1 /*
2 * Copyright (C) 2008 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #define LOG_TAG "CameraService"
18 #define ATRACE_TAG ATRACE_TAG_CAMERA
19 //#define LOG_NDEBUG 0
20
21 #include <algorithm>
22 #include <climits>
23 #include <stdio.h>
24 #include <cstring>
25 #include <ctime>
26 #include <string>
27 #include <sys/types.h>
28 #include <inttypes.h>
29 #include <pthread.h>
30
31 #include <android/hardware/ICamera.h>
32 #include <android/hardware/ICameraClient.h>
33
34 #include <binder/AppOpsManager.h>
35 #include <binder/IPCThreadState.h>
36 #include <binder/IServiceManager.h>
37 #include <binder/MemoryBase.h>
38 #include <binder/MemoryHeapBase.h>
39 #include <binder/ProcessInfoService.h>
40 #include <cutils/atomic.h>
41 #include <cutils/properties.h>
42 #include <gui/Surface.h>
43 #include <hardware/hardware.h>
44 #include <memunreachable/memunreachable.h>
45 #include <media/AudioSystem.h>
46 #include <media/IMediaHTTPService.h>
47 #include <media/mediaplayer.h>
48 #include <mediautils/BatteryNotifier.h>
49 #include <utils/Errors.h>
50 #include <utils/Log.h>
51 #include <utils/String16.h>
52 #include <utils/Trace.h>
53 #include <private/android_filesystem_config.h>
54 #include <system/camera_vendor_tags.h>
55 #include <system/camera_metadata.h>
56 #include <system/camera.h>
57
58 #include "CameraService.h"
59 #include "api1/CameraClient.h"
60 #include "api1/Camera2Client.h"
61 #include "api2/CameraDeviceClient.h"
62 #include "utils/CameraTraces.h"
63
64 namespace {
65 const char* kPermissionServiceName = "permission";
66 }; // namespace anonymous
67
68 namespace android {
69
70 using binder::Status;
71 using namespace hardware;
72
73 // ----------------------------------------------------------------------------
74 // Logging support -- this is for debugging only
75 // Use "adb shell dumpsys media.camera -v 1" to change it.
76 volatile int32_t gLogLevel = 0;
77
78 #define LOG1(...) ALOGD_IF(gLogLevel >= 1, __VA_ARGS__);
79 #define LOG2(...) ALOGD_IF(gLogLevel >= 2, __VA_ARGS__);
80
setLogLevel(int level)81 static void setLogLevel(int level) {
82 android_atomic_write(level, &gLogLevel);
83 }
84
85 // Convenience methods for constructing binder::Status objects for error returns
86
87 #define STATUS_ERROR(errorCode, errorString) \
88 binder::Status::fromServiceSpecificError(errorCode, \
89 String8::format("%s:%d: %s", __FUNCTION__, __LINE__, errorString))
90
91 #define STATUS_ERROR_FMT(errorCode, errorString, ...) \
92 binder::Status::fromServiceSpecificError(errorCode, \
93 String8::format("%s:%d: " errorString, __FUNCTION__, __LINE__, \
94 __VA_ARGS__))
95
96 // ----------------------------------------------------------------------------
97
98 extern "C" {
camera_device_status_change(const struct camera_module_callbacks * callbacks,int camera_id,int new_status)99 static void camera_device_status_change(
100 const struct camera_module_callbacks* callbacks,
101 int camera_id,
102 int new_status) {
103 sp<CameraService> cs = const_cast<CameraService*>(
104 static_cast<const CameraService*>(callbacks));
105
106 cs->onDeviceStatusChanged(static_cast<camera_device_status_t>(camera_id),
107 static_cast<camera_device_status_t>(new_status));
108 }
109
torch_mode_status_change(const struct camera_module_callbacks * callbacks,const char * camera_id,int new_status)110 static void torch_mode_status_change(
111 const struct camera_module_callbacks* callbacks,
112 const char* camera_id,
113 int new_status) {
114 if (!callbacks || !camera_id) {
115 ALOGE("%s invalid parameters. callbacks %p, camera_id %p", __FUNCTION__,
116 callbacks, camera_id);
117 }
118 sp<CameraService> cs = const_cast<CameraService*>(
119 static_cast<const CameraService*>(callbacks));
120
121 int32_t status;
122 switch (new_status) {
123 case TORCH_MODE_STATUS_NOT_AVAILABLE:
124 status = ICameraServiceListener::TORCH_STATUS_NOT_AVAILABLE;
125 break;
126 case TORCH_MODE_STATUS_AVAILABLE_OFF:
127 status = ICameraServiceListener::TORCH_STATUS_AVAILABLE_OFF;
128 break;
129 case TORCH_MODE_STATUS_AVAILABLE_ON:
130 status = ICameraServiceListener::TORCH_STATUS_AVAILABLE_ON;
131 break;
132 default:
133 ALOGE("Unknown torch status %d", new_status);
134 return;
135 }
136
137 cs->onTorchStatusChanged(
138 String8(camera_id),
139 status);
140 }
141 } // extern "C"
142
143 // ----------------------------------------------------------------------------
144
145 // This is ugly and only safe if we never re-create the CameraService, but
146 // should be ok for now.
147 static CameraService *gCameraService;
148
CameraService()149 CameraService::CameraService() :
150 mEventLog(DEFAULT_EVENT_LOG_LENGTH),
151 mNumberOfCameras(0), mNumberOfNormalCameras(0),
152 mSoundRef(0), mModule(nullptr) {
153 ALOGI("CameraService started (pid=%d)", getpid());
154 gCameraService = this;
155
156 this->camera_device_status_change = android::camera_device_status_change;
157 this->torch_mode_status_change = android::torch_mode_status_change;
158
159 mServiceLockWrapper = std::make_shared<WaitableMutexWrapper>(&mServiceLock);
160 }
161
onFirstRef()162 void CameraService::onFirstRef()
163 {
164 ALOGI("CameraService process starting");
165
166 BnCameraService::onFirstRef();
167
168 // Update battery life tracking if service is restarting
169 BatteryNotifier& notifier(BatteryNotifier::getInstance());
170 notifier.noteResetCamera();
171 notifier.noteResetFlashlight();
172
173 camera_module_t *rawModule;
174 int err = hw_get_module(CAMERA_HARDWARE_MODULE_ID,
175 (const hw_module_t **)&rawModule);
176 if (err < 0) {
177 ALOGE("Could not load camera HAL module: %d (%s)", err, strerror(-err));
178 logServiceError("Could not load camera HAL module", err);
179 return;
180 }
181
182 mModule = new CameraModule(rawModule);
183 err = mModule->init();
184 if (err != OK) {
185 ALOGE("Could not initialize camera HAL module: %d (%s)", err,
186 strerror(-err));
187 logServiceError("Could not initialize camera HAL module", err);
188
189 delete mModule;
190 mModule = nullptr;
191 return;
192 }
193 ALOGI("Loaded \"%s\" camera module", mModule->getModuleName());
194
195 mNumberOfCameras = mModule->getNumberOfCameras();
196 mNumberOfNormalCameras = mNumberOfCameras;
197
198 // Setup vendor tags before we call get_camera_info the first time
199 // because HAL might need to setup static vendor keys in get_camera_info
200 VendorTagDescriptor::clearGlobalVendorTagDescriptor();
201 if (mModule->getModuleApiVersion() >= CAMERA_MODULE_API_VERSION_2_2) {
202 setUpVendorTags();
203 }
204
205 mFlashlight = new CameraFlashlight(*mModule, *this);
206 status_t res = mFlashlight->findFlashUnits();
207 if (res) {
208 // impossible because we haven't open any camera devices.
209 ALOGE("Failed to find flash units.");
210 }
211
212 int latestStrangeCameraId = INT_MAX;
213 for (int i = 0; i < mNumberOfCameras; i++) {
214 String8 cameraId = String8::format("%d", i);
215
216 // Get camera info
217
218 struct camera_info info;
219 bool haveInfo = true;
220 status_t rc = mModule->getCameraInfo(i, &info);
221 if (rc != NO_ERROR) {
222 ALOGE("%s: Received error loading camera info for device %d, cost and"
223 " conflicting devices fields set to defaults for this device.",
224 __FUNCTION__, i);
225 haveInfo = false;
226 }
227
228 // Check for backwards-compatibility support
229 if (haveInfo) {
230 if (checkCameraCapabilities(i, info, &latestStrangeCameraId) != OK) {
231 delete mModule;
232 mModule = nullptr;
233 return;
234 }
235 }
236
237 // Defaults to use for cost and conflicting devices
238 int cost = 100;
239 char** conflicting_devices = nullptr;
240 size_t conflicting_devices_length = 0;
241
242 // If using post-2.4 module version, query the cost + conflicting devices from the HAL
243 if (mModule->getModuleApiVersion() >= CAMERA_MODULE_API_VERSION_2_4 && haveInfo) {
244 cost = info.resource_cost;
245 conflicting_devices = info.conflicting_devices;
246 conflicting_devices_length = info.conflicting_devices_length;
247 }
248
249 std::set<String8> conflicting;
250 for (size_t i = 0; i < conflicting_devices_length; i++) {
251 conflicting.emplace(String8(conflicting_devices[i]));
252 }
253
254 // Initialize state for each camera device
255 {
256 Mutex::Autolock lock(mCameraStatesLock);
257 mCameraStates.emplace(cameraId, std::make_shared<CameraState>(cameraId, cost,
258 conflicting));
259 }
260
261 if (mFlashlight->hasFlashUnit(cameraId)) {
262 mTorchStatusMap.add(cameraId,
263 ICameraServiceListener::TORCH_STATUS_AVAILABLE_OFF);
264 }
265 }
266
267 if (mModule->getModuleApiVersion() >= CAMERA_MODULE_API_VERSION_2_1) {
268 mModule->setCallbacks(this);
269 }
270
271 CameraService::pingCameraServiceProxy();
272 }
273
getCameraServiceProxy()274 sp<ICameraServiceProxy> CameraService::getCameraServiceProxy() {
275 sp<IServiceManager> sm = defaultServiceManager();
276 sp<IBinder> binder = sm->getService(String16("media.camera.proxy"));
277 if (binder == nullptr) {
278 return nullptr;
279 }
280 sp<ICameraServiceProxy> proxyBinder = interface_cast<ICameraServiceProxy>(binder);
281 return proxyBinder;
282 }
283
pingCameraServiceProxy()284 void CameraService::pingCameraServiceProxy() {
285 sp<ICameraServiceProxy> proxyBinder = getCameraServiceProxy();
286 if (proxyBinder == nullptr) return;
287 proxyBinder->pingForUserUpdate();
288 }
289
~CameraService()290 CameraService::~CameraService() {
291 if (mModule) {
292 delete mModule;
293 mModule = nullptr;
294 }
295 VendorTagDescriptor::clearGlobalVendorTagDescriptor();
296 gCameraService = nullptr;
297 }
298
onDeviceStatusChanged(camera_device_status_t cameraId,camera_device_status_t newStatus)299 void CameraService::onDeviceStatusChanged(camera_device_status_t cameraId,
300 camera_device_status_t newStatus) {
301 ALOGI("%s: Status changed for cameraId=%d, newStatus=%d", __FUNCTION__,
302 cameraId, newStatus);
303
304 String8 id = String8::format("%d", cameraId);
305 std::shared_ptr<CameraState> state = getCameraState(id);
306
307 if (state == nullptr) {
308 ALOGE("%s: Bad camera ID %d", __FUNCTION__, cameraId);
309 return;
310 }
311
312 int32_t oldStatus = state->getStatus();
313
314 if (oldStatus == static_cast<int32_t>(newStatus)) {
315 ALOGE("%s: State transition to the same status %#x not allowed", __FUNCTION__, newStatus);
316 return;
317 }
318
319 if (newStatus == CAMERA_DEVICE_STATUS_NOT_PRESENT) {
320 logDeviceRemoved(id, String8::format("Device status changed from %d to %d", oldStatus,
321 newStatus));
322 sp<BasicClient> clientToDisconnect;
323 {
324 // Don't do this in updateStatus to avoid deadlock over mServiceLock
325 Mutex::Autolock lock(mServiceLock);
326
327 // Set the device status to NOT_PRESENT, clients will no longer be able to connect
328 // to this device until the status changes
329 updateStatus(ICameraServiceListener::STATUS_NOT_PRESENT, id);
330
331 // Remove cached shim parameters
332 state->setShimParams(CameraParameters());
333
334 // Remove the client from the list of active clients
335 clientToDisconnect = removeClientLocked(id);
336
337 // Notify the client of disconnection
338 clientToDisconnect->notifyError(
339 hardware::camera2::ICameraDeviceCallbacks::ERROR_CAMERA_DISCONNECTED,
340 CaptureResultExtras{});
341 }
342
343 ALOGI("%s: Client for camera ID %s evicted due to device status change from HAL",
344 __FUNCTION__, id.string());
345
346 // Disconnect client
347 if (clientToDisconnect.get() != nullptr) {
348 // Ensure not in binder RPC so client disconnect PID checks work correctly
349 LOG_ALWAYS_FATAL_IF(getCallingPid() != getpid(),
350 "onDeviceStatusChanged must be called from the camera service process!");
351 clientToDisconnect->disconnect();
352 }
353
354 } else {
355 if (oldStatus == ICameraServiceListener::STATUS_NOT_PRESENT) {
356 logDeviceAdded(id, String8::format("Device status changed from %d to %d", oldStatus,
357 newStatus));
358 }
359 updateStatus(static_cast<int32_t>(newStatus), id);
360 }
361
362 }
363
onTorchStatusChanged(const String8 & cameraId,int32_t newStatus)364 void CameraService::onTorchStatusChanged(const String8& cameraId,
365 int32_t newStatus) {
366 Mutex::Autolock al(mTorchStatusMutex);
367 onTorchStatusChangedLocked(cameraId, newStatus);
368 }
369
onTorchStatusChangedLocked(const String8 & cameraId,int32_t newStatus)370 void CameraService::onTorchStatusChangedLocked(const String8& cameraId,
371 int32_t newStatus) {
372 ALOGI("%s: Torch status changed for cameraId=%s, newStatus=%d",
373 __FUNCTION__, cameraId.string(), newStatus);
374
375 int32_t status;
376 status_t res = getTorchStatusLocked(cameraId, &status);
377 if (res) {
378 ALOGE("%s: cannot get torch status of camera %s: %s (%d)",
379 __FUNCTION__, cameraId.string(), strerror(-res), res);
380 return;
381 }
382 if (status == newStatus) {
383 return;
384 }
385
386 res = setTorchStatusLocked(cameraId, newStatus);
387 if (res) {
388 ALOGE("%s: Failed to set the torch status to %d: %s (%d)", __FUNCTION__,
389 (uint32_t)newStatus, strerror(-res), res);
390 return;
391 }
392
393 {
394 // Update battery life logging for flashlight
395 Mutex::Autolock al(mTorchUidMapMutex);
396 auto iter = mTorchUidMap.find(cameraId);
397 if (iter != mTorchUidMap.end()) {
398 int oldUid = iter->second.second;
399 int newUid = iter->second.first;
400 BatteryNotifier& notifier(BatteryNotifier::getInstance());
401 if (oldUid != newUid) {
402 // If the UID has changed, log the status and update current UID in mTorchUidMap
403 if (status == ICameraServiceListener::TORCH_STATUS_AVAILABLE_ON) {
404 notifier.noteFlashlightOff(cameraId, oldUid);
405 }
406 if (newStatus == ICameraServiceListener::TORCH_STATUS_AVAILABLE_ON) {
407 notifier.noteFlashlightOn(cameraId, newUid);
408 }
409 iter->second.second = newUid;
410 } else {
411 // If the UID has not changed, log the status
412 if (newStatus == ICameraServiceListener::TORCH_STATUS_AVAILABLE_ON) {
413 notifier.noteFlashlightOn(cameraId, oldUid);
414 } else {
415 notifier.noteFlashlightOff(cameraId, oldUid);
416 }
417 }
418 }
419 }
420
421 {
422 Mutex::Autolock lock(mStatusListenerLock);
423 for (auto& i : mListenerList) {
424 i->onTorchStatusChanged(newStatus, String16{cameraId});
425 }
426 }
427 }
428
getNumberOfCameras(int32_t type,int32_t * numCameras)429 Status CameraService::getNumberOfCameras(int32_t type, int32_t* numCameras) {
430 ATRACE_CALL();
431 switch (type) {
432 case CAMERA_TYPE_BACKWARD_COMPATIBLE:
433 *numCameras = mNumberOfNormalCameras;
434 break;
435 case CAMERA_TYPE_ALL:
436 *numCameras = mNumberOfCameras;
437 break;
438 default:
439 ALOGW("%s: Unknown camera type %d",
440 __FUNCTION__, type);
441 return STATUS_ERROR_FMT(ERROR_ILLEGAL_ARGUMENT,
442 "Unknown camera type %d", type);
443 }
444 return Status::ok();
445 }
446
getCameraInfo(int cameraId,CameraInfo * cameraInfo)447 Status CameraService::getCameraInfo(int cameraId,
448 CameraInfo* cameraInfo) {
449 ATRACE_CALL();
450 if (!mModule) {
451 return STATUS_ERROR(ERROR_DISCONNECTED,
452 "Camera subsystem is not available");
453 }
454
455 if (cameraId < 0 || cameraId >= mNumberOfCameras) {
456 return STATUS_ERROR(ERROR_ILLEGAL_ARGUMENT,
457 "CameraId is not valid");
458 }
459
460 struct camera_info info;
461 Status rc = filterGetInfoErrorCode(
462 mModule->getCameraInfo(cameraId, &info));
463
464 if (rc.isOk()) {
465 cameraInfo->facing = info.facing;
466 cameraInfo->orientation = info.orientation;
467 // CameraInfo is for android.hardware.Camera which does not
468 // support external camera facing. The closest approximation would be
469 // front camera.
