ERROR_FMT(ERROR_PERMISSION_DENIED,
1841 "Caller \"%s\" (PID %d, UID %d) cannot open camera \"%s\" as Headless System \
1842 User without camera headless system user permission",
1843 clientName.c_str(), callingPid, clientUid, cameraId.c_str());
1844 }
1845 }
1846
1847 return Status::ok();
1848 }
1849
checkIfDeviceIsUsable(const std::string & cameraId) const1850 status_t CameraService::checkIfDeviceIsUsable(const std::string& cameraId) const {
1851 auto cameraState = getCameraState(cameraId);
1852 int callingPid = getCallingPid();
1853 if (cameraState == nullptr) {
1854 ALOGE("CameraService::connect X (PID %d) rejected (invalid camera ID %s)", callingPid,
1855 cameraId.c_str());
1856 return -ENODEV;
1857 }
1858
1859 StatusInternal currentStatus = cameraState->getStatus();
1860 if (currentStatus == StatusInternal::NOT_PRESENT) {
1861 ALOGE("CameraService::connect X (PID %d) rejected (camera %s is not connected)",
1862 callingPid, cameraId.c_str());
1863 return -ENODEV;
1864 } else if (currentStatus == StatusInternal::ENUMERATING) {
1865 ALOGE("CameraService::connect X (PID %d) rejected, (camera %s is initializing)",
1866 callingPid, cameraId.c_str());
1867 return -EBUSY;
1868 }
1869
1870 return NO_ERROR;
1871 }
1872
finishConnectLocked(const sp<BasicClient> & client,const CameraService::DescriptorPtr & desc,int oomScoreOffset,bool systemNativeClient)1873 void CameraService::finishConnectLocked(const sp<BasicClient>& client,
1874 const CameraService::DescriptorPtr& desc, int oomScoreOffset, bool systemNativeClient) {
1875
1876 // Make a descriptor for the incoming client
1877 auto clientDescriptor =
1878 CameraService::CameraClientManager::makeClientDescriptor(client, desc,
1879 oomScoreOffset, systemNativeClient);
1880 auto evicted = mActiveClientManager.addAndEvict(clientDescriptor);
1881
1882 logConnected(desc->getKey(), static_cast<int>(desc->getOwnerId()),
1883 client->getPackageName());
1884
1885 if (evicted.size() > 0) {
1886 // This should never happen - clients should already have been removed in disconnect
1887 for (auto& i : evicted) {
1888 ALOGE("%s: Invalid state: Client for camera %s was not removed in disconnect",
1889 __FUNCTION__, i->getKey().c_str());
1890 }
1891
1892 LOG_ALWAYS_FATAL("%s: Invalid state for CameraService, clients not evicted properly",
1893 __FUNCTION__);
1894 }
1895
1896 if (flags::camera_multi_client()) {
1897 sp<BasicClient> clientSp = clientDescriptor->getValue();
1898 auto primaryClient = mActiveClientManager.getPrimaryClient(desc->getKey());
1899 if (primaryClient == nullptr) {
1900 // There is no primary client yet. Assign this first client as
1901 // primary
1902 clientSp->setPrimaryClient(true);
1903 } else {
1904 // There is already primary client. If the incoming client has a
1905 // higher priority than the existing primary, then assign incoming
1906 // client as primary and change the existing client to secondary.
1907 // Otherwise incoming client is secondary client.
1908 if (clientDescriptor->getPriority() <= primaryClient->getPriority()) {
1909 clientSp->setPrimaryClient(true);
1910 primaryClient->getValue()->setPrimaryClient(false);
1911 primaryClient->getValue()->notifyClientSharedAccessPriorityChanged(false);
1912 } else {
1913 clientSp->setPrimaryClient(false);
1914 }
1915 }
1916 }
1917
1918 // And register a death notification for the client callback. Do
1919 // this last to avoid Binder policy where a nested Binder
1920 // transaction might be pre-empted to service the client death
1921 // notification if the client process dies before linkToDeath is
1922 // invoked.
1923 sp<IBinder> remoteCallback = client->getRemote();
1924 if (remoteCallback != nullptr) {
1925 remoteCallback->linkToDeath(this);
1926 }
1927 }
1928
handleEvictionsLocked(const std::string & cameraId,int clientPid,apiLevel effectiveApiLevel,const sp<IBinder> & remoteCallback,const std::string & packageName,int oomScoreOffset,bool systemNativeClient,bool sharedMode,sp<BasicClient> * client,std::shared_ptr<resource_policy::ClientDescriptor<std::string,sp<BasicClient>>> * partial)1929 status_t CameraService::handleEvictionsLocked(const std::string& cameraId, int clientPid,
1930 apiLevel effectiveApiLevel, const sp<IBinder>& remoteCallback,
1931 const std::string& packageName, int oomScoreOffset, bool systemNativeClient,
1932 bool sharedMode,
1933 /*out*/
1934 sp<BasicClient>* client,
1935 std::shared_ptr<resource_policy::ClientDescriptor<std::string, sp<BasicClient>>>* partial) {
1936 ATRACE_CALL();
1937 status_t ret = NO_ERROR;
1938 std::vector<DescriptorPtr> evictedClients;
1939 DescriptorPtr clientDescriptor;
1940 {
1941 if (effectiveApiLevel == API_1) {
1942 // If we are using API1, any existing client for this camera ID with the same remote
1943 // should be returned rather than evicted to allow MediaRecorder to work properly.
1944
1945 auto current = mActiveClientManager.get(cameraId);
1946 if (current != nullptr) {
1947 auto clientSp = current->getValue();
1948 if (clientSp.get() != nullptr) { // should never be needed
1949 if (!clientSp->canCastToApiClient(effectiveApiLevel)) {
1950 ALOGW("CameraService connect called with a different"
1951 " API level, evicting prior client...");
1952 } else if (clientSp->getRemote() == remoteCallback) {
1953 ALOGI("CameraService::connect X (PID %d) (second call from same"
1954 " app binder, returning the same client)", clientPid);
1955 *client = clientSp;
1956 return NO_ERROR;
1957 }
1958 }
1959 }
1960 }
1961
1962 // Get state for the given cameraId
1963 auto state = getCameraState(cameraId);
1964 if (state == nullptr) {
1965 ALOGE("CameraService::connect X (PID %d) rejected (no camera device with ID %s)",
1966 clientPid, cameraId.c_str());
1967 // Should never get here because validateConnectLocked should have errored out
1968 return BAD_VALUE;
1969 }
1970
1971 sp<IServiceManager> sm = defaultServiceManager();
1972 sp<IBinder> binder = sm->checkService(String16(kProcessInfoServiceName));
1973 if (!binder && isAutomotivePrivilegedClient(getCallingUid())) {
1974 // If processinfo service is not available and the client is automotive privileged
1975 // client used for safety critical uses cases such as rear-view and surround-view which
1976 // needs to be available before android boot completes, then use the hardcoded values
1977 // for the process state and priority score. As this scenario is before android system
1978 // services are up and client is native client, hence using NATIVE_ADJ as the priority
1979 // score and state as PROCESS_STATE_BOUND_TOP as such automotive apps need to be
1980 // visible on the top.
1981 clientDescriptor = CameraClientManager::makeClientDescriptor(cameraId,
1982 sp<BasicClient>{nullptr}, static_cast<int32_t>(state->getCost()),
1983 state->getConflicting(), resource_policy::NATIVE_ADJ, clientPid,
1984 ActivityManager::PROCESS_STATE_BOUND_TOP, oomScoreOffset, systemNativeClient,
1985 sharedMode);
1986 } else {
1987 // Get current active client PIDs
1988 std::vector<int> ownerPids(mActiveClientManager.getAllOwners());
1989 ownerPids.push_back(clientPid);
1990
1991 std::vector<int> priorityScores(ownerPids.size());
1992 std::vector<int> states(ownerPids.size());
1993
1994 // Get priority scores of all active PIDs
1995 status_t err = ProcessInfoService::getProcessStatesScoresFromPids(ownerPids.size(),
1996 &ownerPids[0], /*out*/&states[0], /*out*/&priorityScores[0]);
1997 if (err != OK) {
1998 ALOGE("%s: Priority score query failed: %d", __FUNCTION__, err);
1999 return err;
2000 }
2001
2002 // Update all active clients' priorities
2003 std::map<int,resource_policy::ClientPriority> pidToPriorityMap;
2004 for (size_t i = 0; i < ownerPids.size() - 1; i++) {
2005 pidToPriorityMap.emplace(ownerPids[i],
2006 resource_policy::ClientPriority(priorityScores[i], states[i],
2007 /* isVendorClient won't get copied over*/ false,
2008 /* oomScoreOffset won't get copied over*/ 0));
2009 }
2010 mActiveClientManager.updatePriorities(pidToPriorityMap);
2011
2012 int32_t actualScore = priorityScores[priorityScores.size() - 1];
2013 int32_t actualState = states[states.size() - 1];
2014
2015 // Make descriptor for incoming client. We store the oomScoreOffset
2016 // since we might need it later on new handleEvictionsLocked and
2017 // ProcessInfoService would not take that into account.
2018 clientDescriptor = CameraClientManager::makeClientDescriptor(cameraId,
2019 sp<BasicClient>{nullptr}, static_cast<int32_t>(state->getCost()),
2020 state->getConflicting(), actualScore, clientPid, actualState,
2021 oomScoreOffset, systemNativeClient, sharedMode);
2022 }
2023
2024 resource_policy::ClientPriority clientPriority = clientDescriptor->getPriority();
2025
2026 // Find clients that would be evicted
2027 auto evicted = mActiveClientManager.wouldEvict(clientDescriptor);
2028
2029 // If the incoming client was 'evicted,' higher priority clients have the camera in the
2030 // background, so we cannot do evictions
2031 if (std::find(evicted.begin(), evicted.end(), clientDescriptor) != evicted.end()) {
2032 ALOGE("CameraService::connect X (PID %d) rejected (existing client(s) with higher"
2033 " priority).", clientPid);
2034
2035 sp<BasicClient> clientSp = clientDescriptor->getValue();
2036 std::string curTime = getFormattedCurrentTime();
2037 auto incompatibleClients =
2038 mActiveClientManager.getIncompatibleClients(clientDescriptor);
2039
2040 std::string msg = fmt::sprintf("%s : DENIED connect device %s client for package %s "
2041 "(PID %d, score %d state %d) due to eviction policy", curTime.c_str(),
2042 cameraId.c_str(), packageName.c_str(), clientPid,
2043 clientPriority.getScore(), clientPriority.getState());
2044
2045 for (auto& i : incompatibleClients) {
2046 msg += fmt::sprintf("\n - Blocked by existing device %s client for package %s"
2047 "(PID %" PRId32 ", score %" PRId32 ", state %" PRId32 ")",
2048 i->getKey().c_str(),
2049 i->getValue()->getPackageName().c_str(),
2050 i->getOwnerId(), i->getPriority().getScore(),
2051 i->getPriority().getState());
2052 ALOGE(" Conflicts with: Device %s, client package %s (PID %"
2053 PRId32 ", score %" PRId32 ", state %" PRId32 ")", i->getKey().c_str(),
2054 i->getValue()->getPackageName().c_str(), i->getOwnerId(),
2055 i->getPriority().getScore(), i->getPriority().getState());
2056 }
2057
2058 // Log the client's attempt
2059 Mutex::Autolock l(mLogLock);
2060 mEventLog.add(msg);
2061
2062 auto current = mActiveClientManager.get(cameraId);
2063 if (current != nullptr) {
2064 return -EBUSY; // CAMERA_IN_USE
2065 } else {
2066 return -EUSERS; // MAX_CAMERAS_IN_USE
2067 }
2068 }
2069
2070 for (auto& i : evicted) {
2071 sp<BasicClient> clientSp = i->getValue();
2072 if (clientSp.get() == nullptr) {
2073 ALOGE("%s: Invalid state: Null client in active client list.", __FUNCTION__);
2074
2075 // TODO: Remove this
2076 LOG_ALWAYS_FATAL("%s: Invalid state for CameraService, null client in active list",
2077 __FUNCTION__);
2078 mActiveClientManager.remove(i);
2079 continue;
2080 }
2081
2082 ALOGE("CameraService::connect evicting conflicting client for camera ID %s",
2083 i->getKey().c_str());
2084 evictedClients.push_back(i);
2085
2086 // Log the clients evicted
2087 logEvent(fmt::sprintf("EVICT device %s client held by package %s (PID"
2088 " %" PRId32 ", score %" PRId32 ", state %" PRId32 ")\n - Evicted by device %s client for"
2089 " package %s (PID %d, score %" PRId32 ", state %" PRId32 ")",
2090 i->getKey().c_str(), clientSp->getPackageName().c_str(),
2091 i->getOwnerId(), i->getPriority().getScore(),
2092 i->getPriority().getState(), cameraId.c_str(),
2093 packageName.c_str(), clientPid, clientPriority.getScore(),
2094 clientPriority.getState()));
2095
2096 // Notify the client of disconnection
2097 clientSp->notifyError(hardware::camera2::ICameraDeviceCallbacks::ERROR_CAMERA_DISCONNECTED,
2098 CaptureResultExtras());
2099 }
2100 }
2101
2102 // Do not hold mServiceLock while disconnecting clients, but retain the condition blocking
2103 // other clients from connecting in mServiceLockWrapper if held
2104 mServiceLock.unlock();
2105
2106 // Clear caller identity temporarily so client disconnect PID checks work correctly
2107 int64_t token = clearCallingIdentity();
2108
2109 // Destroy evicted clients
2110 for (auto& i : evictedClients) {
2111 // Disconnect is blocking, and should only have returned when HAL has cleaned up
2112 i->getValue()->disconnect(); // Clients will remove themselves from the active client list
2113 }
2114
2115 restoreCallingIdentity(token);
2116
2117 for (const auto& i : evictedClients) {
2118 ALOGV("%s: Waiting for disconnect to complete for client for device %s (PID %" PRId32 ")",
2119 __FUNCTION__, i->getKey().c_str(), i->getOwnerId());
2120 ret = mActiveClientManager.waitUntilRemoved(i, DEFAULT_DISCONNECT_TIMEOUT_NS);
2121 if (ret == TIMED_OUT) {
2122 ALOGE("%s: Timed out waiting for client for device %s to disconnect, "
2123 "current clients:\n%s", __FUNCTION__, i->getKey().c_str(),
2124 mActiveClientManager.toString().c_str());
2125 return -EBUSY;
2126 }
2127 if (ret != NO_ERROR) {
2128 ALOGE("%s: Received error waiting for client for device %s to disconnect: %s (%d), "
2129 "current clients:\n%s", __FUNCTION__, i->getKey().c_str(), strerror(-ret),
2130 ret, mActiveClientManager.toString().c_str());
2131 return ret;
2132 }
2133 }
2134
2135 evictedClients.clear();
2136
2137 // Once clients have been disconnected, relock
2138 mServiceLock.lock();
2139
2140 // Check again if the device was unplugged or something while we weren't holding mServiceLock
2141 if ((ret = checkIfDeviceIsUsable(cameraId)) != NO_ERROR) {
2142 return ret;
2143 }
2144
2145 *partial = clientDescriptor;
2146 return NO_ERROR;
2147 }
2148
connect(const sp<ICameraClient> & cameraClient,int api1CameraId,int targetSdkVersion,int rotationOverride,bool forceSlowJpegMode,const AttributionSourceState & clientAttribution,int32_t devicePolicy,sp<ICamera> * device)2149 Status CameraService::connect(
2150 const sp<ICameraClient>& cameraClient,
2151 int api1CameraId,
2152 int targetSdkVersion,
2153 int rotationOverride,
2154 bool forceSlowJpegMode,
2155 const AttributionSourceState& clientAttribution,
2156 int32_t devicePolicy,
2157 /*out*/
2158 sp<ICamera>* device) {
2159 ATRACE_CALL();
2160 Status ret = Status::ok();
2161
2162 std::string cameraIdStr =
2163 cameraIdIntToStr(api1CameraId, clientAttribution.deviceId, devicePolicy);
2164 if (cameraIdStr.empty()) {
2165 std::string msg = fmt::sprintf("Camera %d: Invalid camera id for device id %d",
2166 api1CameraId, clientAttribution.deviceId);
2167 ALOGE("%s: %s", __FUNCTION__, msg.c_str());
2168 return STATUS_ERROR(CameraService::ERROR_ILLEGAL_ARGUMENT, msg.c_str());
2169 }
2170
2171 std::string clientPackageNameMaybe = clientAttribution.packageName.value_or("");
2172 bool isNonSystemNdk = clientPackageNameMaybe.size() == 0;
2173
2174 AttributionSourceState resolvedClientAttribution(clientAttribution);
2175 ret = resolveAttributionSource(resolvedClientAttribution, __FUNCTION__, cameraIdStr);
2176 if (!ret.isOk()) {
2177 logRejected(cameraIdStr, getCallingPid(),
2178 clientAttribution.packageName.value_or(kUnknownPackageName),
2179 toStdString(ret.toString8()));
2180 return ret;
2181 }
2182
2183 const int clientPid = resolvedClientAttribution.pid;
2184 const int clientUid = resolvedClientAttribution.uid;
2185 const std::string& clientPackageName = *resolvedClientAttribution.packageName;
2186
2187 logConnectionAttempt(clientPid, clientPackageName, cameraIdStr, API_1);
2188
2189 sp<Client> client = nullptr;
2190 ret = connectHelper<ICameraClient, Client>(
2191 cameraClient, cameraIdStr, api1CameraId, resolvedClientAttribution,
2192 /*systemNativeClient*/ false, API_1,
2193 /*shimUpdateOnly*/ false, /*oomScoreOffset*/ 0, targetSdkVersion, rotationOverride,
2194 forceSlowJpegMode, cameraIdStr, isNonSystemNdk, /*sharedMode*/false,
2195 /*isVendorClient*/ false, /*out*/ client);
2196
2197 if (!ret.isOk()) {
2198 logRejected(cameraIdStr, getCallingPid(),
2199 clientAttribution.packageName.value_or(kUnknownPackageName),
2200 toStdString(ret.toString8()));
2201 return ret;
2202 }
2203
2204 *device = client;
2205
2206 const sp<IServiceManager> sm(defaultServiceManager());
2207 const auto& mActivityManager = getActivityManager();
2208 if (mActivityManager) {
2209 mActivityManager->logFgsApiBegin(LOG_FGS_CAMERA_API,
2210 getCallingUid(),
2211 getCallingPid());
2212 }
2213
2214 return ret;
2215 }
2216
shouldSkipStatusUpdates(SystemCameraKind systemCameraKind,bool isVendorListener,int clientPid,int clientUid)2217 bool CameraService::shouldSkipStatusUpdates(SystemCameraKind systemCameraKind,
2218 bool isVendorListener, int clientPid, int clientUid) {
2219 // If the client is not a vendor client, don't add listener if
2220 // a) the camera is a publicly hidden secure camera OR
2221 // b) the camera is a system only camera and the client doesn't
2222 // have android.permission.SYSTEM_CAMERA permissions.
2223 if (!isVendorListener && (systemCameraKind == SystemCameraKind::HIDDEN_SECURE_CAMERA ||
2224 (systemCameraKind == SystemCameraKind::SYSTEM_ONLY_CAMERA &&
2225 !hasPermissionsForSystemCamera(std::string(), clientPid, clientUid)))) {
2226 return true;
2227 }
2228 return false;
2229 }
2230
shouldRejectSystemCameraConnection(const std::string & cameraId) const2231 bool CameraService::shouldRejectSystemCameraConnection(const std::string& cameraId) const {
2232 // Rules for rejection:
2233 // 1) If cameraserver tries to access this camera device, accept the
2234 // connection.
2235 // 2) The camera device is a publicly hidden secure camera device AND some
2236 // non system component is trying to access it.
2237 // 3) if the camera device is advertised by the camera HAL as SYSTEM_ONLY
2238 // and the serving thread is a non hwbinder thread, the client must have
2239 // android.permission.SYSTEM_CAMERA permissions to connect.
2240
2241 int cPid = getCallingPid();
2242 int cUid = getCallingUid();
2243 bool systemClient = callerHasSystemUid();
2244 SystemCameraKind systemCameraKind = SystemCameraKind::PUBLIC;
2245 if (getSystemCameraKind(cameraId, &systemCameraKind) != OK) {
2246 // This isn't a known camera ID, so it's not a system camera
2247 ALOGV("%s: Unknown camera id %s, ", __FUNCTION__, cameraId.c_str());
2248 return false;
2249 }
2250
2251 // (1) Cameraserver trying to connect, accept.
2252 if (isCallerCameraServerNotDelegating()) {
2253 return false;
2254 }
2255 // (2)
2256 if (!systemClient && systemCameraKind == SystemCameraKind::HIDDEN_SECURE_CAMERA) {
2257 ALOGW("Rejecting access to secure hidden camera %s", cameraId.c_str());
2258 return true;
2259 }
2260 // (3) Here we only check for permissions if it is a system only camera device. This is since
2261 // getCameraCharacteristics() allows for calls to succeed (albeit after hiding some
2262 // characteristics) even if clients don't have android.permission.CAMERA. We do not want the
2263 // same behavior for system camera devices.
2264 if (!systemClient && systemCameraKind == SystemCameraKind::SYSTEM_ONLY_CAMERA &&
2265 !hasPermissionsForSystemCamera(cameraId, cPid, cUid)) {
2266 ALOGW("Rejecting access to system only camera %s, inadequete permissions",
2267 cameraId.c_str());
2268 return true;
2269 }
2270
2271 return false;
2272 }
2273
connectDevice(const sp<hardware::camera2::ICameraDeviceCallbacks> & cameraCb,const std::string & unresolvedCameraId,int oomScoreOffset,int targetSdkVersion,int rotationOverride,const AttributionSourceState & clientAttribution,int32_t devicePolicy,bool sharedMode,sp<hardware::camera2::ICameraDeviceUser> * device)2274 Status CameraService::connectDevice(
2275 const sp<hardware::camera2::ICameraDeviceCallbacks>& cameraCb,
2276 const std::string& unresolvedCameraId,
2277 int oomScoreOffset, int targetSdkVersion,
2278 int rotationOverride, const AttributionSourceState& clientAttribution, int32_t devicePolicy,
2279 bool sharedMode,
2280 /*out*/sp<hardware::camera2::ICameraDeviceUser>* device) {
2281 return connectDeviceImpl(cameraCb, unresolvedCameraId, oomScoreOffset, targetSdkVersion,
2282 rotationOverride, clientAttribution, devicePolicy, sharedMode,
2283 /*isVendorClient*/false, device);
2284 }
2285
connectDeviceVendor(const sp<hardware::camera2::ICameraDeviceCallbacks> & cameraCb,const std::string & unresolvedCameraId,int oomScoreOffset,int targetSdkVersion,int rotationOverride,const AttributionSourceState & clientAttribution,int32_t devicePolicy,bool sharedMode,sp<hardware::camera2::ICameraDeviceUser> * device)2286 Status CameraService::connectDeviceVendor(
2287 const sp<hardware::camera2::ICameraDeviceCallbacks>& cameraCb,
2288 const std::string& unresolvedCameraId,
2289 int oomScoreOffset, int targetSdkVersion,
2290 int rotationOverride, const AttributionSourceState& clientAttribution, int32_t devicePolicy,
2291 bool sharedMode,
2292 /*out*/sp<hardware::camera2::ICameraDeviceUser>* device) {
2293 return connectDeviceImpl(cameraCb, unresolvedCameraId, oomScoreOffset, targetSdkVersion,
2294 rotationOverride, clientAttribution, devicePolicy, sharedMode,
2295 /*isVendorClient*/true, device);
2296 }
2297
connectDeviceImpl(const sp<hardware::camera2::ICameraDeviceCallbacks> & cameraCb,const std::string & unresolvedCameraId,int oomScoreOffset,int targetSdkVersion,int rotationOverride,const AttributionSourceState & clientAttribution,int32_t devicePolicy,bool sharedMode,bool isVendorClient,sp<hardware::camera2::ICameraDeviceUser> * device)2298 Status CameraService::connectDeviceImpl(
2299 const sp<hardware::camera2::ICameraDeviceCallbacks>& cameraCb,
2300 const std::string& unresolvedCameraId,
2301 int oomScoreOffset, int targetSdkVersion,
2302 int rotationOverride, const AttributionSourceState& clientAttribution, int32_t devicePolicy,
2303 bool sharedMode, bool isVendorClient,
2304 /*out*/sp<hardware::camera2::ICameraDeviceUser>* device) {
2305 ATRACE_CALL();
2306 RunThreadWithRealtimePriority priorityBump;
2307 Status ret = Status::ok();
2308 sp<CameraDeviceClient> client = nullptr;
2309 std::string clientPackageNameMaybe = clientAttribution.packageName.value_or("");
2310 int callingPid = getCallingPid();
2311 int callingUid = getCallingUid();
2312 bool systemNativeClient = false;
2313 AttributionSourceState resolvedClientAttribution(clientAttribution);
2314 if (callerHasSystemUid() && (clientPackageNameMaybe.size() == 0)) {
2315 std::string systemClient = fmt::sprintf("client.pid<%d>", callingPid);
2316 clientPackageNameMaybe = systemClient;
2317 // Pass in packageName since AttributionAndPermissionUtils can't resolve vndk clients.
2318 resolvedClientAttribution.packageName = clientPackageNameMaybe;
2319 systemNativeClient = true;
2320 }
2321
2322 std::optional<std::string> cameraIdOptional = resolveCameraId(unresolvedCameraId,
2323 clientAttribution.deviceId, devicePolicy);
2324 if (!cameraIdOptional.has_value()) {
2325 std::string msg = fmt::sprintf("Camera %s: Invalid camera id for device id %d",
2326 unresolvedCameraId.c_str(), clientAttribution.deviceId);
2327 ALOGE("%s: %s", __FUNCTION__, msg.c_str());
2328 return STATUS_ERROR(CameraService::ERROR_ILLEGAL_ARGUMENT, msg.c_str());
2329 }
2330 std::string cameraId = cameraIdOptional.value();
2331
2332 bool isNonSystemNdk = clientPackageNameMaybe.size() == 0;
2333
2334 if (!flags::data_delivery_permission_checks()) {
2335 resolvedClientAttribution.pid = USE_CALLING_PID;
2336 }
2337
2338 ret = resolveAttributionSource(resolvedClientAttribution, __FUNCTION__, cameraId);
2339 if (!ret.isOk()) {
2340 logRejected(cameraId, getCallingPid(), clientAttribution.packageName.value_or(""),
2341 toStdString(ret.toString8()));
2342 return ret;
2343 }
2344
2345 const int clientPid = resolvedClientAttribution.pid;
2346 const int clientUid = resolvedClientAttribution.uid;
2347 const std::string& clientPackageName = *resolvedClientAttribution.packageName;
2348 userid_t clientUserId = multiuser_get_user_id(resolvedClientAttribution.uid);
2349
2350 logConnectionAttempt(clientPid, clientPackageName, cameraId, API_2);
2351
2352 if (oomScoreOffset < 0) {
2353 std::string msg = fmt::sprintf(
2354 "Cannot increase the priority of a client %s pid %d for "
2355 "camera id %s",
2356 clientPackageName.c_str(), clientPid, cameraId.c_str());
2357 ALOGE("%s: %s", __FUNCTION__, msg.c_str());
2358 return STATUS_ERROR(ERROR_ILLEGAL_ARGUMENT, msg.c_str());
2359 }
2360
2361 // Automotive privileged client AID_AUTOMOTIVE_EVS using exterior system camera for use cases
2362 // such as rear view and surround view cannot be disabled.
2363 if ((!isAutomotivePrivilegedClient(callingUid) || !isAutomotiveExteriorSystemCamera(cameraId))
2364 && mCameraServiceProxyWrapper->isCameraDisabled(clientUserId)) {
2365 std::string msg = "Camera disabled by device policy";
2366 ALOGE("%s: %s", __FUNCTION__, msg.c_str());
2367 return STATUS_ERROR(ERROR_DISABLED, msg.c_str());
2368 }
2369
2370 // enforce system camera permissions
2371 if (oomScoreOffset > 0 && !hasPermissionsForSystemCamera(cameraId, clientPid, callingUid) &&
2372 !isTrustedCallingUid(callingUid)) {
2373 std::string msg = fmt::sprintf(
2374 "Cannot change the priority of a client %s pid %d for "
2375 "camera id %s without SYSTEM_CAMERA permissions",
2376 clientPackageName.c_str(), clientPid, cameraId.c_str());
2377 ALOGE("%s: %s", __FUNCTION__, msg.c_str());
2378 return STATUS_ERROR(ERROR_PERMISSION_DENIED, msg.c_str());
2379 }
2380
2381 ret = connectHelper<hardware::camera2::ICameraDeviceCallbacks, CameraDeviceClient>(
2382 cameraCb, cameraId, /*api1CameraId*/ -1, resolvedClientAttribution, systemNativeClient,
2383 API_2, /*shimUpdateOnly*/ false, oomScoreOffset, targetSdkVersion, rotationOverride,
2384 /*forceSlowJpegMode*/ false, unresolvedCameraId, isNonSystemNdk, sharedMode,
2385 isVendorClient, /*out*/ client);
2386
2387 if (!ret.isOk()) {
2388 logRejected(cameraId, clientPid, clientPackageName, toStdString(ret.toString8()));
2389 return ret;
2390 }
2391
2392 *device = client;
2393 Mutex::Autolock lock(mServiceLock);
2394
2395 // Clear the previous cached logs and reposition the
2396 // file offset to beginning of the file to log new data.
2397 // If either truncate or lseek fails, close the previous file and create a new one.
2398 if ((ftruncate(mMemFd, 0) == -1) || (lseek(mMemFd, 0, SEEK_SET) == -1)) {
2399 ALOGE("%s: Error while truncating the file: %s", __FUNCTION__, sFileName);
2400 // Close the previous memfd.
2401 close(mMemFd);
2402 // If failure to wipe the data, then create a new file and
2403 // assign the new value to mMemFd.
2404 mMemFd = memfd_create(sFileName, MFD_ALLOW_SEALING);
2405 if (mMemFd == -1) {
2406 ALOGE("%s: Error while creating the file: %s", __FUNCTION__, sFileName);
2407 }
2408 }
2409 const sp<IServiceManager> sm(defaultServiceManager());
2410 const auto& mActivityManager = getActivityManager();
2411 if (mActivityManager) {
2412 mActivityManager->logFgsApiBegin(LOG_FGS_CAMERA_API,
2413 callingUid,
2414 callingPid);
2415 }
2416 return ret;
2417 }
2418
isCameraPrivacyEnabled(const String16 & packageName,const std::string & cam_id,int callingPid,int callingUid)2419 bool CameraService::isCameraPrivacyEnabled(const String16& packageName, const std::string& cam_id,
2420 int callingPid, int callingUid) {
2421 if (!isAutomotiveDevice()) {
2422 return mSensorPrivacyPolicy->isCameraPrivacyEnabled();
2423 }
2424
2425 // Automotive privileged client AID_AUTOMOTIVE_EVS using exterior system camera for
2426 // safety-critical use cases cannot be disabled and are exempt from camera privacy policy.
