• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1page.title=Automotive
2@jd:body
3
4<!--
5    Copyright 2016 The Android Open Source Project
6
7    Licensed under the Apache License, Version 2.0 (the "License");
8    you may not use this file except in compliance with the License.
9    You may obtain a copy of the License at
10
11        http://www.apache.org/licenses/LICENSE-2.0
12
13    Unless required by applicable law or agreed to in writing, software
14    distributed under the License is distributed on an "AS IS" BASIS,
15    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16    See the License for the specific language governing permissions and
17    limitations under the License.
18-->
19<div id="qv-wrapper">
20  <div id="qv">
21    <h2>In this document</h2>
22    <ol id="auto-toc">
23    </ol>
24  </div>
25</div>
26
27<img style="float: right; margin: 0px 15px 15px 15px;"
28src="images/ape_fwk_hal_vehicle.png" alt="Android vehicle HAL icon"/>
29
30<p>Many car subsystems interconnect with each other and the in-vehicle
31infotainment (IVI) system via various bus topologies. The exact bus type and
32protocols vary widely between manufacturers (and even between different vehicle
33models of the same brand); examples include Controller Area Network (CAN) bus,
34Local Interconnect Network (LIN) bus, Media Oriented Systems Transport (MOST),
35as well as automotive-grade Ethernet and TCP/IP networks such as BroadR-Reach.
36</p>
37<p>Android Automotive has a hardware abstraction layer (HAL) that provides a
38consistent interface to the Android framework regardless of physical transport
39layer. This vehicle HAL is the interface for developing Android Automotive
40implementations.</p>
41<p>System integrators can implement a vehicle HAL module by connecting
42function-specific platform HAL interfaces (e.g. HVAC) with technology-specific
43network interfaces (e.g. CAN bus). Typical implementations may include a
44dedicated Microcontroller Unit (MCU) running a proprietary real-time operating
45system (RTOS) for CAN bus access or similar, which may be connected via a serial
46link to the CPU running Android Automotive. Instead of a dedicated MCU, it may
47also be possible to implement the bus access as a virtualized CPU. It is up to
48each partner to choose the architecture suitable for the hardware as long as the
49implementation fulfills the interface requirements for the vehicle HAL.</p>
50
51<h2 id=arch>Architecture</h2>
52<p>The vehicle HAL is the interface definition between the car and the vehicle
53network service:</p>
54
55<img src="images/vehicle_hal_arch.png" alt="Android vehicle HAL architecture">
56<p class="img-caption"><strong>Figure 1</strong>. Vehicle HAL and Android
57automotive architecture</p>
58
59<ul>
60<li><strong>Car API</strong>. Contains the APIs such as CarHvacManager,
61CarSensorManager, and CarCameraManager. For details on all supported APIs,
62refer to <code>/platform/packages/services/Car/car-lib</code>.</li>
63<li><strong>CarService</strong>. Located at
64<code>/platform/packages/services/Car/</code>.</li>
65<li><strong>VehicleNetworkService</strong>. Controls vehicle HAL with built-in
66security. Access restricted to system components only (non-system components
67such as third party apps should use car API instead). OEMs can control access
68using <code>vns_policy.xml</code> and <code>vendor_vns_policy.xml</code>.
69Located at <code>/platform/packages/services/Car/vehicle_network_service/</code>;
70for libraries to access the vehicle network, refer to
71<code>/platform/packages/services/Car/libvehiclenetwork/</code>.</li>
72<li><strong>Vehicle HAL</strong>. Interface that defines the properties OEMs can
73implement and contains property metadata (for example, whether the property is
74an int and which change modes are allowed). Located at
75<code>hardware/libhardware/include/hardware/vehicle.h</code>. For a basic
76reference implementation, refer to
77<code>hardware/libhardware/modules/vehicle/</code>.</li>
78</ul>
79
80<h2 id=prop>Vehicle properties</h2>
81<p>The vehicle HAL interface is based on accessing (read, write, subscribe) a
82property, which is an abstraction for a specific function. Properties can be
83read-only, write-only (used to pass information to vehicle HAL level), or read
84and write. Support of most properties is optional.</p>
85<p>Each property is uniquely identified by an int32 key and has a predefined
86type (<code>value_type</code>):</p>
87
88<ul>
89<li><code>INT32</code> (and array), <code>INT64</code>, <code>BOOLEAN</code>,
90<code>FLOAT</code> (and array), string, bytes.</li>
91<li>Zoned type has zone in addition to value.</li>
92</ul>
93
94<h3 id-=zone_type>Zone types</h3>
95<p>The vehicle HAL defines three zone types:</p>
96<ul>
97<li><code>vehicle_zone</code>: Zone based on rows.</li>
98<li><code>vehicle_seat</code>: Zone based on seats.</li>
99<li><code>vehicle_window</code>: Zone based on windows.</li>
100</ul>
101<p>Each zoned property should use pre-defined zone type. If necessary, you can
102use a custom zone type for each property (for details, see
103<a href=#prop_custom>Handling custom properties</a>).</p>
104
105<h3 id=prop_config>Configuring a property</h3>
106<p>Use <code>vehicle_prop_config_t</code> to provide configuration information
107for each property. Information includes:</p>
108<ul>
109<li><code>access</code> (r, w, rw)</li>
110<li><code>change_mode</code> (represents how property is monitored: on change vs
111continuous)</li>
112<li><code>min_value</code> (int32, float, int64), <code>max_value</code> (int32,
113float, int64)</li>
114<li><code>min_sample_rate</code>, <code>max_sample_rate</code></li>
115<li><code>permission_model</code></li>
116<li><code>prop</code> (Property ID, int)</li>
117<li><code>value_type</code></li>
118<li><code>zone_flags</code> (represents supported zones as bit flags)</li>
119</ul>
120<p>In addition, some properties have specific configuration flags to represent
121capability.</p>
122
123<h2 id=interfaces>HAL interfaces</h2>
124<p>The vehicle HAL uses the following interfaces:</p>
125<ul>
126<li><code>vehicle_prop_config_t const *(*list_properties)(..., int*
127num_properties)</code>. List configuration of all properties supported by the
128vehicle HAL. Only supported properties will be used by vehicle network service.