470 if (cameraInfo->facing == CAMERA_FACING_EXTERNAL) {
471 cameraInfo->facing = CAMERA_FACING_FRONT;
472 }
473 }
474 return rc;
475 }
476
cameraIdToInt(const String8 & cameraId)477 int CameraService::cameraIdToInt(const String8& cameraId) {
478 errno = 0;
479 size_t pos = 0;
480 int ret = stoi(std::string{cameraId.string()}, &pos);
481 if (errno != 0 || pos != cameraId.size()) {
482 return -1;
483 }
484 return ret;
485 }
486
generateShimMetadata(int cameraId,CameraMetadata * cameraInfo)487 Status CameraService::generateShimMetadata(int cameraId, /*out*/CameraMetadata* cameraInfo) {
488 ATRACE_CALL();
489
490 Status ret = Status::ok();
491
492 struct CameraInfo info;
493 if (!(ret = getCameraInfo(cameraId, &info)).isOk()) {
494 return ret;
495 }
496
497 CameraMetadata shimInfo;
498 int32_t orientation = static_cast<int32_t>(info.orientation);
499 status_t rc;
500 if ((rc = shimInfo.update(ANDROID_SENSOR_ORIENTATION, &orientation, 1)) != OK) {
501 return STATUS_ERROR_FMT(ERROR_INVALID_OPERATION,
502 "Error updating metadata: %d (%s)", rc, strerror(-rc));
503 }
504
505 uint8_t facing = (info.facing == CAMERA_FACING_FRONT) ?
506 ANDROID_LENS_FACING_FRONT : ANDROID_LENS_FACING_BACK;
507 if ((rc = shimInfo.update(ANDROID_LENS_FACING, &facing, 1)) != OK) {
508 return STATUS_ERROR_FMT(ERROR_INVALID_OPERATION,
509 "Error updating metadata: %d (%s)", rc, strerror(-rc));
510 }
511
512 CameraParameters shimParams;
513 if (!(ret = getLegacyParametersLazy(cameraId, /*out*/&shimParams)).isOk()) {
514 // Error logged by callee
515 return ret;
516 }
517
518 Vector<Size> sizes;
519 Vector<Size> jpegSizes;
520 Vector<int32_t> formats;
521 {
522 shimParams.getSupportedPreviewSizes(/*out*/sizes);
523 shimParams.getSupportedPreviewFormats(/*out*/formats);
524 shimParams.getSupportedPictureSizes(/*out*/jpegSizes);
525 }
526
527 // Always include IMPLEMENTATION_DEFINED
528 formats.add(HAL_PIXEL_FORMAT_IMPLEMENTATION_DEFINED);
529
530 const size_t INTS_PER_CONFIG = 4;
531
532 // Build available stream configurations metadata
533 size_t streamConfigSize = (sizes.size() * formats.size() + jpegSizes.size()) * INTS_PER_CONFIG;
534
535 Vector<int32_t> streamConfigs;
536 streamConfigs.setCapacity(streamConfigSize);
537
538 for (size_t i = 0; i < formats.size(); ++i) {
539 for (size_t j = 0; j < sizes.size(); ++j) {
540 streamConfigs.add(formats[i]);
541 streamConfigs.add(sizes[j].width);
542 streamConfigs.add(sizes[j].height);
543 streamConfigs.add(ANDROID_SCALER_AVAILABLE_STREAM_CONFIGURATIONS_OUTPUT);
544 }
545 }
546
547 for (size_t i = 0; i < jpegSizes.size(); ++i) {
548 streamConfigs.add(HAL_PIXEL_FORMAT_BLOB);
549 streamConfigs.add(jpegSizes[i].width);
550 streamConfigs.add(jpegSizes[i].height);
551 streamConfigs.add(ANDROID_SCALER_AVAILABLE_STREAM_CONFIGURATIONS_OUTPUT);
552 }
553
554 if ((rc = shimInfo.update(ANDROID_SCALER_AVAILABLE_STREAM_CONFIGURATIONS,
555 streamConfigs.array(), streamConfigSize)) != OK) {
556 return STATUS_ERROR_FMT(ERROR_INVALID_OPERATION,
557 "Error updating metadata: %d (%s)", rc, strerror(-rc));
558 }
559
560 int64_t fakeMinFrames[0];
561 // TODO: Fixme, don't fake min frame durations.
562 if ((rc = shimInfo.update(ANDROID_SCALER_AVAILABLE_MIN_FRAME_DURATIONS,
563 fakeMinFrames, 0)) != OK) {
564 return STATUS_ERROR_FMT(ERROR_INVALID_OPERATION,
565 "Error updating metadata: %d (%s)", rc, strerror(-rc));
566 }
567
568 int64_t fakeStalls[0];
569 // TODO: Fixme, don't fake stall durations.
570 if ((rc = shimInfo.update(ANDROID_SCALER_AVAILABLE_STALL_DURATIONS,
571 fakeStalls, 0)) != OK) {
572 return STATUS_ERROR_FMT(ERROR_INVALID_OPERATION,
573 "Error updating metadata: %d (%s)", rc, strerror(-rc));
574 }
575
576 *cameraInfo = shimInfo;
577 return ret;
578 }
579
getCameraCharacteristics(int cameraId,CameraMetadata * cameraInfo)580 Status CameraService::getCameraCharacteristics(int cameraId,
581 CameraMetadata* cameraInfo) {
582 ATRACE_CALL();
583 if (!cameraInfo) {
584 ALOGE("%s: cameraInfo is NULL", __FUNCTION__);
585 return STATUS_ERROR(ERROR_ILLEGAL_ARGUMENT, "cameraInfo is NULL");
586 }
587
588 if (!mModule) {
589 ALOGE("%s: camera hardware module doesn't exist", __FUNCTION__);
590 return STATUS_ERROR(ERROR_DISCONNECTED,
591 "Camera subsystem is not available");;
592 }
593
594 if (cameraId < 0 || cameraId >= mNumberOfCameras) {
595 ALOGE("%s: Invalid camera id: %d", __FUNCTION__, cameraId);
596 return STATUS_ERROR_FMT(ERROR_ILLEGAL_ARGUMENT,
597 "Invalid camera id: %d", cameraId);
598 }
599
600 int facing;
601 Status ret;
602 if (mModule->getModuleApiVersion() < CAMERA_MODULE_API_VERSION_2_0 ||
603 getDeviceVersion(cameraId, &facing) < CAMERA_DEVICE_API_VERSION_3_0) {
604 /**
605 * Backwards compatibility mode for old HALs:
606 * - Convert CameraInfo into static CameraMetadata properties.
607 * - Retrieve cached CameraParameters for this camera. If none exist,
608 * attempt to open CameraClient and retrieve the CameraParameters.
609 * - Convert cached CameraParameters into static CameraMetadata
610 * properties.
611 */
612 ALOGI("%s: Switching to HAL1 shim implementation...", __FUNCTION__);
613
614 ret = generateShimMetadata(cameraId, cameraInfo);
615 } else {
616 /**
617 * Normal HAL 2.1+ codepath.
618 */
619 struct camera_info info;
620 ret = filterGetInfoErrorCode(mModule->getCameraInfo(cameraId, &info));
621 if (ret.isOk()) {
622 *cameraInfo = info.static_camera_characteristics;
623 }
624 }
625
626 return ret;
627 }
628
getCallingPid()629 int CameraService::getCallingPid() {
630 return IPCThreadState::self()->getCallingPid();
631 }
632
getCallingUid()633 int CameraService::getCallingUid() {
634 return IPCThreadState::self()->getCallingUid();
635 }
636
getFormattedCurrentTime()637 String8 CameraService::getFormattedCurrentTime() {
638 time_t now = time(nullptr);
639 char formattedTime[64];
640 strftime(formattedTime, sizeof(formattedTime), "%m-%d %H:%M:%S", localtime(&now));
641 return String8(formattedTime);
642 }
643
getCameraPriorityFromProcState(int procState)644 int CameraService::getCameraPriorityFromProcState(int procState) {
645 // Find the priority for the camera usage based on the process state. Higher priority clients
646 // win for evictions.
647 if (procState < 0) {
648 ALOGE("%s: Received invalid process state %d from ActivityManagerService!", __FUNCTION__,
649 procState);
650 return -1;
651 }
652 // Treat sleeping TOP processes the same as regular TOP processes, for
653 // access priority. This is important for lock-screen camera launch scenarios
654 if (procState == PROCESS_STATE_TOP_SLEEPING) {
655 procState = PROCESS_STATE_TOP;
656 }
657 return INT_MAX - procState;
658 }
659
getCameraVendorTagDescriptor(hardware::camera2::params::VendorTagDescriptor * desc)660 Status CameraService::getCameraVendorTagDescriptor(
661 /*out*/
662 hardware::camera2::params::VendorTagDescriptor* desc) {
663 ATRACE_CALL();
664 if (!mModule) {
665 ALOGE("%s: camera hardware module doesn't exist", __FUNCTION__);
666 return STATUS_ERROR(ERROR_DISCONNECTED, "Camera subsystem not available");
667 }
668 sp<VendorTagDescriptor> globalDescriptor = VendorTagDescriptor::getGlobalVendorTagDescriptor();
669 if (globalDescriptor != nullptr) {
670 *desc = *(globalDescriptor.get());
671 }
672 return Status::ok();
673 }
674
getDeviceVersion(int cameraId,int * facing)675 int CameraService::getDeviceVersion(int cameraId, int* facing) {
676 ATRACE_CALL();
677 struct camera_info info;
678 if (mModule->getCameraInfo(cameraId, &info) != OK) {
679 return -1;
680 }
681
682 int deviceVersion;
683 if (mModule->getModuleApiVersion() >= CAMERA_MODULE_API_VERSION_2_0) {
684 deviceVersion = info.device_version;
685 } else {
686 deviceVersion = CAMERA_DEVICE_API_VERSION_1_0;
687 }
688
689 if (facing) {
690 *facing = info.facing;
691 }
692
693 return deviceVersion;
694 }
695
filterGetInfoErrorCode(status_t err)696 Status CameraService::filterGetInfoErrorCode(status_t err) {
697 switch(err) {
698 case NO_ERROR:
699 return Status::ok();
700 case -EINVAL:
701 return STATUS_ERROR(ERROR_ILLEGAL_ARGUMENT,
702 "CameraId is not valid for HAL module");
703 case -ENODEV:
704 return STATUS_ERROR(ERROR_DISCONNECTED,
705 "Camera device not available");
706 default:
707 return STATUS_ERROR_FMT(ERROR_INVALID_OPERATION,
708 "Camera HAL encountered error %d: %s",
709 err, strerror(-err));
710 }
711 }
712
setUpVendorTags()713 bool CameraService::setUpVendorTags() {
714 ATRACE_CALL();
715 vendor_tag_ops_t vOps = vendor_tag_ops_t();
716
717 // Check if vendor operations have been implemented
718 if (!mModule->isVendorTagDefined()) {
719 ALOGI("%s: No vendor tags defined for this device.", __FUNCTION__);
720 return false;
721 }
722
723 mModule->getVendorTagOps(&vOps);
724
725 // Ensure all vendor operations are present
726 if (vOps.get_tag_count == NULL || vOps.get_all_tags == NULL ||
727 vOps.get_section_name == NULL || vOps.get_tag_name == NULL ||
728 vOps.get_tag_type == NULL) {
729 ALOGE("%s: Vendor tag operations not fully defined. Ignoring definitions."
730 , __FUNCTION__);
731 return false;
732 }
733
734 // Read all vendor tag definitions into a descriptor
735 sp<VendorTagDescriptor> desc;
736 status_t res;
737 if ((res = VendorTagDescriptor::createDescriptorFromOps(&vOps, /*out*/desc))
738 != OK) {
739 ALOGE("%s: Could not generate descriptor from vendor tag operations,"
740 "received error %s (%d). Camera clients will not be able to use"
741 "vendor tags", __FUNCTION__, strerror(res), res);
742 return false;
743 }
744
745 // Set the global descriptor to use with camera metadata
746 VendorTagDescriptor::setAsGlobalVendorTagDescriptor(desc);
747 return true;
748 }
749
makeClient(const sp<CameraService> & cameraService,const sp<IInterface> & cameraCb,const String16 & packageName,int cameraId,int facing,int clientPid,uid_t clientUid,int servicePid,bool legacyMode,int halVersion,int deviceVersion,apiLevel effectiveApiLevel,sp<BasicClient> * client)750 Status CameraService::makeClient(const sp<CameraService>& cameraService,
751 const sp<IInterface>& cameraCb, const String16& packageName, int cameraId,
752 int facing, int clientPid, uid_t clientUid, int servicePid, bool legacyMode,
753 int halVersion, int deviceVersion, apiLevel effectiveApiLevel,
754 /*out*/sp<BasicClient>* client) {
755
756 if (halVersion < 0 || halVersion == deviceVersion) {
757 // Default path: HAL version is unspecified by caller, create CameraClient
758 // based on device version reported by the HAL.