2427 if ((isAutomotivePrivilegedClient(callingUid) && isAutomotiveExteriorSystemCamera(cam_id))) {
2428 ALOGI("Camera privacy cannot be enabled for automotive privileged client %d "
2429 "using camera %s", callingUid, cam_id.c_str());
2430 return false;
2431 }
2432
2433 if (mSensorPrivacyPolicy->isCameraPrivacyEnabled(packageName)) {
2434 return true;
2435 } else if (mSensorPrivacyPolicy->getCameraPrivacyState() == SensorPrivacyManager::DISABLED) {
2436 return false;
2437 } else if (mSensorPrivacyPolicy->getCameraPrivacyState()
2438 == SensorPrivacyManager::ENABLED_EXCEPT_ALLOWLISTED_APPS) {
2439 if (hasPermissionsForCameraPrivacyAllowlist(callingPid, callingUid)) {
2440 return false;
2441 } else {
2442 return true;
2443 }
2444 }
2445 return false;
2446 }
2447
logConnectionAttempt(int clientPid,const std::string & clientPackageName,const std::string & cameraId,apiLevel effectiveApiLevel) const2448 void CameraService::logConnectionAttempt(int clientPid, const std::string& clientPackageName,
2449 const std::string& cameraId,
2450 apiLevel effectiveApiLevel) const {
2451 ALOGI("CameraService::connect call (PID %d \"%s\", camera ID %s) and "
2452 "Camera API version %d",
2453 clientPid, clientPackageName.c_str(), cameraId.c_str(),
2454 static_cast<int>(effectiveApiLevel));
2455 }
2456
2457 template <class CALLBACK, class CLIENT>
connectHelper(const sp<CALLBACK> & cameraCb,const std::string & cameraId,int api1CameraId,const AttributionSourceState & clientAttribution,bool systemNativeClient,apiLevel effectiveApiLevel,bool shimUpdateOnly,int oomScoreOffset,int targetSdkVersion,int rotationOverride,bool forceSlowJpegMode,const std::string & originalCameraId,bool isNonSystemNdk,bool sharedMode,bool isVendorClient,sp<CLIENT> & device)2458 Status CameraService::connectHelper(const sp<CALLBACK>& cameraCb, const std::string& cameraId,
2459 int api1CameraId,
2460 const AttributionSourceState& clientAttribution,
2461 bool systemNativeClient, apiLevel effectiveApiLevel,
2462 bool shimUpdateOnly, int oomScoreOffset, int targetSdkVersion,
2463 int rotationOverride, bool forceSlowJpegMode,
2464 const std::string& originalCameraId, bool isNonSystemNdk,
2465 bool sharedMode, bool isVendorClient,
2466 /*out*/ sp<CLIENT>& device) {
2467 binder::Status ret = binder::Status::ok();
2468
2469 nsecs_t openTimeNs = systemTime();
2470
2471 sp<CLIENT> client = nullptr;
2472 int facing = -1;
2473 int orientation = 0;
2474
2475 const std::string clientPackageName =
2476 clientAttribution.packageName.value_or(kUnknownPackageName);
2477
2478 {
2479 // Acquire mServiceLock and prevent other clients from connecting
2480 std::unique_ptr<AutoConditionLock> lock =
2481 AutoConditionLock::waitAndAcquire(mServiceLockWrapper, DEFAULT_CONNECT_TIMEOUT_NS);
2482
2483 if (lock == nullptr) {
2484 ALOGE("CameraService::connect (PID %d) rejected (too many other clients connecting).",
2485 clientAttribution.pid);
2486 return STATUS_ERROR_FMT(
2487 ERROR_MAX_CAMERAS_IN_USE,
2488 "Cannot open camera %s for \"%s\" (PID %d): Too many other clients connecting",
2489 cameraId.c_str(), clientPackageName.c_str(), clientAttribution.pid);
2490 }
2491
2492 // Enforce client permissions and do basic validity checks
2493 if (!(ret = validateConnectLocked(cameraId, clientAttribution, sharedMode)).isOk()) {
2494 return ret;
2495 }
2496
2497 // Check the shim parameters after acquiring lock, if they have already been updated and
2498 // we were doing a shim update, return immediately
2499 if (shimUpdateOnly) {
2500 auto cameraState = getCameraState(cameraId);
2501 if (cameraState != nullptr) {
2502 if (!cameraState->getShimParams().isEmpty()) return ret;
2503 }
2504 }
2505
2506 status_t err;
2507
2508 sp<BasicClient> clientTmp = nullptr;
2509 std::shared_ptr<resource_policy::ClientDescriptor<std::string, sp<BasicClient>>> partial;
2510 if ((err = handleEvictionsLocked(
2511 cameraId, clientAttribution.pid, effectiveApiLevel,
2512 IInterface::asBinder(cameraCb),
2513 clientAttribution.packageName.value_or(kUnknownPackageName), oomScoreOffset,
2514 systemNativeClient, sharedMode, /*out*/ &clientTmp,
2515 /*out*/ &partial)) != NO_ERROR) {
2516 switch (err) {
2517 case -ENODEV:
2518 return STATUS_ERROR_FMT(ERROR_DISCONNECTED,
2519 "No camera device with ID \"%s\" currently available",
2520 cameraId.c_str());
2521 case -EBUSY:
2522 return STATUS_ERROR_FMT(ERROR_CAMERA_IN_USE,
2523 "Higher-priority client using camera, ID \"%s\" currently unavailable",
2524 cameraId.c_str());
2525 case -EUSERS:
2526 return STATUS_ERROR_FMT(ERROR_MAX_CAMERAS_IN_USE,
2527 "Too many cameras already open, cannot open camera \"%s\"",
2528 cameraId.c_str());
2529 default:
2530 return STATUS_ERROR_FMT(ERROR_INVALID_OPERATION,
2531 "Unexpected error %s (%d) opening camera \"%s\"",
2532 strerror(-err), err, cameraId.c_str());
2533 }
2534 }
2535
2536 if (clientTmp.get() != nullptr) {
2537 // Handle special case for API1 MediaRecorder where the existing client is returned
2538 device = static_cast<CLIENT*>(clientTmp.get());
2539 return ret;
2540 }
2541
2542 // give flashlight a chance to close devices if necessary.
2543 mFlashlight->prepareDeviceOpen(cameraId);
2544
2545 int portraitRotation;
2546 auto deviceVersionAndTransport =
2547 getDeviceVersion(cameraId, rotationOverride, /*out*/&portraitRotation,
2548 /*out*/&facing, /*out*/&orientation);
2549 if (facing == -1) {
2550 ALOGE("%s: Unable to get camera device \"%s\" facing", __FUNCTION__, cameraId.c_str());
2551 return STATUS_ERROR_FMT(ERROR_INVALID_OPERATION,
2552 "Unable to get camera device \"%s\" facing", cameraId.c_str());
2553 }
2554
2555 sp<BasicClient> tmp = nullptr;
2556 bool overrideForPerfClass = SessionConfigurationUtils::targetPerfClassPrimaryCamera(
2557 mPerfClassPrimaryCameraIds, cameraId, targetSdkVersion);
2558
2559 // Only use passed in clientPid to check permission. Use calling PID as the client PID
2560 // that's connected to camera service directly.
2561 if (!(ret = makeClient(this, cameraCb, clientAttribution, getCallingPid(),
2562 systemNativeClient, cameraId, api1CameraId, facing, orientation,
2563 getpid(), deviceVersionAndTransport, effectiveApiLevel,
2564 overrideForPerfClass, rotationOverride, forceSlowJpegMode,
2565 originalCameraId, sharedMode, isVendorClient,
2566 /*out*/ &tmp))
2567 .isOk()) {
2568 return ret;
2569 }
2570 client = static_cast<CLIENT*>(tmp.get());
2571
2572 LOG_ALWAYS_FATAL_IF(client.get() == nullptr, "%s: CameraService in invalid state",
2573 __FUNCTION__);
2574
2575 std::string monitorTags = isClientWatched(client.get()) ? mMonitorTags : std::string();
2576 err = client->initialize(mCameraProviderManager, monitorTags);
2577 if (err != OK) {
2578 ALOGE("%s: Could not initialize client from HAL.", __FUNCTION__);
2579 // Errors could be from the HAL module open call or from AppOpsManager
2580 mServiceLock.unlock();
2581 client->disconnect();
2582 mServiceLock.lock();
2583 switch(err) {
2584 case BAD_VALUE:
2585 return STATUS_ERROR_FMT(ERROR_ILLEGAL_ARGUMENT,
2586 "Illegal argument to HAL module for camera \"%s\"", cameraId.c_str());
2587 case -EBUSY:
2588 return STATUS_ERROR_FMT(ERROR_CAMERA_IN_USE,
2589 "Camera \"%s\" is already open", cameraId.c_str());
2590 case -EUSERS:
2591 return STATUS_ERROR_FMT(ERROR_MAX_CAMERAS_IN_USE,
2592 "Too many cameras already open, cannot open camera \"%s\"",
2593 cameraId.c_str());
2594 case PERMISSION_DENIED:
2595 return STATUS_ERROR_FMT(ERROR_PERMISSION_DENIED,
2596 "No permission to open camera \"%s\"", cameraId.c_str());
2597 case -EACCES:
2598 return STATUS_ERROR_FMT(ERROR_DISABLED,
2599 "Camera \"%s\" disabled by policy", cameraId.c_str());
2600 case -ENODEV:
2601 default:
2602 return STATUS_ERROR_FMT(ERROR_INVALID_OPERATION,
2603 "Failed to initialize camera \"%s\": %s (%d)", cameraId.c_str(),
2604 strerror(-err), err);
2605 }
2606 }
2607
2608 // Update shim paremeters for legacy clients
2609 if (effectiveApiLevel == API_1) {
2610 // Assume we have always received a Client subclass for API1
2611 sp<Client> shimClient = reinterpret_cast<Client*>(client.get());
2612 String8 rawParams = shimClient->getParameters();
2613 CameraParameters params(rawParams);
2614
2615 auto cameraState = getCameraState(cameraId);
2616 if (cameraState != nullptr) {
2617 cameraState->setShimParams(params);
2618 } else {
2619 ALOGE("%s: Cannot update shim parameters for camera %s, no such device exists.",
2620 __FUNCTION__, cameraId.c_str());
2621 }
2622 }
2623
2624 // Enable/disable camera service watchdog
2625 client->setCameraServiceWatchdog(mCameraServiceWatchdogEnabled);
2626
2627 CameraMetadata chars;
2628 bool rotateAndCropSupported = true;
2629 err = mCameraProviderManager->getCameraCharacteristics(cameraId, overrideForPerfClass,
2630 &chars, rotationOverride);
2631 if (err == OK) {
2632 auto availableRotateCropEntry = chars.find(
2633 ANDROID_SCALER_AVAILABLE_ROTATE_AND_CROP_MODES);
2634 if (availableRotateCropEntry.count <= 1) {
2635 rotateAndCropSupported = false;
2636 }
2637 } else {
2638 ALOGE("%s: Unable to query static metadata for camera %s: %s (%d)", __FUNCTION__,
2639 cameraId.c_str(), strerror(-err), err);
2640 }
2641
2642 if (rotateAndCropSupported) {
2643 // Set rotate-and-crop override behavior
2644 if (mOverrideRotateAndCropMode != ANDROID_SCALER_ROTATE_AND_CROP_AUTO) {
2645 client->setRotateAndCropOverride(mOverrideRotateAndCropMode);
2646 } else if (rotationOverride != hardware::ICameraService::ROTATION_OVERRIDE_NONE &&
2647 portraitRotation != 0) {
2648 uint8_t rotateAndCropMode = ANDROID_SCALER_ROTATE_AND_CROP_AUTO;
2649 switch (portraitRotation) {
2650 case 90:
2651 rotateAndCropMode = ANDROID_SCALER_ROTATE_AND_CROP_90;
2652 break;
2653 case 180:
2654 rotateAndCropMode = ANDROID_SCALER_ROTATE_AND_CROP_180;
2655 break;
2656 case 270:
2657 rotateAndCropMode = ANDROID_SCALER_ROTATE_AND_CROP_270;
2658 break;
2659 default:
2660 ALOGE("Unexpected portrait rotation: %d", portraitRotation);
2661 break;
2662 }
2663 // Here we're communicating to the client the chosen rotate
2664 // and crop mode to send to the HAL
2665 client->setRotateAndCropOverride(rotateAndCropMode);
2666 } else {
2667 client->setRotateAndCropOverride(
2668 mCameraServiceProxyWrapper->getRotateAndCropOverride(
2669 clientPackageName, facing,
2670 multiuser_get_user_id(clientAttribution.uid)));
2671 }
2672 }
2673
2674 bool autoframingSupported = true;
2675 auto availableAutoframingEntry = chars.find(ANDROID_CONTROL_AUTOFRAMING_AVAILABLE);
2676 if ((availableAutoframingEntry.count == 1) && (availableAutoframingEntry.data.u8[0] ==
2677 ANDROID_CONTROL_AUTOFRAMING_AVAILABLE_FALSE)) {
2678 autoframingSupported = false;
2679 }
2680
2681 if (autoframingSupported) {
2682 // Set autoframing override behaviour
2683 if (mOverrideAutoframingMode != ANDROID_CONTROL_AUTOFRAMING_AUTO) {
2684 client->setAutoframingOverride(mOverrideAutoframingMode);
2685 } else {
2686 client->setAutoframingOverride(
2687 mCameraServiceProxyWrapper->getAutoframingOverride(
2688 clientPackageName));
2689 }
2690 }
2691
2692 bool isCameraPrivacyEnabled;
2693 if (flags::camera_privacy_allowlist()) {
2694 // Set camera muting behavior.
2695 isCameraPrivacyEnabled =
2696 this->isCameraPrivacyEnabled(toString16(client->getPackageName()), cameraId,
2697 clientAttribution.pid, clientAttribution.uid);
2698 } else {
2699 isCameraPrivacyEnabled =
2700 mSensorPrivacyPolicy->isCameraPrivacyEnabled();
2701 }
2702
2703 if (client->supportsCameraMute()) {
2704 client->setCameraMute(
2705 mOverrideCameraMuteMode || isCameraPrivacyEnabled);
2706 } else if (isCameraPrivacyEnabled) {
2707 // no camera mute supported, but privacy is on! => disconnect
2708 ALOGI("Camera mute not supported for package: %s, camera id: %s",
2709 client->getPackageName().c_str(), cameraId.c_str());
2710 // Do not hold mServiceLock while disconnecting clients, but
2711 // retain the condition blocking other clients from connecting
2712 // in mServiceLockWrapper if held.
2713 mServiceLock.unlock();
2714 // Clear caller identity temporarily so client disconnect PID
2715 // checks work correctly
2716 int64_t token = clearCallingIdentity();
2717 // Note AppOp to trigger the "Unblock" dialog
2718 client->noteAppOp();
2719 client->disconnect();
2720 restoreCallingIdentity(token);
2721 // Reacquire mServiceLock
2722 mServiceLock.lock();
2723
2724 return STATUS_ERROR_FMT(ERROR_DISABLED,
2725 "Camera \"%s\" disabled due to camera mute", cameraId.c_str());
2726 }
2727
2728 if (shimUpdateOnly) {
2729 // If only updating legacy shim parameters, immediately disconnect client
2730 mServiceLock.unlock();
2731 client->disconnect();
2732 mServiceLock.lock();
2733 } else {
2734 // Otherwise, add client to active clients list
2735 finishConnectLocked(client, partial, oomScoreOffset, systemNativeClient);
2736 }
2737
2738 client->setImageDumpMask(mImageDumpMask);
2739 client->setStreamUseCaseOverrides(mStreamUseCaseOverrides);
2740 client->setZoomOverride(mZoomOverrideValue);
2741 } // lock is destroyed, allow further connect calls
2742
2743 // Important: release the mutex here so the client can call back into the service from its
2744 // destructor (can be at the end of the call)
2745 device = client;
2746
2747 int32_t openLatencyMs = ns2ms(systemTime() - openTimeNs);
2748 mCameraServiceProxyWrapper->logOpen(cameraId, facing, clientPackageName,
2749 effectiveApiLevel, isNonSystemNdk, openLatencyMs);
2750
2751 {
2752 Mutex::Autolock lock(mInjectionParametersLock);
2753 if (cameraId == mInjectionInternalCamId && mInjectionInitPending) {
2754 mInjectionInitPending = false;
2755 status_t res = NO_ERROR;
2756 auto clientDescriptor = mActiveClientManager.get(mInjectionInternalCamId);
2757 if (clientDescriptor != nullptr) {
2758 sp<BasicClient> clientSp = clientDescriptor->getValue();
2759 res = checkIfInjectionCameraIsPresent(mInjectionExternalCamId, clientSp);
2760 if(res != OK) {
2761 return STATUS_ERROR_FMT(ERROR_DISCONNECTED,
2762 "No camera device with ID \"%s\" currently available",
2763 mInjectionExternalCamId.c_str());
2764 }
2765 res = clientSp->injectCamera(mInjectionExternalCamId, mCameraProviderManager);
2766 if (res != OK) {
2767 mInjectionStatusListener->notifyInjectionError(mInjectionExternalCamId, res);
2768 }
2769 } else {
2770 ALOGE("%s: Internal camera ID = %s 's client does not exist!",
2771 __FUNCTION__, mInjectionInternalCamId.c_str());
2772 res = NO_INIT;
2773 mInjectionStatusListener->notifyInjectionError(mInjectionExternalCamId, res);
2774 }
2775 }
2776 }
2777
2778 return ret;
2779 }
2780
addOfflineClient(const std::string & cameraId,sp<BasicClient> offlineClient)2781 status_t CameraService::addOfflineClient(const std::string &cameraId,
2782 sp<BasicClient> offlineClient) {
2783 if (offlineClient.get() == nullptr) {
2784 return BAD_VALUE;
2785 }
2786
2787 {
2788 // Acquire mServiceLock and prevent other clients from connecting
2789 std::unique_ptr<AutoConditionLock> lock =
2790 AutoConditionLock::waitAndAcquire(mServiceLockWrapper, DEFAULT_CONNECT_TIMEOUT_NS);
2791
2792 if (lock == nullptr) {
2793 ALOGE("%s: (PID %d) rejected (too many other clients connecting)."
2794 , __FUNCTION__, offlineClient->getClientCallingPid());
2795 return TIMED_OUT;
2796 }
2797
2798 auto onlineClientDesc = mActiveClientManager.get(cameraId);
2799 if (onlineClientDesc.get() == nullptr) {
2800 ALOGE("%s: No active online client using camera id: %s", __FUNCTION__,
2801 cameraId.c_str());
2802 return BAD_VALUE;
2803 }
2804
2805 // Offline clients do not evict or conflict with other online devices. Resource sharing
2806 // conflicts are handled by the camera provider which will either succeed or fail before
2807 // reaching this method.
2808 const auto& onlinePriority = onlineClientDesc->getPriority();
2809 auto offlineClientDesc = CameraClientManager::makeClientDescriptor(
2810 kOfflineDevice + onlineClientDesc->getKey(), offlineClient, /*cost*/ 0,
2811 /*conflictingKeys*/ std::set<std::string>(), onlinePriority.getScore(),
2812 onlineClientDesc->getOwnerId(), onlinePriority.getState(),
2813 // native clients don't have offline processing support.
2814 /*ommScoreOffset*/ 0, /*systemNativeClient*/false, /*sharedMode*/false);
2815 if (offlineClientDesc == nullptr) {
2816 ALOGE("%s: Offline client descriptor was NULL", __FUNCTION__);
2817 return BAD_VALUE;
2818 }
2819
2820 // Allow only one offline device per camera
2821 auto incompatibleClients = mActiveClientManager.getIncompatibleClients(offlineClientDesc);
2822 if (!incompatibleClients.empty()) {
2823 ALOGE("%s: Incompatible offline clients present!", __FUNCTION__);
2824 return BAD_VALUE;
2825 }
2826
2827 std::string monitorTags = isClientWatched(offlineClient.get())
2828 ? mMonitorTags : std::string();
2829 auto err = offlineClient->initialize(mCameraProviderManager, monitorTags);
2830 if (err != OK) {
2831 ALOGE("%s: Could not initialize offline client.", __FUNCTION__);
2832 return err;
2833 }
2834
2835 auto evicted = mActiveClientManager.addAndEvict(offlineClientDesc);
2836 if (evicted.size() > 0) {
2837 for (auto& i : evicted) {
2838 ALOGE("%s: Invalid state: Offline client for camera %s was not removed ",
2839 __FUNCTION__, i->getKey().c_str());
2840 }
2841
2842 LOG_ALWAYS_FATAL("%s: Invalid state for CameraService, offline clients not evicted "
2843 "properly", __FUNCTION__);
2844
2845 return BAD_VALUE;
2846 }
2847
2848 logConnectedOffline(offlineClientDesc->getKey(),
2849 static_cast<int>(offlineClientDesc->getOwnerId()),
2850 offlineClient->getPackageName());
2851
2852 sp<IBinder> remoteCallback = offlineClient->getRemote();
2853 if (remoteCallback != nullptr) {
2854 remoteCallback->linkToDeath(this);
2855 }
2856 } // lock is destroyed, allow further connect calls
2857
2858 return OK;
2859 }
2860
turnOnTorchWithStrengthLevel(const std::string & unresolvedCameraId,int32_t torchStrength,const sp<IBinder> & clientBinder,const AttributionSourceState & clientAttribution,int32_t devicePolicy)2861 Status CameraService::turnOnTorchWithStrengthLevel(const std::string& unresolvedCameraId,
2862 int32_t torchStrength, const sp<IBinder>& clientBinder,
2863 const AttributionSourceState& clientAttribution, int32_t devicePolicy) {
2864 Mutex::Autolock lock(mServiceLock);
2865
2866 ATRACE_CALL();
2867 if (clientBinder == nullptr) {
2868 ALOGE("%s: torch client binder is NULL", __FUNCTION__);
2869 return STATUS_ERROR(ERROR_ILLEGAL_ARGUMENT,
2870 "Torch client binder in null.");
2871 }
2872
2873 int uid = getCallingUid();
2874 std::optional<std::string> cameraIdOptional = resolveCameraId(unresolvedCameraId,
2875 clientAttribution.deviceId, devicePolicy);
2876 if (!cameraIdOptional.has_value()) {
2877 std::string msg = fmt::sprintf("Camera %s: Invalid camera id for device id %d",
2878 unresolvedCameraId.c_str(), clientAttribution.deviceId);
2879 ALOGE("%s: %s", __FUNCTION__, msg.c_str());
2880 return STATUS_ERROR(CameraService::ERROR_ILLEGAL_ARGUMENT, msg.c_str());
2881 }
2882 std::string cameraId = cameraIdOptional.value();
2883
2884 if (shouldRejectSystemCameraConnection(cameraId)) {
2885 return STATUS_ERROR_FMT(ERROR_ILLEGAL_ARGUMENT, "Unable to change the strength level"
2886 "for system only device %s: ", cameraId.c_str());
2887 }
2888
2889 // verify id is valid
2890 auto state = getCameraState(cameraId);
2891 if (state == nullptr) {
2892 ALOGE("%s: camera id is invalid %s", __FUNCTION__, cameraId.c_str());
2893 return STATUS_ERROR_FMT(ERROR_ILLEGAL_ARGUMENT,
2894 "Camera ID \"%s\" is a not valid camera ID", cameraId.c_str());
2895 }
2896
2897 StatusInternal cameraStatus = state->getStatus();
2898 if (cameraStatus != StatusInternal::NOT_AVAILABLE &&
2899 cameraStatus != StatusInternal::PRESENT) {
2900 ALOGE("%s: camera id is invalid %s, status %d", __FUNCTION__, cameraId.c_str(),
2901 (int)cameraStatus);
2902 return STATUS_ERROR_FMT(ERROR_ILLEGAL_ARGUMENT,
2903 "Camera ID \"%s\" is a not valid camera ID", cameraId.c_str());
2904 }
2905
2906 {
2907 Mutex::Autolock al(mTorchStatusMutex);
2908 TorchModeStatus status;
2909 status_t err = getTorchStatusLocked(cameraId, &status);
2910 if (err != OK) {
2911 if (err == NAME_NOT_FOUND) {
2912 return STATUS_ERROR_FMT(ERROR_ILLEGAL_ARGUMENT,
2913 "Camera \"%s\" does not have a flash unit", cameraId.c_str());
2914 }
2915 ALOGE("%s: getting current torch status failed for camera %s",
2916 __FUNCTION__, cameraId.c_str());
2917 return STATUS_ERROR_FMT(ERROR_INVALID_OPERATION,
2918 "Error changing torch strength level for camera \"%s\": %s (%d)",
2919 cameraId.c_str(), strerror(-err), err);
2920 }
2921
2922 if (status == TorchModeStatus::NOT_AVAILABLE) {
2923 if (cameraStatus == StatusInternal::NOT_AVAILABLE) {
2924 ALOGE("%s: torch mode of camera %s is not available because "
2925 "camera is in use.", __FUNCTION__, cameraId.c_str());
2926 return STATUS_ERROR_FMT(ERROR_CAMERA_IN_USE,
2927 "Torch for camera \"%s\" is not available due to an existing camera user",
2928 cameraId.c_str());
2929 } else {
2930 ALOGE("%s: torch mode of camera %s is not available due to "
2931 "insufficient resources", __FUNCTION__, cameraId.c_str());
2932 return STATUS_ERROR_FMT(ERROR_MAX_CAMERAS_IN_USE,
2933 "Torch for camera \"%s\" is not available due to insufficient resources",
2934 cameraId.c_str());
2935 }
2936 }
2937 }
2938
2939 {
2940 Mutex::Autolock al(mTorchUidMapMutex);
2941 updateTorchUidMapLocked(cameraId, uid);
2942 }
2943 // Check if the current torch strength level is same as the new one.
2944 bool shouldSkipTorchStrengthUpdates = mCameraProviderManager->shouldSkipTorchStrengthUpdate(
2945 cameraId, torchStrength);
2946
2947 status_t err = mFlashlight->turnOnTorchWithStrengthLevel(cameraId, torchStrength);
2948
2949 if (err != OK) {
2950 int32_t errorCode;
2951 std::string msg;
2952 switch (err) {
2953 case -ENOSYS:
2954 msg = fmt::sprintf("Camera \"%s\" has no flashlight.",
2955 cameraId.c_str());
2956 errorCode = ERROR_ILLEGAL_ARGUMENT;
2957 break;
2958 case -EBUSY:
2959 msg = fmt::sprintf("Camera \"%s\" is in use",
2960 cameraId.c_str());
2961 errorCode = ERROR_CAMERA_IN_USE;
2962 break;
2963 case -EINVAL:
2964 msg = fmt::sprintf("Torch strength level %d is not within the "
2965 "valid range.", torchStrength);
2966 errorCode = ERROR_ILLEGAL_ARGUMENT;
2967 break;
2968 default:
2969 msg = "Changing torch strength level failed.";
2970 errorCode = ERROR_INVALID_OPERATION;
2971 }
2972 ALOGE("%s: %s", __FUNCTION__, msg.c_str());
2973 return STATUS_ERROR(errorCode, msg.c_str());
2974 }
2975
2976 {
2977 // update the link to client's death
2978 // Store the last client that turns on each camera's torch mode.
2979 Mutex::Autolock al(mTorchClientMapMutex);
2980 ssize_t index = mTorchClientMap.indexOfKey(cameraId);
2981 if (index == NAME_NOT_FOUND) {
2982 mTorchClientMap.add(cameraId, clientBinder);
2983 } else {
2984 mTorchClientMap.valueAt(index)->unlinkToDeath(this);
2985 mTorchClientMap.replaceValueAt(index, clientBinder);
2986 }
2987 clientBinder->linkToDeath(this);
2988 }
2989
2990 int clientPid = getCallingPid();
2991 ALOGI("%s: Torch strength for camera id %s changed to %d for client PID %d",
2992 __FUNCTION__, cameraId.c_str(), torchStrength, clientPid);
2993 if (!shouldSkipTorchStrengthUpdates) {
2994 broadcastTorchStrengthLevel(cameraId, torchStrength);
2995 }
2996 return Status::ok();
2997 }
2998
setTorchMode(const std::string & unresolvedCameraId,bool enabled,const sp<IBinder> & clientBinder,const AttributionSourceState & clientAttribution,int32_t devicePolicy)2999 Status CameraService::setTorchMode(const std::string& unresolvedCameraId, bool enabled,
3000 const sp<IBinder>& clientBinder, const AttributionSourceState& clientAttribution,
3001 int32_t devicePolicy) {
3002 Mutex::Autolock lock(mServiceLock);
3003
3004 ATRACE_CALL();
3005 if (enabled && clientBinder == nullptr) {
3006 ALOGE("%s: torch client binder is NULL", __FUNCTION__);
3007 return STATUS_ERROR(ERROR_ILLEGAL_ARGUMENT,
3008 "Torch client Binder is null");
3009 }
3010
3011 int uid = getCallingUid();
3012 std::optional<std::string> cameraIdOptional = resolveCameraId(unresolvedCameraId,
3013 clientAttribution.deviceId, devicePolicy);
3014 if (!cameraIdOptional.has_value()) {
3015 std::string msg = fmt::sprintf("Camera %s: Invalid camera id for device id %d",
3016 unresolvedCameraId.c_str(), clientAttribution.deviceId);
3017 ALOGE("%s: %s", __FUNCTION__, msg.c_str());
3018 return STATUS_ERROR(CameraService::ERROR_ILLEGAL_ARGUMENT, msg.c_str());
3019 }
3020 std::string cameraId = cameraIdOptional.value();
3021
3022 if (shouldRejectSystemCameraConnection(cameraId)) {
3023 return STATUS_ERROR_FMT(ERROR_ILLEGAL_ARGUMENT, "Unable to set torch mode"
3024 " for system only device %s: ", cameraId.c_str());
3025 }
3026 // verify id is valid.