129</li>
130<li><code>(*get)(..., vehicle_prop_value_t *data)</code>. Read the current value
131of the property. For zoned property, each zone may have different value.</li>
132<li><code>(*set)(..., const vehicle_prop_value_t *data)</code>. Write a value to
133property. Result of write is defined per each property.</li>
134<li><code>(*subscribe)(..., int32_t prop, float sample_rate, int32_t
135zones)</code>.<ul>
136<li>Start monitoring property value's change. For zoned property, subscription
137applies to requested zones. Zones = 0 is used to request all zones supported.
138</li>
139<li>Vehicle HAL should call separate callback when the property's value changes
140(=on change) or in const interval (=continuous type).</ul></li>
141<li><code>(*release_memory_from_get)(struct vehicle_hw_device* device,
142vehicle_prop_value_t *data)</code>. Release memory allocated from get call.</ul>
143</li>
144</ul>
145
146<p>The vehicle HAL uses the following callback interfaces:</p>
147<ul>
148<li><code>(*vehicle_event_callback_fn)(const vehicle_prop_value_t
149*event_data)</code>. Notifies vehicle property's value change. Should be done
150only for subscribed properties.</li>
151<li><code>(*vehicle_error_callback_fn)(int32_t error_code, int32_t property,
152int32_t operation).</code> Return global vehicle HAL level error or error per
153each property. Global error causes HAL restart, which can lead to restarting
154other components, including applications.</li>
155</ul>
156
157<h2 id=zone_prop>Handling zone properties</h2>
158<p>A zoned property is equivalent to a collection of multiple properties where
159each sub property is accessible by specified zone value.</p>
160<ul>
161<li><code>get</code> call for zoned property always includes zone in request, so
162only the current value for the requested zone should be returned.</li>
163<li><code>set</code> call for zoned property always includes zone in request, so
164only the requested zone should be changed.</li>
165<li><code>subscribe</code> call includes flags of all zones subscribed. Events
166from un-subscribed zones should not be reported.</li>
167</ul>
168
169<h3 id=get>Get calls</h3>
170<p>During initialization, the value for the property may not be available yet as
171the matching vehicle network message has not yet been received. In such cases,
172the <code>get</code> call should return <code>-EAGAIN</code>. Some properties
173(such as HVAC) have separate on/off power property. Calling <code>get</code> for
174such a property (when powered off) should return a special value
175<code>(VEHICLE_INT_OUT_OF_RANGE_OFF/VEHICLE_FLOAT_OUT_OF_RANGE_OFF)</code>
176rather than returning an error.</p>
177<p>In addition, some properties (such as HVAC temperature) can have a value to
178indicate it is in max power mode rather than in specific temperature value. In
179such cases, use special values to represent such state.</p>
180<ul>
181<li>VEHICLE_INT_OUT_OF_RANGE_MAX/MIN</li>
182<li>VEHICLE_FLOAT_OUT_OF_RANGE_MAX/MIN</li>
183</ul>
184
185<p>Example: get HVAC Temperature</p>
186<img src="images/vehicle_hvac_get.png" alt="Vehicle HAL get HVAC example">
187<p class="img-caption"><strong>Figure 2</strong>. Get HVAC temperature (CD =
188CarService, VNS = VehicleNetworkService, VHAL = Vehicle HAL)</p>
189
190<h3 id=set>Set calls</h3>
191<p>A <code>set</code> call is an asynchronous operation involving event
192notification after a requested change is made. In a typical operation, a
193<code>set</code> call leads to making a change request across vehicle network.