759 switch(deviceVersion) {
760 case CAMERA_DEVICE_API_VERSION_1_0:
761 if (effectiveApiLevel == API_1) { // Camera1 API route
762 sp<ICameraClient> tmp = static_cast<ICameraClient*>(cameraCb.get());
763 *client = new CameraClient(cameraService, tmp, packageName, cameraId, facing,
764 clientPid, clientUid, getpid(), legacyMode);
765 } else { // Camera2 API route
766 ALOGW("Camera using old HAL version: %d", deviceVersion);
767 return STATUS_ERROR_FMT(ERROR_DEPRECATED_HAL,
768 "Camera device \"%d\" HAL version %d does not support camera2 API",
769 cameraId, deviceVersion);
770 }
771 break;
772 case CAMERA_DEVICE_API_VERSION_3_0:
773 case CAMERA_DEVICE_API_VERSION_3_1:
774 case CAMERA_DEVICE_API_VERSION_3_2:
775 case CAMERA_DEVICE_API_VERSION_3_3:
776 case CAMERA_DEVICE_API_VERSION_3_4:
777 if (effectiveApiLevel == API_1) { // Camera1 API route
778 sp<ICameraClient> tmp = static_cast<ICameraClient*>(cameraCb.get());
779 *client = new Camera2Client(cameraService, tmp, packageName, cameraId, facing,
780 clientPid, clientUid, servicePid, legacyMode);
781 } else { // Camera2 API route
782 sp<hardware::camera2::ICameraDeviceCallbacks> tmp =
783 static_cast<hardware::camera2::ICameraDeviceCallbacks*>(cameraCb.get());
784 *client = new CameraDeviceClient(cameraService, tmp, packageName, cameraId,
785 facing, clientPid, clientUid, servicePid);
786 }
787 break;
788 default:
789 // Should not be reachable
790 ALOGE("Unknown camera device HAL version: %d", deviceVersion);
791 return STATUS_ERROR_FMT(ERROR_INVALID_OPERATION,
792 "Camera device \"%d\" has unknown HAL version %d",
793 cameraId, deviceVersion);
794 }
795 } else {
796 // A particular HAL version is requested by caller. Create CameraClient
797 // based on the requested HAL version.
798 if (deviceVersion > CAMERA_DEVICE_API_VERSION_1_0 &&
799 halVersion == CAMERA_DEVICE_API_VERSION_1_0) {
800 // Only support higher HAL version device opened as HAL1.0 device.
801 sp<ICameraClient> tmp = static_cast<ICameraClient*>(cameraCb.get());
802 *client = new CameraClient(cameraService, tmp, packageName, cameraId, facing,
803 clientPid, clientUid, servicePid, legacyMode);
804 } else {
805 // Other combinations (e.g. HAL3.x open as HAL2.x) are not supported yet.
806 ALOGE("Invalid camera HAL version %x: HAL %x device can only be"
807 " opened as HAL %x device", halVersion, deviceVersion,
808 CAMERA_DEVICE_API_VERSION_1_0);
809 return STATUS_ERROR_FMT(ERROR_ILLEGAL_ARGUMENT,
810 "Camera device \"%d\" (HAL version %d) cannot be opened as HAL version %d",
811 cameraId, deviceVersion, halVersion);
812 }
813 }
814 return Status::ok();
815 }
816
toString(std::set<userid_t> intSet)817 String8 CameraService::toString(std::set<userid_t> intSet) {
818 String8 s("");
819 bool first = true;
820 for (userid_t i : intSet) {
821 if (first) {
822 s.appendFormat("%d", i);
823 first = false;
824 } else {
825 s.appendFormat(", %d", i);
826 }
827 }
828 return s;
829 }
830
initializeShimMetadata(int cameraId)831 Status CameraService::initializeShimMetadata(int cameraId) {
832 int uid = getCallingUid();
833
834 String16 internalPackageName("cameraserver");
835 String8 id = String8::format("%d", cameraId);
836 Status ret = Status::ok();
837 sp<Client> tmp = nullptr;
838 if (!(ret = connectHelper<ICameraClient,Client>(
839 sp<ICameraClient>{nullptr}, id, static_cast<int>(CAMERA_HAL_API_VERSION_UNSPECIFIED),
840 internalPackageName, uid, USE_CALLING_PID,
841 API_1, /*legacyMode*/ false, /*shimUpdateOnly*/ true,
842 /*out*/ tmp)
843 ).isOk()) {
844 ALOGE("%s: Error initializing shim metadata: %s", __FUNCTION__, ret.toString8().string());
845 }
846 return ret;
847 }
848
getLegacyParametersLazy(int cameraId,CameraParameters * parameters)849 Status CameraService::getLegacyParametersLazy(int cameraId,
850 /*out*/
851 CameraParameters* parameters) {
852
853 ALOGV("%s: for cameraId: %d", __FUNCTION__, cameraId);
854
855 Status ret = Status::ok();
856
857 if (parameters == NULL) {
858 ALOGE("%s: parameters must not be null", __FUNCTION__);
859 return STATUS_ERROR(ERROR_ILLEGAL_ARGUMENT, "Parameters must not be null");
860 }
861
862 String8 id = String8::format("%d", cameraId);
863
864 // Check if we already have parameters
865 {
866 // Scope for service lock
867 Mutex::Autolock lock(mServiceLock);
868 auto cameraState = getCameraState(id);
869 if (cameraState == nullptr) {
870 ALOGE("%s: Invalid camera ID: %s", __FUNCTION__, id.string());
871 return STATUS_ERROR_FMT(ERROR_ILLEGAL_ARGUMENT,
872 "Invalid camera ID: %s", id.string());
873 }
874 CameraParameters p = cameraState->getShimParams();
875 if (!p.isEmpty()) {
876 *parameters = p;
877 return ret;
878 }
879 }
880
881 int64_t token = IPCThreadState::self()->clearCallingIdentity();
882 ret = initializeShimMetadata(cameraId);
883 IPCThreadState::self()->restoreCallingIdentity(token);
884 if (!ret.isOk()) {
885 // Error already logged by callee
886 return ret;
887 }
888
889 // Check for parameters again
890 {
891 // Scope for service lock
892 Mutex::Autolock lock(mServiceLock);
893 auto cameraState = getCameraState(id);
894 if (cameraState == nullptr) {
895 ALOGE("%s: Invalid camera ID: %s", __FUNCTION__, id.string());
896 return STATUS_ERROR_FMT(ERROR_ILLEGAL_ARGUMENT,
897 "Invalid camera ID: %s", id.string());
898 }
899 CameraParameters p = cameraState->getShimParams();
900 if (!p.isEmpty()) {
901 *parameters = p;
902 return ret;
903 }
904 }
905
906 ALOGE("%s: Parameters were not initialized, or were empty. Device may not be present.",
907 __FUNCTION__);
908 return STATUS_ERROR(ERROR_INVALID_OPERATION, "Unable to initialize legacy parameters");
909 }
910
911 // Can camera service trust the caller based on the calling UID?
isTrustedCallingUid(uid_t uid)912 static bool isTrustedCallingUid(uid_t uid) {
913 switch (uid) {
914 case AID_MEDIA: // mediaserver
915 case AID_CAMERASERVER: // cameraserver
916 case AID_RADIO: // telephony
917 return true;
918 default:
919 return false;
920 }
921 }
922
validateConnectLocked(const String8 & cameraId,const String8 & clientName8,int & clientUid,int & clientPid,int & originalClientPid) const923 Status CameraService::validateConnectLocked(const String8& cameraId,
924 const String8& clientName8, /*inout*/int& clientUid, /*inout*/int& clientPid,
925 /*out*/int& originalClientPid) const {
926
927 int callingPid = getCallingPid();
928 int callingUid = getCallingUid();
929
930 // Check if we can trust clientUid
931 if (clientUid == USE_CALLING_UID) {
932 clientUid = callingUid;
933 } else if (!isTrustedCallingUid(callingUid)) {
934 ALOGE("CameraService::connect X (calling PID %d, calling UID %d) rejected "
935 "(don't trust clientUid %d)", callingPid, callingUid, clientUid);
936 return STATUS_ERROR_FMT(ERROR_PERMISSION_DENIED,
937 "Untrusted caller (calling PID %d, UID %d) trying to "
938 "forward camera access to camera %s for client %s (PID %d, UID %d)",
939 callingPid, callingUid, cameraId.string(),
940 clientName8.string(), clientUid, clientPid);
941 }
942
943 // Check if we can trust clientPid
944 if (clientPid == USE_CALLING_PID) {
945 clientPid = callingPid;
946 } else if (!isTrustedCallingUid(callingUid)) {
947 ALOGE("CameraService::connect X (calling PID %d, calling UID %d) rejected "
948 "(don't trust clientPid %d)", callingPid, callingUid, clientPid);
949 return STATUS_ERROR_FMT(ERROR_PERMISSION_DENIED,
950 "Untrusted caller (calling PID %d, UID %d) trying to "
951 "forward camera access to camera %s for client %s (PID %d, UID %d)",
952 callingPid, callingUid, cameraId.string(),
953 clientName8.string(), clientUid, clientPid);
954 }
955
956 // If it's not calling from cameraserver, check the permission.
957 if (callingPid != getpid() &&
958 !checkPermission(String16("android.permission.CAMERA"), clientPid, clientUid)) {
959 ALOGE("Permission Denial: can't use the camera pid=%d, uid=%d", clientPid, clientUid);
960 return STATUS_ERROR_FMT(ERROR_PERMISSION_DENIED,
961 "Caller \"%s\" (PID %d, UID %d) cannot open camera \"%s\" without camera permission",
962 clientName8.string(), clientUid, clientPid, cameraId.string());
963 }
964
965 // Only use passed in clientPid to check permission. Use calling PID as the client PID that's
966 // connected to camera service directly.
967 originalClientPid = clientPid;
968 clientPid = callingPid;
969
970 if (!mModule) {
971 ALOGE("CameraService::connect X (PID %d) rejected (camera HAL module not loaded)",
972 callingPid);
973 return STATUS_ERROR_FMT(ERROR_DISCONNECTED,
974 "No camera HAL module available to open camera device \"%s\"", cameraId.string());
975 }
976
977 if (getCameraState(cameraId) == nullptr) {
978 ALOGE("CameraService::connect X (PID %d) rejected (invalid camera ID %s)", callingPid,
979 cameraId.string());
980 return STATUS_ERROR_FMT(ERROR_DISCONNECTED,
981 "No camera device with ID \"%s\" available", cameraId.string());
982 }
983
984 userid_t clientUserId = multiuser_get_user_id(clientUid);
985
986 // Only allow clients who are being used by the current foreground device user, unless calling
987 // from our own process.
988 if (callingPid != getpid() && (mAllowedUsers.find(clientUserId) == mAllowedUsers.end())) {
989 ALOGE("CameraService::connect X (PID %d) rejected (cannot connect from "
990 "device user %d, currently allowed device users: %s)", callingPid, clientUserId,
991 toString(mAllowedUsers).string());
992 return STATUS_ERROR_FMT(ERROR_PERMISSION_DENIED,
993 "Callers from device user %d are not currently allowed to connect to camera \"%s\"",
994 clientUserId, cameraId.string());
995 }
996
997 status_t err = checkIfDeviceIsUsable(cameraId);
998 if (err != NO_ERROR) {
999 switch(err) {
1000 case -ENODEV:
1001 case -EBUSY:
1002 return STATUS_ERROR_FMT(ERROR_DISCONNECTED,
1003 "No camera device with ID \"%s\" currently available", cameraId.string());
1004 default:
1005 return STATUS_ERROR_FMT(ERROR_INVALID_OPERATION,
1006 "Unknown error connecting to ID \"%s\"", cameraId.string());
1007 }
1008 }
1009 return Status::ok();
1010 }
1011
checkIfDeviceIsUsable(const String8 & cameraId) const1012 status_t CameraService::checkIfDeviceIsUsable(const String8& cameraId) const {
1013 auto cameraState = getCameraState(cameraId);
1014 int callingPid = getCallingPid();
1015 if (cameraState == nullptr) {
1016 ALOGE("CameraService::connect X (PID %d) rejected (invalid camera ID %s)", callingPid,
1017 cameraId.string());
1018 return -ENODEV;
1019 }
1020
1021 int32_t currentStatus = cameraState->getStatus();
1022 if (currentStatus == ICameraServiceListener::STATUS_NOT_PRESENT) {
1023 ALOGE("CameraService::connect X (PID %d) rejected (camera %s is not connected)",
1024 callingPid, cameraId.string());
1025 return -ENODEV;
1026 } else if (currentStatus == ICameraServiceListener::STATUS_ENUMERATING) {
1027 ALOGE("CameraService::connect X (PID %d) rejected, (camera %s is initializing)",
1028 callingPid, cameraId.string());
1029 return -EBUSY;
1030 }
1031
1032 return NO_ERROR;
1033 }
1034
finishConnectLocked(const sp<BasicClient> & client,const CameraService::DescriptorPtr & desc)1035 void CameraService::finishConnectLocked(const sp<BasicClient>& client,
1036 const CameraService::DescriptorPtr& desc) {
1037
1038 // Make a descriptor for the incoming client
1039 auto clientDescriptor = CameraService::CameraClientManager::makeClientDescriptor(client, desc);
1040 auto evicted = mActiveClientManager.addAndEvict(clientDescriptor);
1041
1042 logConnected(desc->getKey(), static_cast<int>(desc->getOwnerId()),
1043 String8(client->getPackageName()));
1044
1045 if (evicted.size() > 0) {
1046 // This should never happen - clients should already have been removed in disconnect
1047 for (auto& i : evicted) {
1048 ALOGE("%s: Invalid state: Client for camera %s was not removed in disconnect",
1049 __FUNCTION__, i->getKey().string());
1050 }
1051
1052 LOG_ALWAYS_FATAL("%s: Invalid state for CameraService, clients not evicted properly",
1053 __FUNCTION__);
1054 }
1055
1056 // And register a death notification for the client callback. Do
1057 // this last to avoid Binder policy where a nested Binder
1058 // transaction might be pre-empted to service the client death
1059 // notification if the client process dies before linkToDeath is
1060 // invoked.