3027 auto state = getCameraState(cameraId);
3028 if (state == nullptr) {
3029 ALOGE("%s: camera id is invalid %s", __FUNCTION__, cameraId.c_str());
3030 return STATUS_ERROR_FMT(ERROR_ILLEGAL_ARGUMENT,
3031 "Camera ID \"%s\" is a not valid camera ID", cameraId.c_str());
3032 }
3033
3034 StatusInternal cameraStatus = state->getStatus();
3035 if (cameraStatus != StatusInternal::PRESENT &&
3036 cameraStatus != StatusInternal::NOT_AVAILABLE) {
3037 ALOGE("%s: camera id is invalid %s, status %d", __FUNCTION__, cameraId.c_str(),
3038 (int)cameraStatus);
3039 return STATUS_ERROR_FMT(ERROR_ILLEGAL_ARGUMENT,
3040 "Camera ID \"%s\" is a not valid camera ID", cameraId.c_str());
3041 }
3042
3043 {
3044 Mutex::Autolock al(mTorchStatusMutex);
3045 TorchModeStatus status;
3046 status_t err = getTorchStatusLocked(cameraId, &status);
3047 if (err != OK) {
3048 if (err == NAME_NOT_FOUND) {
3049 return STATUS_ERROR_FMT(ERROR_ILLEGAL_ARGUMENT,
3050 "Camera \"%s\" does not have a flash unit", cameraId.c_str());
3051 }
3052 ALOGE("%s: getting current torch status failed for camera %s",
3053 __FUNCTION__, cameraId.c_str());
3054 return STATUS_ERROR_FMT(ERROR_INVALID_OPERATION,
3055 "Error updating torch status for camera \"%s\": %s (%d)", cameraId.c_str(),
3056 strerror(-err), err);
3057 }
3058
3059 if (status == TorchModeStatus::NOT_AVAILABLE) {
3060 if (cameraStatus == StatusInternal::NOT_AVAILABLE) {
3061 ALOGE("%s: torch mode of camera %s is not available because "
3062 "camera is in use", __FUNCTION__, cameraId.c_str());
3063 return STATUS_ERROR_FMT(ERROR_CAMERA_IN_USE,
3064 "Torch for camera \"%s\" is not available due to an existing camera user",
3065 cameraId.c_str());
3066 } else {
3067 ALOGE("%s: torch mode of camera %s is not available due to "
3068 "insufficient resources", __FUNCTION__, cameraId.c_str());
3069 return STATUS_ERROR_FMT(ERROR_MAX_CAMERAS_IN_USE,
3070 "Torch for camera \"%s\" is not available due to insufficient resources",
3071 cameraId.c_str());
3072 }
3073 }
3074 }
3075
3076 {
3077 // Update UID map - this is used in the torch status changed callbacks, so must be done
3078 // before setTorchMode
3079 Mutex::Autolock al(mTorchUidMapMutex);
3080 updateTorchUidMapLocked(cameraId, uid);
3081 }
3082
3083 status_t err = mFlashlight->setTorchMode(cameraId, enabled);
3084
3085 if (err != OK) {
3086 int32_t errorCode;
3087 std::string msg;
3088 switch (err) {
3089 case -ENOSYS:
3090 msg = fmt::sprintf("Camera \"%s\" has no flashlight",
3091 cameraId.c_str());
3092 errorCode = ERROR_ILLEGAL_ARGUMENT;
3093 break;
3094 case -EBUSY:
3095 msg = fmt::sprintf("Camera \"%s\" is in use",
3096 cameraId.c_str());
3097 errorCode = ERROR_CAMERA_IN_USE;
3098 break;
3099 default:
3100 msg = fmt::sprintf(
3101 "Setting torch mode of camera \"%s\" to %d failed: %s (%d)",
3102 cameraId.c_str(), enabled, strerror(-err), err);
3103 errorCode = ERROR_INVALID_OPERATION;
3104 }
3105 ALOGE("%s: %s", __FUNCTION__, msg.c_str());
3106 logServiceError(msg, errorCode);
3107 return STATUS_ERROR(errorCode, msg.c_str());
3108 }
3109
3110 {
3111 // update the link to client's death
3112 Mutex::Autolock al(mTorchClientMapMutex);
3113 ssize_t index = mTorchClientMap.indexOfKey(cameraId);
3114 if (enabled) {
3115 if (index == NAME_NOT_FOUND) {
3116 mTorchClientMap.add(cameraId, clientBinder);
3117 } else {
3118 mTorchClientMap.valueAt(index)->unlinkToDeath(this);
3119 mTorchClientMap.replaceValueAt(index, clientBinder);
3120 }
3121 clientBinder->linkToDeath(this);
3122 } else if (index != NAME_NOT_FOUND) {
3123 mTorchClientMap.valueAt(index)->unlinkToDeath(this);
3124 }
3125 }
3126
3127 int clientPid = getCallingPid();
3128 std::string torchState = enabled ? "on" : "off";
3129 ALOGI("Torch for camera id %s turned %s for client PID %d", cameraId.c_str(),
3130 torchState.c_str(), clientPid);
3131 logTorchEvent(cameraId, torchState, clientPid);
3132 return Status::ok();
3133 }
3134
updateTorchUidMapLocked(const std::string & cameraId,int uid)3135 void CameraService::updateTorchUidMapLocked(const std::string& cameraId, int uid) {
3136 if (mTorchUidMap.find(cameraId) == mTorchUidMap.end()) {
3137 mTorchUidMap[cameraId].first = uid;
3138 mTorchUidMap[cameraId].second = uid;
3139 } else {
3140 // Set the pending UID
3141 mTorchUidMap[cameraId].first = uid;
3142 }
3143 }
3144
notifySystemEvent(int32_t eventId,const std::vector<int32_t> & args)3145 Status CameraService::notifySystemEvent(int32_t eventId,
3146 const std::vector<int32_t>& args) {
3147 const int pid = getCallingPid();
3148 const int selfPid = getpid();
3149
3150 // Permission checks
3151 if (pid != selfPid) {
3152 // Ensure we're being called by system_server, or similar process with
3153 // permissions to notify the camera service about system events
3154 if (!checkCallingPermission(toString16(sCameraSendSystemEventsPermission))) {
3155 const int uid = getCallingUid();
3156 ALOGE("Permission Denial: cannot send updates to camera service about system"
3157 " events from pid=%d, uid=%d", pid, uid);
3158 return STATUS_ERROR_FMT(ERROR_PERMISSION_DENIED,
3159 "No permission to send updates to camera service about system events"
3160 " from pid=%d, uid=%d", pid, uid);
3161 }
3162 }
3163
3164 ATRACE_CALL();
3165
3166 switch(eventId) {
3167 case ICameraService::EVENT_USER_SWITCHED: {
3168 // Try to register for UID and sensor privacy policy updates, in case we're recovering
3169 // from a system server crash
3170 mUidPolicy->registerSelf();
3171 mSensorPrivacyPolicy->registerSelf();
3172 doUserSwitch(/*newUserIds*/ args);
3173 break;
3174 }
3175 case ICameraService::EVENT_USB_DEVICE_ATTACHED:
3176 case ICameraService::EVENT_USB_DEVICE_DETACHED: {
3177 if (args.size() != 1) {
3178 return Status::fromExceptionCode(Status::EX_ILLEGAL_ARGUMENT,
3179 "USB Device Event requires 1 argument");
3180 }
3181
3182 // Notify CameraProviderManager for lazy HALs
3183 mCameraProviderManager->notifyUsbDeviceEvent(eventId,
3184 std::to_string(args[0]));
3185 break;
3186 }
3187 case ICameraService::EVENT_NONE:
3188 default: {
3189 ALOGW("%s: Received invalid system event from system_server: %d", __FUNCTION__,
3190 eventId);
3191 break;
3192 }
3193 }
3194 return Status::ok();
3195 }
3196
notifyMonitoredUids()3197 void CameraService::notifyMonitoredUids() {
3198 Mutex::Autolock lock(mStatusListenerLock);
3199
3200 for (const auto& it : mListenerList) {
3201 auto ret = it->getListener()->onCameraAccessPrioritiesChanged();
3202 it->handleBinderStatus(ret, "%s: Failed to trigger permission callback for %d:%d: %d",
3203 __FUNCTION__, it->getListenerUid(), it->getListenerPid(), ret.exceptionCode());
3204 }
3205 }
3206
notifyMonitoredUids(const std::unordered_set<uid_t> & notifyUidSet)3207 void CameraService::notifyMonitoredUids(const std::unordered_set<uid_t> ¬ifyUidSet) {
3208 Mutex::Autolock lock(mStatusListenerLock);
3209
3210 for (const auto& it : mListenerList) {
3211 if (notifyUidSet.find(it->getListenerUid()) != notifyUidSet.end()) {
3212 ALOGV("%s: notifying uid %d", __FUNCTION__, it->getListenerUid());
3213 auto ret = it->getListener()->onCameraAccessPrioritiesChanged();
3214 it->handleBinderStatus(ret, "%s: Failed to trigger permission callback for %d:%d: %d",
3215 __FUNCTION__, it->getListenerUid(), it->getListenerPid(), ret.exceptionCode());
3216 }
3217 }
3218 }
3219
updateSharedClientAccessPriorities(std::vector<int> sharedClientPids)3220 void CameraService::updateSharedClientAccessPriorities(std::vector<int> sharedClientPids) {
3221 Mutex::Autolock lock(mServiceLock);
3222 if (!flags::camera_multi_client() || sharedClientPids.empty()) {
3223 return;
3224 }
3225 std::vector<int> scores(sharedClientPids.size());
3226 std::vector<int> states(sharedClientPids.size());
3227 status_t err = ProcessInfoService::getProcessStatesScoresFromPids(sharedClientPids.size(),
3228 &sharedClientPids[0], /*out*/&states[0], /*out*/&scores[0]);
3229 if (err != OK) {
3230 return;
3231 }
3232 for (size_t i = 0; i < sharedClientPids.size(); i++) {
3233 auto clientDescriptorPtr = mActiveClientManager.getSharedClient(sharedClientPids[i]);
3234 if (clientDescriptorPtr == nullptr) {
3235 continue;
3236 }
3237 const auto& clientPriority = clientDescriptorPtr->getPriority();
3238 int score = clientPriority.getScore();
3239 int state = clientPriority.getState();
3240 if ((score != scores[i]) || (state != states[i])){
3241 clientDescriptorPtr->setPriority(resource_policy::ClientPriority(scores[i], states[i],
3242 false, 0));
3243 notifySharedClientPrioritiesChanged(clientDescriptorPtr->getKey());
3244 }
3245 }
3246 }
3247
notifySharedClientPrioritiesChanged(const std::string & cameraId)3248 void CameraService::notifySharedClientPrioritiesChanged(const std::string& cameraId) {
3249 if (!flags::camera_multi_client()) {
3250 return;
3251 }
3252 auto primaryClientDesc = mActiveClientManager.getPrimaryClient(cameraId);
3253 if (primaryClientDesc == nullptr) {
3254 return;
3255 }
3256 auto primaryClient = primaryClientDesc->getValue();
3257 if (primaryClient == nullptr) {
3258 return;
3259 }
3260 auto highestPriorityClient = mActiveClientManager.getHighestPrioritySharedClient(cameraId);
3261 if (highestPriorityClient == primaryClient) {
3262 return;
3263 }
3264 highestPriorityClient->setPrimaryClient(true);
3265 highestPriorityClient->notifyClientSharedAccessPriorityChanged(true);
3266 primaryClient->setPrimaryClient(false);
3267 primaryClient->notifyClientSharedAccessPriorityChanged(false);
3268 }
3269
notifyDeviceStateChange(int64_t newState)3270 Status CameraService::notifyDeviceStateChange(int64_t newState) {
3271 const int pid = getCallingPid();
3272 const int selfPid = getpid();
3273
3274 // Permission checks
3275 if (pid != selfPid) {
3276 // Ensure we're being called by system_server, or similar process with
3277 // permissions to notify the camera service about system events
3278 if (!checkCallingPermission(toString16(sCameraSendSystemEventsPermission))) {
3279 const int uid = getCallingUid();
3280 ALOGE("Permission Denial: cannot send updates to camera service about device"
3281 " state changes from pid=%d, uid=%d", pid, uid);
3282 return STATUS_ERROR_FMT(ERROR_PERMISSION_DENIED,
3283 "No permission to send updates to camera service about device state"
3284 " changes from pid=%d, uid=%d", pid, uid);
3285 }
3286 }
3287
3288 ATRACE_CALL();
3289
3290 {
3291 Mutex::Autolock lock(mServiceLock);
3292 mDeviceState = newState;
3293 }
3294
3295 mCameraProviderManager->notifyDeviceStateChange(newState);
3296
3297 return Status::ok();
3298 }
3299
notifyDisplayConfigurationChange()3300 Status CameraService::notifyDisplayConfigurationChange() {
3301 ATRACE_CALL();
3302 const int callingPid = getCallingPid();
3303 const int selfPid = getpid();
3304
3305 // Permission checks
3306 if (callingPid != selfPid) {
3307 // Ensure we're being called by system_server, or similar process with
3308 // permissions to notify the camera service about system events
3309 if (!checkCallingPermission(toString16(sCameraSendSystemEventsPermission))) {
3310 const int uid = getCallingUid();
3311 ALOGE("Permission Denial: cannot send updates to camera service about orientation"
3312 " changes from pid=%d, uid=%d", callingPid, uid);
3313 return STATUS_ERROR_FMT(ERROR_PERMISSION_DENIED,
3314 "No permission to send updates to camera service about orientation"
3315 " changes from pid=%d, uid=%d", callingPid, uid);
3316 }
3317 }
3318
3319 Mutex::Autolock lock(mServiceLock);
3320
3321 // Don't do anything if rotate-and-crop override via cmd is active
3322 if (mOverrideRotateAndCropMode != ANDROID_SCALER_ROTATE_AND_CROP_AUTO) return Status::ok();
3323
3324 const auto clients = mActiveClientManager.getAll();
3325 for (auto& current : clients) {
3326 if (current != nullptr) {
3327 const auto basicClient = current->getValue();
3328 if (basicClient.get() != nullptr && !basicClient->getOverrideToPortrait()) {
3329 basicClient->setRotateAndCropOverride(
3330 mCameraServiceProxyWrapper->getRotateAndCropOverride(
3331 basicClient->getPackageName(),
3332 basicClient->getCameraFacing(),
3333 multiuser_get_user_id(basicClient->getClientUid())));
3334 }
3335 }
3336 }
3337
3338 return Status::ok();
3339 }
3340
getConcurrentCameraIds(std::vector<ConcurrentCameraIdCombination> * concurrentCameraIds)3341 Status CameraService::getConcurrentCameraIds(
3342 std::vector<ConcurrentCameraIdCombination>* concurrentCameraIds) {
3343 ATRACE_CALL();
3344 if (!concurrentCameraIds) {
3345 ALOGE("%s: concurrentCameraIds is NULL", __FUNCTION__);
3346 return STATUS_ERROR(ERROR_ILLEGAL_ARGUMENT, "concurrentCameraIds is NULL");
3347 }
3348
3349 if (!mInitialized) {
3350 ALOGE("%s: Camera HAL couldn't be initialized", __FUNCTION__);
3351 logServiceError("Camera subsystem is not available", ERROR_DISCONNECTED);
3352 return STATUS_ERROR(ERROR_DISCONNECTED,
3353 "Camera subsystem is not available");
3354 }
3355 // First call into the provider and get the set of concurrent camera
3356 // combinations
3357 std::vector<std::unordered_set<std::string>> concurrentCameraCombinations =
3358 mCameraProviderManager->getConcurrentCameraIds();
3359 for (auto &combination : concurrentCameraCombinations) {
3360 std::vector<std::pair<std::string, int32_t>> validCombination;
3361 int32_t firstDeviceId = kInvalidDeviceId;
3362 for (auto &cameraId : combination) {
3363 // if the camera state is not present, skip
3364 auto state = getCameraState(cameraId);
3365 if (state == nullptr) {
3366 ALOGW("%s: camera id %s does not exist", __FUNCTION__, cameraId.c_str());
3367 continue;
3368 }
3369 StatusInternal status = state->getStatus();
3370 if (status == StatusInternal::NOT_PRESENT || status == StatusInternal::ENUMERATING) {
3371 continue;
3372 }
3373 if (shouldRejectSystemCameraConnection(cameraId)) {
3374 continue;
3375 }
3376 auto [cameraOwnerDeviceId, mappedCameraId] =
3377 mVirtualDeviceCameraIdMapper.getDeviceIdAndMappedCameraIdPair(cameraId);
3378 if (firstDeviceId == kInvalidDeviceId) {
3379 firstDeviceId = cameraOwnerDeviceId;
3380 } else if (firstDeviceId != cameraOwnerDeviceId) {
3381 // Found an invalid combination which contains cameras with different device id's,
3382 // hence discard it.
3383 validCombination.clear();
3384 break;
3385 }
3386 validCombination.push_back({mappedCameraId, cameraOwnerDeviceId});
3387 }
3388 if (validCombination.size() != 0) {
3389 concurrentCameraIds->push_back(std::move(validCombination));
3390 }
3391 }
3392 return Status::ok();
3393 }
3394
isConcurrentSessionConfigurationSupported(const std::vector<CameraIdAndSessionConfiguration> & cameraIdsAndSessionConfigurations,int targetSdkVersion,const AttributionSourceState & clientAttribution,int32_t devicePolicy,bool * isSupported)3395 Status CameraService::isConcurrentSessionConfigurationSupported(
3396 const std::vector<CameraIdAndSessionConfiguration>& cameraIdsAndSessionConfigurations,
3397 int targetSdkVersion, const AttributionSourceState& clientAttribution, int32_t devicePolicy,
3398 /*out*/bool* isSupported) {
3399 if (!isSupported) {
3400 ALOGE("%s: isSupported is NULL", __FUNCTION__);
3401 return STATUS_ERROR(ERROR_ILLEGAL_ARGUMENT, "isSupported is NULL");
3402 }
3403
3404 if (!mInitialized) {
3405 ALOGE("%s: Camera HAL couldn't be initialized", __FUNCTION__);
3406 return STATUS_ERROR(ERROR_DISCONNECTED,
3407 "Camera subsystem is not available");
3408 }
3409
3410 for (auto cameraIdAndSessionConfiguration : cameraIdsAndSessionConfigurations) {
3411 std::optional<std::string> cameraIdOptional =
3412 resolveCameraId(cameraIdAndSessionConfiguration.mCameraId,
3413 clientAttribution.deviceId, devicePolicy);
3414 if (!cameraIdOptional.has_value()) {
3415 std::string msg = fmt::sprintf("Camera %s: Invalid camera id for device id %d",
3416 cameraIdAndSessionConfiguration.mCameraId.c_str(), clientAttribution.deviceId);
3417 ALOGE("%s: %s", __FUNCTION__, msg.c_str());
3418 return STATUS_ERROR(CameraService::ERROR_ILLEGAL_ARGUMENT, msg.c_str());
3419 }
3420 cameraIdAndSessionConfiguration.mCameraId = cameraIdOptional.value();
3421 }
3422
3423 // Check for camera permissions
3424 int callingPid = getCallingPid();
3425 int callingUid = getCallingUid();
3426 bool hasCameraPermission = ((callingPid == getpid()) ||
3427 hasPermissionsForCamera(callingPid, callingUid,
3428 devicePolicy == IVirtualDeviceManagerNative::DEVICE_POLICY_DEFAULT
3429 ? kDefaultDeviceId : clientAttribution.deviceId));
3430 if (!hasCameraPermission) {
3431 return STATUS_ERROR(ERROR_PERMISSION_DENIED,
3432 "android.permission.CAMERA needed to call"
3433 "isConcurrentSessionConfigurationSupported");
3434 }
3435
3436 status_t res =
3437 mCameraProviderManager->isConcurrentSessionConfigurationSupported(
3438 cameraIdsAndSessionConfigurations, mPerfClassPrimaryCameraIds,
3439 targetSdkVersion, isSupported);
3440 if (res != OK) {
3441 logServiceError("Unable to query session configuration support",
3442 ERROR_INVALID_OPERATION);
3443 return STATUS_ERROR_FMT(ERROR_INVALID_OPERATION, "Unable to query session configuration "
3444 "support %s (%d)", strerror(-res), res);
3445 }
3446 return Status::ok();
3447 }
3448
addListener(const sp<ICameraServiceListener> & listener,std::vector<hardware::CameraStatus> * cameraStatuses)3449 Status CameraService::addListener(const sp<ICameraServiceListener>& listener,
3450 /*out*/
3451 std::vector<hardware::CameraStatus> *cameraStatuses) {
3452 return addListenerHelper(listener, cameraStatuses);
3453 }
3454
addListenerTest(const sp<hardware::ICameraServiceListener> & listener,std::vector<hardware::CameraStatus> * cameraStatuses)3455 binder::Status CameraService::addListenerTest(const sp<hardware::ICameraServiceListener>& listener,
3456 std::vector<hardware::CameraStatus>* cameraStatuses) {
3457 return addListenerHelper(listener, cameraStatuses, false, true);
3458 }
3459
addListenerHelper(const sp<ICameraServiceListener> & listener,std::vector<hardware::CameraStatus> * cameraStatuses,bool isVendorListener,bool isProcessLocalTest)3460 Status CameraService::addListenerHelper(const sp<ICameraServiceListener>& listener,
3461 /*out*/
3462 std::vector<hardware::CameraStatus> *cameraStatuses,
3463 bool isVendorListener, bool isProcessLocalTest) {
3464 ATRACE_CALL();
3465
3466 ALOGV("%s: Add listener %p", __FUNCTION__, listener.get());
3467
3468 if (listener == nullptr) {
3469 ALOGE("%s: Listener must not be null", __FUNCTION__);
3470 return STATUS_ERROR(ERROR_ILLEGAL_ARGUMENT, "Null listener given to addListener");
3471 }
3472
3473 auto clientPid = getCallingPid();
3474 auto clientUid = getCallingUid();
3475 bool openCloseCallbackAllowed = hasPermissionsForOpenCloseListener(clientPid, clientUid);
3476
3477 Mutex::Autolock lock(mServiceLock);
3478
3479 {
3480 Mutex::Autolock lock(mStatusListenerLock);
3481 for (const auto &it : mListenerList) {
3482 if (IInterface::asBinder(it->getListener()) == IInterface::asBinder(listener)) {
3483 ALOGW("%s: Tried to add listener %p which was already subscribed",
3484 __FUNCTION__, listener.get());
3485 return STATUS_ERROR(ERROR_ALREADY_EXISTS, "Listener already registered");
3486 }
3487 }
3488
3489 sp<ServiceListener> serviceListener =
3490 new ServiceListener(this, listener, clientUid, clientPid, isVendorListener,
3491 openCloseCallbackAllowed);
3492 auto ret = serviceListener->initialize(isProcessLocalTest);
3493 if (ret != NO_ERROR) {
3494 std::string msg = fmt::sprintf("Failed to initialize service listener: %s (%d)",
3495 strerror(-ret), ret);
3496 logServiceError(msg, ERROR_ILLEGAL_ARGUMENT);
3497 ALOGE("%s: %s", __FUNCTION__, msg.c_str());
3498 return STATUS_ERROR(ERROR_ILLEGAL_ARGUMENT, msg.c_str());
3499 }
3500 // The listener still needs to be added to the list of listeners, regardless of what
3501 // permissions the listener process has / whether it is a vendor listener. Since it might be
3502 // eligible to listen to other camera ids.
3503 mListenerList.emplace_back(serviceListener);
3504 mUidPolicy->registerMonitorUid(clientUid, /*openCamera*/false);
3505 }
3506
3507 /* Collect current devices and status */
3508 {
3509 Mutex::Autolock lock(mCameraStatesLock);
3510 for (auto& i : mCameraStates) {
3511 // Get the device id and app-visible camera id for the given HAL-visible camera id.
3512 auto [deviceId, mappedCameraId] =
3513 mVirtualDeviceCameraIdMapper.getDeviceIdAndMappedCameraIdPair(i.first);
3514
3515 cameraStatuses->emplace_back(mappedCameraId,
3516 mapToInterface(i.second->getStatus()), i.second->getUnavailablePhysicalIds(),
3517 openCloseCallbackAllowed ? i.second->getClientPackage() : std::string(),
3518 deviceId);
3519 }
3520 }
3521 // Remove the camera statuses that should be hidden from the client, we do
3522 // this after collecting the states in order to avoid holding
3523 // mCameraStatesLock and mInterfaceLock (held in getSystemCameraKind()) at
3524 // the same time.
3525 cameraStatuses->erase(std::remove_if(cameraStatuses->begin(), cameraStatuses->end(),
3526 [this, &isVendorListener, &clientPid, &clientUid](const hardware::CameraStatus& s) {
3527 std::string cameraId = s.cameraId;
3528 std::optional<std::string> cameraIdOptional = resolveCameraId(s.cameraId,
3529 s.deviceId, IVirtualDeviceManagerNative::DEVICE_POLICY_CUSTOM);
3530 if (!cameraIdOptional.has_value()) {
3531 std::string msg =
3532 fmt::sprintf(
3533 "Camera %s: Invalid camera id for device id %d",
3534 s.cameraId.c_str(), s.deviceId);
3535 ALOGE("%s: %s", __FUNCTION__, msg.c_str());
3536 return true;
3537 }
3538 cameraId = cameraIdOptional.value();
3539 SystemCameraKind deviceKind = SystemCameraKind::PUBLIC;
3540 if (getSystemCameraKind(cameraId, &deviceKind) != OK) {
3541 ALOGE("%s: Invalid camera id %s, skipping status update",
3542 __FUNCTION__, s.cameraId.c_str());
3543 return true;
3544 }
3545 return shouldSkipStatusUpdates(deviceKind, isVendorListener, clientPid,
3546 clientUid);
3547 }), cameraStatuses->end());
3548
3549 // cameraStatuses will have non-eligible camera ids removed.
3550 std::set<std::string> idsChosenForCallback;
3551 for (const auto &s : *cameraStatuses) {
3552 // Add only default device cameras here, as virtual cameras currently don't support torch
3553 // anyway. Note that this is a simplification of the implementation here, and we should
3554 // change this when virtual cameras support torch.
3555 if (s.deviceId == kDefaultDeviceId) {
3556 idsChosenForCallback.insert(s.cameraId);
3557 }
3558 }
3559
3560 /*
3561 * Immediately signal current torch status to this listener only
3562 * This may be a subset of all the devices, so don't include it in the response directly
3563 */
3564 {
3565 Mutex::Autolock al(mTorchStatusMutex);
3566 for (size_t i = 0; i < mTorchStatusMap.size(); i++ ) {
3567 const std::string &id = mTorchStatusMap.keyAt(i);
3568 // The camera id is visible to the client. Fine to send torch
3569 // callback.
3570 if (idsChosenForCallback.find(id) != idsChosenForCallback.end()) {
3571 listener->onTorchStatusChanged(mapToInterface(mTorchStatusMap.valueAt(i)), id,
3572 kDefaultDeviceId);
3573 }
3574 }
3575 }
3576
3577 return Status::ok();
3578 }
3579
removeListener(const sp<ICameraServiceListener> & listener)3580 Status CameraService::removeListener(const sp<ICameraServiceListener>& listener) {
3581 ATRACE_CALL();
3582
3583 ALOGV("%s: Remove listener %p", __FUNCTION__, listener.get());
3584
3585 if (listener == 0) {
3586 ALOGE("%s: Listener must not be null", __FUNCTION__);
3587 return STATUS_ERROR(ERROR_ILLEGAL_ARGUMENT, "Null listener given to removeListener");
3588 }
3589
3590 Mutex::Autolock lock(mServiceLock);
3591
3592 {
3593 Mutex::Autolock lock(mStatusListenerLock);
3594 for (auto it = mListenerList.begin(); it != mListenerList.end(); it++) {
3595 if (IInterface::asBinder((*it)->getListener()) == IInterface::asBinder(listener)) {
3596 mUidPolicy->unregisterMonitorUid((*it)->getListenerUid(), /*closeCamera*/false);
3597 IInterface::asBinder(listener)->unlinkToDeath(*it);
3598 mListenerList.erase(it);
3599 return Status::ok();
3600 }
3601 }
3602 }
3603
3604 ALOGW("%s: Tried to remove a listener %p which was not subscribed",
3605 __FUNCTION__, listener.get());
3606
3607 return STATUS_ERROR(ERROR_ILLEGAL_ARGUMENT, "Unregistered listener given to removeListener");
3608 }
3609
getLegacyParameters(int cameraId,std::string * parameters)3610 Status CameraService::getLegacyParameters(int cameraId, /*out*/std::string* parameters) {
3611
3612 ATRACE_CALL();
3613 ALOGV("%s: for camera ID = %d", __FUNCTION__, cameraId);
3614
3615 if (parameters == NULL) {
3616 ALOGE("%s: parameters must not be null", __FUNCTION__);
3617 return STATUS_ERROR(ERROR_ILLEGAL_ARGUMENT, "Parameters must not be null");
3618 }
3619
3620 Status ret = Status::ok();
3621
3622 CameraParameters shimParams;
3623 if (!(ret = getLegacyParametersLazy(cameraId, /*out*/&shimParams)).isOk()) {
3624 // Error logged by caller
3625 return ret;
3626 }
3627
3628 String8 shimParamsString8 = shimParams.flatten();
3629
3630 *parameters = toStdString(shimParamsString8);
3631
3632 return ret;
3633 }
3634
isHiddenPhysicalCamera(const std::string & cameraId,bool * isSupported)3635 Status CameraService::isHiddenPhysicalCamera(const std::string& cameraId,
3636 /*out*/ bool *isSupported) {
3637 ATRACE_CALL();
3638
3639 ALOGV("%s: for camera ID = %s", __FUNCTION__, cameraId.c_str());
3640 *isSupported = mCameraProviderManager->isHiddenPhysicalCamera(cameraId);
3641
3642 return Status::ok();
3643 }
3644
injectCamera(const std::string & packageName,const std::string & internalCamId,const std::string & externalCamId,const sp<ICameraInjectionCallback> & callback,sp<ICameraInjectionSession> * cameraInjectionSession)3645 Status CameraService::injectCamera(
3646 const std::string& packageName, const std::string& internalCamId,
3647 const std::string& externalCamId,
3648 const sp<ICameraInjectionCallback>& callback,
3649 /*out*/
3650 sp<ICameraInjectionSession>* cameraInjectionSession) {
3651 ATRACE_CALL();
3652
3653 if (!checkCallingPermission(toString16(sCameraInjectExternalCameraPermission))) {
3654 const int pid = getCallingPid();
3655 const int uid = getCallingUid();
3656 ALOGE("Permission Denial: can't inject camera pid=%d, uid=%d", pid, uid);
3657 return STATUS_ERROR(ERROR_PERMISSION_DENIED,
3658 "Permission Denial: no permission to inject camera");
3659 }
3660
3661 // Do not allow any camera injection that injects or replaces a virtual camera.