194When the change is performed by the electronic control unit (ECU) owning the
195property, the updated value is returned through vehicle network and the vehicle
196HAL sends an updated value as an event to vehicle network service (VNS).</p>
197<p>Some <code>set</code> calls may require initial data to be ready but during
198initialization, such data may not be available yet. In such cases, the
199<code>set</code> call should return <code>-EAGAIN</code>. Some properties with
200separate power on /off should return <code>-ESHUTDOWN</code> when the property
201is powered off and set cannot be done.</p>
202<p>Until <code>set</code> is made effective, <code>get</code> does not
203necessarily return the same value as what is set. The exception is a property
204with change mode of <code>VEHICLE_PROP_CHANGE_MODE_ON_SET.</code> This property
205notifies change only when it is set by external component outside Android (for
206example, clock properties such as <code>VEHICLE_PROPERTY_UNIX_TIME</code>).</p>
207
208<p>Example: set HVAC Temperature</p>
209<img src="images/vehicle_hvac_set.png" alt="Vehicle HAL set HVAC example">
210<p class="img-caption"><strong>Figure 3</strong>. Set HVAC temperature (CD =
211CarService, VNS = VehicleNetworkService, VHAL = Vehicle HAL)</p>
212
213<h2 id=prop_custom>Handling custom properties</h2>
214<p>To support partner-specific needs, the vehicle HAL allows custom properties
215that are restricted to system apps. Use the following guidelines when working
216with custom properties:</p>
217<ul>
218<li>Key should be in [<code>VEHICLE_PROPERTY_CUSTOM_START,
219VEHICLE_PROPERTY_CUSTOM_END</code>] range. Other ranges are reserved for future
220extension; using such ranges can cause conflicts in future Android releases.</li>
221<li>Use only defined <code>value_type</code>. BYTES type allows passing raw
222data, so this is enough in most cases. Sending big data frequently through
223custom properties can slow down the whole vehicle network access, so be careful
224when you add a big payload.</li>
225<li>Add access policy into <code>vendor_vns_policy.xml</code> (otherwise, all
226access will be rejected).</li>
227<li>Access via <code>VendorExtensionManager</code> (for Java components) or
228via Vehicle Network Service API (for native). Do not modify other car APIs as it
229can lead to compatibility issues in the future.</li>
230</ul>
231
232<h2 id=prop_hvac>Handling HVAC properties</h2>
233<p>You can use the vehicle HAL to control HVAC by setting HVAC-related
234properties. Most HVAC properties are zoned properties, but a few are non-zoned
235(global) properties. Example properties defined include:</p>
236<ul>
237<li><code>VEHICLE_PROPERTY_HVAC_TEMPERATURE_SET</code> (set temperature per each
238zone).</li>
239<li><code>VEHICLE_PROPERTY_HVAC_RECIRC_ON</code> (control recirculation per each
240zone).</li>
241</ul>
242<p>For full list of HVAC properties, search for
243<code>VEHICLE_PROPERTY_HVAC_*</code> in <code>vehicle.h</code>.</p>
244
245<h2 id=prop_sensor>Handling sensor properties</h2>
246<p>Vehicle HAL sensor properties represent real sensor data or policy
247information such as driving status. Some sensor information (such as driving
248status and day/night mode) is accessible by any app without restriction as the
249data is mandatory to build a safe vehicle application. Other sensor information
250(such as vehicle speed) is more sensitive and requires specific permissions that
251users can manage.</p>
252<p>Supported sensor properties include:</p>
253<ul>
254<li><code>DRIVING_STATUS</code> (should support). Represents allowed operations
255in the current driving state. This information is used to block unsafe
256applications while driving.</li>
257<li><code>NIGHT_MODE</code> (should support). Determines day/night mode of
258display.</li>
259<li><code>GEAR_SELECTION/CURRENT_GEAR</code>. Gear selected by driver vs.
260actual gear.</li>
261<li><code>VEHICLE_SPEED</code>. Vehicle speed. Protected with permission.</li>
262<li><code>ODOMETER</code>. Current odometer reading. Protected with permission.
263</li>
264<li><code>FUEL_LEVEL</code>. Current fuel level in %.</li>
265<li><code>FUEL_LEVEL_LOW</code>. Fuel level is low or not (boolean).</li>
266</ul>
267
268<h2 id=security>Security</h2>
269<p>The vehicle HAL supports three levels of security for accessing data:</p>
270<ul>
271<li>System only (controlled by <code>vns_policy.xml</code>)</li>
272<li>Accessible to app with permission (through car service)</li>
273<li>Accessible without permission (through car service)</li>
274</ul>
275<p>Direct access to vehicle properties is allowed only to selected system
276components with vehicle network service acting as the gatekeeper. Most
277applications go through additional gatekeeping by car service (for example, only
278system applications can control HVAC as it requires system permission granted
279only to system apps).</p>
280
281<h2 id=validation>Validation</h2>
282<p>AOSP includes the following testing resources for use in development:</p>
283<ul>
284<li><code>hardware/libhardware/tests/vehicle/vehicle-hal-tool.c</code>.
285Command-line native tool to load vehicle HAL and do simple operations. Useful
286for getting the system up and running in the early stages of development.</li>
287<li><code>packages/services/Car/tests/carservice_test/</code>. Contains car
288service testing with mocked vehicle HAL properties. For each property, expected
289behavior is implemented in the test. This can be a good starting point to
290understand expected behavior.</li>
291<li><code>hardware/libhardware/modules/vehicle/</code>. A basic reference
292implementation.</li>
293</ul>
294