1061 sp<IBinder> remoteCallback = client->getRemote();
1062 if (remoteCallback != nullptr) {
1063 remoteCallback->linkToDeath(this);
1064 }
1065 }
1066
handleEvictionsLocked(const String8 & cameraId,int clientPid,apiLevel effectiveApiLevel,const sp<IBinder> & remoteCallback,const String8 & packageName,sp<BasicClient> * client,std::shared_ptr<resource_policy::ClientDescriptor<String8,sp<BasicClient>>> * partial)1067 status_t CameraService::handleEvictionsLocked(const String8& cameraId, int clientPid,
1068 apiLevel effectiveApiLevel, const sp<IBinder>& remoteCallback, const String8& packageName,
1069 /*out*/
1070 sp<BasicClient>* client,
1071 std::shared_ptr<resource_policy::ClientDescriptor<String8, sp<BasicClient>>>* partial) {
1072 ATRACE_CALL();
1073 status_t ret = NO_ERROR;
1074 std::vector<DescriptorPtr> evictedClients;
1075 DescriptorPtr clientDescriptor;
1076 {
1077 if (effectiveApiLevel == API_1) {
1078 // If we are using API1, any existing client for this camera ID with the same remote
1079 // should be returned rather than evicted to allow MediaRecorder to work properly.
1080
1081 auto current = mActiveClientManager.get(cameraId);
1082 if (current != nullptr) {
1083 auto clientSp = current->getValue();
1084 if (clientSp.get() != nullptr) { // should never be needed
1085 if (!clientSp->canCastToApiClient(effectiveApiLevel)) {
1086 ALOGW("CameraService connect called from same client, but with a different"
1087 " API level, evicting prior client...");
1088 } else if (clientSp->getRemote() == remoteCallback) {
1089 ALOGI("CameraService::connect X (PID %d) (second call from same"
1090 " app binder, returning the same client)", clientPid);
1091 *client = clientSp;
1092 return NO_ERROR;
1093 }
1094 }
1095 }
1096 }
1097
1098 // Get current active client PIDs
1099 std::vector<int> ownerPids(mActiveClientManager.getAllOwners());
1100 ownerPids.push_back(clientPid);
1101
1102 // Use the value +PROCESS_STATE_NONEXISTENT, to avoid taking
1103 // address of PROCESS_STATE_NONEXISTENT as a reference argument
1104 // for the vector constructor. PROCESS_STATE_NONEXISTENT does
1105 // not have an out-of-class definition.
1106 std::vector<int> priorities(ownerPids.size(), +PROCESS_STATE_NONEXISTENT);
1107
1108 // Get priorites of all active PIDs
1109 ProcessInfoService::getProcessStatesFromPids(ownerPids.size(), &ownerPids[0],
1110 /*out*/&priorities[0]);
1111
1112 // Update all active clients' priorities
1113 std::map<int,int> pidToPriorityMap;
1114 for (size_t i = 0; i < ownerPids.size() - 1; i++) {
1115 pidToPriorityMap.emplace(ownerPids[i], getCameraPriorityFromProcState(priorities[i]));
1116 }
1117 mActiveClientManager.updatePriorities(pidToPriorityMap);
1118
1119 // Get state for the given cameraId
1120 auto state = getCameraState(cameraId);
1121 if (state == nullptr) {
1122 ALOGE("CameraService::connect X (PID %d) rejected (no camera device with ID %s)",
1123 clientPid, cameraId.string());
1124 // Should never get here because validateConnectLocked should have errored out
1125 return BAD_VALUE;
1126 }
1127
1128 // Make descriptor for incoming client
1129 clientDescriptor = CameraClientManager::makeClientDescriptor(cameraId,
1130 sp<BasicClient>{nullptr}, static_cast<int32_t>(state->getCost()),
1131 state->getConflicting(),
1132 getCameraPriorityFromProcState(priorities[priorities.size() - 1]), clientPid);
1133
1134 // Find clients that would be evicted
1135 auto evicted = mActiveClientManager.wouldEvict(clientDescriptor);
1136
1137 // If the incoming client was 'evicted,' higher priority clients have the camera in the
1138 // background, so we cannot do evictions
1139 if (std::find(evicted.begin(), evicted.end(), clientDescriptor) != evicted.end()) {
1140 ALOGE("CameraService::connect X (PID %d) rejected (existing client(s) with higher"
1141 " priority).", clientPid);
1142
1143 sp<BasicClient> clientSp = clientDescriptor->getValue();
1144 String8 curTime = getFormattedCurrentTime();
1145 auto incompatibleClients =
1146 mActiveClientManager.getIncompatibleClients(clientDescriptor);
1147
1148 String8 msg = String8::format("%s : DENIED connect device %s client for package %s "
1149 "(PID %d, priority %d) due to eviction policy", curTime.string(),
1150 cameraId.string(), packageName.string(), clientPid,
1151 getCameraPriorityFromProcState(priorities[priorities.size() - 1]));
1152
1153 for (auto& i : incompatibleClients) {
1154 msg.appendFormat("\n - Blocked by existing device %s client for package %s"
1155 "(PID %" PRId32 ", priority %" PRId32 ")", i->getKey().string(),
1156 String8{i->getValue()->getPackageName()}.string(), i->getOwnerId(),
1157 i->getPriority());
1158 ALOGE(" Conflicts with: Device %s, client package %s (PID %"
1159 PRId32 ", priority %" PRId32 ")", i->getKey().string(),
1160 String8{i->getValue()->getPackageName()}.string(), i->getOwnerId(),
1161 i->getPriority());
1162 }
1163
1164 // Log the client's attempt
1165 Mutex::Autolock l(mLogLock);
1166 mEventLog.add(msg);
1167
1168 return -EBUSY;
1169 }
1170
1171 for (auto& i : evicted) {
1172 sp<BasicClient> clientSp = i->getValue();
1173 if (clientSp.get() == nullptr) {
1174 ALOGE("%s: Invalid state: Null client in active client list.", __FUNCTION__);
1175
1176 // TODO: Remove this
1177 LOG_ALWAYS_FATAL("%s: Invalid state for CameraService, null client in active list",
1178 __FUNCTION__);
1179 mActiveClientManager.remove(i);
1180 continue;
1181 }
1182
1183 ALOGE("CameraService::connect evicting conflicting client for camera ID %s",
1184 i->getKey().string());
1185 evictedClients.push_back(i);
1186
1187 // Log the clients evicted
1188 logEvent(String8::format("EVICT device %s client held by package %s (PID"
1189 " %" PRId32 ", priority %" PRId32 ")\n - Evicted by device %s client for"
1190 " package %s (PID %d, priority %" PRId32 ")",
1191 i->getKey().string(), String8{clientSp->getPackageName()}.string(),
1192 i->getOwnerId(), i->getPriority(), cameraId.string(),
1193 packageName.string(), clientPid,
1194 getCameraPriorityFromProcState(priorities[priorities.size() - 1])));
1195
1196 // Notify the client of disconnection
1197 clientSp->notifyError(hardware::camera2::ICameraDeviceCallbacks::ERROR_CAMERA_DISCONNECTED,
1198 CaptureResultExtras());
1199 }
1200 }
1201
1202 // Do not hold mServiceLock while disconnecting clients, but retain the condition blocking
1203 // other clients from connecting in mServiceLockWrapper if held
1204 mServiceLock.unlock();
1205
1206 // Clear caller identity temporarily so client disconnect PID checks work correctly
1207 int64_t token = IPCThreadState::self()->clearCallingIdentity();
1208
1209 // Destroy evicted clients
1210 for (auto& i : evictedClients) {
1211 // Disconnect is blocking, and should only have returned when HAL has cleaned up
1212 i->getValue()->disconnect(); // Clients will remove themselves from the active client list
1213 }
1214
1215 IPCThreadState::self()->restoreCallingIdentity(token);
1216
1217 for (const auto& i : evictedClients) {
1218 ALOGV("%s: Waiting for disconnect to complete for client for device %s (PID %" PRId32 ")",
1219 __FUNCTION__, i->getKey().string(), i->getOwnerId());
1220 ret = mActiveClientManager.waitUntilRemoved(i, DEFAULT_DISCONNECT_TIMEOUT_NS);
1221 if (ret == TIMED_OUT) {
1222 ALOGE("%s: Timed out waiting for client for device %s to disconnect, "
1223 "current clients:\n%s", __FUNCTION__, i->getKey().string(),
1224 mActiveClientManager.toString().string());
1225 return -EBUSY;
1226 }
1227 if (ret != NO_ERROR) {
1228 ALOGE("%s: Received error waiting for client for device %s to disconnect: %s (%d), "
1229 "current clients:\n%s", __FUNCTION__, i->getKey().string(), strerror(-ret),
1230 ret, mActiveClientManager.toString().string());
1231 return ret;
1232 }
1233 }
1234
1235 evictedClients.clear();
1236
1237 // Once clients have been disconnected, relock
1238 mServiceLock.lock();
1239
1240 // Check again if the device was unplugged or something while we weren't holding mServiceLock
1241 if ((ret = checkIfDeviceIsUsable(cameraId)) != NO_ERROR) {
1242 return ret;
1243 }
1244
1245 *partial = clientDescriptor;
1246 return NO_ERROR;
1247 }
1248
connect(const sp<ICameraClient> & cameraClient,int cameraId,const String16 & clientPackageName,int clientUid,int clientPid,sp<ICamera> * device)1249 Status CameraService::connect(
1250 const sp<ICameraClient>& cameraClient,
1251 int cameraId,
1252 const String16& clientPackageName,
1253 int clientUid,
1254 int clientPid,
1255 /*out*/
1256 sp<ICamera>* device) {
1257
1258 ATRACE_CALL();
1259 Status ret = Status::ok();
1260 String8 id = String8::format("%d", cameraId);
1261 sp<Client> client = nullptr;
1262 ret = connectHelper<ICameraClient,Client>(cameraClient, id,
1263 CAMERA_HAL_API_VERSION_UNSPECIFIED, clientPackageName, clientUid, clientPid, API_1,
1264 /*legacyMode*/ false, /*shimUpdateOnly*/ false,
1265 /*out*/client);
1266
1267 if(!ret.isOk()) {
1268 logRejected(id, getCallingPid(), String8(clientPackageName),
1269 ret.toString8());
1270 return ret;
1271 }
1272
1273 *device = client;
1274 return ret;
1275 }
1276
connectLegacy(const sp<ICameraClient> & cameraClient,int cameraId,int halVersion,const String16 & clientPackageName,int clientUid,sp<ICamera> * device)1277 Status CameraService::connectLegacy(
1278 const sp<ICameraClient>& cameraClient,
1279 int cameraId, int halVersion,
1280 const String16& clientPackageName,
1281 int clientUid,
1282 /*out*/
1283 sp<ICamera>* device) {
1284
1285 ATRACE_CALL();
1286 String8 id = String8::format("%d", cameraId);
1287 int apiVersion = mModule->getModuleApiVersion();
1288 if (halVersion != CAMERA_HAL_API_VERSION_UNSPECIFIED &&
1289 apiVersion < CAMERA_MODULE_API_VERSION_2_3) {
1290 /*
1291 * Either the HAL version is unspecified in which case this just creates
1292 * a camera client selected by the latest device version, or
1293 * it's a particular version in which case the HAL must supported
1294 * the open_legacy call
1295 */
1296 String8 msg = String8::format("Camera HAL module version %x too old for connectLegacy!",
1297 apiVersion);
1298 ALOGE("%s: %s",
1299 __FUNCTION__, msg.string());
1300 logRejected(id, getCallingPid(), String8(clientPackageName),
1301 msg);
1302 return STATUS_ERROR(ERROR_ILLEGAL_ARGUMENT, msg.string());
1303 }
1304
1305 Status ret = Status::ok();
1306 sp<Client> client = nullptr;
1307 ret = connectHelper<ICameraClient,Client>(cameraClient, id, halVersion,
1308 clientPackageName, clientUid, USE_CALLING_PID, API_1,
1309 /*legacyMode*/ true, /*shimUpdateOnly*/ false,
1310 /*out*/client);
1311
1312 if(!ret.isOk()) {
1313 logRejected(id, getCallingPid(), String8(clientPackageName),
1314 ret.toString8());
1315 return ret;
1316 }
1317
1318 *device = client;
1319 return ret;
1320 }
1321
connectDevice(const sp<hardware::camera2::ICameraDeviceCallbacks> & cameraCb,int cameraId,const String16 & clientPackageName,int clientUid,sp<hardware::camera2::ICameraDeviceUser> * device)1322 Status CameraService::connectDevice(
1323 const sp<hardware::camera2::ICameraDeviceCallbacks>& cameraCb,
1324 int cameraId,
1325 const String16& clientPackageName,
1326 int clientUid,
1327 /*out*/
1328 sp<hardware::camera2::ICameraDeviceUser>* device) {
1329
1330 ATRACE_CALL();
1331 Status ret = Status::ok();
1332 String8 id = String8::format("%d", cameraId);
1333 sp<CameraDeviceClient> client = nullptr;
1334 ret = connectHelper<hardware::camera2::ICameraDeviceCallbacks,CameraDeviceClient>(cameraCb, id,
1335 CAMERA_HAL_API_VERSION_UNSPECIFIED, clientPackageName,
1336 clientUid, USE_CALLING_PID, API_2,
1337 /*legacyMode*/ false, /*shimUpdateOnly*/ false,
1338 /*out*/client);
1339
1340 if(!ret.isOk()) {
1341 logRejected(id, getCallingPid(), String8(clientPackageName),
1342 ret.toString8());
1343 return ret;
1344 }
1345
1346 *device = client;
1347 return ret;
1348 }
1349
setTorchMode(const String16 & cameraId,bool enabled,const sp<IBinder> & clientBinder)1350 Status CameraService::setTorchMode(const String16& cameraId, bool enabled,
1351 const sp<IBinder>& clientBinder) {
1352
1353 ATRACE_CALL();
1354 if (enabled && clientBinder == nullptr) {
1355 ALOGE("%s: torch client binder is NULL", __FUNCTION__);
1356 return STATUS_ERROR(ERROR_ILLEGAL_ARGUMENT,
1357 "Torch client Binder is null");
1358 }
1359
1360 String8 id = String8(cameraId.string());
1361 int uid = getCallingUid();
1362
1363 // verify id is valid.