3662 auto [deviceIdForInternalCamera, _] =
3663 mVirtualDeviceCameraIdMapper.getDeviceIdAndMappedCameraIdPair(internalCamId);
3664 if (deviceIdForInternalCamera != kDefaultDeviceId) {
3665 return STATUS_ERROR(ICameraInjectionCallback::ERROR_INJECTION_UNSUPPORTED,
3666 "Cannot replace a virtual camera");
3667 }
3668 [[maybe_unused]] auto [deviceIdForExternalCamera, unusedMappedCameraId] =
3669 mVirtualDeviceCameraIdMapper.getDeviceIdAndMappedCameraIdPair(externalCamId);
3670 if (deviceIdForExternalCamera != kDefaultDeviceId) {
3671 return STATUS_ERROR(ICameraInjectionCallback::ERROR_INJECTION_UNSUPPORTED,
3672 "Cannot inject a virtual camera to replace an internal camera");
3673 }
3674
3675 ALOGV(
3676 "%s: Package name = %s, Internal camera ID = %s, External camera ID = "
3677 "%s",
3678 __FUNCTION__, packageName.c_str(),
3679 internalCamId.c_str(), externalCamId.c_str());
3680
3681 {
3682 Mutex::Autolock lock(mInjectionParametersLock);
3683 mInjectionInternalCamId = internalCamId;
3684 mInjectionExternalCamId = externalCamId;
3685 mInjectionStatusListener->addListener(callback);
3686 *cameraInjectionSession = new CameraInjectionSession(this);
3687 status_t res = NO_ERROR;
3688 auto clientDescriptor = mActiveClientManager.get(mInjectionInternalCamId);
3689 // If the client already exists, we can directly connect to the camera device through the
3690 // client's injectCamera(), otherwise we need to wait until the client is established
3691 // (execute connectHelper()) before injecting the camera to the camera device.
3692 if (clientDescriptor != nullptr) {
3693 mInjectionInitPending = false;
3694 sp<BasicClient> clientSp = clientDescriptor->getValue();
3695 res = checkIfInjectionCameraIsPresent(mInjectionExternalCamId, clientSp);
3696 if(res != OK) {
3697 return STATUS_ERROR_FMT(ERROR_DISCONNECTED,
3698 "No camera device with ID \"%s\" currently available",
3699 mInjectionExternalCamId.c_str());
3700 }
3701 res = clientSp->injectCamera(mInjectionExternalCamId, mCameraProviderManager);
3702 if (res != OK) {
3703 mInjectionStatusListener->notifyInjectionError(mInjectionExternalCamId, res);
3704 }
3705 } else {
3706 mInjectionInitPending = true;
3707 }
3708 }
3709
3710 return binder::Status::ok();
3711 }
3712
reportExtensionSessionStats(const hardware::CameraExtensionSessionStats & stats,std::string * sessionKey)3713 Status CameraService::reportExtensionSessionStats(
3714 const hardware::CameraExtensionSessionStats& stats, std::string* sessionKey /*out*/) {
3715 ALOGV("%s: reported %s", __FUNCTION__, stats.toString().c_str());
3716 *sessionKey = mCameraServiceProxyWrapper->updateExtensionStats(stats);
3717 return Status::ok();
3718 }
3719
removeByClient(const BasicClient * client)3720 void CameraService::removeByClient(const BasicClient* client) {
3721 Mutex::Autolock lock(mServiceLock);
3722 for (auto& i : mActiveClientManager.getAll()) {
3723 auto clientSp = i->getValue();
3724 if (clientSp.get() == client) {
3725 cacheClientTagDumpIfNeeded(client->mCameraIdStr, clientSp.get());
3726 mActiveClientManager.remove(i);
3727 }
3728 }
3729 updateAudioRestrictionLocked();
3730 }
3731
isOnlyClient(const BasicClient * client)3732 bool CameraService::isOnlyClient(const BasicClient* client) {
3733 Mutex::Autolock lock(mServiceLock);
3734 bool ret = true;
3735 if (!flags::camera_multi_client()) {
3736 return ret;
3737 }
3738 if (client != nullptr) {
3739 std::string camId = client->mCameraIdStr;
3740 for (const auto& i : mActiveClientManager.getAll()) {
3741 auto clientSp = i->getValue();
3742 auto curCamId = i->getKey();
3743 if (!curCamId.compare(camId) && clientSp.get() != client) {
3744 return false;
3745 }
3746 }
3747 }
3748 return ret;
3749 }
3750
evictClientIdByRemote(const wp<IBinder> & remote)3751 bool CameraService::evictClientIdByRemote(const wp<IBinder>& remote) {
3752 bool ret = false;
3753 {
3754 // Acquire mServiceLock and prevent other clients from connecting
3755 std::unique_ptr<AutoConditionLock> lock =
3756 AutoConditionLock::waitAndAcquire(mServiceLockWrapper);
3757
3758 std::vector<sp<BasicClient>> evicted;
3759 for (auto& i : mActiveClientManager.getAll()) {
3760 auto clientSp = i->getValue();
3761 if (clientSp.get() == nullptr) {
3762 ALOGE("%s: Dead client still in mActiveClientManager.", __FUNCTION__);
3763 mActiveClientManager.remove(i);
3764 continue;
3765 }
3766 if (remote == clientSp->getRemote()) {
3767 mActiveClientManager.remove(i);
3768 evicted.push_back(clientSp);
3769
3770 // Notify the client of disconnection
3771 clientSp->notifyError(
3772 hardware::camera2::ICameraDeviceCallbacks::ERROR_CAMERA_DISCONNECTED,
3773 CaptureResultExtras());
3774 }
3775 }
3776
3777 // Do not hold mServiceLock while disconnecting clients, but retain the condition blocking
3778 // other clients from connecting in mServiceLockWrapper if held
3779 mServiceLock.unlock();
3780
3781 // Do not clear caller identity, remote caller should be client proccess
3782
3783 for (auto& i : evicted) {
3784 if (i.get() != nullptr) {
3785 i->disconnect();
3786 ret = true;
3787 }
3788 }
3789
3790 // Reacquire mServiceLock
3791 mServiceLock.lock();
3792
3793 } // lock is destroyed, allow further connect calls
3794
3795 return ret;
3796 }
3797
getCameraState(const std::string & cameraId) const3798 std::shared_ptr<CameraService::CameraState> CameraService::getCameraState(
3799 const std::string& cameraId) const {
3800 std::shared_ptr<CameraState> state;
3801 {
3802 Mutex::Autolock lock(mCameraStatesLock);
3803 auto iter = mCameraStates.find(cameraId);
3804 if (iter != mCameraStates.end()) {
3805 state = iter->second;
3806 }
3807 }
3808 return state;
3809 }
3810
removeClientsLocked(const std::string & cameraId)3811 std::vector<sp<CameraService::BasicClient>> CameraService::removeClientsLocked(
3812 const std::string& cameraId) {
3813 // Remove from active clients list
3814 std::vector<sp<CameraService::BasicClient>> clients;
3815 if (flags::camera_multi_client()) {
3816 std::vector<CameraService::DescriptorPtr> clientDescriptors;
3817 clientDescriptors = mActiveClientManager.removeAll(cameraId);
3818 for (const auto& clientDescriptorPtr : clientDescriptors) {
3819 if (clientDescriptorPtr != nullptr) {
3820 sp<BasicClient> client = clientDescriptorPtr->getValue();
3821 if (client.get() != nullptr) {
3822 cacheClientTagDumpIfNeeded(clientDescriptorPtr->getKey(), client.get());
3823 clients.push_back(client);
3824 }
3825 }
3826 }
3827 } else {
3828 auto clientDescriptorPtr = mActiveClientManager.remove(cameraId);
3829 if (clientDescriptorPtr == nullptr) {
3830 ALOGW("%s: Could not evict client, no client for camera ID %s", __FUNCTION__,
3831 cameraId.c_str());
3832 return clients;
3833 }
3834
3835 sp<BasicClient> client = clientDescriptorPtr->getValue();
3836 if (client.get() != nullptr) {
3837 cacheClientTagDumpIfNeeded(clientDescriptorPtr->getKey(), client.get());
3838 clients.push_back(client);
3839 }
3840 }
3841 return clients;
3842 }
3843
doUserSwitch(const std::vector<int32_t> & newUserIds)3844 void CameraService::doUserSwitch(const std::vector<int32_t>& newUserIds) {
3845 // Acquire mServiceLock and prevent other clients from connecting
3846 std::unique_ptr<AutoConditionLock> lock =
3847 AutoConditionLock::waitAndAcquire(mServiceLockWrapper);
3848
3849 std::set<userid_t> newAllowedUsers;
3850 for (size_t i = 0; i < newUserIds.size(); i++) {
3851 if (newUserIds[i] < 0) {
3852 ALOGE("%s: Bad user ID %d given during user switch, ignoring.",
3853 __FUNCTION__, newUserIds[i]);
3854 return;
3855 }
3856 newAllowedUsers.insert(static_cast<userid_t>(newUserIds[i]));
3857 }
3858
3859
3860 if (newAllowedUsers == mAllowedUsers) {
3861 ALOGW("%s: Received notification of user switch with no updated user IDs.", __FUNCTION__);
3862 return;
3863 }
3864
3865 logUserSwitch(mAllowedUsers, newAllowedUsers);
3866
3867 mAllowedUsers = std::move(newAllowedUsers);
3868
3869 // Current user has switched, evict all current clients.
3870 std::vector<sp<BasicClient>> evicted;
3871 for (auto& i : mActiveClientManager.getAll()) {
3872 auto clientSp = i->getValue();
3873
3874 if (clientSp.get() == nullptr) {
3875 ALOGE("%s: Dead client still in mActiveClientManager.", __FUNCTION__);
3876 continue;
3877 }
3878
3879 // Don't evict clients that are still allowed.
3880 uid_t clientUid = clientSp->getClientUid();
3881 userid_t clientUserId = multiuser_get_user_id(clientUid);
3882 if (mAllowedUsers.find(clientUserId) != mAllowedUsers.end()) {
3883 continue;
3884 }
3885
3886 evicted.push_back(clientSp);
3887
3888 ALOGE("Evicting conflicting client for camera ID %s due to user change",
3889 i->getKey().c_str());
3890
3891 // Log the clients evicted
3892 logEvent(fmt::sprintf("EVICT device %s client held by package %s (PID %"
3893 PRId32 ", score %" PRId32 ", state %" PRId32 ")\n - Evicted due"
3894 " to user switch.", i->getKey().c_str(),
3895 clientSp->getPackageName().c_str(),
3896 i->getOwnerId(), i->getPriority().getScore(),
3897 i->getPriority().getState()));
3898
3899 }
3900
3901 // Do not hold mServiceLock while disconnecting clients, but retain the condition
3902 // blocking other clients from connecting in mServiceLockWrapper if held.
3903 mServiceLock.unlock();
3904
3905 // Clear caller identity temporarily so client disconnect PID checks work correctly
3906 int64_t token = clearCallingIdentity();
3907
3908 for (auto& i : evicted) {
3909 i->disconnect();
3910 }
3911
3912 restoreCallingIdentity(token);
3913
3914 // Reacquire mServiceLock
3915 mServiceLock.lock();
3916 }
3917
logEvent(const std::string & event)3918 void CameraService::logEvent(const std::string &event) {
3919 std::string curTime = getFormattedCurrentTime();
3920 Mutex::Autolock l(mLogLock);
3921 std::string msg = curTime + " : " + event;
3922 // For service error events, print the msg only once.
3923 if (msg.find("SERVICE ERROR") != std::string::npos) {
3924 mEventLog.add(msg);
3925 } else if(sServiceErrorEventSet.find(msg) == sServiceErrorEventSet.end()) {
3926 // Error event not added to the dumpsys log before
3927 mEventLog.add(msg);
3928 sServiceErrorEventSet.insert(msg);
3929 }
3930 }
3931
logDisconnected(const std::string & cameraId,int clientPid,const std::string & clientPackage)3932 void CameraService::logDisconnected(const std::string &cameraId, int clientPid,
3933 const std::string &clientPackage) {
3934 // Log the clients evicted
3935 logEvent(fmt::sprintf("DISCONNECT device %s client for package %s (PID %d)", cameraId.c_str(),
3936 clientPackage.c_str(), clientPid));
3937 }
3938
logDisconnectedOffline(const std::string & cameraId,int clientPid,const std::string & clientPackage)3939 void CameraService::logDisconnectedOffline(const std::string &cameraId, int clientPid,
3940 const std::string &clientPackage) {
3941 // Log the clients evicted
3942 logEvent(fmt::sprintf("DISCONNECT offline device %s client for package %s (PID %d)",
3943 cameraId.c_str(), clientPackage.c_str(), clientPid));
3944 }
3945
logConnected(const std::string & cameraId,int clientPid,const std::string & clientPackage)3946 void CameraService::logConnected(const std::string &cameraId, int clientPid,
3947 const std::string &clientPackage) {
3948 // Log the clients evicted
3949 logEvent(fmt::sprintf("CONNECT device %s client for package %s (PID %d)", cameraId.c_str(),
3950 clientPackage.c_str(), clientPid));
3951 }
3952
logConnectedOffline(const std::string & cameraId,int clientPid,const std::string & clientPackage)3953 void CameraService::logConnectedOffline(const std::string &cameraId, int clientPid,
3954 const std::string &clientPackage) {
3955 // Log the clients evicted
3956 logEvent(fmt::sprintf("CONNECT offline device %s client for package %s (PID %d)",
3957 cameraId.c_str(), clientPackage.c_str(), clientPid));
3958 }
3959
logRejected(const std::string & cameraId,int clientPid,const std::string & clientPackage,const std::string & reason)3960 void CameraService::logRejected(const std::string &cameraId, int clientPid,
3961 const std::string &clientPackage, const std::string &reason) {
3962 // Log the client rejected
3963 logEvent(fmt::sprintf("REJECT device %s client for package %s (PID %d), reason: (%s)",
3964 cameraId.c_str(), clientPackage.c_str(), clientPid, reason.c_str()));
3965 }
3966
logTorchEvent(const std::string & cameraId,const std::string & torchState,int clientPid)3967 void CameraService::logTorchEvent(const std::string &cameraId, const std::string &torchState,
3968 int clientPid) {
3969 // Log torch event
3970 logEvent(fmt::sprintf("Torch for camera id %s turned %s for client PID %d", cameraId.c_str(),
3971 torchState.c_str(), clientPid));
3972 }
3973
logUserSwitch(const std::set<userid_t> & oldUserIds,const std::set<userid_t> & newUserIds)3974 void CameraService::logUserSwitch(const std::set<userid_t>& oldUserIds,
3975 const std::set<userid_t>& newUserIds) {
3976 std::string newUsers = toString(newUserIds);
3977 std::string oldUsers = toString(oldUserIds);
3978 if (oldUsers.size() == 0) {
3979 oldUsers = "<None>";
3980 }
3981 // Log the new and old users
3982 logEvent(fmt::sprintf("USER_SWITCH previous allowed user IDs: %s, current allowed user IDs: %s",
3983 oldUsers.c_str(), newUsers.c_str()));
3984 }
3985
logDeviceRemoved(const std::string & cameraId,const std::string & reason)3986 void CameraService::logDeviceRemoved(const std::string &cameraId, const std::string &reason) {
3987 // Log the device removal
3988 logEvent(fmt::sprintf("REMOVE device %s, reason: (%s)", cameraId.c_str(), reason.c_str()));
3989 }
3990
logDeviceAdded(const std::string & cameraId,const std::string & reason)3991 void CameraService::logDeviceAdded(const std::string &cameraId, const std::string &reason) {
3992 // Log the device removal
3993 logEvent(fmt::sprintf("ADD device %s, reason: (%s)", cameraId.c_str(), reason.c_str()));
3994 }
3995
logClientDied(int clientPid,const std::string & reason)3996 void CameraService::logClientDied(int clientPid, const std::string &reason) {
3997 // Log the device removal
3998 logEvent(fmt::sprintf("DIED client(s) with PID %d, reason: (%s)", clientPid, reason.c_str()));
3999 }
4000
logServiceError(const std::string & msg,int errorCode)4001 void CameraService::logServiceError(const std::string &msg, int errorCode) {
4002 logEvent(fmt::sprintf("SERVICE ERROR: %s : %d (%s)", msg.c_str(), errorCode,
4003 strerror(-errorCode)));
4004 }
4005
onTransact(uint32_t code,const Parcel & data,Parcel * reply,uint32_t flags)4006 status_t CameraService::onTransact(uint32_t code, const Parcel& data, Parcel* reply,
4007 uint32_t flags) {
4008
4009 // Permission checks
4010 switch (code) {
4011 case SHELL_COMMAND_TRANSACTION: {
4012 int in = data.readFileDescriptor();
4013 int out = data.readFileDescriptor();
4014 int err = data.readFileDescriptor();
4015 int argc = data.readInt32();
4016 Vector<String16> args;
4017 for (int i = 0; i < argc && data.dataAvail() > 0; i++) {
4018 args.add(data.readString16());
4019 }
4020 sp<IBinder> unusedCallback;
4021 sp<IResultReceiver> resultReceiver;
4022 status_t status;
4023 if ((status = data.readNullableStrongBinder(&unusedCallback)) != NO_ERROR) {
4024 return status;
4025 }
4026 if ((status = data.readNullableStrongBinder(&resultReceiver)) != NO_ERROR) {
4027 return status;
4028 }
4029 status = shellCommand(in, out, err, args);
4030 if (resultReceiver != nullptr) {
4031 resultReceiver->send(status);
4032 }
4033 return NO_ERROR;
4034 }
4035 }
4036
4037 return BnCameraService::onTransact(code, data, reply, flags);
4038 }
4039
4040 // We share the media players for shutter and recording sound for all clients.
4041 // A reference count is kept to determine when we will actually release the
4042 // media players.
newMediaPlayer(const char * file)4043 sp<MediaPlayer> CameraService::newMediaPlayer(const char *file) {
4044 sp<MediaPlayer> mp = new MediaPlayer();
4045 status_t error;
4046 if ((error = mp->setDataSource(NULL /* httpService */, file, NULL)) == NO_ERROR) {
4047 mp->setAudioStreamType(AUDIO_STREAM_ENFORCED_AUDIBLE);
4048 error = mp->prepare();
4049 }
4050 if (error != NO_ERROR) {
4051 ALOGE("Failed to load CameraService sounds: %s", file);
4052 mp->disconnect();
4053 mp.clear();
4054 return nullptr;
4055 }
4056 return mp;
4057 }
4058
increaseSoundRef()4059 void CameraService::increaseSoundRef() {
4060 Mutex::Autolock lock(mSoundLock);
4061 mSoundRef++;
4062 }
4063
loadSoundLocked(sound_kind kind)4064 void CameraService::loadSoundLocked(sound_kind kind) {
4065 ATRACE_CALL();
4066
4067 LOG1("CameraService::loadSoundLocked ref=%d", mSoundRef);
4068 if (SOUND_SHUTTER == kind && mSoundPlayer[SOUND_SHUTTER] == NULL) {
4069 mSoundPlayer[SOUND_SHUTTER] = newMediaPlayer("/product/media/audio/ui/camera_click.ogg");
4070 if (mSoundPlayer[SOUND_SHUTTER] == nullptr) {
4071 mSoundPlayer[SOUND_SHUTTER] = newMediaPlayer("/system/media/audio/ui/camera_click.ogg");
4072 }
4073 } else if (SOUND_RECORDING_START == kind && mSoundPlayer[SOUND_RECORDING_START] == NULL) {
4074 mSoundPlayer[SOUND_RECORDING_START] = newMediaPlayer("/product/media/audio/ui/VideoRecord.ogg");
4075 if (mSoundPlayer[SOUND_RECORDING_START] == nullptr) {
4076 mSoundPlayer[SOUND_RECORDING_START] =
4077 newMediaPlayer("/system/media/audio/ui/VideoRecord.ogg");
4078 }
4079 } else if (SOUND_RECORDING_STOP == kind && mSoundPlayer[SOUND_RECORDING_STOP] == NULL) {
4080 mSoundPlayer[SOUND_RECORDING_STOP] = newMediaPlayer("/product/media/audio/ui/VideoStop.ogg");
4081 if (mSoundPlayer[SOUND_RECORDING_STOP] == nullptr) {
4082 mSoundPlayer[SOUND_RECORDING_STOP] = newMediaPlayer("/system/media/audio/ui/VideoStop.ogg");
4083 }
4084 }
4085 }
4086
decreaseSoundRef()4087 void CameraService::decreaseSoundRef() {
4088 Mutex::Autolock lock(mSoundLock);
4089 LOG1("CameraService::decreaseSoundRef ref=%d", mSoundRef);
4090 if (--mSoundRef) return;
4091
4092 for (int i = 0; i < NUM_SOUNDS; i++) {
4093 if (mSoundPlayer[i] != 0) {
4094 mSoundPlayer[i]->disconnect();
4095 mSoundPlayer[i].clear();
4096 }
4097 }
4098 }
4099
playSound(sound_kind kind)4100 void CameraService::playSound(sound_kind kind) {
4101 ATRACE_CALL();
4102
4103 LOG1("playSound(%d)", kind);
4104 if (kind < 0 || kind >= NUM_SOUNDS) {
4105 ALOGE("%s: Invalid sound id requested: %d", __FUNCTION__, kind);
4106 return;
4107 }
4108
4109 Mutex::Autolock lock(mSoundLock);
4110 loadSoundLocked(kind);
4111 sp<MediaPlayer> player = mSoundPlayer[kind];
4112 if (player != 0) {
4113 player->seekTo(0);
4114 player->start();
4115 }
4116 }
4117
4118 // ----------------------------------------------------------------------------
4119
Client(const sp<CameraService> & cameraService,const sp<ICameraClient> & cameraClient,std::shared_ptr<AttributionAndPermissionUtils> attributionAndPermissionUtils,const AttributionSourceState & clientAttribution,int callingPid,bool systemNativeClient,const std::string & cameraIdStr,int api1CameraId,int cameraFacing,int sensorOrientation,int servicePid,int rotationOverride,bool sharedMode)4120 CameraService::Client::Client(
4121 const sp<CameraService>& cameraService, const sp<ICameraClient>& cameraClient,
4122 std::shared_ptr<AttributionAndPermissionUtils> attributionAndPermissionUtils,
4123 const AttributionSourceState& clientAttribution, int callingPid, bool systemNativeClient,
4124 const std::string& cameraIdStr, int api1CameraId, int cameraFacing, int sensorOrientation,
4125 int servicePid, int rotationOverride, bool sharedMode)
4126 : CameraService::BasicClient(cameraService, IInterface::asBinder(cameraClient),
4127 attributionAndPermissionUtils, clientAttribution, callingPid,
4128 systemNativeClient, cameraIdStr, cameraFacing, sensorOrientation,
4129 servicePid, rotationOverride, sharedMode),
4130 mCameraId(api1CameraId) {
4131 LOG1("Client::Client E (pid %d, id %d)", callingPid, mCameraId);
4132
4133 mRemoteCallback = cameraClient;
4134
4135 cameraService->increaseSoundRef();
4136
4137 LOG1("Client::Client X (pid %d, id %d)", callingPid, mCameraId);
4138 }
4139
4140 // tear down the client
~Client()4141 CameraService::Client::~Client() {
4142 ALOGV("~Client");
4143 mDestructionStarted = true;
4144
4145 sCameraService->decreaseSoundRef();
4146 // unconditionally disconnect. function is idempotent
4147 Client::disconnect();
4148 }
4149
4150 sp<CameraService> CameraService::BasicClient::BasicClient::sCameraService;
4151
BasicClient(const sp<CameraService> & cameraService,const sp<IBinder> & remoteCallback,std::shared_ptr<AttributionAndPermissionUtils> attributionAndPermissionUtils,const AttributionSourceState & clientAttribution,int callingPid,bool nativeClient,const std::string & cameraIdStr,int cameraFacing,int sensorOrientation,int servicePid,int rotationOverride,bool sharedMode)4152 CameraService::BasicClient::BasicClient(
4153 const sp<CameraService>& cameraService, const sp<IBinder>& remoteCallback,
4154 std::shared_ptr<AttributionAndPermissionUtils> attributionAndPermissionUtils,
4155 const AttributionSourceState& clientAttribution, int callingPid, bool nativeClient,
4156 const std::string& cameraIdStr, int cameraFacing, int sensorOrientation, int servicePid,
4157 int rotationOverride, bool sharedMode)
4158 : AttributionAndPermissionUtilsEncapsulator(attributionAndPermissionUtils),
4159 mDestructionStarted(false),
4160 mCameraIdStr(cameraIdStr),
4161 mCameraFacing(cameraFacing),
4162 mOrientation(sensorOrientation),
4163 mClientAttribution(clientAttribution),
4164 mCallingPid(callingPid),
4165 mSystemNativeClient(nativeClient),
4166 mServicePid(servicePid),
4167 mDisconnected(false),
4168 mUidIsTrusted(false),
4169 mRotationOverride(rotationOverride), mSharedMode(sharedMode),
4170 mAudioRestriction(hardware::camera2::ICameraDeviceUser::AUDIO_RESTRICTION_NONE),
4171 mRemoteBinder(remoteCallback),
4172 mCameraOpen(false),
4173 mCameraStreaming(false) {
4174 if (sCameraService == nullptr) {
4175 sCameraService = cameraService;
4176 }
4177
4178 // There are 2 scenarios in which a client won't have AppOps operations
4179 // (both scenarios : native clients)
4180 // 1) It's an system native client*, the package name will be empty
4181 // and it will return from this function in the previous if condition
4182 // (This is the same as the previously existing behavior).
4183 // 2) It is a system native client, but its package name has been
4184 // modified for debugging, however it still must not use AppOps since
4185 // the package name is not a real one.
4186 //
4187 // * system native client - native client with UID < AID_APP_START. It
4188 // doesn't exclude clients not on the system partition.
4189 if (!mSystemNativeClient) {
4190 mAppOpsManager = std::make_unique<AppOpsManager>();
4191 }
4192
4193 mUidIsTrusted = isTrustedCallingUid(mClientAttribution.uid);
4194 }
4195
~BasicClient()4196 CameraService::BasicClient::~BasicClient() {
4197 ALOGV("~BasicClient");
4198 mDestructionStarted = true;
4199 }
4200
disconnect()4201 binder::Status CameraService::BasicClient::disconnect() {
4202 binder::Status res = Status::ok();
4203 if (mDisconnected) {
4204 return res;
4205 }
4206 mDisconnected = true;
4207
4208 sCameraService->removeByClient(this);
4209 sCameraService->logDisconnected(mCameraIdStr, mCallingPid, getPackageName());
4210 if (!flags::camera_multi_client() || !mSharedMode || (mSharedMode &&
4211 sCameraService->isOnlyClient(this))) {
4212 // Remove the HAL reference for the camera in either of the following scenarios :
4213 // 1) Camera was opened in non-shared mode.
4214 // 2) Camera was opened in shared mode and this is the last client using
4215 // the camera which is being disconnected
4216 sCameraService->mCameraProviderManager->removeRef(CameraProviderManager::DeviceMode::CAMERA,
4217 mCameraIdStr);
4218 }
4219
4220 sp<IBinder> remote = getRemote();
4221 if (remote != nullptr) {
4222 remote->unlinkToDeath(sCameraService);
4223 }
4224
4225 notifyCameraClosing();
4226 if (!flags::camera_multi_client() || !mSharedMode || (mSharedMode &&
4227 sCameraService->isOnlyClient(this))) {
4228 // Notify flashlight that a camera device is closed.
4229 sCameraService->mFlashlight->deviceClosed(mCameraIdStr);
4230 }
4231 ALOGI("%s: Disconnected client for camera %s for PID %d", __FUNCTION__, mCameraIdStr.c_str(),
4232 mCallingPid);
4233
4234 // client shouldn't be able to call into us anymore
4235 mCallingPid = 0;
4236
4237 const auto& mActivityManager = getActivityManager();
4238 if (mActivityManager) {
4239 mActivityManager->logFgsApiEnd(LOG_FGS_CAMERA_API,
4240 getCallingUid(),
4241 getCallingPid());
4242 }
4243
4244 return res;
4245 }
4246
dump(int,const Vector<String16> &)4247 status_t CameraService::BasicClient::dump(int, const Vector<String16>&) {
4248 // No dumping of clients directly over Binder,
4249 // must go through CameraService::dump
4250 android_errorWriteWithInfoLog(SN_EVENT_LOG_ID, "26265403",
4251 getCallingUid(), NULL, 0);
4252 return OK;
4253 }
4254
startWatchingTags(const std::string &,int)4255 status_t CameraService::BasicClient::startWatchingTags(const std::string&, int) {
4256 // Can't watch tags directly, must go through CameraService::startWatchingTags
4257 return OK;
4258 }
4259
stopWatchingTags(int)4260 status_t CameraService::BasicClient::stopWatchingTags(int) {
4261 // Can't watch tags directly, must go through CameraService::stopWatchingTags
4262 return OK;
4263 }
4264
dumpWatchedEventsToVector(std::vector<std::string> &)4265 status_t CameraService::BasicClient::dumpWatchedEventsToVector(std::vector<std::string> &) {
4266 // Can't watch tags directly, must go through CameraService::dumpWatchedEventsToVector
4267 return OK;
4268 }
4269
getPackageName() const4270 std::string CameraService::BasicClient::getPackageName() const {
4271 return mClientAttribution.packageName.value_or(kUnknownPackageName);
4272 }
4273
getCameraFacing() const4274 int CameraService::BasicClient::getCameraFacing() const {
4275 return mCameraFacing;
4276 }
4277
getCameraOrientation() const4278 int CameraService::BasicClient::getCameraOrientation() const {
4279 return mOrientation;
4280 }
4281
getClientCallingPid() const4282 int CameraService::BasicClient::getClientCallingPid() const {
4283 return mCallingPid;
4284 }
4285
getClientUid() const4286 uid_t CameraService::BasicClient::getClientUid() const {
4287 return mClientAttribution.uid;
4288 }
4289
getClientAttributionTag() const4290 const std::optional<std::string>& CameraService::BasicClient::getClientAttributionTag() const {
4291 return mClientAttribution.attributionTag;
4292 }
4293
canCastToApiClient(apiLevel level) const4294 bool CameraService::BasicClient::canCastToApiClient(apiLevel level) const {
4295 // Defaults to API2.
4296 return level == API_2;
4297 }
4298
setAudioRestriction(int32_t mode)4299 status_t CameraService::BasicClient::setAudioRestriction(int32_t mode) {
4300 {
4301 Mutex::Autolock l(mAudioRestrictionLock);
4302 mAudioRestriction = mode;
4303 }
4304 sCameraService->updateAudioRestriction();
4305 return OK;
4306 }
4307
getServiceAudioRestriction() const4308 int32_t CameraService::BasicClient::getServiceAudioRestriction() const {
4309 return sCameraService->updateAudioRestriction();
4310 }
4311
getAudioRestriction() const4312 int32_t CameraService::BasicClient::getAudioRestriction() const {
4313 Mutex::Autolock l(mAudioRestrictionLock);
4314 return mAudioRestriction;
4315 }
4316
isValidAudioRestriction(int32_t mode)4317 bool CameraService::BasicClient::isValidAudioRestriction(int32_t mode) {
4318 switch (mode) {
4319 case hardware::camera2::ICameraDeviceUser::AUDIO_RESTRICTION_NONE:
4320 case hardware::camera2::ICameraDeviceUser::AUDIO_RESTRICTION_VIBRATION:
4321 case hardware::camera2::ICameraDeviceUser::AUDIO_RESTRICTION_VIBRATION_SOUND:
4322 return true;
4323 default:
4324 return false;
4325 }
4326 }
4327
handlePermissionResult(PermissionChecker::PermissionResult result)4328 status_t CameraService::BasicClient::handlePermissionResult(
4329 PermissionChecker::PermissionResult result) {
4330 if (result == PermissionChecker::PERMISSION_HARD_DENIED) {
4331 ALOGI("Camera %s: Access for \"%s\" has been revoked", mCameraIdStr.c_str(),
4332 getPackageName().c_str());
4333 return PERMISSION_DENIED;
4334 } else if (!mUidIsTrusted && result == PermissionChecker::PERMISSION_SOFT_DENIED) {
4335 // If the calling Uid is trusted (a native service), the AppOpsManager/PermissionChecker
4336 // could return MODE_IGNORED/PERMISSION_SOFT_DENIED. Do not treat such case as error.
4337 bool isUidActive =
4338 sCameraService->mUidPolicy->isUidActive(getClientUid(), getPackageName());
4339
4340 bool isCameraPrivacyEnabled;
4341 if (flags::camera_privacy_allowlist()) {
4342 isCameraPrivacyEnabled = sCameraService->isCameraPrivacyEnabled(
4343 toString16(getPackageName()), std::string(), mCallingPid, getClientUid());
4344 } else {
4345 isCameraPrivacyEnabled =
4346 sCameraService->mSensorPrivacyPolicy->isCameraPrivacyEnabled();
4347 }
4348 // We don't want to return EACCESS if the CameraPrivacy is enabled.
4349 // We prefer to successfully open the camera and perform camera muting
4350 // or blocking in connectHelper as handleAppOpMode can be called before the
4351 // connection has been fully established and at that time camera muting
4352 // capabilities are unknown.
4353 if (!isUidActive || !isCameraPrivacyEnabled) {
4354 ALOGI("Camera %s: Access for \"%s\" has been restricted."
4355 "uid active: %s, privacy enabled: %s",
4356 mCameraIdStr.c_str(), getPackageName().c_str(), isUidActive ? "true" : "false",
4357 isCameraPrivacyEnabled ? "true" : "false");
4358 // Return the same error as for device policy manager rejection
4359 return -EACCES;
4360 }
4361 }
4362 return OK;
4363 }
4364
handleAppOpMode(int32_t mode)4365 status_t CameraService::BasicClient::handleAppOpMode(int32_t mode) {
4366 return handlePermissionResult(appOpModeToPermissionResult(mode));
4367 }
4368
notifyCameraOpening()4369 status_t CameraService::BasicClient::notifyCameraOpening() {
4370 ATRACE_CALL();
4371
4372 // Don't start watching until we're streaming when using permissionChecker for data delivery
4373 if (!flags::data_delivery_permission_checks()) {
4374 ALOGD("%s: Start camera ops, package name = %s, client UID = %d", __FUNCTION__,
4375 getPackageName().c_str(), getClientUid());
4376
4377 if (mAppOpsManager != nullptr) {
4378 // Notify app ops that the camera is not available
4379 mOpsCallback = new OpsCallback(this);
4380
4381 mAppOpsManager->startWatchingMode(
4382 AppOpsManager::OP_CAMERA, toString16(getPackageName()),
4383 AppOpsManager::WATCH_FOREGROUND_CHANGES, mOpsCallback);
4384
4385 // Just check for camera access here on open - delay startOp until
4386 // camera frames start streaming in startCameraStreamingOps
4387 int32_t mode = mAppOpsManager->checkOp(AppOpsManager::OP_CAMERA, getClientUid(),
4388 toString16(getPackageName()));
4389 status_t res = handleAppOpMode(mode);
4390 if (res != OK) {
4391 return res;
4392 }
4393 }
4394 } else {
4395 // TODO: Remove when removing the data_delivery_permission_checks flag
4396 ALOGD("%s: Bypassing checkOp for uid %d", __FUNCTION__, getClientUid());
4397 }
4398
4399 mCameraOpen = true;
4400
4401 // Transition device availability listeners from PRESENT -> NOT_AVAILABLE
4402 sCameraService->updateStatus(StatusInternal::NOT_AVAILABLE, mCameraIdStr);
4403
4404 sCameraService->mUidPolicy->registerMonitorUid(getClientUid(), /*openCamera*/ true);
4405
4406 if (flags::camera_multi_client() && mSharedMode) {
4407 sCameraService->mUidPolicy->addSharedClientPid(getClientUid(), getClientCallingPid());
4408 }
4409
4410 // Notify listeners of camera open/close status
4411 sCameraService->updateOpenCloseStatus(mCameraIdStr, true /*open*/, getPackageName(),
4412 mSharedMode);
4413
4414 return OK;
4415 }
4416
startCameraStreamingOps()4417 status_t CameraService::BasicClient::startCameraStreamingOps() {
4418 ATRACE_CALL();
4419
4420 if (!mCameraOpen) {
4421 ALOGE("%s: Calling streaming start when not yet active", __FUNCTION__);
4422 return INVALID_OPERATION;
4423 }
4424
4425 if (mCameraStreaming) {
4426 ALOGV("%s: Streaming already active!", __FUNCTION__);
4427 return OK;
4428 }
4429
4430 ALOGV("%s: Start camera streaming ops, package name = %s, client UID = %d", __FUNCTION__,
4431 getPackageName().c_str(), getClientUid());
4432
4433 if (mAppOpsManager != nullptr) {
4434 if (flags::data_delivery_permission_checks()) {
4435 ALOGD("%s: Start data delivery for uid %d", __FUNCTION__, getClientUid());
4436
4437 const PermissionChecker::PermissionResult result =
4438 checkPermissionsForCameraForStartDataDelivery(mCameraIdStr, mClientAttribution);
4439 status_t res = handlePermissionResult(result);
4440 if (res != OK) {
4441 return res;
4442 }
4443
4444 mOpsCallback = new OpsCallback(this);
4445 std::for_each(AttrSourceItr{mClientAttribution}, AttrSourceItr::end(),
4446 [&](const auto& attr) {
4447 mAppOpsManager->startWatchingMode(
4448 AppOpsManager::OP_CAMERA,
4449 toString16(attr.packageName.value_or("")),
4450 AppOpsManager::WATCH_FOREGROUND_CHANGES, mOpsCallback);
4451 });
4452 } else {
4453 ALOGD("%s: startOp for uid %d", __FUNCTION__, getClientUid());
4454 int32_t mode = mAppOpsManager->startOpNoThrow(
4455 AppOpsManager::OP_CAMERA, getClientUid(), toString16(getPackageName()),
4456 /*startIfModeDefault*/ false, toString16(getClientAttributionTag()),
4457 toString16("start camera ") + toString16(mCameraIdStr));
4458 status_t res = handleAppOpMode(mode);
4459 if (res != OK) {
4460 return res;
4461 }
4462 }
4463 }
4464
4465 mCameraStreaming = true;
4466
4467 return OK;
4468 }
4469
noteAppOp()4470 status_t CameraService::BasicClient::noteAppOp() {
4471 ATRACE_CALL();
4472
4473 ALOGV("%s: Start camera noteAppOp, package name = %s, client UID = %d", __FUNCTION__,
4474 getPackageName().c_str(), getClientUid());
4475
4476 // noteAppOp is only used for when camera mute is not supported, in order
4477 // to trigger the sensor privacy "Unblock" dialog
4478 if (flags::data_delivery_permission_checks()) {
4479 // Ignore the result, since we're only triggering the dialog
4480 ALOGD("%s: Check data delivery permissions for uid %d", __FUNCTION__, getClientUid());
4481 hasPermissionsForCameraForDataDelivery(std::string(), mClientAttribution);
4482 } else if (mAppOpsManager != nullptr) {
4483 ALOGD("%s: noteOp for uid %d", __FUNCTION__, getClientUid());
4484 int32_t mode = mAppOpsManager->noteOp(
4485 AppOpsManager::OP_CAMERA, getClientUid(), toString16(getPackageName()),
4486 toString16(getClientAttributionTag()),
4487 toString16("start camera ") + toString16(mCameraIdStr));
4488 status_t res = handleAppOpMode(mode);
4489 if (res != OK) {
4490 return res;
4491 }
4492 }
4493
4494 return OK;
4495 }
4496
finishCameraStreamingOps()4497 status_t CameraService::BasicClient::finishCameraStreamingOps() {
4498 ATRACE_CALL();
4499
4500 if (!mCameraOpen) {
4501 ALOGE("%s: Calling streaming start when not yet active", __FUNCTION__);
4502 return INVALID_OPERATION;
4503 }
4504 if (!mCameraStreaming) {
4505 ALOGV("%s: Streaming not active!", __FUNCTION__);
4506 return OK;
4507 }
4508
4509 if (mAppOpsManager != nullptr) {
4510 if (flags::data_delivery_permission_checks()) {
4511 ALOGD("%s: finishDataDelivery for uid %d", __FUNCTION__, getClientUid());
4512 finishDataDelivery(mClientAttribution);
4513
4514 // Stop watching app op changes after stop streaming
4515 if (mOpsCallback != nullptr) {
4516 mAppOpsManager->stopWatchingMode(mOpsCallback);
4517 mOpsCallback.clear();
4518 }
4519 } else {
4520 ALOGD("%s: finishOp for uid %d", __FUNCTION__, getClientUid());
4521 mAppOpsManager->finishOp(AppOpsManager::OP_CAMERA, getClientUid(),
4522 toString16(getPackageName()),
4523 toString16(getClientAttributionTag()));
4524 }
4525 mCameraStreaming = false;
4526 }
4527
4528 return OK;
4529 }
4530
notifyCameraClosing()4531 status_t CameraService::BasicClient::notifyCameraClosing() {
4532 ATRACE_CALL();
4533
4534 if (mCameraStreaming) {
4535 // Make sure we've notified everyone about camera stopping
4536 finishCameraStreamingOps();
4537 }
4538
4539 // Check if notifyCameraOpening succeeded, and if so, finish the camera op if necessary
4540 if (mCameraOpen) {
4541 mCameraOpen = false;
4542
4543 // This function is called when a client disconnects. This should
4544 // release the camera, but actually only if it was in a proper
4545 // functional state, i.e. with status NOT_AVAILABLE
4546 std::initializer_list<StatusInternal> rejected = {StatusInternal::PRESENT,
4547 StatusInternal::ENUMERATING, StatusInternal::NOT_PRESENT};
4548
4549 // Transition to PRESENT if the camera is not in either of the rejected states
4550 if (!flags::camera_multi_client() || !mSharedMode || (mSharedMode
4551 && sCameraService->isOnlyClient(this))) {
4552 sCameraService->updateStatus(StatusInternal::PRESENT,
4553 mCameraIdStr, rejected);
4554 }
4555 }
4556
4557 // When using the data delivery permission checks, the open state does not involve AppOps
4558 if (!flags::data_delivery_permission_checks()) {
4559 // Always stop watching, even if no camera op is active
4560 if (mOpsCallback != nullptr && mAppOpsManager != nullptr) {
4561 mAppOpsManager->stopWatchingMode(mOpsCallback);
4562 }
4563 mOpsCallback.clear();
4564 }
4565
4566 sCameraService->mUidPolicy->unregisterMonitorUid(getClientUid(), /*closeCamera*/ true);
4567
4568 if (flags::camera_multi_client() && mSharedMode) {
4569 sCameraService->mUidPolicy->removeSharedClientPid(getClientUid(), getClientCallingPid());
4570 }
4571
4572 // Notify listeners of camera open/close status
4573 sCameraService->updateOpenCloseStatus(mCameraIdStr, false /*open*/, getPackageName(),
4574 mSharedMode);
4575
4576 return OK;
4577 }
4578
getUidProcessState(int32_t uid)4579 int32_t CameraService::getUidProcessState(int32_t uid) {
4580 const auto& activityManager = getActivityManager();
4581 int32_t procState = ActivityManager::PROCESS_STATE_NONEXISTENT;
4582 if (activityManager != nullptr) {
4583 procState = activityManager->getUidProcessState(uid, toString16(kServiceName));
4584 } else {
4585 ALOGE("%s: getActivityManager returned nullptr.", __FUNCTION__);
4586 }
4587 return procState;
4588 }
4589
opChanged(int32_t op,const String16 &)4590 void CameraService::BasicClient::opChanged(int32_t op, const String16&) {
4591 ATRACE_CALL();
4592 if (mAppOpsManager == nullptr) {
4593 return;
4594 }
4595 // TODO : add offline camera session case
4596 if (op != AppOpsManager::OP_CAMERA) {
4597 ALOGW("Unexpected app ops notification received: %d", op);
4598 return;
4599 }
4600
4601 PermissionChecker::PermissionResult res;
4602 if (flags::data_delivery_permission_checks()) {
4603 int32_t appOpMode = AppOpsManager::MODE_ALLOWED;
4604 std::for_each(AttrSourceItr{mClientAttribution}, AttrSourceItr::end(),
4605 [&](const auto& attr) {
4606 appOpMode = std::max(appOpMode, mAppOpsManager->checkOp(
4607 AppOpsManager::OP_CAMERA, attr.uid,
4608 toString16(attr.packageName.value_or(""))));
4609 });
4610 res = appOpModeToPermissionResult(appOpMode);
4611 ALOGV("checkOp returns: %d, %s ", appOpMode,
4612 appOpMode == AppOpsManager::MODE_ALLOWED ? "ALLOWED"
4613 : appOpMode == AppOpsManager::MODE_IGNORED ? "IGNORED"
4614 : appOpMode == AppOpsManager::MODE_ERRORED ? "ERRORED"
4615 : "UNKNOWN");
4616 } else {
4617 int32_t appOpMode = mAppOpsManager->checkOp(AppOpsManager::OP_CAMERA, getClientUid(),
4618 toString16(getPackageName()));
4619 res = appOpModeToPermissionResult(appOpMode);
4620 ALOGV("checkOp returns: %d, %s ", appOpMode,
4621 appOpMode == AppOpsManager::MODE_ALLOWED ? "ALLOWED"
4622 : appOpMode == AppOpsManager::MODE_IGNORED ? "IGNORED"
4623 : appOpMode == AppOpsManager::MODE_ERRORED ? "ERRORED"
4624 : "UNKNOWN");
4625 }
4626
4627 if (res == PermissionChecker::PERMISSION_HARD_DENIED) {
4628 ALOGI("Camera %s: Access for \"%s\" revoked", mCameraIdStr.c_str(),
4629 getPackageName().c_str());
4630 block();
4631 } else if (res == PermissionChecker::PERMISSION_SOFT_DENIED) {
4632 bool isUidActive =
4633 sCameraService->mUidPolicy->isUidActive(getClientUid(), getPackageName());
4634
4635 // Uid may be active, but not visible to the user (e.g. PROCESS_STATE_FOREGROUND_SERVICE).
4636 // If not visible, but still active, then we want to block instead of muting the camera.
4637 int32_t procState = ActivityManager::PROCESS_STATE_NONEXISTENT;
4638 if (flags::data_delivery_permission_checks()) {
4639 // Use the proc state of the last uid in the chain (ultimately receiving the data)
4640 // when determining whether to mute or block
4641 int32_t uid = -1;
4642 std::for_each(AttrSourceItr{mClientAttribution}, AttrSourceItr::end(),
4643 [&](const auto& attr) {
4644 uid = static_cast<uid_t>(attr.uid);
4645 });
4646 procState = getUidProcessState(uid);
4647 } else {
4648 procState = sCameraService->mUidPolicy->getProcState(getClientUid());
4649 }
4650 bool isUidVisible = (procState <= ActivityManager::PROCESS_STATE_BOUND_TOP);
4651
4652 bool isCameraPrivacyEnabled;
4653 if (flags::camera_privacy_allowlist()) {
4654 isCameraPrivacyEnabled = sCameraService->isCameraPrivacyEnabled(
4655 toString16(getPackageName()), std::string(), mCallingPid, getClientUid());
4656 } else {
4657 isCameraPrivacyEnabled =
4658 sCameraService->mSensorPrivacyPolicy->isCameraPrivacyEnabled();
4659 }
4660
4661 ALOGI("Camera %s: Access for \"%s\" has been restricted, isUidTrusted %d, isUidActive %d"
4662 " isUidVisible %d, isCameraPrivacyEnabled %d procState %d",
4663 mCameraIdStr.c_str(), getPackageName().c_str(), mUidIsTrusted, isUidActive,
4664 isUidVisible, isCameraPrivacyEnabled, procState);
4665 // If the calling Uid is trusted (a native service), or the client Uid is active / visible
4666 // (WAR for b/175320666)the AppOpsManager could return MODE_IGNORED. Do not treat such
4667 // cases as error.
4668 if (!mUidIsTrusted) {
4669 if (isUidVisible && isCameraPrivacyEnabled && supportsCameraMute()) {
4670 setCameraMute(true);
4671 } else {
4672 block();
4673 }
4674 }
4675 } else if (res == PermissionChecker::PERMISSION_GRANTED) {
4676 setCameraMute(sCameraService->mOverrideCameraMuteMode);
4677 }
4678 }
4679
block()4680 void CameraService::BasicClient::block() {
4681 ATRACE_CALL();
4682
4683 // Reset the client PID to allow server-initiated disconnect,
4684 // and to prevent further calls by client.
4685 mCallingPid = getCallingPid();
4686 CaptureResultExtras resultExtras; // a dummy result (invalid)
4687 notifyError(hardware::camera2::ICameraDeviceCallbacks::ERROR_CAMERA_DISABLED, resultExtras);
4688 disconnect();
4689 }
4690
isPrimaryClient(bool * isPrimary)4691 status_t CameraService::BasicClient::isPrimaryClient(bool* isPrimary) {
4692 ATRACE_CALL();
4693 if (!flags::camera_multi_client()) {
4694 return INVALID_OPERATION;
4695 }
4696
4697 if (!mSharedMode) {
4698 return INVALID_OPERATION;
4699 }
4700 *isPrimary = mIsPrimaryClient;
4701 return OK;
4702 }
4703
setPrimaryClient(bool isPrimary)4704 status_t CameraService::BasicClient::setPrimaryClient(bool isPrimary) {
4705 ATRACE_CALL();
4706
4707 if (!flags::camera_multi_client()) {
4708 return INVALID_OPERATION;
4709 }
4710
4711 if (!mSharedMode) {
4712 return INVALID_OPERATION;
4713 }
4714 mIsPrimaryClient = isPrimary;
4715 return OK;
4716 }
4717
4718 // ----------------------------------------------------------------------------
4719
notifyError(int32_t errorCode,const CaptureResultExtras & resultExtras)4720 void CameraService::Client::notifyError(int32_t errorCode,
4721 [[maybe_unused]] const CaptureResultExtras& resultExtras) {
4722 if (mRemoteCallback != NULL) {
4723 int32_t api1ErrorCode = CAMERA_ERROR_RELEASED;
4724 if (errorCode == hardware::camera2::ICameraDeviceCallbacks::ERROR_CAMERA_DISABLED) {
4725 api1ErrorCode = CAMERA_ERROR_DISABLED;
4726 }
4727 mRemoteCallback->notifyCallback(CAMERA_MSG_ERROR, api1ErrorCode, 0);
4728 } else {
4729 ALOGE("mRemoteCallback is NULL!!");
4730 }
4731 }
4732
4733 // NOTE: function is idempotent
disconnect()4734 binder::Status CameraService::Client::disconnect() {
4735 ALOGV("Client::disconnect");
4736 return BasicClient::disconnect();
4737 }
4738
canCastToApiClient(apiLevel level) const4739 bool CameraService::Client::canCastToApiClient(apiLevel level) const {
4740 return level == API_1;
4741 }
4742
OpsCallback(wp<BasicClient> client)4743 CameraService::Client::OpsCallback::OpsCallback(wp<BasicClient> client):
4744 mClient(client) {
4745 }
4746
opChanged(int32_t op,int32_t,const String16 & packageName,const String16 &)4747 binder::Status CameraService::Client::OpsCallback::opChanged(int32_t op, int32_t,
4748 const String16& packageName, const String16&) {
4749 sp<BasicClient> client = mClient.promote();
4750 if (client != NULL) {
4751 client->opChanged(op, packageName);
4752 }
4753 return binder::Status::ok();
4754 }
4755
4756 // ----------------------------------------------------------------------------
4757 // UidPolicy
4758 // ----------------------------------------------------------------------------
4759
registerWithActivityManager()4760 void CameraService::UidPolicy::registerWithActivityManager() {
4761 Mutex::Autolock _l(mUidLock);
4762 int32_t emptyUidArray[] = { };
4763
4764 if (mRegistered) return;
4765 status_t res = mAm.linkToDeath(this);
4766 mAm.registerUidObserverForUids(this, ActivityManager::UID_OBSERVER_GONE
4767 | ActivityManager::UID_OBSERVER_IDLE
4768 | ActivityManager::UID_OBSERVER_ACTIVE | ActivityManager::UID_OBSERVER_PROCSTATE
4769 | ActivityManager::UID_OBSERVER_PROC_OOM_ADJ,
4770 ActivityManager::PROCESS_STATE_UNKNOWN,
4771 toString16(kServiceName), emptyUidArray, 0, mObserverToken);
4772 if (res == OK) {
4773 mRegistered = true;
4774 ALOGV("UidPolicy: Registered with ActivityManager");
4775 } else {
4776 ALOGE("UidPolicy: Failed to register with ActivityManager: 0x%08x", res);
4777 }
4778 }
4779
onServiceRegistration(const String16 & name,const sp<IBinder> &)4780 void CameraService::UidPolicy::onServiceRegistration(const String16& name, const sp<IBinder>&) {
4781 if (name != toString16(kActivityServiceName)) {
4782 return;
4783 }
4784
4785 registerWithActivityManager();
4786 }
4787
registerSelf()4788 void CameraService::UidPolicy::registerSelf() {
4789 // Use check service to see if the activity service is available
4790 // If not available then register for notifications, instead of blocking
4791 // till the service is ready
4792 sp<IServiceManager> sm = defaultServiceManager();
4793 sp<IBinder> binder = sm->checkService(toString16(kActivityServiceName));
4794 if (!binder) {
4795 sm->registerForNotifications(toString16(kActivityServiceName), this);
4796 } else {
4797 registerWithActivityManager();
4798 }
4799 }
4800
unregisterSelf()4801 void CameraService::UidPolicy::unregisterSelf() {
4802 Mutex::Autolock _l(mUidLock);
4803
4804 mAm.unregisterUidObserver(this);
4805 mAm.unlinkToDeath(this);
4806 mRegistered = false;
4807 mActiveUids.clear();
4808 ALOGV("UidPolicy: Unregistered with ActivityManager");
4809 }
4810
onUidGone(uid_t uid,bool disabled)4811 void CameraService::UidPolicy::onUidGone(uid_t uid, bool disabled) {
4812 onUidIdle(uid, disabled);
4813 }
4814
onUidActive(uid_t uid)4815 void CameraService::UidPolicy::onUidActive(uid_t uid) {
4816 Mutex::Autolock _l(mUidLock);
4817 mActiveUids.insert(uid);
4818 }
4819
onUidIdle(uid_t uid,bool)4820 void CameraService::UidPolicy::onUidIdle(uid_t uid, bool /* disabled */) {
4821 bool deleted = false;
4822 {
4823 Mutex::Autolock _l(mUidLock);
4824 if (mActiveUids.erase(uid) > 0) {
4825 deleted = true;
4826 }
4827 }
4828 if (deleted) {
4829 sp<CameraService> service = mService.promote();
4830 if (service != nullptr) {
4831 service->blockClientsForUid(uid);
4832 }
4833 }
4834 }
4835
onUidStateChanged(uid_t uid,int32_t procState,int64_t procStateSeq __unused,int32_t capability __unused)4836 void CameraService::UidPolicy::onUidStateChanged(uid_t uid, int32_t procState,
4837 int64_t procStateSeq __unused, int32_t capability __unused) {
4838 bool procStateChange = false;
4839 std::vector<int> sharedPids;
4840 {
4841 Mutex::Autolock _l(mUidLock);
4842 if (mMonitoredUids.find(uid) != mMonitoredUids.end()) {
4843 if (mMonitoredUids[uid].procState != procState) {
4844 mMonitoredUids[uid].procState = procState;
4845 procStateChange = true;
4846 }
4847 if (flags::camera_multi_client()) {
4848 std::unordered_set<int> sharedClientPids = mMonitoredUids[uid].sharedClientPids;
4849 if (!sharedClientPids.empty()) {
4850 sharedPids.assign(sharedClientPids.begin(), sharedClientPids.end());
4851 }
4852 }
4853 }
4854 }
4855
4856 sp<CameraService> service = mService.promote();
4857 if (procStateChange) {
4858 if (service != nullptr) {
4859 service->notifyMonitoredUids();
4860 }
4861 }
4862
4863 if (flags::camera_multi_client() && !sharedPids.empty()) {
4864 if (service != nullptr) {
4865 service->updateSharedClientAccessPriorities(sharedPids);
4866 }
4867 }
4868 }
4869
4870 /**
4871 * When the OOM adj of the uid owning the camera changes, a different uid waiting on camera
4872 * privileges may take precedence if the owner's new OOM adj is greater than the waiting package.
4873 * Here, we track which monitoredUid has the camera, and track its adj relative to other
4874 * monitoredUids. If it is revised above some other monitoredUid, signal
4875 * onCameraAccessPrioritiesChanged. This only needs to capture the case where there are two
4876 * foreground apps in split screen - state changes will capture all other cases.
4877 */
onUidProcAdjChanged(uid_t uid,int32_t adj)4878 void CameraService::UidPolicy::onUidProcAdjChanged(uid_t uid, int32_t adj) {
4879 std::unordered_set<uid_t> notifyUidSet;
4880 std::vector<int> sharedPids;
4881 {
4882 Mutex::Autolock _l(mUidLock);
4883 auto it = mMonitoredUids.find(uid);
4884
4885 if (it != mMonitoredUids.end()) {
4886 if (it->second.hasCamera) {
4887 for (auto &monitoredUid : mMonitoredUids) {
4888 if (monitoredUid.first != uid && adj > monitoredUid.second.procAdj) {
4889 ALOGV("%s: notify uid %d", __FUNCTION__, monitoredUid.first);
4890 notifyUidSet.emplace(monitoredUid.first);
4891 }
4892 }
4893 ALOGV("%s: notify uid %d", __FUNCTION__, uid);
4894 notifyUidSet.emplace(uid);
4895 } else {
4896 for (auto &monitoredUid : mMonitoredUids) {
4897 if (monitoredUid.second.hasCamera && adj < monitoredUid.second.procAdj) {
4898 ALOGV("%s: notify uid %d", __FUNCTION__, uid);
4899 notifyUidSet.emplace(uid);
4900 }
4901 }
4902 }
4903 it->second.procAdj = adj;
4904 if (flags::camera_multi_client()) {
4905 std::unordered_set<int> sharedClientPids = it->second.sharedClientPids;
4906 if (!sharedClientPids.empty()) {
4907 sharedPids.assign(sharedClientPids.begin(), sharedClientPids.end());
4908 }
4909 }
4910 }
4911 }
4912
4913 sp<CameraService> service = mService.promote();
4914
4915 if (notifyUidSet.size() > 0) {
4916 if (service != nullptr) {
4917 service->notifyMonitoredUids(notifyUidSet);
4918 }
4919 }
4920
4921 if (flags::camera_multi_client() && !sharedPids.empty()) {
4922 if (service != nullptr) {
4923 service->updateSharedClientAccessPriorities(sharedPids);
4924 }
4925 }
4926 }
4927
4928 /**
4929 * Register a uid for monitoring, and note whether it owns a camera.
4930 */
registerMonitorUid(uid_t uid,bool openCamera)4931 void CameraService::UidPolicy::registerMonitorUid(uid_t uid, bool openCamera) {
4932 Mutex::Autolock _l(mUidLock);
4933 auto it = mMonitoredUids.find(uid);
4934 if (it != mMonitoredUids.end()) {
4935 it->second.refCount++;
4936 } else {
4937 MonitoredUid monitoredUid;
4938 monitoredUid.procState = ActivityManager::PROCESS_STATE_NONEXISTENT;
4939 monitoredUid.procAdj = resource_policy::UNKNOWN_ADJ;
4940 monitoredUid.refCount = 1;
4941 it = mMonitoredUids.emplace(std::pair<uid_t, MonitoredUid>(uid, monitoredUid)).first;
4942 status_t res = mAm.addUidToObserver(mObserverToken, toString16(kServiceName), uid);
4943 if (res != OK) {
4944 ALOGE("UidPolicy: Failed to add uid to observer: 0x%08x", res);
4945 }
4946 }
4947
4948 if (openCamera) {
4949 it->second.hasCamera = true;
4950 }
4951 }
4952
4953 /**
4954 * Unregister a uid for monitoring, and note whether it lost ownership of a camera.