1364 auto state = getCameraState(id);
1365 if (state == nullptr) {
1366 ALOGE("%s: camera id is invalid %s", __FUNCTION__, id.string());
1367 return STATUS_ERROR_FMT(ERROR_ILLEGAL_ARGUMENT,
1368 "Camera ID \"%s\" is a not valid camera ID", id.string());
1369 }
1370
1371 int32_t cameraStatus = state->getStatus();
1372 if (cameraStatus != ICameraServiceListener::STATUS_PRESENT &&
1373 cameraStatus != ICameraServiceListener::STATUS_NOT_AVAILABLE) {
1374 ALOGE("%s: camera id is invalid %s", __FUNCTION__, id.string());
1375 return STATUS_ERROR_FMT(ERROR_ILLEGAL_ARGUMENT,
1376 "Camera ID \"%s\" is a not valid camera ID", id.string());
1377 }
1378
1379 {
1380 Mutex::Autolock al(mTorchStatusMutex);
1381 int32_t status;
1382 status_t err = getTorchStatusLocked(id, &status);
1383 if (err != OK) {
1384 if (err == NAME_NOT_FOUND) {
1385 return STATUS_ERROR_FMT(ERROR_ILLEGAL_ARGUMENT,
1386 "Camera \"%s\" does not have a flash unit", id.string());
1387 }
1388 ALOGE("%s: getting current torch status failed for camera %s",
1389 __FUNCTION__, id.string());
1390 return STATUS_ERROR_FMT(ERROR_INVALID_OPERATION,
1391 "Error updating torch status for camera \"%s\": %s (%d)", id.string(),
1392 strerror(-err), err);
1393 }
1394
1395 if (status == ICameraServiceListener::TORCH_STATUS_NOT_AVAILABLE) {
1396 if (cameraStatus == ICameraServiceListener::STATUS_NOT_AVAILABLE) {
1397 ALOGE("%s: torch mode of camera %s is not available because "
1398 "camera is in use", __FUNCTION__, id.string());
1399 return STATUS_ERROR_FMT(ERROR_CAMERA_IN_USE,
1400 "Torch for camera \"%s\" is not available due to an existing camera user",
1401 id.string());
1402 } else {
1403 ALOGE("%s: torch mode of camera %s is not available due to "
1404 "insufficient resources", __FUNCTION__, id.string());
1405 return STATUS_ERROR_FMT(ERROR_MAX_CAMERAS_IN_USE,
1406 "Torch for camera \"%s\" is not available due to insufficient resources",
1407 id.string());
1408 }
1409 }
1410 }
1411
1412 {
1413 // Update UID map - this is used in the torch status changed callbacks, so must be done
1414 // before setTorchMode
1415 Mutex::Autolock al(mTorchUidMapMutex);
1416 if (mTorchUidMap.find(id) == mTorchUidMap.end()) {
1417 mTorchUidMap[id].first = uid;
1418 mTorchUidMap[id].second = uid;
1419 } else {
1420 // Set the pending UID
1421 mTorchUidMap[id].first = uid;
1422 }
1423 }
1424
1425 status_t err = mFlashlight->setTorchMode(id, enabled);
1426
1427 if (err != OK) {
1428 int32_t errorCode;
1429 String8 msg;
1430 switch (err) {
1431 case -ENOSYS:
1432 msg = String8::format("Camera \"%s\" has no flashlight",
1433 id.string());
1434 errorCode = ERROR_ILLEGAL_ARGUMENT;
1435 break;
1436 default:
1437 msg = String8::format(
1438 "Setting torch mode of camera \"%s\" to %d failed: %s (%d)",
1439 id.string(), enabled, strerror(-err), err);
1440 errorCode = ERROR_INVALID_OPERATION;
1441 }
1442 ALOGE("%s: %s", __FUNCTION__, msg.string());
1443 return STATUS_ERROR(errorCode, msg.string());
1444 }
1445
1446 {
1447 // update the link to client's death
1448 Mutex::Autolock al(mTorchClientMapMutex);
1449 ssize_t index = mTorchClientMap.indexOfKey(id);
1450 if (enabled) {
1451 if (index == NAME_NOT_FOUND) {
1452 mTorchClientMap.add(id, clientBinder);
1453 } else {
1454 mTorchClientMap.valueAt(index)->unlinkToDeath(this);
1455 mTorchClientMap.replaceValueAt(index, clientBinder);
1456 }
1457 clientBinder->linkToDeath(this);
1458 } else if (index != NAME_NOT_FOUND) {
1459 mTorchClientMap.valueAt(index)->unlinkToDeath(this);
1460 }
1461 }
1462
1463 return Status::ok();
1464 }
1465
notifySystemEvent(int32_t eventId,const std::vector<int32_t> & args)1466 Status CameraService::notifySystemEvent(int32_t eventId,
1467 const std::vector<int32_t>& args) {
1468 ATRACE_CALL();
1469
1470 switch(eventId) {
1471 case ICameraService::EVENT_USER_SWITCHED: {
1472 doUserSwitch(/*newUserIds*/ args);
1473 break;
1474 }
1475 case ICameraService::EVENT_NONE:
1476 default: {
1477 ALOGW("%s: Received invalid system event from system_server: %d", __FUNCTION__,
1478 eventId);
1479 break;
1480 }
1481 }
1482 return Status::ok();
1483 }
1484
addListener(const sp<ICameraServiceListener> & listener)1485 Status CameraService::addListener(const sp<ICameraServiceListener>& listener) {
1486 ATRACE_CALL();
1487
1488 ALOGV("%s: Add listener %p", __FUNCTION__, listener.get());
1489
1490 if (listener == nullptr) {
1491 ALOGE("%s: Listener must not be null", __FUNCTION__);
1492 return STATUS_ERROR(ERROR_ILLEGAL_ARGUMENT, "Null listener given to addListener");
1493 }
1494
1495 Mutex::Autolock lock(mServiceLock);
1496
1497 {
1498 Mutex::Autolock lock(mStatusListenerLock);
1499 for (auto& it : mListenerList) {
1500 if (IInterface::asBinder(it) == IInterface::asBinder(listener)) {
1501 ALOGW("%s: Tried to add listener %p which was already subscribed",
1502 __FUNCTION__, listener.get());
1503 return STATUS_ERROR(ERROR_ALREADY_EXISTS, "Listener already registered");
1504 }
1505 }
1506
1507 mListenerList.push_back(listener);
1508 }
1509
1510
1511 /* Immediately signal current status to this listener only */
1512 {
1513 Mutex::Autolock lock(mCameraStatesLock);
1514 for (auto& i : mCameraStates) {
1515 // TODO: Update binder to use String16 for camera IDs and remove;
1516 int id = cameraIdToInt(i.first);
1517 if (id == -1) continue;
1518
1519 listener->onStatusChanged(i.second->getStatus(), id);
1520 }
1521 }
1522
1523 /* Immediately signal current torch status to this listener only */
1524 {
1525 Mutex::Autolock al(mTorchStatusMutex);
1526 for (size_t i = 0; i < mTorchStatusMap.size(); i++ ) {
1527 String16 id = String16(mTorchStatusMap.keyAt(i).string());
1528 listener->onTorchStatusChanged(mTorchStatusMap.valueAt(i), id);
1529 }
1530 }
1531
1532 return Status::ok();
1533 }
1534
removeListener(const sp<ICameraServiceListener> & listener)1535 Status CameraService::removeListener(const sp<ICameraServiceListener>& listener) {
1536 ATRACE_CALL();
1537
1538 ALOGV("%s: Remove listener %p", __FUNCTION__, listener.get());
1539
1540 if (listener == 0) {
1541 ALOGE("%s: Listener must not be null", __FUNCTION__);
1542 return STATUS_ERROR(ERROR_ILLEGAL_ARGUMENT, "Null listener given to removeListener");
1543 }
1544
1545 Mutex::Autolock lock(mServiceLock);
1546
1547 {
1548 Mutex::Autolock lock(mStatusListenerLock);
1549 for (auto it = mListenerList.begin(); it != mListenerList.end(); it++) {
1550 if (IInterface::asBinder(*it) == IInterface::asBinder(listener)) {
1551 mListenerList.erase(it);
1552 return Status::ok();
1553 }
1554 }
1555 }
1556
1557 ALOGW("%s: Tried to remove a listener %p which was not subscribed",
1558 __FUNCTION__, listener.get());
1559
1560 return STATUS_ERROR(ERROR_ILLEGAL_ARGUMENT, "Unregistered listener given to removeListener");
1561 }
1562
getLegacyParameters(int cameraId,String16 * parameters)1563 Status CameraService::getLegacyParameters(int cameraId, /*out*/String16* parameters) {
1564
1565 ATRACE_CALL();
1566 ALOGV("%s: for camera ID = %d", __FUNCTION__, cameraId);
1567
1568 if (parameters == NULL) {
1569 ALOGE("%s: parameters must not be null", __FUNCTION__);
1570 return STATUS_ERROR(ERROR_ILLEGAL_ARGUMENT, "Parameters must not be null");
1571 }
1572
1573 Status ret = Status::ok();
1574
1575 CameraParameters shimParams;
1576 if (!(ret = getLegacyParametersLazy(cameraId, /*out*/&shimParams)).isOk()) {
1577 // Error logged by caller
1578 return ret;
1579 }
1580
1581 String8 shimParamsString8 = shimParams.flatten();
1582 String16 shimParamsString16 = String16(shimParamsString8);
1583
1584 *parameters = shimParamsString16;
1585
1586 return ret;
1587 }
1588
supportsCameraApi(int cameraId,int apiVersion,bool * isSupported)1589 Status CameraService::supportsCameraApi(int cameraId, int apiVersion, bool *isSupported) {
1590 ATRACE_CALL();
1591
1592 ALOGV("%s: for camera ID = %d", __FUNCTION__, cameraId);
1593
1594 switch (apiVersion) {
1595 case API_VERSION_1:
1596 case API_VERSION_2:
1597 break;
1598 default:
1599 String8 msg = String8::format("Unknown API version %d", apiVersion);
1600 ALOGE("%s: %s", __FUNCTION__, msg.string());
1601 return STATUS_ERROR(ERROR_ILLEGAL_ARGUMENT, msg.string());
1602 }
1603
1604 int facing = -1;
1605 int deviceVersion = getDeviceVersion(cameraId, &facing);
1606
1607 switch(deviceVersion) {
1608 case CAMERA_DEVICE_API_VERSION_1_0:
1609 case CAMERA_DEVICE_API_VERSION_3_0:
1610 case CAMERA_DEVICE_API_VERSION_3_1:
1611 if (apiVersion == API_VERSION_2) {
1612 ALOGV("%s: Camera id %d uses HAL version %d <3.2, doesn't support api2 without shim",
1613 __FUNCTION__, cameraId, deviceVersion);
1614 *isSupported = false;
1615 } else { // if (apiVersion == API_VERSION_1) {
1616 ALOGV("%s: Camera id %d uses older HAL before 3.2, but api1 is always supported",
1617 __FUNCTION__, cameraId);
1618 *isSupported = true;
1619 }
1620 break;
1621 case CAMERA_DEVICE_API_VERSION_3_2:
1622 case CAMERA_DEVICE_API_VERSION_3_3:
1623 case CAMERA_DEVICE_API_VERSION_3_4:
1624 ALOGV("%s: Camera id %d uses HAL3.2 or newer, supports api1/api2 directly",
1625 __FUNCTION__, cameraId);
1626 *isSupported = true;
1627 break;
1628 case -1: {
1629 String8 msg = String8::format("Unknown camera ID %d", cameraId);
1630 ALOGE("%s: %s", __FUNCTION__, msg.string());
1631 return STATUS_ERROR(ERROR_ILLEGAL_ARGUMENT, msg.string());
1632 }
1633 default: {
1634 String8 msg = String8::format("Unknown device version %d for device %d",
1635 deviceVersion, cameraId);
1636 ALOGE("%s: %s", __FUNCTION__, msg.string());
1637 return STATUS_ERROR(ERROR_INVALID_OPERATION, msg.string());
1638 }
1639 }
1640
1641 return Status::ok();
1642 }
1643
removeByClient(const BasicClient * client)1644 void CameraService::removeByClient(const BasicClient* client) {
1645 Mutex::Autolock lock(mServiceLock);
1646 for (auto& i : mActiveClientManager.getAll()) {
1647 auto clientSp = i->getValue();
1648 if (clientSp.get() == client) {
1649 mActiveClientManager.remove(i);
1650 }
1651 }
1652 }
1653
evictClientIdByRemote(const wp<IBinder> & remote)1654 bool CameraService::evictClientIdByRemote(const wp<IBinder>& remote) {
1655 const int callingPid = getCallingPid();
1656 const int servicePid = getpid();
1657 bool ret = false;
1658 {
1659 // Acquire mServiceLock and prevent other clients from connecting
1660 std::unique_ptr<AutoConditionLock> lock =
1661 AutoConditionLock::waitAndAcquire(mServiceLockWrapper);
1662
1663
1664 std::vector<sp<BasicClient>> evicted;
1665 for (auto& i : mActiveClientManager.getAll()) {
1666 auto clientSp = i->getValue();
1667 if (clientSp.get() == nullptr) {
1668 ALOGE("%s: Dead client still in mActiveClientManager.", __FUNCTION__);
1669 mActiveClientManager.remove(i);
1670 continue;
1671 }
1672 if (remote == clientSp->getRemote() && (callingPid == servicePid ||
1673 callingPid == clientSp->getClientPid())) {
1674 mActiveClientManager.remove(i);
1675 evicted.push_back(clientSp);
1676
1677 // Notify the client of disconnection
1678 clientSp->notifyError(
1679 hardware::camera2::ICameraDeviceCallbacks::ERROR_CAMERA_DISCONNECTED,
1680 CaptureResultExtras());
1681 }
1682 }
1683
1684 // Do not hold mServiceLock while disconnecting clients, but retain the condition blocking
1685 // other clients from connecting in mServiceLockWrapper if held
1686 mServiceLock.unlock();
1687
1688 // Do not clear caller identity, remote caller should be client proccess
1689
1690 for (auto& i : evicted) {
1691 if (i.get() != nullptr) {
1692 i->disconnect();
1693 ret = true;
1694 }
1695 }
1696
1697 // Reacquire mServiceLock
1698 mServiceLock.lock();
1699
1700 } // lock is destroyed, allow further connect calls
1701
1702 return ret;
1703 }
1704
1705
1706 /**
1707 * Check camera capabilities, such as support for basic color operation
1708 * Also check that the device HAL version is still in support
1709 */
checkCameraCapabilities(int id,camera_info info,int * latestStrangeCameraId)1710 int CameraService::checkCameraCapabilities(int id, camera_info info, int *latestStrangeCameraId) {
1711 // device_version undefined in CAMERA_MODULE_API_VERSION_1_0,
1712 // All CAMERA_MODULE_API_VERSION_1_0 devices are backward-compatible
1713 if (mModule->getModuleApiVersion() >= CAMERA_MODULE_API_VERSION_2_0) {
1714 // Verify the device version is in the supported range
1715 switch (info.device_version) {
1716 case CAMERA_DEVICE_API_VERSION_1_0:
1717 case CAMERA_DEVICE_API_VERSION_3_0:
1718 case CAMERA_DEVICE_API_VERSION_3_1:
1719 case CAMERA_DEVICE_API_VERSION_3_2:
1720 case CAMERA_DEVICE_API_VERSION_3_3:
1721 case CAMERA_DEVICE_API_VERSION_3_4:
1722 // in support
1723 break;
1724 case CAMERA_DEVICE_API_VERSION_2_0:
1725 case CAMERA_DEVICE_API_VERSION_2_1:
1726 // no longer supported
1727 default:
1728 ALOGE("%s: Device %d has HAL version %x, which is not supported",
1729 __FUNCTION__, id, info.device_version);
1730 String8 msg = String8::format(
1731 "Unsupported device HAL version %x for device %d",
1732 info.device_version, id);
1733 logServiceError(msg.string(), NO_INIT);
1734 return NO_INIT;
1735 }
1736 }
1737
1738 // Assume all devices pre-v3.3 are backward-compatible
1739 bool isBackwardCompatible = true;
1740 if (mModule->getModuleApiVersion() >= CAMERA_MODULE_API_VERSION_2_0
1741 && info.device_version >= CAMERA_DEVICE_API_VERSION_3_3) {
1742 isBackwardCompatible = false;
1743 status_t res;
1744 camera_metadata_ro_entry_t caps;
1745 res = find_camera_metadata_ro_entry(
1746 info.static_camera_characteristics,
1747 ANDROID_REQUEST_AVAILABLE_CAPABILITIES,
1748 &caps);
1749 if (res != 0) {
1750 ALOGW("%s: Unable to find camera capabilities for camera device %d",
1751 __FUNCTION__, id);
1752 caps.count = 0;
1753 }
1754 for (size_t i = 0; i < caps.count; i++) {
1755 if (caps.data.u8[i] ==
1756 ANDROID_REQUEST_AVAILABLE_CAPABILITIES_BACKWARD_COMPATIBLE) {
1757 isBackwardCompatible = true;
1758 break;
1759 }
1760 }
1761 }
1762
1763 if (!isBackwardCompatible) {
1764 mNumberOfNormalCameras--;
1765 *latestStrangeCameraId = id;
1766 } else {
1767 if (id > *latestStrangeCameraId) {
1768 ALOGE("%s: Normal camera ID %d higher than strange camera ID %d. "
1769 "This is not allowed due backward-compatibility requirements",
1770 __FUNCTION__, id, *latestStrangeCameraId);
1771 logServiceError("Invalid order of camera devices", NO_INIT);
1772 mNumberOfCameras = 0;
1773 mNumberOfNormalCameras = 0;
1774 return NO_INIT;
1775 }
1776 }
1777 return OK;
1778 }
1779
getCameraState(const String8 & cameraId) const1780 std::shared_ptr<CameraService::CameraState> CameraService::getCameraState(
1781 const String8& cameraId) const {
1782 std::shared_ptr<CameraState> state;
1783 {
1784 Mutex::Autolock lock(mCameraStatesLock);
1785 auto iter = mCameraStates.find(cameraId);
1786 if (iter != mCameraStates.end()) {
1787 state = iter->second;
1788 }
1789 }
1790 return state;
1791 }
1792
removeClientLocked(const String8 & cameraId)1793 sp<CameraService::BasicClient> CameraService::removeClientLocked(const String8& cameraId) {
1794 // Remove from active clients list
1795 auto clientDescriptorPtr = mActiveClientManager.remove(cameraId);
1796 if (clientDescriptorPtr == nullptr) {
1797 ALOGW("%s: Could not evict client, no client for camera ID %s", __FUNCTION__,
1798 cameraId.string());
1799 return sp<BasicClient>{nullptr};
1800 }
1801
1802 return clientDescriptorPtr->getValue();
1803 }
1804
doUserSwitch(const std::vector<int32_t> & newUserIds)1805 void CameraService::doUserSwitch(const std::vector<int32_t>& newUserIds) {
1806 // Acquire mServiceLock and prevent other clients from connecting
1807 std::unique_ptr<AutoConditionLock> lock =
1808 AutoConditionLock::waitAndAcquire(mServiceLockWrapper);
1809
1810 std::set<userid_t> newAllowedUsers;
1811 for (size_t i = 0; i < newUserIds.size(); i++) {
1812 if (newUserIds[i] < 0) {
1813 ALOGE("%s: Bad user ID %d given during user switch, ignoring.",
1814 __FUNCTION__, newUserIds[i]);
1815 return;
1816 }
1817 newAllowedUsers.insert(static_cast<userid_t>(newUserIds[i]));
1818 }
1819
1820
1821 if (newAllowedUsers == mAllowedUsers) {
1822 ALOGW("%s: Received notification of user switch with no updated user IDs.", __FUNCTION__);
1823 return;
1824 }
1825
1826 logUserSwitch(mAllowedUsers, newAllowedUsers);
1827
1828 mAllowedUsers = std::move(newAllowedUsers);
1829
1830 // Current user has switched, evict all current clients.