4955 */
unregisterMonitorUid(uid_t uid,bool closeCamera)4956 void CameraService::UidPolicy::unregisterMonitorUid(uid_t uid, bool closeCamera) {
4957 Mutex::Autolock _l(mUidLock);
4958 auto it = mMonitoredUids.find(uid);
4959 if (it != mMonitoredUids.end()) {
4960 it->second.refCount--;
4961 if (it->second.refCount == 0) {
4962 mMonitoredUids.erase(it);
4963 status_t res = mAm.removeUidFromObserver(mObserverToken, toString16(kServiceName), uid);
4964 if (res != OK) {
4965 ALOGE("UidPolicy: Failed to remove uid from observer: 0x%08x", res);
4966 }
4967 } else if (closeCamera) {
4968 it->second.hasCamera = false;
4969 }
4970 } else {
4971 ALOGE("%s: Trying to unregister uid: %d which is not monitored!", __FUNCTION__, uid);
4972 }
4973 }
4974
isUidActive(uid_t uid,const std::string & callingPackage)4975 bool CameraService::UidPolicy::isUidActive(uid_t uid, const std::string &callingPackage) {
4976 Mutex::Autolock _l(mUidLock);
4977 return isUidActiveLocked(uid, callingPackage);
4978 }
4979
4980 static const int64_t kPollUidActiveTimeoutTotalMillis = 300;
4981 static const int64_t kPollUidActiveTimeoutMillis = 50;
4982
isUidActiveLocked(uid_t uid,const std::string & callingPackage)4983 bool CameraService::UidPolicy::isUidActiveLocked(uid_t uid, const std::string &callingPackage) {
4984 // Non-app UIDs are considered always active
4985 // If activity manager is unreachable, assume everything is active
4986 if (uid < FIRST_APPLICATION_UID || !mRegistered) {
4987 return true;
4988 }
4989 auto it = mOverrideUids.find(uid);
4990 if (it != mOverrideUids.end()) {
4991 return it->second;
4992 }
4993 bool active = mActiveUids.find(uid) != mActiveUids.end();
4994 if (!active) {
4995 // We want active UIDs to always access camera with their first attempt since
4996 // there is no guarantee the app is robustly written and would retry getting
4997 // the camera on failure. The inverse case is not a problem as we would take
4998 // camera away soon once we get the callback that the uid is no longer active.
4999 ActivityManager am;
5000 // Okay to access with a lock held as UID changes are dispatched without
5001 // a lock and we are a higher level component.
5002 int64_t startTimeMillis = 0;
5003 do {
5004 // TODO: Fix this b/109950150!
5005 // Okay this is a hack. There is a race between the UID turning active and
5006 // activity being resumed. The proper fix is very risky, so we temporary add
5007 // some polling which should happen pretty rarely anyway as the race is hard
5008 // to hit.
5009 active = mActiveUids.find(uid) != mActiveUids.end();
5010 if (!active) active = am.isUidActive(uid, toString16(callingPackage));
5011 if (active) {
5012 break;
5013 }
5014 if (startTimeMillis <= 0) {
5015 startTimeMillis = uptimeMillis();
5016 }
5017 int64_t ellapsedTimeMillis = uptimeMillis() - startTimeMillis;
5018 int64_t remainingTimeMillis = kPollUidActiveTimeoutTotalMillis - ellapsedTimeMillis;
5019 if (remainingTimeMillis <= 0) {
5020 break;
5021 }
5022 remainingTimeMillis = std::min(kPollUidActiveTimeoutMillis, remainingTimeMillis);
5023
5024 mUidLock.unlock();
5025 usleep(remainingTimeMillis * 1000);
5026 mUidLock.lock();
5027 } while (true);
5028
5029 if (active) {
5030 // Now that we found out the UID is actually active, cache that
5031 mActiveUids.insert(uid);
5032 }
5033 }
5034 return active;
5035 }
5036
getProcState(uid_t uid)5037 int32_t CameraService::UidPolicy::getProcState(uid_t uid) {
5038 Mutex::Autolock _l(mUidLock);
5039 return getProcStateLocked(uid);
5040 }
5041
getProcStateLocked(uid_t uid)5042 int32_t CameraService::UidPolicy::getProcStateLocked(uid_t uid) {
5043 int32_t procState = ActivityManager::PROCESS_STATE_UNKNOWN;
5044 if (mMonitoredUids.find(uid) != mMonitoredUids.end()) {
5045 procState = mMonitoredUids[uid].procState;
5046 }
5047 return procState;
5048 }
5049
addOverrideUid(uid_t uid,const std::string & callingPackage,bool active)5050 void CameraService::UidPolicy::addOverrideUid(uid_t uid,
5051 const std::string &callingPackage, bool active) {
5052 updateOverrideUid(uid, callingPackage, active, true);
5053 }
5054
removeOverrideUid(uid_t uid,const std::string & callingPackage)5055 void CameraService::UidPolicy::removeOverrideUid(uid_t uid, const std::string &callingPackage) {
5056 updateOverrideUid(uid, callingPackage, false, false);
5057 }
5058
addSharedClientPid(uid_t uid,int pid)5059 void CameraService::UidPolicy::addSharedClientPid(uid_t uid, int pid) {
5060 Mutex::Autolock _l(mUidLock);
5061 if (mMonitoredUids.find(uid) != mMonitoredUids.end()) {
5062 mMonitoredUids[uid].sharedClientPids.insert(pid);
5063 }
5064 }
5065
removeSharedClientPid(uid_t uid,int pid)5066 void CameraService::UidPolicy::removeSharedClientPid(uid_t uid, int pid) {
5067 Mutex::Autolock _l(mUidLock);
5068 if (mMonitoredUids.find(uid) != mMonitoredUids.end()) {
5069 mMonitoredUids[uid].sharedClientPids.erase(pid);
5070 }
5071 }
5072
binderDied(const wp<IBinder> &)5073 void CameraService::UidPolicy::binderDied(const wp<IBinder>& /*who*/) {
5074 Mutex::Autolock _l(mUidLock);
5075 ALOGV("UidPolicy: ActivityManager has died");
5076 mRegistered = false;
5077 mActiveUids.clear();
5078 }
5079
updateOverrideUid(uid_t uid,const std::string & callingPackage,bool active,bool insert)5080 void CameraService::UidPolicy::updateOverrideUid(uid_t uid, const std::string &callingPackage,
5081 bool active, bool insert) {
5082 bool wasActive = false;
5083 bool isActive = false;
5084 {
5085 Mutex::Autolock _l(mUidLock);
5086 wasActive = isUidActiveLocked(uid, callingPackage);
5087 mOverrideUids.erase(uid);
5088 if (insert) {
5089 mOverrideUids.insert(std::pair<uid_t, bool>(uid, active));
5090 }
5091 isActive = isUidActiveLocked(uid, callingPackage);
5092 }
5093 if (wasActive != isActive && !isActive) {
5094 sp<CameraService> service = mService.promote();
5095 if (service != nullptr) {
5096 service->blockClientsForUid(uid);
5097 }
5098 }
5099 }
5100
5101 // ----------------------------------------------------------------------------
5102 // SensorPrivacyPolicy
5103 // ----------------------------------------------------------------------------
5104
registerWithSensorPrivacyManager()5105 void CameraService::SensorPrivacyPolicy::registerWithSensorPrivacyManager()
5106 {
5107 Mutex::Autolock _l(mSensorPrivacyLock);
5108 if (mRegistered) {
5109 return;
5110 }
5111 hasCameraPrivacyFeature(); // Called so the result is cached
5112 mSpm.addSensorPrivacyListener(this);
5113 if (isAutomotiveDevice()) {
5114 mSpm.addToggleSensorPrivacyListener(this);
5115 }
5116 mSensorPrivacyEnabled = mSpm.isSensorPrivacyEnabled();
5117 if (flags::camera_privacy_allowlist()) {
5118 mCameraPrivacyState = mSpm.getToggleSensorPrivacyState(
5119 SensorPrivacyManager::TOGGLE_TYPE_SOFTWARE,
5120 SensorPrivacyManager::TOGGLE_SENSOR_CAMERA);
5121 }
5122 status_t res = mSpm.linkToDeath(this);
5123 if (res == OK) {
5124 mRegistered = true;
5125 ALOGV("SensorPrivacyPolicy: Registered with SensorPrivacyManager");
5126 }
5127 }
5128
onServiceRegistration(const String16 & name,const sp<IBinder> &)5129 void CameraService::SensorPrivacyPolicy::onServiceRegistration(const String16& name,
5130 const sp<IBinder>&) {
5131 if (name != toString16(kSensorPrivacyServiceName)) {
5132 return;
5133 }
5134
5135 registerWithSensorPrivacyManager();
5136 }
5137
registerSelf()5138 void CameraService::SensorPrivacyPolicy::registerSelf() {
5139 // Use checkservice to see if the sensor_privacy service is available
5140 // If service is not available then register for notification
5141 sp<IServiceManager> sm = defaultServiceManager();
5142 sp<IBinder> binder = sm->checkService(toString16(kSensorPrivacyServiceName));
5143 if (!binder) {
5144 sm->registerForNotifications(toString16(kSensorPrivacyServiceName),this);
5145 } else {
5146 registerWithSensorPrivacyManager();
5147 }
5148 }
5149
unregisterSelf()5150 void CameraService::SensorPrivacyPolicy::unregisterSelf() {
5151 Mutex::Autolock _l(mSensorPrivacyLock);
5152 mSpm.removeSensorPrivacyListener(this);
5153 if (isAutomotiveDevice()) {
5154 mSpm.removeToggleSensorPrivacyListener(this);
5155 }
5156 mSpm.unlinkToDeath(this);
5157 mRegistered = false;
5158 ALOGV("SensorPrivacyPolicy: Unregistered with SensorPrivacyManager");
5159 }
5160
isSensorPrivacyEnabled()5161 bool CameraService::SensorPrivacyPolicy::isSensorPrivacyEnabled() {
5162 if (!mRegistered) {
5163 registerWithSensorPrivacyManager();
5164 }
5165
5166 Mutex::Autolock _l(mSensorPrivacyLock);
5167 return mSensorPrivacyEnabled;
5168 }
5169
getCameraPrivacyState()5170 int CameraService::SensorPrivacyPolicy::getCameraPrivacyState() {
5171 if (!mRegistered) {
5172 registerWithSensorPrivacyManager();
5173 }
5174
5175 Mutex::Autolock _l(mSensorPrivacyLock);
5176 return mCameraPrivacyState;
5177 }
5178
isCameraPrivacyEnabled()5179 bool CameraService::SensorPrivacyPolicy::isCameraPrivacyEnabled() {
5180 if (!hasCameraPrivacyFeature()) {
5181 return false;
5182 }
5183 return mSpm.isToggleSensorPrivacyEnabled(SensorPrivacyManager::TOGGLE_SENSOR_CAMERA);
5184 }
5185
isCameraPrivacyEnabled(const String16 & packageName)5186 bool CameraService::SensorPrivacyPolicy::isCameraPrivacyEnabled(const String16& packageName) {
5187 if (!hasCameraPrivacyFeature()) {
5188 return false;
5189 }
5190 return mSpm.isCameraPrivacyEnabled(packageName);
5191 }
5192
onSensorPrivacyChanged(int toggleType,int sensor,bool enabled)5193 binder::Status CameraService::SensorPrivacyPolicy::onSensorPrivacyChanged(
5194 int toggleType, int sensor, bool enabled) {
5195 if ((toggleType == SensorPrivacyManager::TOGGLE_TYPE_UNKNOWN)
5196 && (sensor == SensorPrivacyManager::TOGGLE_SENSOR_UNKNOWN)) {
5197 {
5198 Mutex::Autolock _l(mSensorPrivacyLock);
5199 mSensorPrivacyEnabled = enabled;
5200 }
5201 // if sensor privacy is enabled then block all clients from accessing the camera
5202 if (enabled) {
5203 sp<CameraService> service = mService.promote();
5204 if (service != nullptr) {
5205 service->blockAllClients();
5206 }
5207 }
5208 }
5209 return binder::Status::ok();
5210 }
5211
onSensorPrivacyStateChanged(int,int sensor,int state)5212 binder::Status CameraService::SensorPrivacyPolicy::onSensorPrivacyStateChanged(
5213 int, int sensor, int state) {
5214 if (!flags::camera_privacy_allowlist()
5215 || (sensor != SensorPrivacyManager::TOGGLE_SENSOR_CAMERA)) {
5216 return binder::Status::ok();
5217 }
5218 {
5219 Mutex::Autolock _l(mSensorPrivacyLock);
5220 mCameraPrivacyState = state;
5221 }
5222 sp<CameraService> service = mService.promote();
5223 if (!service) {
5224 return binder::Status::ok();
5225 }
5226 // if sensor privacy is enabled then block all clients from accessing the camera
5227 if (state == SensorPrivacyManager::ENABLED) {
5228 service->blockAllClients();
5229 } else if (state == SensorPrivacyManager::ENABLED_EXCEPT_ALLOWLISTED_APPS) {
5230 service->blockPrivacyEnabledClients();
5231 }
5232 return binder::Status::ok();
5233 }
5234
binderDied(const wp<IBinder> &)5235 void CameraService::SensorPrivacyPolicy::binderDied(const wp<IBinder>& /*who*/) {
5236 Mutex::Autolock _l(mSensorPrivacyLock);
5237 ALOGV("SensorPrivacyPolicy: SensorPrivacyManager has died");
5238 mRegistered = false;
5239 }
5240
hasCameraPrivacyFeature()5241 bool CameraService::SensorPrivacyPolicy::hasCameraPrivacyFeature() {
5242 bool supportsSoftwareToggle = mSpm.supportsSensorToggle(
5243 SensorPrivacyManager::TOGGLE_TYPE_SOFTWARE, SensorPrivacyManager::TOGGLE_SENSOR_CAMERA);
5244 bool supportsHardwareToggle = mSpm.supportsSensorToggle(
5245 SensorPrivacyManager::TOGGLE_TYPE_HARDWARE, SensorPrivacyManager::TOGGLE_SENSOR_CAMERA);
5246 return supportsSoftwareToggle || supportsHardwareToggle;
5247 }
5248
5249 // ----------------------------------------------------------------------------
5250 // CameraState
5251 // ----------------------------------------------------------------------------
5252
CameraState(const std::string & id,int cost,const std::set<std::string> & conflicting,SystemCameraKind systemCameraKind,const std::vector<std::string> & physicalCameras)5253 CameraService::CameraState::CameraState(const std::string& id, int cost,
5254 const std::set<std::string>& conflicting, SystemCameraKind systemCameraKind,
5255 const std::vector<std::string>& physicalCameras) : mId(id),
5256 mStatus(StatusInternal::NOT_PRESENT), mCost(cost), mConflicting(conflicting),
5257 mSystemCameraKind(systemCameraKind), mPhysicalCameras(physicalCameras) {}
5258
~CameraState()5259 CameraService::CameraState::~CameraState() {}
5260
getStatus() const5261 CameraService::StatusInternal CameraService::CameraState::getStatus() const {
5262 Mutex::Autolock lock(mStatusLock);
5263 return mStatus;
5264 }
5265
getUnavailablePhysicalIds() const5266 std::vector<std::string> CameraService::CameraState::getUnavailablePhysicalIds() const {
5267 Mutex::Autolock lock(mStatusLock);
5268 std::vector<std::string> res(mUnavailablePhysicalIds.begin(), mUnavailablePhysicalIds.end());
5269 return res;
5270 }
5271
getShimParams() const5272 CameraParameters CameraService::CameraState::getShimParams() const {
5273 return mShimParams;
5274 }
5275
setShimParams(const CameraParameters & params)5276 void CameraService::CameraState::setShimParams(const CameraParameters& params) {
5277 mShimParams = params;
5278 }
5279
getCost() const5280 int CameraService::CameraState::getCost() const {
5281 return mCost;
5282 }
5283
getConflicting() const5284 std::set<std::string> CameraService::CameraState::getConflicting() const {
5285 return mConflicting;
5286 }
5287
getSystemCameraKind() const5288 SystemCameraKind CameraService::CameraState::getSystemCameraKind() const {
5289 return mSystemCameraKind;
5290 }
5291
containsPhysicalCamera(const std::string & physicalCameraId) const5292 bool CameraService::CameraState::containsPhysicalCamera(const std::string& physicalCameraId) const {
5293 return std::find(mPhysicalCameras.begin(), mPhysicalCameras.end(), physicalCameraId)
5294 != mPhysicalCameras.end();
5295 }
5296
addUnavailablePhysicalId(const std::string & physicalId)5297 bool CameraService::CameraState::addUnavailablePhysicalId(const std::string& physicalId) {
5298 Mutex::Autolock lock(mStatusLock);
5299 auto result = mUnavailablePhysicalIds.insert(physicalId);
5300 return result.second;
5301 }
5302
removeUnavailablePhysicalId(const std::string & physicalId)5303 bool CameraService::CameraState::removeUnavailablePhysicalId(const std::string& physicalId) {
5304 Mutex::Autolock lock(mStatusLock);
5305 auto count = mUnavailablePhysicalIds.erase(physicalId);
5306 return count > 0;
5307 }
5308
setClientPackage(const std::string & clientPackage)5309 void CameraService::CameraState::setClientPackage(const std::string& clientPackage) {
5310 Mutex::Autolock lock(mStatusLock);
5311 mClientPackages.clear();
5312 mClientPackages.insert(clientPackage);
5313 }
5314
getClientPackage() const5315 std::string CameraService::CameraState::getClientPackage() const {
5316 Mutex::Autolock lock(mStatusLock);
5317 if (!mClientPackages.empty()) {
5318 std::set<std::string>::iterator it = mClientPackages.begin();
5319 return *it;
5320 }
5321 return std::string();
5322 }
5323
addClientPackage(const std::string & clientPackage)5324 void CameraService::CameraState::addClientPackage(const std::string& clientPackage) {
5325 Mutex::Autolock lock(mStatusLock);
5326 mClientPackages.insert(clientPackage);
5327 }
5328
removeClientPackage(const std::string & clientPackage)5329 void CameraService::CameraState::removeClientPackage(const std::string& clientPackage) {
5330 Mutex::Autolock lock(mStatusLock);
5331 mClientPackages.erase(clientPackage);
5332 }
5333
5334 // ----------------------------------------------------------------------------
5335 // ClientEventListener
5336 // ----------------------------------------------------------------------------
5337
onClientAdded(const resource_policy::ClientDescriptor<std::string,sp<CameraService::BasicClient>> & descriptor)5338 void CameraService::ClientEventListener::onClientAdded(
5339 const resource_policy::ClientDescriptor<std::string,
5340 sp<CameraService::BasicClient>>& descriptor) {
5341 const auto& basicClient = descriptor.getValue();
5342 if (basicClient.get() != nullptr) {
5343 BatteryNotifier& notifier(BatteryNotifier::getInstance());
5344 notifier.noteStartCamera(toString8(descriptor.getKey()),
5345 static_cast<int>(basicClient->getClientUid()));
5346 }
5347 }
5348
onClientRemoved(const resource_policy::ClientDescriptor<std::string,sp<CameraService::BasicClient>> & descriptor)5349 void CameraService::ClientEventListener::onClientRemoved(
5350 const resource_policy::ClientDescriptor<std::string,
5351 sp<CameraService::BasicClient>>& descriptor) {
5352 const auto& basicClient = descriptor.getValue();
5353 if (basicClient.get() != nullptr) {
5354 BatteryNotifier& notifier(BatteryNotifier::getInstance());
5355 notifier.noteStopCamera(toString8(descriptor.getKey()),
5356 static_cast<int>(basicClient->getClientUid()));
5357 }
5358 }
5359
5360 // ----------------------------------------------------------------------------
5361 // CameraClientManager
5362 // ----------------------------------------------------------------------------
5363
CameraClientManager()5364 CameraService::CameraClientManager::CameraClientManager() {
5365 setListener(std::make_shared<ClientEventListener>());
5366 }
5367
~CameraClientManager()5368 CameraService::CameraClientManager::~CameraClientManager() {}
5369
getCameraClient(const std::string & id) const5370 sp<CameraService::BasicClient> CameraService::CameraClientManager::getCameraClient(
5371 const std::string& id) const {
5372 auto descriptor = get(id);
5373 if (descriptor == nullptr) {
5374 return sp<BasicClient>{nullptr};
5375 }
5376 return descriptor->getValue();
5377 }
5378
getHighestPrioritySharedClient(const std::string & id) const5379 sp<CameraService::BasicClient> CameraService::CameraClientManager::getHighestPrioritySharedClient(
5380 const std::string& id) const {
5381 if (!flags::camera_multi_client()) {
5382 return sp<BasicClient>{nullptr};
5383 }
5384 auto clientDescriptor = get(id);
5385 if (clientDescriptor == nullptr) {
5386 ALOGV("CameraService::CameraClientManager::no other clients are using same camera");
5387 return sp<BasicClient>{nullptr};
5388 }
5389 if (!clientDescriptor->getSharedMode()) {
5390 return sp<BasicClient>{nullptr};
5391 }
5392 resource_policy::ClientPriority highestPriority = clientDescriptor->getPriority();
5393 sp<BasicClient> highestPriorityClient = clientDescriptor->getValue();
5394 if (highestPriorityClient.get() == nullptr) {
5395 return sp<BasicClient>{nullptr};
5396 }
5397 for (auto& i : getAll()) {
5398 if ((i->getKey() == id) && (i->getSharedMode()) && (i->getPriority() < highestPriority)) {
5399 highestPriority = i->getPriority();
5400 highestPriorityClient = i->getValue();
5401 }
5402 }
5403 return highestPriorityClient;
5404 }
5405
remove(const CameraService::DescriptorPtr & value)5406 void CameraService::CameraClientManager::remove(const CameraService::DescriptorPtr& value) {
5407 ClientManager::remove(value);
5408 if (!flags::camera_multi_client()) {
5409 return;
5410 }
5411 auto clientToRemove = value->getValue();
5412 if ((clientToRemove.get() != nullptr) && clientToRemove->mSharedMode) {
5413 bool primaryClient = false;
5414 status_t ret = clientToRemove->isPrimaryClient(&primaryClient);
5415 if ((ret == OK) && primaryClient) {
5416 // Primary client is being removed. Find the next higher priority
5417 // client to become primary client.
5418 auto highestPriorityClient = getHighestPrioritySharedClient(value->getKey());
5419 if (highestPriorityClient != nullptr) {
5420 highestPriorityClient->setPrimaryClient(true);
5421 highestPriorityClient->notifyClientSharedAccessPriorityChanged(true);
5422 }
5423 }
5424 }
5425 }
5426
toString() const5427 std::string CameraService::CameraClientManager::toString() const {
5428 auto all = getAll();
5429 std::ostringstream ret;
5430 ret << "[";
5431 bool hasAny = false;
5432 for (auto& i : all) {
5433 hasAny = true;
5434 std::string key = i->getKey();
5435 int32_t cost = i->getCost();
5436 int32_t pid = i->getOwnerId();
5437 int32_t score = i->getPriority().getScore();
5438 int32_t state = i->getPriority().getState();
5439 auto conflicting = i->getConflicting();
5440 auto clientSp = i->getValue();
5441 std::string packageName;
5442 userid_t clientUserId = 0;
5443 if (clientSp.get() != nullptr) {
5444 packageName = clientSp->getPackageName();
5445 uid_t clientUid = clientSp->getClientUid();
5446 clientUserId = multiuser_get_user_id(clientUid);
5447 }
5448 ret << fmt::sprintf("\n(Camera ID: %s, Cost: %" PRId32 ", PID: %" PRId32 ", Score: %"
5449 PRId32 ", State: %" PRId32, key.c_str(), cost, pid, score, state);
5450
5451 if (clientSp.get() != nullptr) {
5452 ret << fmt::sprintf("User Id: %d, ", clientUserId);
5453 }
5454 if (packageName.size() != 0) {
5455 ret << fmt::sprintf("Client Package Name: %s", packageName.c_str());
5456 }
5457
5458 ret << ", Conflicting Client Devices: {";
5459 for (auto& j : conflicting) {
5460 ret << fmt::sprintf("%s, ", j.c_str());
5461 }
5462 ret << "})";
5463 }
5464 if (hasAny) ret << "\n";
5465 ret << "]\n";
5466 return ret.str();
5467 }
5468
makeClientDescriptor(const std::string & key,const sp<BasicClient> & value,int32_t cost,const std::set<std::string> & conflictingKeys,int32_t score,int32_t ownerId,int32_t state,int32_t oomScoreOffset,bool systemNativeClient,bool sharedMode)5469 CameraService::DescriptorPtr CameraService::CameraClientManager::makeClientDescriptor(
5470 const std::string& key, const sp<BasicClient>& value, int32_t cost,
5471 const std::set<std::string>& conflictingKeys, int32_t score, int32_t ownerId,
5472 int32_t state, int32_t oomScoreOffset, bool systemNativeClient, bool sharedMode) {
5473
5474 int32_t score_adj = systemNativeClient ? kSystemNativeClientScore : score;
5475 int32_t state_adj = systemNativeClient ? kSystemNativeClientState : state;
5476
5477 return std::make_shared<resource_policy::ClientDescriptor<std::string, sp<BasicClient>>>(
5478 key, value, cost, conflictingKeys, score_adj, ownerId, state_adj,
5479 systemNativeClient, oomScoreOffset, sharedMode);
5480 }
5481
makeClientDescriptor(const sp<BasicClient> & value,const CameraService::DescriptorPtr & partial,int32_t oomScoreOffset,bool systemNativeClient)5482 CameraService::DescriptorPtr CameraService::CameraClientManager::makeClientDescriptor(
5483 const sp<BasicClient>& value, const CameraService::DescriptorPtr& partial,
5484 int32_t oomScoreOffset, bool systemNativeClient) {
5485 return makeClientDescriptor(partial->getKey(), value, partial->getCost(),
5486 partial->getConflicting(), partial->getPriority().getScore(),
5487 partial->getOwnerId(), partial->getPriority().getState(), oomScoreOffset,
5488 systemNativeClient, partial->getSharedMode());
5489 }
5490
5491 // ----------------------------------------------------------------------------
5492 // InjectionStatusListener
5493 // ----------------------------------------------------------------------------
5494
addListener(const sp<ICameraInjectionCallback> & callback)5495 void CameraService::InjectionStatusListener::addListener(
5496 const sp<ICameraInjectionCallback>& callback) {
5497 Mutex::Autolock lock(mListenerLock);
5498 if (mCameraInjectionCallback) return;
5499 status_t res = IInterface::asBinder(callback)->linkToDeath(this);
5500 if (res == OK) {
5501 mCameraInjectionCallback = callback;
5502 }
5503 }
5504
removeListener()5505 void CameraService::InjectionStatusListener::removeListener() {
5506 Mutex::Autolock lock(mListenerLock);
5507 if (mCameraInjectionCallback == nullptr) {
5508 ALOGW("InjectionStatusListener: mCameraInjectionCallback == nullptr");
5509 return;
5510 }
5511 IInterface::asBinder(mCameraInjectionCallback)->unlinkToDeath(this);
5512 mCameraInjectionCallback = nullptr;
5513 }
5514
notifyInjectionError(const std::string & injectedCamId,status_t err)5515 void CameraService::InjectionStatusListener::notifyInjectionError(
5516 const std::string &injectedCamId, status_t err) {
5517 if (mCameraInjectionCallback == nullptr) {
5518 ALOGW("InjectionStatusListener: mCameraInjectionCallback == nullptr");
5519 return;
5520 }
5521
5522 switch (err) {
5523 case -ENODEV:
5524 mCameraInjectionCallback->onInjectionError(
5525 ICameraInjectionCallback::ERROR_INJECTION_SESSION);
5526 ALOGE("No camera device with ID \"%s\" currently available!",
5527 injectedCamId.c_str());
5528 break;
5529 case -EBUSY:
5530 mCameraInjectionCallback->onInjectionError(
5531 ICameraInjectionCallback::ERROR_INJECTION_SESSION);
5532 ALOGE("Higher-priority client using camera, ID \"%s\" currently unavailable!",
5533 injectedCamId.c_str());
5534 break;
5535 case DEAD_OBJECT:
5536 mCameraInjectionCallback->onInjectionError(
5537 ICameraInjectionCallback::ERROR_INJECTION_SESSION);
5538 ALOGE("Camera ID \"%s\" object is dead!",
5539 injectedCamId.c_str());
5540 break;
5541 case INVALID_OPERATION:
5542 mCameraInjectionCallback->onInjectionError(
5543 ICameraInjectionCallback::ERROR_INJECTION_SESSION);
5544 ALOGE("Camera ID \"%s\" encountered an operating or internal error!",
5545 injectedCamId.c_str());
5546 break;
5547 case UNKNOWN_TRANSACTION:
5548 mCameraInjectionCallback->onInjectionError(
5549 ICameraInjectionCallback::ERROR_INJECTION_UNSUPPORTED);
5550 ALOGE("Camera ID \"%s\" method doesn't support!",
5551 injectedCamId.c_str());
5552 break;
5553 default:
5554 mCameraInjectionCallback->onInjectionError(
5555 ICameraInjectionCallback::ERROR_INJECTION_INVALID_ERROR);
5556 ALOGE("Unexpected error %s (%d) opening camera \"%s\"!",
5557 strerror(-err), err, injectedCamId.c_str());
5558 }
5559 }
5560
binderDied(const wp<IBinder> &)5561 void CameraService::InjectionStatusListener::binderDied(
5562 const wp<IBinder>& /*who*/) {
5563 ALOGV("InjectionStatusListener: ICameraInjectionCallback has died");
5564 auto parent = mParent.promote();
5565 if (parent != nullptr) {
5566 auto clientDescriptor = parent->mActiveClientManager.get(parent->mInjectionInternalCamId);
5567 if (clientDescriptor != nullptr) {
5568 BasicClient* baseClientPtr = clientDescriptor->getValue().get();
5569 baseClientPtr->stopInjection();
5570 }
5571 parent->clearInjectionParameters();
5572 }
5573 }
5574
5575 // ----------------------------------------------------------------------------
5576 // CameraInjectionSession
5577 // ----------------------------------------------------------------------------
5578
stopInjection()5579 binder::Status CameraService::CameraInjectionSession::stopInjection() {
5580 Mutex::Autolock lock(mInjectionSessionLock);
5581 auto parent = mParent.promote();
5582 if (parent == nullptr) {
5583 ALOGE("CameraInjectionSession: Parent is gone");
5584 return STATUS_ERROR(ICameraInjectionCallback::ERROR_INJECTION_SERVICE,
5585 "Camera service encountered error");
5586 }
5587
5588 status_t res = NO_ERROR;
5589 auto clientDescriptor = parent->mActiveClientManager.get(parent->mInjectionInternalCamId);
5590 if (clientDescriptor != nullptr) {
5591 BasicClient* baseClientPtr = clientDescriptor->getValue().get();
5592 res = baseClientPtr->stopInjection();
5593 if (res != OK) {
5594 ALOGE("CameraInjectionSession: Failed to stop the injection camera!"
5595 " ret != NO_ERROR: %d", res);
5596 return STATUS_ERROR(ICameraInjectionCallback::ERROR_INJECTION_SESSION,
5597 "Camera session encountered error");
5598 }
5599 }
5600 parent->clearInjectionParameters();
5601 return binder::Status::ok();
5602 }
5603
5604 // ----------------------------------------------------------------------------
5605
5606 static const int kDumpLockRetries = 50;
5607 static const int kDumpLockSleep = 60000;
5608
tryLock(Mutex & mutex)5609 static bool tryLock(Mutex& mutex)
5610 {
5611 bool locked = false;
5612 for (int i = 0; i < kDumpLockRetries; ++i) {
5613 if (mutex.tryLock() == NO_ERROR) {
5614 locked = true;
5615 break;
5616 }
5617 usleep(kDumpLockSleep);
5618 }
5619 return locked;
5620 }
5621
cacheDump()5622 void CameraService::cacheDump() {
5623 if (mMemFd != -1) {
5624 const Vector<String16> args;
5625 ATRACE_CALL();
5626 // Acquiring service lock here will avoid the deadlock since
5627 // cacheDump will not be called during the second disconnect.
5628 Mutex::Autolock lock(mServiceLock);
5629
5630 Mutex::Autolock l(mCameraStatesLock);
5631 // Start collecting the info for open sessions and store it in temp file.
5632 for (const auto& state : mCameraStates) {
5633 std::string cameraId = state.first;
5634 auto clientDescriptor = mActiveClientManager.get(cameraId);
5635 if (clientDescriptor != nullptr) {
5636 dprintf(mMemFd, "== Camera device %s dynamic info: ==\n", cameraId.c_str());
5637 // Log the current open session info before device is disconnected.
5638 dumpOpenSessionClientLogs(mMemFd, args, cameraId);
5639 }
5640 }
5641 }
5642 }
5643
dump(int fd,const Vector<String16> & args)5644 status_t CameraService::dump(int fd, const Vector<String16>& args) {
5645 ATRACE_CALL();
5646
5647 if (checkCallingPermission(toString16(sDumpPermission)) == false) {
5648 dprintf(fd, "Permission Denial: can't dump CameraService from pid=%d, uid=%d\n",
5649 getCallingPid(),
5650 getCallingUid());
5651 return NO_ERROR;
5652 }
5653 bool locked = tryLock(mServiceLock);
5654 // failed to lock - CameraService is probably deadlocked
5655 if (!locked) {
5656 dprintf(fd, "!! CameraService may be deadlocked !!\n");
5657 }
5658
5659 if (!mInitialized) {
5660 dprintf(fd, "!! No camera HAL available !!\n");
5661
5662 // Dump event log for error information
5663 dumpEventLog(fd);
5664
5665 if (locked) mServiceLock.unlock();
5666 return NO_ERROR;
5667 }
5668 dprintf(fd, "\n== Service global info: ==\n\n");
5669 dprintf(fd, "Number of camera devices: %d\n", mNumberOfCameras);
5670 dprintf(fd, "Number of normal camera devices: %zu\n", mNormalDeviceIds.size());
5671 dprintf(fd, "Number of public camera devices visible to API1: %zu\n",
5672 mNormalDeviceIdsWithoutSystemCamera.size());
5673 for (size_t i = 0; i < mNormalDeviceIds.size(); i++) {
5674 dprintf(fd, " Device %zu maps to \"%s\"\n", i, mNormalDeviceIds[i].c_str());
5675 }
5676 std::string activeClientString = mActiveClientManager.toString();
5677 dprintf(fd, "Active Camera Clients:\n%s", activeClientString.c_str());
5678 dprintf(fd, "Allowed user IDs: %s\n", toString(mAllowedUsers).c_str());
5679 if (mStreamUseCaseOverrides.size() > 0) {
5680 dprintf(fd, "Active stream use case overrides:");
5681 for (int64_t useCaseOverride : mStreamUseCaseOverrides) {
5682 dprintf(fd, " %" PRId64, useCaseOverride);
5683 }
5684 dprintf(fd, "\n");
5685 }
5686
5687 dumpEventLog(fd);
5688
5689 bool stateLocked = tryLock(mCameraStatesLock);
5690 if (!stateLocked) {
5691 dprintf(fd, "CameraStates in use, may be deadlocked\n");
5692 }
5693
5694 int argSize = args.size();
5695 for (int i = 0; i < argSize; i++) {
5696 if (args[i] == toString16(TagMonitor::kMonitorOption)) {
5697 if (i + 1 < argSize) {
5698 mMonitorTags = toStdString(args[i + 1]);
5699 }
5700 break;
5701 }
5702 }
5703
5704 for (auto& state : mCameraStates) {
5705 const std::string &cameraId = state.first;
5706
5707 dprintf(fd, "== Camera device %s dynamic info: ==\n", cameraId.c_str());
5708
5709 CameraParameters p = state.second->getShimParams();
5710 if (!p.isEmpty()) {
5711 dprintf(fd, " Camera1 API shim is using parameters:\n ");
5712 p.dump(fd, args);
5713 }
5714
5715 auto clientDescriptor = mActiveClientManager.get(cameraId);
5716 if (clientDescriptor != nullptr) {
5717 // log the current open session info
5718 dumpOpenSessionClientLogs(fd, args, cameraId);
5719 } else {
5720 dumpClosedSessionClientLogs(fd, cameraId);
5721 }
5722
5723 }
5724
5725 if (stateLocked) mCameraStatesLock.unlock();
5726
5727 if (locked) mServiceLock.unlock();
5728
5729 mCameraProviderManager->dump(fd, args);
5730
5731 dprintf(fd, "\n== Vendor tags: ==\n\n");
5732
5733 sp<VendorTagDescriptor> desc = VendorTagDescriptor::getGlobalVendorTagDescriptor();
5734 if (desc == NULL) {
5735 sp<VendorTagDescriptorCache> cache =
5736 VendorTagDescriptorCache::getGlobalVendorTagCache();
5737 if (cache == NULL) {
5738 dprintf(fd, "No vendor tags.\n");
5739 } else {
5740 cache->dump(fd, /*verbosity*/2, /*indentation*/2);
5741 }
5742 } else {
5743 desc->dump(fd, /*verbosity*/2, /*indentation*/2);
5744 }
5745
5746 // Dump camera traces if there were any
5747 dprintf(fd, "\n");
5748 camera3::CameraTraces::dump(fd);
5749
5750 // Process dump arguments, if any
5751 int n = args.size();
5752 String16 verboseOption("-v");
5753 String16 unreachableOption("--unreachable");
5754 for (int i = 0; i < n; i++) {
5755 if (args[i] == verboseOption) {
5756 // change logging level
5757 if (i + 1 >= n) continue;
5758 std::string levelStr = toStdString(args[i+1]);
5759 int level = atoi(levelStr.c_str());
5760 dprintf(fd, "\nSetting log level to %d.\n", level);
5761 setLogLevel(level);
5762 } else if (args[i] == unreachableOption) {
5763 // Dump memory analysis
5764 // TODO - should limit be an argument parameter?
5765 UnreachableMemoryInfo info;
5766 bool success = GetUnreachableMemory(info, /*limit*/ 10000);
5767 if (!success) {
5768 dprintf(fd, "\n== Unable to dump unreachable memory. "
5769 "Try disabling SELinux enforcement. ==\n");
5770 } else {
5771 dprintf(fd, "\n== Dumping unreachable memory: ==\n");
5772 std::string s = info.ToString(/*log_contents*/ true);
5773 write(fd, s.c_str(), s.size());
5774 }
5775 }
5776 }
5777
5778 bool serviceLocked = tryLock(mServiceLock);
5779
5780 // Dump info from previous open sessions.
5781 // Reposition the offset to beginning of the file before reading
5782
5783 if ((mMemFd >= 0) && (lseek(mMemFd, 0, SEEK_SET) != -1)) {
5784 dprintf(fd, "\n**********Dumpsys from previous open session**********\n");
5785 ssize_t size_read;
5786 char buf[4096];
5787 while ((size_read = read(mMemFd, buf, (sizeof(buf) - 1))) > 0) {
5788 // Read data from file to a small buffer and write it to fd.
5789 write(fd, buf, size_read);
5790 if (size_read == -1) {
5791 ALOGE("%s: Error during reading the file: %s", __FUNCTION__, sFileName);
5792 break;
5793 }
5794 }
5795 dprintf(fd, "\n**********End of Dumpsys from previous open session**********\n");
5796 } else {
5797 ALOGE("%s: Error during reading the file: %s", __FUNCTION__, sFileName);
5798 }
5799
5800 if (serviceLocked) mServiceLock.unlock();
5801 return NO_ERROR;
5802 }
5803
dumpOpenSessionClientLogs(int fd,const Vector<String16> & args,const std::string & cameraId)5804 void CameraService::dumpOpenSessionClientLogs(int fd,
5805 const Vector<String16>& args, const std::string& cameraId) {
5806 auto clientDescriptor = mActiveClientManager.get(cameraId);
5807 dprintf(fd, " %s : Device %s is open. Client instance dump:\n",
5808 getFormattedCurrentTime().c_str(),
5809 cameraId.c_str());
5810 dprintf(fd, " Client priority score: %d state: %d\n",
5811 clientDescriptor->getPriority().getScore(),
5812 clientDescriptor->getPriority().getState());
5813 dprintf(fd, " Client PID: %d\n", clientDescriptor->getOwnerId());
5814
5815 auto client = clientDescriptor->getValue();
5816 dprintf(fd, " Client package: %s\n",
5817 client->getPackageName().c_str());
5818
5819 client->dumpClient(fd, args);
5820 }
5821
dumpClosedSessionClientLogs(int fd,const std::string & cameraId)5822 void CameraService::dumpClosedSessionClientLogs(int fd, const std::string& cameraId) {
5823 dprintf(fd, " Device %s is closed, no client instance\n",
5824 cameraId.c_str());
5825 }
5826
dumpEventLog(int fd)5827 void CameraService::dumpEventLog(int fd) {
5828 dprintf(fd, "\n== Camera service events log (most recent at top): ==\n");
5829
5830 Mutex::Autolock l(mLogLock);
5831 for (const auto& msg : mEventLog) {
5832 dprintf(fd, " %s\n", msg.c_str());
5833 }
5834
5835 if (mEventLog.size() == DEFAULT_EVENT_LOG_LENGTH) {
5836 dprintf(fd, " ...\n");
5837 } else if (mEventLog.size() == 0) {
5838 dprintf(fd, " [no events yet]\n");
5839 }
5840 dprintf(fd, "\n");
5841 }
5842
cacheClientTagDumpIfNeeded(const std::string & cameraId,BasicClient * client)5843 void CameraService::cacheClientTagDumpIfNeeded(const std::string &cameraId, BasicClient* client) {
5844 Mutex::Autolock lock(mLogLock);
5845 if (!isClientWatchedLocked(client)) { return; }
5846
5847 std::vector<std::string> dumpVector;
5848 client->dumpWatchedEventsToVector(dumpVector);
5849
5850 if (dumpVector.empty()) { return; }
5851
5852 std::ostringstream dumpString;
5853
5854 std::string currentTime = getFormattedCurrentTime();
5855 dumpString << "Cached @ ";
5856 dumpString << currentTime;
5857 dumpString << "\n"; // First line is the timestamp of when client is cached.
5858
5859 size_t i = dumpVector.size();
5860
5861 // Store the string in reverse order (latest last)
5862 while (i > 0) {
5863 i--;
5864 dumpString << cameraId;
5865 dumpString << ":";
5866 dumpString << client->getPackageName();
5867 dumpString << " ";
5868 dumpString << dumpVector[i]; // implicitly ends with '\n'
5869 }
5870
5871 mWatchedClientsDumpCache[client->getPackageName()] = dumpString.str();
5872 }
5873
handleTorchClientBinderDied(const wp<IBinder> & who)5874 void CameraService::handleTorchClientBinderDied(const wp<IBinder> &who) {
5875 Mutex::Autolock al(mTorchClientMapMutex);
5876 for (size_t i = 0; i < mTorchClientMap.size(); i++) {
5877 if (mTorchClientMap[i] == who) {
5878 // turn off the torch mode that was turned on by dead client
5879 std::string cameraId = mTorchClientMap.keyAt(i);
5880 status_t res = mFlashlight->setTorchMode(cameraId, false);
5881 if (res) {
5882 ALOGE("%s: torch client died but couldn't turn off torch: "
5883 "%s (%d)", __FUNCTION__, strerror(-res), res);
5884 return;
5885 }
5886 mTorchClientMap.removeItemsAt(i);
5887 break;
5888 }
5889 }
5890 }
5891
binderDied(const wp<IBinder> & who)5892 /*virtual*/void CameraService::binderDied(const wp<IBinder> &who) {
5893
5894 /**
5895 * While tempting to promote the wp<IBinder> into a sp, it's actually not supported by the
5896 * binder driver
5897 */
5898 // PID here is approximate and can be wrong.
5899 logClientDied(getCallingPid(), "Binder died unexpectedly");
5900
5901 // check torch client
5902 handleTorchClientBinderDied(who);
5903
5904 // check camera device client
5905 if(!evictClientIdByRemote(who)) {
5906 ALOGV("%s: Java client's binder death already cleaned up (normal case)", __FUNCTION__);
5907 return;
5908 }
5909
5910 ALOGE("%s: Java client's binder died, removing it from the list of active clients",
5911 __FUNCTION__);
5912 }
5913
updateStatus(StatusInternal status,const std::string & cameraId)5914 void CameraService::updateStatus(StatusInternal status, const std::string& cameraId) {
5915 updateStatus(status, cameraId, {});
5916 }
5917
updateStatus(StatusInternal status,const std::string & cameraId,std::initializer_list<StatusInternal> rejectSourceStates)5918 void CameraService::updateStatus(StatusInternal status, const std::string& cameraId,
5919 std::initializer_list<StatusInternal> rejectSourceStates) {
5920 // Do not lock mServiceLock here or can get into a deadlock from
5921 // connect() -> disconnect -> updateStatus
5922
5923 auto state = getCameraState(cameraId);
5924
5925 if (state == nullptr) {
5926 ALOGW("%s: Could not update the status for %s, no such device exists", __FUNCTION__,
5927 cameraId.c_str());
5928 return;
5929 }
5930
5931 // Avoid calling getSystemCameraKind() with mStatusListenerLock held (b/141756275)
5932 SystemCameraKind deviceKind = SystemCameraKind::PUBLIC;
5933 if (getSystemCameraKind(cameraId, &deviceKind) != OK) {
5934 ALOGE("%s: Invalid camera id %s, skipping", __FUNCTION__, cameraId.c_str());
5935 return;
5936 }
5937
5938 if (status == StatusInternal::PRESENT) {
5939 CameraMetadata cameraInfo;
5940 status_t res = mCameraProviderManager->getCameraCharacteristics(
5941 cameraId, false, &cameraInfo, hardware::ICameraService::ROTATION_OVERRIDE_NONE);
5942 if (res != OK) {
5943 ALOGW("%s: Not able to get camera characteristics for camera id %s",
5944 __FUNCTION__, cameraId.c_str());
5945 } else {
5946 int32_t deviceId = getDeviceId(cameraInfo);
5947 if (deviceId != kDefaultDeviceId) {
5948 const auto &lensFacingEntry = cameraInfo.find(ANDROID_LENS_FACING);
5949 camera_metadata_enum_android_lens_facing_t androidLensFacing =
5950 static_cast<camera_metadata_enum_android_lens_facing_t>(
5951 lensFacingEntry.data.u8[0]);
5952 std::string mappedCameraId;
5953 if (androidLensFacing == ANDROID_LENS_FACING_BACK) {
5954 mappedCameraId = kVirtualDeviceBackCameraId;
5955 } else if (androidLensFacing == ANDROID_LENS_FACING_FRONT) {
5956 mappedCameraId = kVirtualDeviceFrontCameraId;
5957 } else {
5958 ALOGD("%s: Not adding entry for an external camera of a virtual device",
5959 __func__);
5960 }
5961 if (!mappedCameraId.empty()) {
5962 mVirtualDeviceCameraIdMapper.addCamera(cameraId, deviceId, mappedCameraId);
5963 }
5964 }
5965 }
5966 }
5967
5968 // Collect the logical cameras without holding mStatusLock in updateStatus
5969 // as that can lead to a deadlock(b/162192331).
5970 auto logicalCameraIds = getLogicalCameras(cameraId);
5971 // Update the status for this camera state, then send the onStatusChangedCallbacks to each
5972 // of the listeners with both the mStatusLock and mStatusListenerLock held
5973 state->updateStatus(status, cameraId, rejectSourceStates, [this, &deviceKind,
5974 &logicalCameraIds]
5975 (const std::string& cameraId, StatusInternal status) {
5976 // Get the device id and app-visible camera id for the given HAL-visible camera id.
5977 auto [deviceId, mappedCameraId] =
5978 mVirtualDeviceCameraIdMapper.getDeviceIdAndMappedCameraIdPair(cameraId);
5979
5980 if (status != StatusInternal::ENUMERATING) {
5981 // Update torch status if it has a flash unit.
5982 Mutex::Autolock al(mTorchStatusMutex);
5983 TorchModeStatus torchStatus;
5984 if (getTorchStatusLocked(cameraId, &torchStatus) !=
5985 NAME_NOT_FOUND) {
5986 TorchModeStatus newTorchStatus =
5987 status == StatusInternal::PRESENT ?
5988 TorchModeStatus::AVAILABLE_OFF :
5989 TorchModeStatus::NOT_AVAILABLE;
5990 if (torchStatus != newTorchStatus) {
5991 onTorchStatusChangedLocked(cameraId, newTorchStatus, deviceKind);
5992 }
5993 }
5994 }
5995
5996 Mutex::Autolock lock(mStatusListenerLock);
5997 notifyPhysicalCameraStatusLocked(mapToInterface(status), mappedCameraId,
5998 logicalCameraIds, deviceKind, deviceId);
5999
6000 for (auto& listener : mListenerList) {
6001 bool isVendorListener = listener->isVendorListener();
6002 if (shouldSkipStatusUpdates(deviceKind, isVendorListener,
6003 listener->getListenerPid(), listener->getListenerUid())) {
6004 ALOGV("Skipping discovery callback for system-only camera device %s",
6005 cameraId.c_str());
6006 continue;
6007 }
6008
6009 auto ret = listener->getListener()->onStatusChanged(mapToInterface(status),
6010 mappedCameraId, deviceId);
6011 listener->handleBinderStatus(ret,
6012 "%s: Failed to trigger onStatusChanged callback for %d:%d: %d",
6013 __FUNCTION__, listener->getListenerUid(), listener->getListenerPid(),
6014 ret.exceptionCode());
6015 }
6016 });
6017 }
6018
updateOpenCloseStatus(const std::string & cameraId,bool open,const std::string & clientPackageName,bool sharedMode)6019 void CameraService::updateOpenCloseStatus(const std::string& cameraId, bool open,
6020 const std::string& clientPackageName, bool sharedMode) {
6021 auto state = getCameraState(cameraId);
6022 if (state == nullptr) {
6023 ALOGW("%s: Could not update the status for %s, no such device exists", __FUNCTION__,
6024 cameraId.c_str());
6025 return;
6026 }
6027 if (open) {
6028 if (flags::camera_multi_client() && sharedMode) {
6029 state->addClientPackage(clientPackageName);
6030 } else {
6031 state->setClientPackage(clientPackageName);
6032 }
6033 } else {
6034 if (flags::camera_multi_client() && sharedMode) {
6035 state->removeClientPackage(clientPackageName);
6036 } else {
6037 state->setClientPackage(std::string());
6038 }
6039 }
6040
6041 // Get the device id and app-visible camera id for the given HAL-visible camera id.
6042 auto [deviceId, mappedCameraId] =
6043 mVirtualDeviceCameraIdMapper.getDeviceIdAndMappedCameraIdPair(cameraId);
6044
6045 Mutex::Autolock lock(mStatusListenerLock);
6046
6047 for (const auto& it : mListenerList) {
6048 if (!it->isOpenCloseCallbackAllowed()) {
6049 continue;
6050 }
6051
6052 binder::Status ret;
6053 if (open) {
6054 ret = it->getListener()->onCameraOpened(mappedCameraId, clientPackageName,
6055 deviceId);
6056 } else {
6057 if (!flags::camera_multi_client() || !sharedMode || (sharedMode &&
6058 mActiveClientManager.getCameraClient(cameraId) == nullptr)) {
6059 ret = it->getListener()->onCameraClosed(mappedCameraId, deviceId);
6060 }
6061 }
6062
6063 it->handleBinderStatus(ret,
6064 "%s: Failed to trigger onCameraOpened/onCameraClosed callback for %d:%d: %d",
6065 __FUNCTION__, it->getListenerUid(), it->getListenerPid(), ret.exceptionCode());
6066 }
6067 }
6068
6069 template<class Func>
updateStatus(StatusInternal status,const std::string & cameraId,std::initializer_list<StatusInternal> rejectSourceStates,Func onStatusUpdatedLocked)6070 void CameraService::CameraState::updateStatus(StatusInternal status,
6071 const std::string& cameraId,
6072 std::initializer_list<StatusInternal> rejectSourceStates,
6073 Func onStatusUpdatedLocked) {
6074 Mutex::Autolock lock(mStatusLock);
6075 StatusInternal oldStatus = mStatus;
6076 mStatus = status;
6077
6078 if (oldStatus == status) {
6079 return;
6080 }
6081
6082 ALOGV("%s: Status has changed for camera ID %s from %#x to %#x", __FUNCTION__,
6083 cameraId.c_str(), eToI(oldStatus), eToI(status));
6084
6085 if (oldStatus == StatusInternal::NOT_PRESENT &&
6086 (status != StatusInternal::PRESENT &&
6087 status != StatusInternal::ENUMERATING)) {
6088
6089 ALOGW("%s: From NOT_PRESENT can only transition into PRESENT or ENUMERATING",
6090 __FUNCTION__);
6091 mStatus = oldStatus;
6092 return;
6093 }
6094
6095 /**
6096 * Sometimes we want to conditionally do a transition.
6097 * For example if a client disconnects, we want to go to PRESENT
6098 * only if we weren't already in NOT_PRESENT or ENUMERATING.
6099 */
6100 for (auto& rejectStatus : rejectSourceStates) {
6101 if (oldStatus == rejectStatus) {
6102 ALOGV("%s: Rejecting status transition for Camera ID %s, since the source "
6103 "state was was in one of the bad states.", __FUNCTION__, cameraId.c_str());
6104 mStatus = oldStatus;
6105 return;
6106 }
6107 }
6108
6109 onStatusUpdatedLocked(cameraId, status);
6110 }
6111
getTorchStatusLocked(const std::string & cameraId,TorchModeStatus * status) const6112 status_t CameraService::getTorchStatusLocked(
6113 const std::string& cameraId,
6114 TorchModeStatus *status) const {
6115 if (!status) {
6116 return BAD_VALUE;
6117 }
6118 ssize_t index = mTorchStatusMap.indexOfKey(cameraId);
6119 if (index == NAME_NOT_FOUND) {
6120 // invalid camera ID or the camera doesn't have a flash unit
6121 return NAME_NOT_FOUND;
6122 }
6123
6124 *status = mTorchStatusMap.valueAt(index);
6125 return OK;
6126 }
6127
setTorchStatusLocked(const std::string & cameraId,TorchModeStatus status)6128 status_t CameraService::setTorchStatusLocked(const std::string& cameraId,
6129 TorchModeStatus status) {
6130 ssize_t index = mTorchStatusMap.indexOfKey(cameraId);
6131 if (index == NAME_NOT_FOUND) {
6132 return BAD_VALUE;
6133 }
6134 mTorchStatusMap.editValueAt(index) = status;
6135
6136 return OK;
6137 }
6138
getLogicalCameras(const std::string & physicalCameraId)6139 std::list<std::string> CameraService::getLogicalCameras(
6140 const std::string& physicalCameraId) {
6141 std::list<std::string> retList;
6142 Mutex::Autolock lock(mCameraStatesLock);
6143 for (const auto& state : mCameraStates) {
6144 if (state.second->containsPhysicalCamera(physicalCameraId)) {
6145 retList.emplace_back(state.first);
6146 }
6147 }
6148 return retList;
6149 }
6150
notifyPhysicalCameraStatusLocked(int32_t status,const std::string & physicalCameraId,const std::list<std::string> & logicalCameraIds,SystemCameraKind deviceKind,int32_t deviceId)6151 void CameraService::notifyPhysicalCameraStatusLocked(int32_t status,
6152 const std::string& physicalCameraId, const std::list<std::string>& logicalCameraIds,
6153 SystemCameraKind deviceKind, int32_t deviceId) {
6154 // mStatusListenerLock is expected to be locked
6155 for (const auto& logicalCameraId : logicalCameraIds) {
6156 for (auto& listener : mListenerList) {
6157 // Note: we check only the deviceKind of the physical camera id
6158 // since, logical camera ids and their physical camera ids are
6159 // guaranteed to have the same system camera kind.