1831 std::vector<sp<BasicClient>> evicted;
1832 for (auto& i : mActiveClientManager.getAll()) {
1833 auto clientSp = i->getValue();
1834
1835 if (clientSp.get() == nullptr) {
1836 ALOGE("%s: Dead client still in mActiveClientManager.", __FUNCTION__);
1837 continue;
1838 }
1839
1840 // Don't evict clients that are still allowed.
1841 uid_t clientUid = clientSp->getClientUid();
1842 userid_t clientUserId = multiuser_get_user_id(clientUid);
1843 if (mAllowedUsers.find(clientUserId) != mAllowedUsers.end()) {
1844 continue;
1845 }
1846
1847 evicted.push_back(clientSp);
1848
1849 String8 curTime = getFormattedCurrentTime();
1850
1851 ALOGE("Evicting conflicting client for camera ID %s due to user change",
1852 i->getKey().string());
1853
1854 // Log the clients evicted
1855 logEvent(String8::format("EVICT device %s client held by package %s (PID %"
1856 PRId32 ", priority %" PRId32 ")\n - Evicted due to user switch.",
1857 i->getKey().string(), String8{clientSp->getPackageName()}.string(),
1858 i->getOwnerId(), i->getPriority()));
1859
1860 }
1861
1862 // Do not hold mServiceLock while disconnecting clients, but retain the condition
1863 // blocking other clients from connecting in mServiceLockWrapper if held.
1864 mServiceLock.unlock();
1865
1866 // Clear caller identity temporarily so client disconnect PID checks work correctly
1867 int64_t token = IPCThreadState::self()->clearCallingIdentity();
1868
1869 for (auto& i : evicted) {
1870 i->disconnect();
1871 }
1872
1873 IPCThreadState::self()->restoreCallingIdentity(token);
1874
1875 // Reacquire mServiceLock
1876 mServiceLock.lock();
1877 }
1878
logEvent(const char * event)1879 void CameraService::logEvent(const char* event) {
1880 String8 curTime = getFormattedCurrentTime();
1881 Mutex::Autolock l(mLogLock);
1882 mEventLog.add(String8::format("%s : %s", curTime.string(), event));
1883 }
1884
logDisconnected(const char * cameraId,int clientPid,const char * clientPackage)1885 void CameraService::logDisconnected(const char* cameraId, int clientPid,
1886 const char* clientPackage) {
1887 // Log the clients evicted
1888 logEvent(String8::format("DISCONNECT device %s client for package %s (PID %d)", cameraId,
1889 clientPackage, clientPid));
1890 }
1891
logConnected(const char * cameraId,int clientPid,const char * clientPackage)1892 void CameraService::logConnected(const char* cameraId, int clientPid,
1893 const char* clientPackage) {
1894 // Log the clients evicted
1895 logEvent(String8::format("CONNECT device %s client for package %s (PID %d)", cameraId,
1896 clientPackage, clientPid));
1897 }
1898
logRejected(const char * cameraId,int clientPid,const char * clientPackage,const char * reason)1899 void CameraService::logRejected(const char* cameraId, int clientPid,
1900 const char* clientPackage, const char* reason) {
1901 // Log the client rejected
1902 logEvent(String8::format("REJECT device %s client for package %s (PID %d), reason: (%s)",
1903 cameraId, clientPackage, clientPid, reason));
1904 }
1905
logUserSwitch(const std::set<userid_t> & oldUserIds,const std::set<userid_t> & newUserIds)1906 void CameraService::logUserSwitch(const std::set<userid_t>& oldUserIds,
1907 const std::set<userid_t>& newUserIds) {
1908 String8 newUsers = toString(newUserIds);
1909 String8 oldUsers = toString(oldUserIds);
1910 // Log the new and old users
1911 logEvent(String8::format("USER_SWITCH previous allowed users: %s , current allowed users: %s",
1912 oldUsers.string(), newUsers.string()));
1913 }
1914
logDeviceRemoved(const char * cameraId,const char * reason)1915 void CameraService::logDeviceRemoved(const char* cameraId, const char* reason) {
1916 // Log the device removal
1917 logEvent(String8::format("REMOVE device %s, reason: (%s)", cameraId, reason));
1918 }
1919
logDeviceAdded(const char * cameraId,const char * reason)1920 void CameraService::logDeviceAdded(const char* cameraId, const char* reason) {
1921 // Log the device removal
1922 logEvent(String8::format("ADD device %s, reason: (%s)", cameraId, reason));
1923 }
1924
logClientDied(int clientPid,const char * reason)1925 void CameraService::logClientDied(int clientPid, const char* reason) {
1926 // Log the device removal
1927 logEvent(String8::format("DIED client(s) with PID %d, reason: (%s)", clientPid, reason));
1928 }
1929
logServiceError(const char * msg,int errorCode)1930 void CameraService::logServiceError(const char* msg, int errorCode) {
1931 String8 curTime = getFormattedCurrentTime();
1932 logEvent(String8::format("SERVICE ERROR: %s : %d (%s)", msg, errorCode, strerror(-errorCode)));
1933 }
1934
onTransact(uint32_t code,const Parcel & data,Parcel * reply,uint32_t flags)1935 status_t CameraService::onTransact(uint32_t code, const Parcel& data, Parcel* reply,
1936 uint32_t flags) {
1937
1938 const int pid = getCallingPid();
1939 const int selfPid = getpid();
1940
1941 // Permission checks
1942 switch (code) {
1943 case BnCameraService::NOTIFYSYSTEMEVENT: {
1944 if (pid != selfPid) {
1945 // Ensure we're being called by system_server, or similar process with
1946 // permissions to notify the camera service about system events
1947 if (!checkCallingPermission(
1948 String16("android.permission.CAMERA_SEND_SYSTEM_EVENTS"))) {
1949 const int uid = getCallingUid();
1950 ALOGE("Permission Denial: cannot send updates to camera service about system"
1951 " events from pid=%d, uid=%d", pid, uid);
1952 return PERMISSION_DENIED;
1953 }
1954 }
1955 break;
1956 }
1957 }
1958
1959 return BnCameraService::onTransact(code, data, reply, flags);
1960 }
1961
1962 // We share the media players for shutter and recording sound for all clients.
1963 // A reference count is kept to determine when we will actually release the
1964 // media players.
1965
newMediaPlayer(const char * file)1966 MediaPlayer* CameraService::newMediaPlayer(const char *file) {
1967 MediaPlayer* mp = new MediaPlayer();
1968 if (mp->setDataSource(NULL /* httpService */, file, NULL) == NO_ERROR) {
1969 mp->setAudioStreamType(AUDIO_STREAM_ENFORCED_AUDIBLE);
1970 mp->prepare();
1971 } else {
1972 ALOGE("Failed to load CameraService sounds: %s", file);
1973 return NULL;
1974 }
1975 return mp;
1976 }
1977
loadSound()1978 void CameraService::loadSound() {
1979 ATRACE_CALL();
1980
1981 Mutex::Autolock lock(mSoundLock);
1982 LOG1("CameraService::loadSound ref=%d", mSoundRef);
1983 if (mSoundRef++) return;
1984
1985 mSoundPlayer[SOUND_SHUTTER] = newMediaPlayer("/system/media/audio/ui/camera_click.ogg");
1986 mSoundPlayer[SOUND_RECORDING_START] = newMediaPlayer("/system/media/audio/ui/VideoRecord.ogg");
1987 mSoundPlayer[SOUND_RECORDING_STOP] = newMediaPlayer("/system/media/audio/ui/VideoStop.ogg");
1988 }
1989
releaseSound()1990 void CameraService::releaseSound() {
1991 Mutex::Autolock lock(mSoundLock);
1992 LOG1("CameraService::releaseSound ref=%d", mSoundRef);
1993 if (--mSoundRef) return;
1994
1995 for (int i = 0; i < NUM_SOUNDS; i++) {
1996 if (mSoundPlayer[i] != 0) {
1997 mSoundPlayer[i]->disconnect();
1998 mSoundPlayer[i].clear();
1999 }
2000 }
2001 }
2002
playSound(sound_kind kind)2003 void CameraService::playSound(sound_kind kind) {
2004 ATRACE_CALL();
2005
2006 LOG1("playSound(%d)", kind);
2007 Mutex::Autolock lock(mSoundLock);
2008 sp<MediaPlayer> player = mSoundPlayer[kind];
2009 if (player != 0) {
2010 player->seekTo(0);
2011 player->start();
2012 }
2013 }
2014
2015 // ----------------------------------------------------------------------------
2016
Client(const sp<CameraService> & cameraService,const sp<ICameraClient> & cameraClient,const String16 & clientPackageName,int cameraId,int cameraFacing,int clientPid,uid_t clientUid,int servicePid)2017 CameraService::Client::Client(const sp<CameraService>& cameraService,
2018 const sp<ICameraClient>& cameraClient,
2019 const String16& clientPackageName,
2020 int cameraId, int cameraFacing,
2021 int clientPid, uid_t clientUid,
2022 int servicePid) :
2023 CameraService::BasicClient(cameraService,
2024 IInterface::asBinder(cameraClient),
2025 clientPackageName,
2026 cameraId, cameraFacing,
2027 clientPid, clientUid,
2028 servicePid)
2029 {
2030 int callingPid = getCallingPid();
2031 LOG1("Client::Client E (pid %d, id %d)", callingPid, cameraId);
2032
2033 mRemoteCallback = cameraClient;
2034
2035 cameraService->loadSound();
2036
2037 LOG1("Client::Client X (pid %d, id %d)", callingPid, cameraId);
2038 }
2039
2040 // tear down the client
~Client()2041 CameraService::Client::~Client() {
2042 ALOGV("~Client");
2043 mDestructionStarted = true;
2044
2045 mCameraService->releaseSound();
2046 // unconditionally disconnect. function is idempotent
2047 Client::disconnect();
2048 }
2049
BasicClient(const sp<CameraService> & cameraService,const sp<IBinder> & remoteCallback,const String16 & clientPackageName,int cameraId,int cameraFacing,int clientPid,uid_t clientUid,int servicePid)2050 CameraService::BasicClient::BasicClient(const sp<CameraService>& cameraService,
2051 const sp<IBinder>& remoteCallback,
2052 const String16& clientPackageName,
2053 int cameraId, int cameraFacing,
2054 int clientPid, uid_t clientUid,
2055 int servicePid):
2056 mClientPackageName(clientPackageName), mDisconnected(false)
2057 {
2058 mCameraService = cameraService;
2059 mRemoteBinder = remoteCallback;
2060 mCameraId = cameraId;
2061 mCameraFacing = cameraFacing;
2062 mClientPid = clientPid;
2063 mClientUid = clientUid;
2064 mServicePid = servicePid;
2065 mOpsActive = false;
2066 mDestructionStarted = false;
2067
2068 // In some cases the calling code has no access to the package it runs under.
2069 // For example, NDK camera API.
2070 // In this case we will get the packages for the calling UID and pick the first one
2071 // for attributing the app op. This will work correctly for runtime permissions
2072 // as for legacy apps we will toggle the app op for all packages in the UID.
2073 // The caveat is that the operation may be attributed to the wrong package and
2074 // stats based on app ops may be slightly off.