6160 if (shouldSkipStatusUpdates(deviceKind, listener->isVendorListener(),
6161 listener->getListenerPid(), listener->getListenerUid())) {
6162 ALOGV("Skipping discovery callback for system-only camera device %s",
6163 physicalCameraId.c_str());
6164 continue;
6165 }
6166 auto ret = listener->getListener()->onPhysicalCameraStatusChanged(status,
6167 logicalCameraId, physicalCameraId, deviceId);
6168 listener->handleBinderStatus(ret,
6169 "%s: Failed to trigger onPhysicalCameraStatusChanged for %d:%d: %d",
6170 __FUNCTION__, listener->getListenerUid(), listener->getListenerPid(),
6171 ret.exceptionCode());
6172 }
6173 }
6174 }
6175
blockClientsForUid(uid_t uid)6176 void CameraService::blockClientsForUid(uid_t uid) {
6177 const auto clients = mActiveClientManager.getAll();
6178 for (auto& current : clients) {
6179 if (current != nullptr) {
6180 const auto basicClient = current->getValue();
6181 if (basicClient.get() != nullptr && basicClient->getClientUid() == uid) {
6182 basicClient->block();
6183 }
6184 }
6185 }
6186 }
6187
blockAllClients()6188 void CameraService::blockAllClients() {
6189 const auto clients = mActiveClientManager.getAll();
6190 for (auto& current : clients) {
6191 if (current != nullptr) {
6192 const auto basicClient = current->getValue();
6193 if (basicClient.get() != nullptr) {
6194 basicClient->block();
6195 }
6196 }
6197 }
6198 }
6199
blockPrivacyEnabledClients()6200 void CameraService::blockPrivacyEnabledClients() {
6201 const auto clients = mActiveClientManager.getAll();
6202 for (auto& current : clients) {
6203 if (current != nullptr) {
6204 const auto basicClient = current->getValue();
6205 if (basicClient.get() != nullptr) {
6206 std::string pkgName = basicClient->getPackageName();
6207 bool cameraPrivacyEnabled =
6208 mSensorPrivacyPolicy->isCameraPrivacyEnabled(toString16(pkgName));
6209 if (cameraPrivacyEnabled) {
6210 basicClient->block();
6211 }
6212 }
6213 }
6214 }
6215 }
6216
6217 // NOTE: This is a remote API - make sure all args are validated
shellCommand(int in,int out,int err,const Vector<String16> & args)6218 status_t CameraService::shellCommand(int in, int out, int err, const Vector<String16>& args) {
6219 if (!checkCallingPermission(toString16(sManageCameraPermission), nullptr, nullptr)) {
6220 return PERMISSION_DENIED;
6221 }
6222 if (in == BAD_TYPE || out == BAD_TYPE || err == BAD_TYPE) {
6223 return BAD_VALUE;
6224 }
6225 if (args.size() >= 3 && args[0] == toString16("set-uid-state")) {
6226 return handleSetUidState(args, err);
6227 } else if (args.size() >= 2 && args[0] == toString16("reset-uid-state")) {
6228 return handleResetUidState(args, err);
6229 } else if (args.size() >= 2 && args[0] == toString16("get-uid-state")) {
6230 return handleGetUidState(args, out, err);
6231 } else if (args.size() >= 2 && args[0] == toString16("set-rotate-and-crop")) {
6232 return handleSetRotateAndCrop(args);
6233 } else if (args.size() >= 1 && args[0] == toString16("get-rotate-and-crop")) {
6234 return handleGetRotateAndCrop(out);
6235 } else if (args.size() >= 2 && args[0] == toString16("set-autoframing")) {
6236 return handleSetAutoframing(args);
6237 } else if (args.size() >= 1 && args[0] == toString16("get-autoframing")) {
6238 return handleGetAutoframing(out);
6239 } else if (args.size() >= 2 && args[0] == toString16("set-image-dump-mask")) {
6240 return handleSetImageDumpMask(args);
6241 } else if (args.size() >= 1 && args[0] == toString16("get-image-dump-mask")) {
6242 return handleGetImageDumpMask(out);
6243 } else if (args.size() >= 2 && args[0] == toString16("set-camera-mute")) {
6244 return handleSetCameraMute(args);
6245 } else if (args.size() >= 2 && args[0] == toString16("set-stream-use-case-override")) {
6246 return handleSetStreamUseCaseOverrides(args);
6247 } else if (args.size() >= 1 && args[0] == toString16("clear-stream-use-case-override")) {
6248 handleClearStreamUseCaseOverrides();
6249 return OK;
6250 } else if (args.size() >= 1 && args[0] == toString16("set-zoom-override")) {
6251 return handleSetZoomOverride(args);
6252 } else if (args.size() >= 2 && args[0] == toString16("watch")) {
6253 return handleWatchCommand(args, in, out);
6254 } else if (args.size() >= 2 && args[0] == toString16("set-watchdog")) {
6255 return handleSetCameraServiceWatchdog(args);
6256 } else if (args.size() == 1 && args[0] == toString16("help")) {
6257 printHelp(out);
6258 return OK;
6259 }
6260 printHelp(err);
6261 return BAD_VALUE;
6262 }
6263
handleSetUidState(const Vector<String16> & args,int err)6264 status_t CameraService::handleSetUidState(const Vector<String16>& args, int err) {
6265 std::string packageName = toStdString(args[1]);
6266
6267 bool active = false;
6268 if (args[2] == toString16("active")) {
6269 active = true;
6270 } else if ((args[2] != toString16("idle"))) {
6271 ALOGE("Expected active or idle but got: '%s'", toStdString(args[2]).c_str());
6272 return BAD_VALUE;
6273 }
6274
6275 int userId = 0;
6276 if (args.size() >= 5 && args[3] == toString16("--user")) {
6277 userId = atoi(toStdString(args[4]).c_str());
6278 }
6279
6280 uid_t uid;
6281 if (getUidForPackage(packageName, userId, uid, err) == BAD_VALUE) {
6282 return BAD_VALUE;
6283 }
6284
6285 mUidPolicy->addOverrideUid(uid, packageName, active);
6286 return NO_ERROR;
6287 }
6288
handleResetUidState(const Vector<String16> & args,int err)6289 status_t CameraService::handleResetUidState(const Vector<String16>& args, int err) {
6290 std::string packageName = toStdString(args[1]);
6291
6292 int userId = 0;
6293 if (args.size() >= 4 && args[2] == toString16("--user")) {
6294 userId = atoi(toStdString(args[3]).c_str());
6295 }
6296
6297 uid_t uid;
6298 if (getUidForPackage(packageName, userId, uid, err) == BAD_VALUE) {
6299 return BAD_VALUE;
6300 }
6301
6302 mUidPolicy->removeOverrideUid(uid, packageName);
6303 return NO_ERROR;
6304 }
6305
handleGetUidState(const Vector<String16> & args,int out,int err)6306 status_t CameraService::handleGetUidState(const Vector<String16>& args, int out, int err) {
6307 std::string packageName = toStdString(args[1]);
6308
6309 int userId = 0;
6310 if (args.size() >= 4 && args[2] == toString16("--user")) {
6311 userId = atoi(toStdString(args[3]).c_str());
6312 }
6313
6314 uid_t uid;
6315 if (getUidForPackage(packageName, userId, uid, err) == BAD_VALUE) {
6316 return BAD_VALUE;
6317 }
6318
6319 if (mUidPolicy->isUidActive(uid, packageName)) {
6320 return dprintf(out, "active\n");
6321 } else {
6322 return dprintf(out, "idle\n");
6323 }
6324 }
6325
handleSetRotateAndCrop(const Vector<String16> & args)6326 status_t CameraService::handleSetRotateAndCrop(const Vector<String16>& args) {
6327 int rotateValue = atoi(toStdString(args[1]).c_str());
6328 if (rotateValue < ANDROID_SCALER_ROTATE_AND_CROP_NONE ||
6329 rotateValue > ANDROID_SCALER_ROTATE_AND_CROP_AUTO) return BAD_VALUE;
6330 Mutex::Autolock lock(mServiceLock);
6331
6332 mOverrideRotateAndCropMode = rotateValue;
6333
6334 if (rotateValue == ANDROID_SCALER_ROTATE_AND_CROP_AUTO) return OK;
6335
6336 const auto clients = mActiveClientManager.getAll();
6337 for (auto& current : clients) {
6338 if (current != nullptr) {
6339 const auto basicClient = current->getValue();
6340 if (basicClient.get() != nullptr) {
6341 basicClient->setRotateAndCropOverride(rotateValue);
6342 }
6343 }
6344 }
6345
6346 return OK;
6347 }
6348
handleSetAutoframing(const Vector<String16> & args)6349 status_t CameraService::handleSetAutoframing(const Vector<String16>& args) {
6350 char* end;
6351 int autoframingValue = (int) strtol(toStdString(args[1]).c_str(), &end, /*base=*/10);
6352 if ((*end != '\0') ||
6353 (autoframingValue != ANDROID_CONTROL_AUTOFRAMING_OFF &&
6354 autoframingValue != ANDROID_CONTROL_AUTOFRAMING_ON &&
6355 autoframingValue != ANDROID_CONTROL_AUTOFRAMING_AUTO)) {
6356 return BAD_VALUE;
6357 }
6358
6359 Mutex::Autolock lock(mServiceLock);
6360 mOverrideAutoframingMode = autoframingValue;
6361
6362 if (autoframingValue == ANDROID_CONTROL_AUTOFRAMING_AUTO) return OK;
6363
6364 const auto clients = mActiveClientManager.getAll();
6365 for (auto& current : clients) {
6366 if (current != nullptr) {
6367 const auto basicClient = current->getValue();
6368 if (basicClient.get() != nullptr) {
6369 basicClient->setAutoframingOverride(autoframingValue);
6370 }
6371 }
6372 }
6373
6374 return OK;
6375 }
6376
handleSetCameraServiceWatchdog(const Vector<String16> & args)6377 status_t CameraService::handleSetCameraServiceWatchdog(const Vector<String16>& args) {
6378 int enableWatchdog = atoi(toStdString(args[1]).c_str());
6379
6380 if (enableWatchdog < 0 || enableWatchdog > 1) return BAD_VALUE;
6381
6382 Mutex::Autolock lock(mServiceLock);
6383
6384 mCameraServiceWatchdogEnabled = enableWatchdog;
6385
6386 const auto clients = mActiveClientManager.getAll();
6387 for (auto& current : clients) {
6388 if (current != nullptr) {
6389 const auto basicClient = current->getValue();
6390 if (basicClient.get() != nullptr) {
6391 basicClient->setCameraServiceWatchdog(enableWatchdog);
6392 }
6393 }
6394 }
6395
6396 return OK;
6397 }
6398
handleGetRotateAndCrop(int out)6399 status_t CameraService::handleGetRotateAndCrop(int out) {
6400 Mutex::Autolock lock(mServiceLock);
6401
6402 return dprintf(out, "rotateAndCrop override: %d\n", mOverrideRotateAndCropMode);
6403 }
6404
handleGetAutoframing(int out)6405 status_t CameraService::handleGetAutoframing(int out) {
6406 Mutex::Autolock lock(mServiceLock);
6407
6408 return dprintf(out, "autoframing override: %d\n", mOverrideAutoframingMode);
6409 }
6410
handleSetImageDumpMask(const Vector<String16> & args)6411 status_t CameraService::handleSetImageDumpMask(const Vector<String16>& args) {
6412 char *endPtr;
6413 errno = 0;
6414 std::string maskString = toStdString(args[1]);
6415 long maskValue = strtol(maskString.c_str(), &endPtr, 10);
6416
6417 if (errno != 0) return BAD_VALUE;
6418 if (endPtr != maskString.c_str() + maskString.size()) return BAD_VALUE;
6419 if (maskValue < 0 || maskValue > 1) return BAD_VALUE;
6420
6421 Mutex::Autolock lock(mServiceLock);
6422
6423 mImageDumpMask = maskValue;
6424
6425 return OK;
6426 }
6427
handleGetImageDumpMask(int out)6428 status_t CameraService::handleGetImageDumpMask(int out) {
6429 Mutex::Autolock lock(mServiceLock);
6430
6431 return dprintf(out, "Image dump mask: %d\n", mImageDumpMask);
6432 }
6433
handleSetCameraMute(const Vector<String16> & args)6434 status_t CameraService::handleSetCameraMute(const Vector<String16>& args) {
6435 int muteValue = strtol(toStdString(args[1]).c_str(), nullptr, 10);
6436 if (errno != 0) return BAD_VALUE;
6437
6438 if (muteValue < 0 || muteValue > 1) return BAD_VALUE;
6439 Mutex::Autolock lock(mServiceLock);
6440
6441 mOverrideCameraMuteMode = (muteValue == 1);
6442
6443 const auto clients = mActiveClientManager.getAll();
6444 for (auto& current : clients) {
6445 if (current != nullptr) {
6446 const auto basicClient = current->getValue();
6447 if (basicClient.get() != nullptr) {
6448 if (basicClient->supportsCameraMute()) {
6449 basicClient->setCameraMute(mOverrideCameraMuteMode);
6450 }
6451 }
6452 }
6453 }
6454
6455 return OK;
6456 }
6457
handleSetStreamUseCaseOverrides(const Vector<String16> & args)6458 status_t CameraService::handleSetStreamUseCaseOverrides(const Vector<String16>& args) {
6459 std::vector<int64_t> useCasesOverride;
6460 for (size_t i = 1; i < args.size(); i++) {
6461 int64_t useCase = ANDROID_SCALER_AVAILABLE_STREAM_USE_CASES_DEFAULT;
6462 std::string arg = toStdString(args[i]);
6463 if (arg == "DEFAULT") {
6464 useCase = ANDROID_SCALER_AVAILABLE_STREAM_USE_CASES_DEFAULT;
6465 } else if (arg == "PREVIEW") {
6466 useCase = ANDROID_SCALER_AVAILABLE_STREAM_USE_CASES_PREVIEW;
6467 } else if (arg == "STILL_CAPTURE") {
6468 useCase = ANDROID_SCALER_AVAILABLE_STREAM_USE_CASES_STILL_CAPTURE;
6469 } else if (arg == "VIDEO_RECORD") {
6470 useCase = ANDROID_SCALER_AVAILABLE_STREAM_USE_CASES_VIDEO_RECORD;
6471 } else if (arg == "PREVIEW_VIDEO_STILL") {
6472 useCase = ANDROID_SCALER_AVAILABLE_STREAM_USE_CASES_PREVIEW_VIDEO_STILL;
6473 } else if (arg == "VIDEO_CALL") {
6474 useCase = ANDROID_SCALER_AVAILABLE_STREAM_USE_CASES_VIDEO_CALL;
6475 } else if (arg == "CROPPED_RAW") {
6476 useCase = ANDROID_SCALER_AVAILABLE_STREAM_USE_CASES_CROPPED_RAW;
6477 } else {
6478 ALOGE("%s: Invalid stream use case %s", __FUNCTION__, arg.c_str());
6479 return BAD_VALUE;
6480 }
6481 useCasesOverride.push_back(useCase);
6482 }
6483
6484 Mutex::Autolock lock(mServiceLock);
6485 mStreamUseCaseOverrides = std::move(useCasesOverride);
6486
6487 return OK;
6488 }
6489
handleClearStreamUseCaseOverrides()6490 void CameraService::handleClearStreamUseCaseOverrides() {
6491 Mutex::Autolock lock(mServiceLock);
6492 mStreamUseCaseOverrides.clear();
6493 }
6494
handleSetZoomOverride(const Vector<String16> & args)6495 status_t CameraService::handleSetZoomOverride(const Vector<String16>& args) {
6496 char* end;
6497 int zoomOverrideValue = strtol(toStdString(args[1]).c_str(), &end, /*base=*/10);
6498 if ((*end != '\0') ||
6499 (zoomOverrideValue != -1 &&
6500 zoomOverrideValue != ANDROID_CONTROL_SETTINGS_OVERRIDE_OFF &&
6501 zoomOverrideValue != ANDROID_CONTROL_SETTINGS_OVERRIDE_ZOOM)) {
6502 return BAD_VALUE;
6503 }
6504
6505 Mutex::Autolock lock(mServiceLock);
6506 mZoomOverrideValue = zoomOverrideValue;
6507
6508 const auto clients = mActiveClientManager.getAll();
6509 for (auto& current : clients) {
6510 if (current != nullptr) {
6511 const auto basicClient = current->getValue();
6512 if (basicClient.get() != nullptr) {
6513 if (basicClient->supportsZoomOverride()) {
6514 basicClient->setZoomOverride(mZoomOverrideValue);
6515 }
6516 }
6517 }
6518 }
6519
6520 return OK;
6521 }
6522
handleWatchCommand(const Vector<String16> & args,int inFd,int outFd)6523 status_t CameraService::handleWatchCommand(const Vector<String16>& args, int inFd, int outFd) {
6524 if (args.size() >= 3 && args[1] == toString16("start")) {
6525 return startWatchingTags(args, outFd);
6526 } else if (args.size() == 2 && args[1] == toString16("stop")) {
6527 return stopWatchingTags(outFd);
6528 } else if (args.size() == 2 && args[1] == toString16("dump")) {
6529 return printWatchedTags(outFd);
6530 } else if (args.size() >= 2 && args[1] == toString16("live")) {
6531 return printWatchedTagsUntilInterrupt(args, inFd, outFd);
6532 } else if (args.size() == 2 && args[1] == toString16("clear")) {
6533 return clearCachedMonitoredTagDumps(outFd);
6534 }
6535 dprintf(outFd, "Camera service watch commands:\n"
6536 " start -m <comma_separated_tag_list> [-c <comma_separated_client_list>]\n"
6537 " starts watching the provided tags for clients with provided package\n"
6538 " recognizes tag shorthands like '3a'\n"
6539 " watches all clients if no client is passed, or if 'all' is listed\n"
6540 " dump dumps the monitoring information and exits\n"
6541 " stop stops watching all tags\n"
6542 " live [-n <refresh_interval_ms>]\n"
6543 " prints the monitored information in real time\n"
6544 " Hit return to exit\n"
6545 " clear clears all buffers storing information for watch command");
6546 return BAD_VALUE;
6547 }
6548
startWatchingTags(const Vector<String16> & args,int outFd)6549 status_t CameraService::startWatchingTags(const Vector<String16> &args, int outFd) {
6550 Mutex::Autolock lock(mLogLock);
6551 size_t tagsIdx; // index of '-m'
6552 String16 tags("");
6553 for (tagsIdx = 2; tagsIdx < args.size() && args[tagsIdx] != toString16("-m"); tagsIdx++);
6554 if (tagsIdx < args.size() - 1) {
6555 tags = args[tagsIdx + 1];
6556 } else {
6557 dprintf(outFd, "No tags provided.\n");
6558 return BAD_VALUE;
6559 }
6560
6561 size_t clientsIdx; // index of '-c'
6562 // watch all clients if no clients are provided
6563 String16 clients = toString16(kWatchAllClientsFlag);
6564 for (clientsIdx = 2; clientsIdx < args.size() && args[clientsIdx] != toString16("-c");
6565 clientsIdx++);
6566 if (clientsIdx < args.size() - 1) {
6567 clients = args[clientsIdx + 1];
6568 }
6569 parseClientsToWatchLocked(toStdString(clients));
6570
6571 // track tags to initialize future clients with the monitoring information
6572 mMonitorTags = toStdString(tags);
6573
6574 bool serviceLock = tryLock(mServiceLock);
6575 int numWatchedClients = 0;
6576 auto cameraClients = mActiveClientManager.getAll();
6577 for (const auto &clientDescriptor: cameraClients) {
6578 if (clientDescriptor == nullptr) { continue; }
6579 sp<BasicClient> client = clientDescriptor->getValue();
6580 if (client.get() == nullptr) { continue; }
6581
6582 if (isClientWatchedLocked(client.get())) {
6583 client->startWatchingTags(mMonitorTags, outFd);
6584 numWatchedClients++;
6585 }
6586 }
6587 dprintf(outFd, "Started watching %d active clients\n", numWatchedClients);
6588
6589 if (serviceLock) { mServiceLock.unlock(); }
6590 return OK;
6591 }
6592
stopWatchingTags(int outFd)6593 status_t CameraService::stopWatchingTags(int outFd) {
6594 // clear mMonitorTags to prevent new clients from monitoring tags at initialization
6595 Mutex::Autolock lock(mLogLock);
6596 mMonitorTags = "";
6597
6598 mWatchedClientPackages.clear();
6599 mWatchedClientsDumpCache.clear();
6600
6601 bool serviceLock = tryLock(mServiceLock);
6602 auto cameraClients = mActiveClientManager.getAll();
6603 for (const auto &clientDescriptor : cameraClients) {
6604 if (clientDescriptor == nullptr) { continue; }
6605 sp<BasicClient> client = clientDescriptor->getValue();
6606 if (client.get() == nullptr) { continue; }
6607 client->stopWatchingTags(outFd);
6608 }
6609 dprintf(outFd, "Stopped watching all clients.\n");
6610 if (serviceLock) { mServiceLock.unlock(); }
6611 return OK;
6612 }
6613
clearCachedMonitoredTagDumps(int outFd)6614 status_t CameraService::clearCachedMonitoredTagDumps(int outFd) {
6615 Mutex::Autolock lock(mLogLock);
6616 size_t clearedSize = mWatchedClientsDumpCache.size();
6617 mWatchedClientsDumpCache.clear();
6618 dprintf(outFd, "Cleared tag information of %zu cached clients.\n", clearedSize);
6619 return OK;
6620 }
6621
printWatchedTags(int outFd)6622 status_t CameraService::printWatchedTags(int outFd) {
6623 Mutex::Autolock logLock(mLogLock);
6624 std::set<std::string> connectedMonitoredClients;
6625
6626 bool printedSomething = false; // tracks if any monitoring information was printed
6627 // (from either cached or active clients)
6628
6629 bool serviceLock = tryLock(mServiceLock);
6630 // get all watched clients that are currently connected
6631 for (const auto &clientDescriptor: mActiveClientManager.getAll()) {
6632 if (clientDescriptor == nullptr) { continue; }
6633
6634 sp<BasicClient> client = clientDescriptor->getValue();
6635 if (client.get() == nullptr) { continue; }
6636 if (!isClientWatchedLocked(client.get())) { continue; }
6637
6638 std::vector<std::string> dumpVector;
6639 client->dumpWatchedEventsToVector(dumpVector);
6640
6641 size_t printIdx = dumpVector.size();
6642 if (printIdx == 0) {
6643 continue;
6644 }
6645
6646 // Print tag dumps for active client
6647 const std::string &cameraId = clientDescriptor->getKey();
6648 dprintf(outFd, "Client: %s (active)\n", client->getPackageName().c_str());
6649 while(printIdx > 0) {
6650 printIdx--;
6651 dprintf(outFd, "%s:%s %s", cameraId.c_str(), client->getPackageName().c_str(),
6652 dumpVector[printIdx].c_str());
6653 }
6654 dprintf(outFd, "\n");
6655 printedSomething = true;
6656
6657 connectedMonitoredClients.emplace(client->getPackageName());
6658 }
6659 if (serviceLock) { mServiceLock.unlock(); }
6660
6661 // Print entries in mWatchedClientsDumpCache for clients that are not connected
6662 for (const auto &kv: mWatchedClientsDumpCache) {
6663 const std::string &package = kv.first;
6664 if (connectedMonitoredClients.find(package) != connectedMonitoredClients.end()) {
6665 continue;
6666 }
6667
6668 dprintf(outFd, "Client: %s (cached)\n", package.c_str());
6669 dprintf(outFd, "%s\n", kv.second.c_str());
6670 printedSomething = true;
6671 }
6672
6673 if (!printedSomething) {
6674 dprintf(outFd, "No monitoring information to print.\n");
6675 }
6676
6677 return OK;
6678 }
6679
6680 // Print all events in vector `events' that came after lastPrintedEvent
printNewWatchedEvents(int outFd,const std::string & cameraId,const std::string & packageName,const std::vector<std::string> & events,const std::string & lastPrintedEvent)6681 void printNewWatchedEvents(int outFd,
6682 const std::string &cameraId,
6683 const std::string &packageName,
6684 const std::vector<std::string> &events,
6685 const std::string &lastPrintedEvent) {
6686 if (events.empty()) { return; }
6687
6688 // index of lastPrintedEvent in events.
6689 // lastPrintedIdx = events.size() if lastPrintedEvent is not in events
6690 size_t lastPrintedIdx;
6691 for (lastPrintedIdx = 0;
6692 lastPrintedIdx < events.size() && lastPrintedEvent != events[lastPrintedIdx];
6693 lastPrintedIdx++);
6694
6695 if (lastPrintedIdx == 0) { return; } // early exit if no new event in `events`
6696
6697 // print events in chronological order (latest event last)
6698 size_t idxToPrint = lastPrintedIdx;
6699 do {
6700 idxToPrint--;
6701 dprintf(outFd, "%s:%s %s", cameraId.c_str(), packageName.c_str(),
6702 events[idxToPrint].c_str());
6703 } while (idxToPrint != 0);
6704 }
6705
6706 // Returns true if adb shell cmd watch should be interrupted based on data in inFd. The watch
6707 // command should be interrupted if the user presses the return key, or if user loses any way to
6708 // signal interrupt.
6709 // If timeoutMs == 0, this function will always return false
shouldInterruptWatchCommand(int inFd,int outFd,long timeoutMs)6710 bool shouldInterruptWatchCommand(int inFd, int outFd, long timeoutMs) {
6711 struct timeval startTime;
6712 int startTimeError = gettimeofday(&startTime, nullptr);
6713 if (startTimeError) {
6714 dprintf(outFd, "Failed waiting for interrupt, aborting.\n");
6715 return true;
6716 }
6717
6718 const nfds_t numFds = 1;
6719 struct pollfd pollFd = { .fd = inFd, .events = POLLIN, .revents = 0 };
6720
6721 struct timeval currTime;
6722 char buffer[2];
6723 while(true) {
6724 int currTimeError = gettimeofday(&currTime, nullptr);
6725 if (currTimeError) {
6726 dprintf(outFd, "Failed waiting for interrupt, aborting.\n");
6727 return true;
6728 }
6729
6730 long elapsedTimeMs = ((currTime.tv_sec - startTime.tv_sec) * 1000L)
6731 + ((currTime.tv_usec - startTime.tv_usec) / 1000L);
6732 int remainingTimeMs = (int) (timeoutMs - elapsedTimeMs);
6733
6734 if (remainingTimeMs <= 0) {
6735 // No user interrupt within timeoutMs, don't interrupt watch command
6736 return false;
6737 }
6738
6739 int numFdsUpdated = poll(&pollFd, numFds, remainingTimeMs);
6740 if (numFdsUpdated < 0) {
6741 dprintf(outFd, "Failed while waiting for user input. Exiting.\n");
6742 return true;
6743 }
6744
6745 if (numFdsUpdated == 0) {
6746 // No user input within timeoutMs, don't interrupt watch command
6747 return false;
6748 }
6749
6750 if (!(pollFd.revents & POLLIN)) {
6751 dprintf(outFd, "Failed while waiting for user input. Exiting.\n");
6752 return true;
6753 }
6754
6755 ssize_t sizeRead = read(inFd, buffer, sizeof(buffer) - 1);
6756 if (sizeRead < 0) {
6757 dprintf(outFd, "Error reading user input. Exiting.\n");
6758 return true;
6759 }
6760
6761 if (sizeRead == 0) {
6762 // Reached end of input fd (can happen if input is piped)
6763 // User has no way to signal an interrupt, so interrupt here
6764 return true;
6765 }
6766
6767 if (buffer[0] == '\n') {
6768 // User pressed return, interrupt watch command.
6769 return true;
6770 }
6771 }
6772 }
6773
printWatchedTagsUntilInterrupt(const Vector<String16> & args,int inFd,int outFd)6774 status_t CameraService::printWatchedTagsUntilInterrupt(const Vector<String16> &args,
6775 int inFd, int outFd) {
6776 // Figure out refresh interval, if present in args
6777 long refreshTimeoutMs = 1000L; // refresh every 1s by default
6778 if (args.size() > 2) {
6779 size_t intervalIdx; // index of '-n'
6780 for (intervalIdx = 2; intervalIdx < args.size() && toString16("-n") != args[intervalIdx];
6781 intervalIdx++);
6782
6783 size_t intervalValIdx = intervalIdx + 1;
6784 if (intervalValIdx < args.size()) {
6785 refreshTimeoutMs = strtol(toStdString(args[intervalValIdx]).c_str(), nullptr, 10);
6786 if (errno) { return BAD_VALUE; }
6787 }
6788 }
6789
6790 // Set min timeout of 10ms. This prevents edge cases in polling when timeout of 0 is passed.
6791 refreshTimeoutMs = refreshTimeoutMs < 10 ? 10 : refreshTimeoutMs;
6792
6793 dprintf(outFd, "Press return to exit...\n\n");
6794 std::map<std::string, std::string> packageNameToLastEvent;
6795
6796 while (true) {
6797 bool serviceLock = tryLock(mServiceLock);
6798 auto cameraClients = mActiveClientManager.getAll();
6799 if (serviceLock) { mServiceLock.unlock(); }
6800
6801 for (const auto& clientDescriptor : cameraClients) {
6802 Mutex::Autolock lock(mLogLock);
6803 if (clientDescriptor == nullptr) { continue; }
6804
6805 sp<BasicClient> client = clientDescriptor->getValue();
6806 if (client.get() == nullptr) { continue; }
6807 if (!isClientWatchedLocked(client.get())) { continue; }
6808
6809 const std::string &packageName = client->getPackageName();
6810 // This also initializes the map entries with an empty string
6811 const std::string& lastPrintedEvent = packageNameToLastEvent[packageName];
6812
6813 std::vector<std::string> latestEvents;
6814 client->dumpWatchedEventsToVector(latestEvents);
6815
6816 if (!latestEvents.empty()) {
6817 printNewWatchedEvents(outFd,
6818 clientDescriptor->getKey(),
6819 packageName,
6820 latestEvents,
6821 lastPrintedEvent);
6822 packageNameToLastEvent[packageName] = latestEvents[0];
6823 }
6824 }
6825 if (shouldInterruptWatchCommand(inFd, outFd, refreshTimeoutMs)) {
6826 break;
6827 }
6828 }
6829 return OK;
6830 }
6831
parseClientsToWatchLocked(const std::string & clients)6832 void CameraService::parseClientsToWatchLocked(const std::string &clients) {
6833 mWatchedClientPackages.clear();
6834
6835 std::istringstream iss(clients);
6836 std::string nextClient;
6837
6838 while (std::getline(iss, nextClient, ',')) {
6839 if (nextClient == kWatchAllClientsFlag) {
6840 // Don't need to track any other package if 'all' is present
6841 mWatchedClientPackages.clear();
6842 mWatchedClientPackages.emplace(kWatchAllClientsFlag);
6843 break;
6844 }
6845
6846 // track package names
6847 mWatchedClientPackages.emplace(nextClient);
6848 }
6849 }
6850
printHelp(int out)6851 status_t CameraService::printHelp(int out) {
6852 return dprintf(out, "Camera service commands:\n"
6853 " get-uid-state <PACKAGE> [--user USER_ID] gets the uid state\n"
6854 " set-uid-state <PACKAGE> <active|idle> [--user USER_ID] overrides the uid state\n"
6855 " reset-uid-state <PACKAGE> [--user USER_ID] clears the uid state override\n"
6856 " set-rotate-and-crop <ROTATION> overrides the rotate-and-crop value for AUTO backcompat\n"
6857 " Valid values 0=0 deg, 1=90 deg, 2=180 deg, 3=270 deg, 4=No override\n"
6858 " get-rotate-and-crop returns the current override rotate-and-crop value\n"
6859 " set-autoframing <VALUE> overrides the autoframing value for AUTO\n"
6860 " Valid values 0=false, 1=true, 2=auto\n"
6861 " get-autoframing returns the current override autoframing value\n"
6862 " set-image-dump-mask <MASK> specifies the formats to be saved to disk\n"
6863 " Valid values 0=OFF, 1=ON for JPEG\n"
6864 " get-image-dump-mask returns the current image-dump-mask value\n"
6865 " set-camera-mute <0/1> enable or disable camera muting\n"
6866 " set-stream-use-case-override <usecase1> <usecase2> ... override stream use cases\n"
6867 " Use cases applied in descending resolutions. So usecase1 is assigned to the\n"
6868 " largest resolution, usecase2 is assigned to the 2nd largest resolution, and so\n"
6869 " on. In case the number of usecases is smaller than the number of streams, the\n"
6870 " last use case is assigned to all the remaining streams. In case of multiple\n"
6871 " streams with the same resolution, the tie-breaker is (JPEG, RAW, YUV, and PRIV)\n"
6872 " Valid values are (case sensitive): DEFAULT, PREVIEW, STILL_CAPTURE, VIDEO_RECORD,\n"
6873 " PREVIEW_VIDEO_STILL, VIDEO_CALL, CROPPED_RAW\n"
6874 " clear-stream-use-case-override clear the stream use case override\n"
6875 " set-zoom-override <-1/0/1> enable or disable zoom override\n"
6876 " Valid values -1: do not override, 0: override to OFF, 1: override to ZOOM\n"
6877 " set-watchdog <VALUE> enables or disables the camera service watchdog\n"
6878 " Valid values 0=disable, 1=enable\n"
6879 " watch <start|stop|dump|print|clear> manages tag monitoring in connected clients\n"
6880 " help print this message\n");
6881 }
6882
isClientWatched(const BasicClient * client)6883 bool CameraService::isClientWatched(const BasicClient *client) {
6884 Mutex::Autolock lock(mLogLock);
6885 return isClientWatchedLocked(client);
6886 }
6887
isClientWatchedLocked(const BasicClient * client)6888 bool CameraService::isClientWatchedLocked(const BasicClient *client) {
6889 return mWatchedClientPackages.find(kWatchAllClientsFlag) != mWatchedClientPackages.end() ||
6890 mWatchedClientPackages.find(client->getPackageName()) != mWatchedClientPackages.end();
6891 }
6892
updateAudioRestriction()6893 int32_t CameraService::updateAudioRestriction() {
6894 Mutex::Autolock lock(mServiceLock);
6895 return updateAudioRestrictionLocked();
6896 }
6897
updateAudioRestrictionLocked()6898 int32_t CameraService::updateAudioRestrictionLocked() {
6899 int32_t mode = 0;
6900 // iterate through all active client
6901 for (const auto& i : mActiveClientManager.getAll()) {
6902 const auto clientSp = i->getValue();
6903 mode |= clientSp->getAudioRestriction();
6904 }
6905
6906 bool modeChanged = (mAudioRestriction != mode);
6907 mAudioRestriction = mode;
6908 if (modeChanged) {
6909 mAppOps.setCameraAudioRestriction(mode);
6910 }
6911 return mode;
6912 }
6913
checkIfInjectionCameraIsPresent(const std::string & externalCamId,sp<BasicClient> clientSp)6914 status_t CameraService::checkIfInjectionCameraIsPresent(const std::string& externalCamId,
6915 sp<BasicClient> clientSp) {
6916 std::unique_ptr<AutoConditionLock> lock =
6917 AutoConditionLock::waitAndAcquire(mServiceLockWrapper);
6918 status_t res = NO_ERROR;
6919 if ((res = checkIfDeviceIsUsable(externalCamId)) != NO_ERROR) {
6920 ALOGW("Device %s is not usable!", externalCamId.c_str());
6921 mInjectionStatusListener->notifyInjectionError(
6922 externalCamId, UNKNOWN_TRANSACTION);
6923 clientSp->notifyError(
6924 hardware::camera2::ICameraDeviceCallbacks::ERROR_CAMERA_DISCONNECTED,
6925 CaptureResultExtras());
6926
6927 // Do not hold mServiceLock while disconnecting clients, but retain the condition blocking
6928 // other clients from connecting in mServiceLockWrapper if held
6929 mServiceLock.unlock();
6930
6931 // Clear caller identity temporarily so client disconnect PID checks work correctly
6932 int64_t token = clearCallingIdentity();
6933 clientSp->disconnect();
6934 restoreCallingIdentity(token);
6935
6936 // Reacquire mServiceLock
6937 mServiceLock.lock();
6938 }
6939
6940 return res;
6941 }
6942
clearInjectionParameters()6943 void CameraService::clearInjectionParameters() {
6944 {
6945 Mutex::Autolock lock(mInjectionParametersLock);
6946 mInjectionInitPending = false;
6947 mInjectionInternalCamId = "";
6948 }
6949 mInjectionExternalCamId = "";
6950 mInjectionStatusListener->removeListener();
6951 }
6952
6953 } // namespace android
6954