2075 if (mClientPackageName.size() <= 0) {
2076 sp<IServiceManager> sm = defaultServiceManager();
2077 sp<IBinder> binder = sm->getService(String16(kPermissionServiceName));
2078 if (binder == 0) {
2079 ALOGE("Cannot get permission service");
2080 // Leave mClientPackageName unchanged (empty) and the further interaction
2081 // with camera will fail in BasicClient::startCameraOps
2082 return;
2083 }
2084
2085 sp<IPermissionController> permCtrl = interface_cast<IPermissionController>(binder);
2086 Vector<String16> packages;
2087
2088 permCtrl->getPackagesForUid(mClientUid, packages);
2089
2090 if (packages.isEmpty()) {
2091 ALOGE("No packages for calling UID");
2092 // Leave mClientPackageName unchanged (empty) and the further interaction
2093 // with camera will fail in BasicClient::startCameraOps
2094 return;
2095 }
2096 mClientPackageName = packages[0];
2097 }
2098 }
2099
~BasicClient()2100 CameraService::BasicClient::~BasicClient() {
2101 ALOGV("~BasicClient");
2102 mDestructionStarted = true;
2103 }
2104
disconnect()2105 binder::Status CameraService::BasicClient::disconnect() {
2106 binder::Status res = Status::ok();
2107 if (mDisconnected) {
2108 return res;
2109 }
2110 mDisconnected = true;
2111
2112 mCameraService->removeByClient(this);
2113 mCameraService->logDisconnected(String8::format("%d", mCameraId), mClientPid,
2114 String8(mClientPackageName));
2115
2116 sp<IBinder> remote = getRemote();
2117 if (remote != nullptr) {
2118 remote->unlinkToDeath(mCameraService);
2119 }
2120
2121 finishCameraOps();
2122 // Notify flashlight that a camera device is closed.
2123 mCameraService->mFlashlight->deviceClosed(String8::format("%d", mCameraId));
2124 ALOGI("%s: Disconnected client for camera %d for PID %d", __FUNCTION__, mCameraId, mClientPid);
2125
2126 // client shouldn't be able to call into us anymore
2127 mClientPid = 0;
2128
2129 return res;
2130 }
2131
dump(int,const Vector<String16> &)2132 status_t CameraService::BasicClient::dump(int, const Vector<String16>&) {
2133 // No dumping of clients directly over Binder,
2134 // must go through CameraService::dump
2135 android_errorWriteWithInfoLog(SN_EVENT_LOG_ID, "26265403",
2136 IPCThreadState::self()->getCallingUid(), NULL, 0);
2137 return OK;
2138 }
2139
getPackageName() const2140 String16 CameraService::BasicClient::getPackageName() const {
2141 return mClientPackageName;
2142 }
2143
2144
getClientPid() const2145 int CameraService::BasicClient::getClientPid() const {
2146 return mClientPid;
2147 }
2148
getClientUid() const2149 uid_t CameraService::BasicClient::getClientUid() const {
2150 return mClientUid;
2151 }
2152
canCastToApiClient(apiLevel level) const2153 bool CameraService::BasicClient::canCastToApiClient(apiLevel level) const {
2154 // Defaults to API2.
2155 return level == API_2;
2156 }
2157
startCameraOps()2158 status_t CameraService::BasicClient::startCameraOps() {
2159 ATRACE_CALL();
2160
2161 int32_t res;
2162 // Notify app ops that the camera is not available
2163 mOpsCallback = new OpsCallback(this);
2164
2165 {
2166 ALOGV("%s: Start camera ops, package name = %s, client UID = %d",
2167 __FUNCTION__, String8(mClientPackageName).string(), mClientUid);
2168 }
2169
2170 mAppOpsManager.startWatchingMode(AppOpsManager::OP_CAMERA,
2171 mClientPackageName, mOpsCallback);
2172 res = mAppOpsManager.startOp(AppOpsManager::OP_CAMERA,
2173 mClientUid, mClientPackageName);
2174
2175 if (res == AppOpsManager::MODE_ERRORED) {
2176 ALOGI("Camera %d: Access for \"%s\" has been revoked",
2177 mCameraId, String8(mClientPackageName).string());
2178 return PERMISSION_DENIED;
2179 }
2180
2181 if (res == AppOpsManager::MODE_IGNORED) {
2182 ALOGI("Camera %d: Access for \"%s\" has been restricted",
2183 mCameraId, String8(mClientPackageName).string());
2184 // Return the same error as for device policy manager rejection
2185 return -EACCES;
2186 }
2187
2188 mOpsActive = true;
2189
2190 // Transition device availability listeners from PRESENT -> NOT_AVAILABLE
2191 mCameraService->updateStatus(ICameraServiceListener::STATUS_NOT_AVAILABLE,
2192 String8::format("%d", mCameraId));
2193
2194 // Transition device state to OPEN
2195 mCameraService->updateProxyDeviceState(ICameraServiceProxy::CAMERA_STATE_OPEN,
2196 String8::format("%d", mCameraId));
2197
2198 return OK;
2199 }
2200
finishCameraOps()2201 status_t CameraService::BasicClient::finishCameraOps() {
2202 ATRACE_CALL();
2203
2204 // Check if startCameraOps succeeded, and if so, finish the camera op
2205 if (mOpsActive) {
2206 // Notify app ops that the camera is available again
2207 mAppOpsManager.finishOp(AppOpsManager::OP_CAMERA, mClientUid,
2208 mClientPackageName);
2209 mOpsActive = false;
2210
2211 std::initializer_list<int32_t> rejected = {ICameraServiceListener::STATUS_NOT_PRESENT,
2212 ICameraServiceListener::STATUS_ENUMERATING};
2213
2214 // Transition to PRESENT if the camera is not in either of the rejected states
2215 mCameraService->updateStatus(ICameraServiceListener::STATUS_PRESENT,
2216 String8::format("%d", mCameraId), rejected);
2217
2218 // Transition device state to CLOSED
2219 mCameraService->updateProxyDeviceState(ICameraServiceProxy::CAMERA_STATE_CLOSED,
2220 String8::format("%d", mCameraId));
2221 }
2222 // Always stop watching, even if no camera op is active
2223 if (mOpsCallback != NULL) {
2224 mAppOpsManager.stopWatchingMode(mOpsCallback);
2225 }
2226 mOpsCallback.clear();
2227
2228 return OK;
2229 }
2230
opChanged(int32_t op,const String16 & packageName)2231 void CameraService::BasicClient::opChanged(int32_t op, const String16& packageName) {
2232 ATRACE_CALL();
2233
2234 String8 name(packageName);
2235 String8 myName(mClientPackageName);
2236
2237 if (op != AppOpsManager::OP_CAMERA) {
2238 ALOGW("Unexpected app ops notification received: %d", op);
2239 return;
2240 }
2241
2242 int32_t res;
2243 res = mAppOpsManager.checkOp(AppOpsManager::OP_CAMERA,
2244 mClientUid, mClientPackageName);
2245 ALOGV("checkOp returns: %d, %s ", res,
2246 res == AppOpsManager::MODE_ALLOWED ? "ALLOWED" :
2247 res == AppOpsManager::MODE_IGNORED ? "IGNORED" :
2248 res == AppOpsManager::MODE_ERRORED ? "ERRORED" :
2249 "UNKNOWN");
2250
2251 if (res != AppOpsManager::MODE_ALLOWED) {
2252 ALOGI("Camera %d: Access for \"%s\" revoked", mCameraId,
2253 myName.string());
2254 // Reset the client PID to allow server-initiated disconnect,
2255 // and to prevent further calls by client.
2256 mClientPid = getCallingPid();
2257 CaptureResultExtras resultExtras; // a dummy result (invalid)
2258 notifyError(hardware::camera2::ICameraDeviceCallbacks::ERROR_CAMERA_SERVICE, resultExtras);
2259 disconnect();
2260 }
2261 }
2262
2263 // ----------------------------------------------------------------------------
2264
2265 // Provide client strong pointer for callbacks.
getClientFromCookie(void * user)2266 sp<CameraService::Client> CameraService::Client::getClientFromCookie(void* user) {
2267 String8 cameraId = String8::format("%d", (int)(intptr_t) user);
2268 auto clientDescriptor = gCameraService->mActiveClientManager.get(cameraId);
2269 if (clientDescriptor != nullptr) {
2270 return sp<Client>{
2271 static_cast<Client*>(clientDescriptor->getValue().get())};
2272 }
2273 return sp<Client>{nullptr};
2274 }
2275
notifyError(int32_t errorCode,const CaptureResultExtras & resultExtras)2276 void CameraService::Client::notifyError(int32_t errorCode,
2277 const CaptureResultExtras& resultExtras) {
2278 (void) errorCode;
2279 (void) resultExtras;
2280 if (mRemoteCallback != NULL) {
2281 mRemoteCallback->notifyCallback(CAMERA_MSG_ERROR, CAMERA_ERROR_RELEASED, 0);
2282 } else {
2283 ALOGE("mRemoteCallback is NULL!!");
2284 }
2285 }
2286
2287 // NOTE: function is idempotent
disconnect()2288 binder::Status CameraService::Client::disconnect() {
2289 ALOGV("Client::disconnect");
2290 return BasicClient::disconnect();
2291 }
2292
canCastToApiClient(apiLevel level) const2293 bool CameraService::Client::canCastToApiClient(apiLevel level) const {
2294 return level == API_1;
2295 }
2296
OpsCallback(wp<BasicClient> client)2297 CameraService::Client::OpsCallback::OpsCallback(wp<BasicClient> client):
2298 mClient(client) {
2299 }
2300
opChanged(int32_t op,const String16 & packageName)2301 void CameraService::Client::OpsCallback::opChanged(int32_t op,
2302 const String16& packageName) {
2303 sp<BasicClient> client = mClient.promote();
2304 if (client != NULL) {
2305 client->opChanged(op, packageName);
2306 }
2307 }
2308
2309 // ----------------------------------------------------------------------------
2310 // CameraState
2311 // ----------------------------------------------------------------------------
2312
CameraState(const String8 & id,int cost,const std::set<String8> & conflicting)2313 CameraService::CameraState::CameraState(const String8& id, int cost,
2314 const std::set<String8>& conflicting) : mId(id),
2315 mStatus(ICameraServiceListener::STATUS_PRESENT), mCost(cost), mConflicting(conflicting) {}
2316
~CameraState()2317 CameraService::CameraState::~CameraState() {}
2318
getStatus() const2319 int32_t CameraService::CameraState::getStatus() const {
2320 Mutex::Autolock lock(mStatusLock);
2321 return mStatus;
2322 }
2323
getShimParams() const2324 CameraParameters CameraService::CameraState::getShimParams() const {
2325 return mShimParams;
2326 }
2327
setShimParams(const CameraParameters & params)2328 void CameraService::CameraState::setShimParams(const CameraParameters& params) {
2329 mShimParams = params;
2330 }
2331
getCost() const2332 int CameraService::CameraState::getCost() const {
2333 return mCost;
2334 }
2335
getConflicting() const2336 std::set<String8> CameraService::CameraState::getConflicting() const {
2337 return mConflicting;
2338 }
2339
getId() const2340 String8 CameraService::CameraState::getId() const {
2341 return mId;
2342 }
2343
2344 // ----------------------------------------------------------------------------
2345 // ClientEventListener
2346 // ----------------------------------------------------------------------------
2347
onClientAdded(const resource_policy::ClientDescriptor<String8,sp<CameraService::BasicClient>> & descriptor)2348 void CameraService::ClientEventListener::onClientAdded(
2349 const resource_policy::ClientDescriptor<String8,
2350 sp<CameraService::BasicClient>>& descriptor) {
2351 auto basicClient = descriptor.getValue();
2352 if (basicClient.get() != nullptr) {
2353 BatteryNotifier& notifier(BatteryNotifier::getInstance());
2354 notifier.noteStartCamera(descriptor.getKey(),
2355 static_cast<int>(basicClient->getClientUid()));
2356 }
2357 }
2358
onClientRemoved(const resource_policy::ClientDescriptor<String8,sp<CameraService::BasicClient>> & descriptor)2359 void CameraService::ClientEventListener::onClientRemoved(
2360 const resource_policy::ClientDescriptor<String8,
2361 sp<CameraService::BasicClient>>& descriptor) {
2362 auto basicClient = descriptor.getValue();
2363 if (basicClient.get() != nullptr) {
2364 BatteryNotifier& notifier(BatteryNotifier::getInstance());
2365 notifier.noteStopCamera(descriptor.getKey(),
2366 static_cast<int>(basicClient->getClientUid()));
2367 }
2368 }
2369
2370
2371 // ----------------------------------------------------------------------------
2372 // CameraClientManager
2373 // ----------------------------------------------------------------------------
2374
CameraClientManager()2375 CameraService::CameraClientManager::CameraClientManager() {
2376 setListener(std::make_shared<ClientEventListener>());
2377 }
2378
~CameraClientManager()2379 CameraService::CameraClientManager::~CameraClientManager() {}
2380
getCameraClient(const String8 & id) const2381 sp<CameraService::BasicClient> CameraService::CameraClientManager::getCameraClient(
2382 const String8& id) const {
2383 auto descriptor = get(id);
2384 if (descriptor == nullptr) {
2385 return sp<BasicClient>{nullptr};
2386 }
2387 return descriptor->getValue();
2388 }
2389
toString() const2390 String8 CameraService::CameraClientManager::toString() const {
2391 auto all = getAll();
2392 String8 ret("[");
2393 bool hasAny = false;
2394 for (auto& i : all) {
2395 hasAny = true;
2396 String8 key = i->getKey();
2397 int32_t cost = i->getCost();
2398 int32_t pid = i->getOwnerId();
2399 int32_t priority = i->getPriority();
2400 auto conflicting = i->getConflicting();
2401 auto clientSp = i->getValue();
2402 String8 packageName;
2403 userid_t clientUserId = 0;
2404 if (clientSp.get() != nullptr) {
2405 packageName = String8{clientSp->getPackageName()};
2406 uid_t clientUid = clientSp->getClientUid();
2407 clientUserId = multiuser_get_user_id(clientUid);
2408 }
2409 ret.appendFormat("\n(Camera ID: %s, Cost: %" PRId32 ", PID: %" PRId32 ", Priority: %"
2410 PRId32 ", ", key.string(), cost, pid, priority);
2411
2412 if (clientSp.get() != nullptr) {
2413 ret.appendFormat("User Id: %d, ", clientUserId);
2414 }
2415 if (packageName.size() != 0) {
2416 ret.appendFormat("Client Package Name: %s", packageName.string());
2417 }
2418
2419 ret.append(", Conflicting Client Devices: {");
2420 for (auto& j : conflicting) {
2421 ret.appendFormat("%s, ", j.string());
2422 }
2423 ret.append("})");
2424 }
2425 if (hasAny) ret.append("\n");
2426 ret.append("]\n");
2427 return ret;
2428 }
2429
makeClientDescriptor(const String8 & key,const sp<BasicClient> & value,int32_t cost,const std::set<String8> & conflictingKeys,int32_t priority,int32_t ownerId)2430 CameraService::DescriptorPtr CameraService::CameraClientManager::makeClientDescriptor(
2431 const String8& key, const sp<BasicClient>& value, int32_t cost,
2432 const std::set<String8>& conflictingKeys, int32_t priority, int32_t ownerId) {
2433
2434 return std::make_shared<resource_policy::ClientDescriptor<String8, sp<BasicClient>>>(
2435 key, value, cost, conflictingKeys, priority, ownerId);
2436 }
2437
makeClientDescriptor(const sp<BasicClient> & value,const CameraService::DescriptorPtr & partial)2438 CameraService::DescriptorPtr CameraService::CameraClientManager::makeClientDescriptor(
2439 const sp<BasicClient>& value, const CameraService::DescriptorPtr& partial) {
2440 return makeClientDescriptor(partial->getKey(), value, partial->getCost(),
2441 partial->getConflicting(), partial->getPriority(), partial->getOwnerId());
2442 }
2443
2444 // ----------------------------------------------------------------------------
2445
2446 static const int kDumpLockRetries = 50;
2447 static const int kDumpLockSleep = 60000;
2448
tryLock(Mutex & mutex)2449 static bool tryLock(Mutex& mutex)
2450 {
2451 bool locked = false;
2452 for (int i = 0; i < kDumpLockRetries; ++i) {
2453 if (mutex.tryLock() == NO_ERROR) {
2454 locked = true;
2455 break;
2456 }
2457 usleep(kDumpLockSleep);
2458 }
2459 return locked;
2460 }
2461
dump(int fd,const Vector<String16> & args)2462 status_t CameraService::dump(int fd, const Vector<String16>& args) {
2463 ATRACE_CALL();
2464
2465 String8 result("Dump of the Camera Service:\n");
2466 if (checkCallingPermission(String16("android.permission.DUMP")) == false) {
2467 result = result.format("Permission Denial: "
2468 "can't dump CameraService from pid=%d, uid=%d\n",
2469 getCallingPid(),
2470 getCallingUid());
2471 write(fd, result.string(), result.size());
2472 } else {
2473 bool locked = tryLock(mServiceLock);
2474 // failed to lock - CameraService is probably deadlocked
2475 if (!locked) {
2476 result.append("CameraService may be deadlocked\n");
2477 write(fd, result.string(), result.size());
2478 }
2479
2480 bool hasClient = false;
2481 if (!mModule) {
2482 result = String8::format("No camera module available!\n");
2483 write(fd, result.string(), result.size());
2484
2485 // Dump event log for error information
2486 dumpEventLog(fd);
2487
2488 if (locked) mServiceLock.unlock();
2489 return NO_ERROR;
2490 }
2491
2492 result = String8::format("Camera module HAL API version: 0x%x\n", mModule->getHalApiVersion());
2493 result.appendFormat("Camera module API version: 0x%x\n", mModule->getModuleApiVersion());
2494 result.appendFormat("Camera module name: %s\n", mModule->getModuleName());
2495 result.appendFormat("Camera module author: %s\n", mModule->getModuleAuthor());
2496 result.appendFormat("Number of camera devices: %d\n", mNumberOfCameras);
2497 result.appendFormat("Number of normal camera devices: %d\n", mNumberOfNormalCameras);
2498 String8 activeClientString = mActiveClientManager.toString();
2499 result.appendFormat("Active Camera Clients:\n%s", activeClientString.string());
2500 result.appendFormat("Allowed users:\n%s\n", toString(mAllowedUsers).string());
2501
2502 sp<VendorTagDescriptor> desc = VendorTagDescriptor::getGlobalVendorTagDescriptor();
2503 if (desc == NULL) {
2504 result.appendFormat("Vendor tags left unimplemented.\n");
2505 } else {
2506 result.appendFormat("Vendor tag definitions:\n");
2507 }
2508
2509 write(fd, result.string(), result.size());
2510
2511 if (desc != NULL) {
2512 desc->dump(fd, /*verbosity*/2, /*indentation*/4);
2513 }
2514
2515 dumpEventLog(fd);
2516
2517 bool stateLocked = tryLock(mCameraStatesLock);
2518 if (!stateLocked) {
2519 result = String8::format("CameraStates in use, may be deadlocked\n");
2520 write(fd, result.string(), result.size());
2521 }
2522
2523 for (auto& state : mCameraStates) {
2524 String8 cameraId = state.first;
2525 result = String8::format("Camera %s information:\n", cameraId.string());
2526 camera_info info;
2527
2528 // TODO: Change getCameraInfo + HAL to use String cameraIds
2529 status_t rc = mModule->getCameraInfo(cameraIdToInt(cameraId), &info);
2530 if (rc != OK) {
2531 result.appendFormat(" Error reading static information!\n");
2532 write(fd, result.string(), result.size());
2533 } else {
2534 result.appendFormat(" Facing: %s\n",
2535 info.facing == CAMERA_FACING_BACK ? "BACK" :
2536 info.facing == CAMERA_FACING_FRONT ? "FRONT" : "EXTERNAL");
2537 result.appendFormat(" Orientation: %d\n", info.orientation);
2538 int deviceVersion;
2539 if (mModule->getModuleApiVersion() < CAMERA_MODULE_API_VERSION_2_0) {
2540 deviceVersion = CAMERA_DEVICE_API_VERSION_1_0;
2541 } else {
2542 deviceVersion = info.device_version;
2543 }
2544
2545 auto conflicting = state.second->getConflicting();
2546 result.appendFormat(" Resource Cost: %d\n", state.second->getCost());
2547 result.appendFormat(" Conflicting Devices:");
2548 for (auto& id : conflicting) {
2549 result.appendFormat(" %s", id.string());
2550 }
2551 if (conflicting.size() == 0) {
2552 result.appendFormat(" NONE");
2553 }
2554 result.appendFormat("\n");
2555
2556 result.appendFormat(" Device version: %#x\n", deviceVersion);
2557 if (deviceVersion >= CAMERA_DEVICE_API_VERSION_3_0) {
2558 result.appendFormat(" Device static metadata:\n");
2559 write(fd, result.string(), result.size());
2560 dump_indented_camera_metadata(info.static_camera_characteristics,
2561 fd, /*verbosity*/2, /*indentation*/4);
2562 } else {
2563 write(fd, result.string(), result.size());
2564 }
2565
2566 CameraParameters p = state.second->getShimParams();
2567 if (!p.isEmpty()) {
2568 result = String8::format(" Camera1 API shim is using parameters:\n ");
2569 write(fd, result.string(), result.size());
2570 p.dump(fd, args);
2571 }
2572 }
2573
2574 auto clientDescriptor = mActiveClientManager.get(cameraId);
2575 if (clientDescriptor == nullptr) {
2576 result = String8::format(" Device %s is closed, no client instance\n",
2577 cameraId.string());
2578 write(fd, result.string(), result.size());
2579 continue;
2580 }
2581 hasClient = true;
2582 result = String8::format(" Device %s is open. Client instance dump:\n\n",
2583 cameraId.string());
2584 result.appendFormat("Client priority level: %d\n", clientDescriptor->getPriority());
2585 result.appendFormat("Client PID: %d\n", clientDescriptor->getOwnerId());
2586
2587 auto client = clientDescriptor->getValue();
2588 result.appendFormat("Client package: %s\n",
2589 String8(client->getPackageName()).string());
2590 write(fd, result.string(), result.size());
2591
2592 client->dumpClient(fd, args);
2593 }
2594
2595 if (stateLocked) mCameraStatesLock.unlock();
2596
2597 if (!hasClient) {
2598 result = String8::format("\nNo active camera clients yet.\n");
2599 write(fd, result.string(), result.size());
2600 }
2601
2602 if (locked) mServiceLock.unlock();
2603
2604 // Dump camera traces if there were any
2605 write(fd, "\n", 1);
2606 camera3::CameraTraces::dump(fd, args);
2607
2608 // Process dump arguments, if any
2609 int n = args.size();
2610 String16 verboseOption("-v");
2611 String16 unreachableOption("--unreachable");
2612 for (int i = 0; i < n; i++) {
2613 if (args[i] == verboseOption) {
2614 // change logging level
2615 if (i + 1 >= n) continue;
2616 String8 levelStr(args[i+1]);
2617 int level = atoi(levelStr.string());
2618 result = String8::format("\nSetting log level to %d.\n", level);
2619 setLogLevel(level);
2620 write(fd, result.string(), result.size());
2621 } else if (args[i] == unreachableOption) {
2622 // Dump memory analysis
2623 // TODO - should limit be an argument parameter?
2624 UnreachableMemoryInfo info;
2625 bool success = GetUnreachableMemory(info, /*limit*/ 10000);
2626 if (!success) {
2627 dprintf(fd, "\nUnable to dump unreachable memory. "
2628 "Try disabling SELinux enforcement.\n");
2629 } else {
2630 dprintf(fd, "\nDumping unreachable memory:\n");
2631 std::string s = info.ToString(/*log_contents*/ true);
2632 write(fd, s.c_str(), s.size());
2633 }
2634 }
2635 }
2636 }
2637 return NO_ERROR;
2638 }
2639
dumpEventLog(int fd)2640 void CameraService::dumpEventLog(int fd) {
2641 String8 result = String8("\nPrior client events (most recent at top):\n");
2642
2643 Mutex::Autolock l(mLogLock);
2644 for (const auto& msg : mEventLog) {
2645 result.appendFormat(" %s\n", msg.string());
2646 }
2647
2648 if (mEventLog.size() == DEFAULT_EVENT_LOG_LENGTH) {
2649 result.append(" ...\n");
2650 } else if (mEventLog.size() == 0) {
2651 result.append(" [no events yet]\n");
2652 }
2653 result.append("\n");
2654
2655 write(fd, result.string(), result.size());
2656 }
2657
handleTorchClientBinderDied(const wp<IBinder> & who)2658 void CameraService::handleTorchClientBinderDied(const wp<IBinder> &who) {
2659 Mutex::Autolock al(mTorchClientMapMutex);
2660 for (size_t i = 0; i < mTorchClientMap.size(); i++) {
2661 if (mTorchClientMap[i] == who) {
2662 // turn off the torch mode that was turned on by dead client
2663 String8 cameraId = mTorchClientMap.keyAt(i);
2664 status_t res = mFlashlight->setTorchMode(cameraId, false);
2665 if (res) {
2666 ALOGE("%s: torch client died but couldn't turn off torch: "
2667 "%s (%d)", __FUNCTION__, strerror(-res), res);
2668 return;
2669 }
2670 mTorchClientMap.removeItemsAt(i);
2671 break;
2672 }
2673 }
2674 }
2675
binderDied(const wp<IBinder> & who)2676 /*virtual*/void CameraService::binderDied(const wp<IBinder> &who) {
2677
2678 /**
2679 * While tempting to promote the wp<IBinder> into a sp, it's actually not supported by the
2680 * binder driver
2681 */
2682
2683 logClientDied(getCallingPid(), String8("Binder died unexpectedly"));
2684
2685 // check torch client
2686 handleTorchClientBinderDied(who);
2687
2688 // check camera device client
2689 if(!evictClientIdByRemote(who)) {
2690 ALOGV("%s: Java client's binder death already cleaned up (normal case)", __FUNCTION__);
2691 return;
2692 }
2693
2694 ALOGE("%s: Java client's binder died, removing it from the list of active clients",
2695 __FUNCTION__);
2696 }
2697
updateStatus(int32_t status,const String8 & cameraId)2698 void CameraService::updateStatus(int32_t status, const String8& cameraId) {
2699 updateStatus(status, cameraId, {});
2700 }
2701
updateStatus(int32_t status,const String8 & cameraId,std::initializer_list<int32_t> rejectSourceStates)2702 void CameraService::updateStatus(int32_t status, const String8& cameraId,
2703 std::initializer_list<int32_t> rejectSourceStates) {
2704 // Do not lock mServiceLock here or can get into a deadlock from
2705 // connect() -> disconnect -> updateStatus
2706
2707 auto state = getCameraState(cameraId);
2708
2709 if (state == nullptr) {
2710 ALOGW("%s: Could not update the status for %s, no such device exists", __FUNCTION__,
2711 cameraId.string());
2712 return;
2713 }
2714
2715 // Update the status for this camera state, then send the onStatusChangedCallbacks to each
2716 // of the listeners with both the mStatusStatus and mStatusListenerLock held
2717 state->updateStatus(status, cameraId, rejectSourceStates, [this]
2718 (const String8& cameraId, int32_t status) {
2719
2720 if (status != ICameraServiceListener::STATUS_ENUMERATING) {
2721 // Update torch status if it has a flash unit.
2722 Mutex::Autolock al(mTorchStatusMutex);
2723 int32_t torchStatus;
2724 if (getTorchStatusLocked(cameraId, &torchStatus) !=
2725 NAME_NOT_FOUND) {
2726 int32_t newTorchStatus =
2727 status == ICameraServiceListener::STATUS_PRESENT ?
2728 ICameraServiceListener::TORCH_STATUS_AVAILABLE_OFF :
2729 ICameraServiceListener::TORCH_STATUS_NOT_AVAILABLE;
2730 if (torchStatus != newTorchStatus) {
2731 onTorchStatusChangedLocked(cameraId, newTorchStatus);
2732 }
2733 }
2734 }
2735
2736 Mutex::Autolock lock(mStatusListenerLock);
2737
2738 for (auto& listener : mListenerList) {
2739 // TODO: Refactor status listeners to use strings for Camera IDs and remove this.
2740 int id = cameraIdToInt(cameraId);
2741 if (id != -1) listener->onStatusChanged(status, id);
2742 }
2743 });
2744 }
2745
updateProxyDeviceState(ICameraServiceProxy::CameraState newState,const String8 & cameraId)2746 void CameraService::updateProxyDeviceState(ICameraServiceProxy::CameraState newState,
2747 const String8& cameraId) {
2748 sp<ICameraServiceProxy> proxyBinder = getCameraServiceProxy();
2749 if (proxyBinder == nullptr) return;
2750 String16 id(cameraId);
2751 proxyBinder->notifyCameraState(id, newState);
2752 }
2753
getTorchStatusLocked(const String8 & cameraId,int32_t * status) const2754 status_t CameraService::getTorchStatusLocked(
2755 const String8& cameraId,
2756 int32_t *status) const {
2757 if (!status) {
2758 return BAD_VALUE;
2759 }
2760 ssize_t index = mTorchStatusMap.indexOfKey(cameraId);
2761 if (index == NAME_NOT_FOUND) {
2762 // invalid camera ID or the camera doesn't have a flash unit
2763 return NAME_NOT_FOUND;
2764 }
2765
2766 *status = mTorchStatusMap.valueAt(index);
2767 return OK;
2768 }
2769
setTorchStatusLocked(const String8 & cameraId,int32_t status)2770 status_t CameraService::setTorchStatusLocked(const String8& cameraId,
2771 int32_t status) {
2772 ssize_t index = mTorchStatusMap.indexOfKey(cameraId);
2773 if (index == NAME_NOT_FOUND) {
2774 return BAD_VALUE;
2775 }
2776 int32_t& item =
2777 mTorchStatusMap.editValueAt(index);
2778 item = status;
2779
2780 return OK;
2781 }
2782
2783 }; // namespace android
2784