1 /*
2 * Copyright (C) 2008 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #define LOG_TAG "CameraService"
18 #define ATRACE_TAG ATRACE_TAG_CAMERA
19 //#define LOG_NDEBUG 0
20
21 #include <algorithm>
22 #include <climits>
23 #include <stdio.h>
24 #include <cstring>
25 #include <ctime>
26 #include <string>
27 #include <sys/types.h>
28 #include <inttypes.h>
29 #include <pthread.h>
30
31 #include <android/hardware/ICamera.h>
32 #include <android/hardware/ICameraClient.h>
33
34 #include <android-base/macros.h>
35 #include <android-base/parseint.h>
36 #include <binder/AppOpsManager.h>
37 #include <binder/IPCThreadState.h>
38 #include <binder/IServiceManager.h>
39 #include <binder/MemoryBase.h>
40 #include <binder/MemoryHeapBase.h>
41 #include <binder/ProcessInfoService.h>
42 #include <cutils/atomic.h>
43 #include <cutils/properties.h>
44 #include <gui/Surface.h>
45 #include <hardware/hardware.h>
46 #include <memunreachable/memunreachable.h>
47 #include <media/AudioSystem.h>
48 #include <media/IMediaHTTPService.h>
49 #include <media/mediaplayer.h>
50 #include <mediautils/BatteryNotifier.h>
51 #include <utils/Errors.h>
52 #include <utils/Log.h>
53 #include <utils/String16.h>
54 #include <utils/Trace.h>
55 #include <private/android_filesystem_config.h>
56 #include <system/camera_vendor_tags.h>
57 #include <system/camera_metadata.h>
58
59 #include <system/camera.h>
60
61 #include "CameraService.h"
62 #include "api1/CameraClient.h"
63 #include "api1/Camera2Client.h"
64 #include "api2/CameraDeviceClient.h"
65 #include "utils/CameraTraces.h"
66
67 namespace {
68 const char* kPermissionServiceName = "permission";
69 }; // namespace anonymous
70
71 namespace android {
72
73 using binder::Status;
74 using hardware::ICamera;
75 using hardware::ICameraClient;
76 using hardware::ICameraServiceListener;
77 using hardware::camera::common::V1_0::CameraDeviceStatus;
78 using hardware::camera::common::V1_0::TorchModeStatus;
79
80 // ----------------------------------------------------------------------------
81 // Logging support -- this is for debugging only
82 // Use "adb shell dumpsys media.camera -v 1" to change it.
83 volatile int32_t gLogLevel = 0;
84
85 #define LOG1(...) ALOGD_IF(gLogLevel >= 1, __VA_ARGS__);
86 #define LOG2(...) ALOGD_IF(gLogLevel >= 2, __VA_ARGS__);
87
setLogLevel(int level)88 static void setLogLevel(int level) {
89 android_atomic_write(level, &gLogLevel);
90 }
91
92 // Convenience methods for constructing binder::Status objects for error returns
93
94 #define STATUS_ERROR(errorCode, errorString) \
95 binder::Status::fromServiceSpecificError(errorCode, \
96 String8::format("%s:%d: %s", __FUNCTION__, __LINE__, errorString))
97
98 #define STATUS_ERROR_FMT(errorCode, errorString, ...) \
99 binder::Status::fromServiceSpecificError(errorCode, \
100 String8::format("%s:%d: " errorString, __FUNCTION__, __LINE__, \
101 __VA_ARGS__))
102
103 // ----------------------------------------------------------------------------
104
105 extern "C" {
camera_device_status_change(const struct camera_module_callbacks * callbacks,int camera_id,int new_status)106 static void camera_device_status_change(
107 const struct camera_module_callbacks* callbacks,
108 int camera_id,
109 int new_status) {
110 sp<CameraService> cs = const_cast<CameraService*>(
111 static_cast<const CameraService*>(callbacks));
112 String8 id = String8::format("%d", camera_id);
113
114 CameraDeviceStatus newStatus{CameraDeviceStatus::NOT_PRESENT};
115 switch (new_status) {
116 case CAMERA_DEVICE_STATUS_NOT_PRESENT:
117 newStatus = CameraDeviceStatus::NOT_PRESENT;
118 break;
119 case CAMERA_DEVICE_STATUS_PRESENT:
120 newStatus = CameraDeviceStatus::PRESENT;
121 break;
122 case CAMERA_DEVICE_STATUS_ENUMERATING:
123 newStatus = CameraDeviceStatus::ENUMERATING;
124 break;
125 default:
126 ALOGW("Unknown device status change to %d", new_status);
127 break;
128 }
129 cs->onDeviceStatusChanged(id, newStatus);
130 }
131
torch_mode_status_change(const struct camera_module_callbacks * callbacks,const char * camera_id,int new_status)132 static void torch_mode_status_change(
133 const struct camera_module_callbacks* callbacks,
134 const char* camera_id,
135 int new_status) {
136 if (!callbacks || !camera_id) {
137 ALOGE("%s invalid parameters. callbacks %p, camera_id %p", __FUNCTION__,
138 callbacks, camera_id);
139 }
140 sp<CameraService> cs = const_cast<CameraService*>(
141 static_cast<const CameraService*>(callbacks));
142
143 TorchModeStatus status;
144 switch (new_status) {
145 case TORCH_MODE_STATUS_NOT_AVAILABLE:
146 status = TorchModeStatus::NOT_AVAILABLE;
147 break;
148 case TORCH_MODE_STATUS_AVAILABLE_OFF:
149 status = TorchModeStatus::AVAILABLE_OFF;
150 break;
151 case TORCH_MODE_STATUS_AVAILABLE_ON:
152 status = TorchModeStatus::AVAILABLE_ON;
153 break;
154 default:
155 ALOGE("Unknown torch status %d", new_status);
156 return;
157 }
158
159 cs->onTorchStatusChanged(
160 String8(camera_id),
161 status);
162 }
163 } // extern "C"
164
165 // ----------------------------------------------------------------------------
166
CameraService()167 CameraService::CameraService() :
168 mEventLog(DEFAULT_EVENT_LOG_LENGTH),
169 mNumberOfCameras(0), mNumberOfNormalCameras(0),
170 mSoundRef(0), mInitialized(false) {
171 ALOGI("CameraService started (pid=%d)", getpid());
172
173 this->camera_device_status_change = android::camera_device_status_change;
174 this->torch_mode_status_change = android::torch_mode_status_change;
175
176 mServiceLockWrapper = std::make_shared<WaitableMutexWrapper>(&mServiceLock);
177 }
178
onFirstRef()179 void CameraService::onFirstRef()
180 {
181 ALOGI("CameraService process starting");
182
183 BnCameraService::onFirstRef();
184
185 // Update battery life tracking if service is restarting
186 BatteryNotifier& notifier(BatteryNotifier::getInstance());
187 notifier.noteResetCamera();
188 notifier.noteResetFlashlight();
189
190 status_t res = INVALID_OPERATION;
191
192 res = enumerateProviders();
193 if (res == OK) {
194 mInitialized = true;
195 }
196
197 CameraService::pingCameraServiceProxy();
198 }
199
enumerateProviders()200 status_t CameraService::enumerateProviders() {
201 status_t res;
202 Mutex::Autolock l(mServiceLock);
203
204 if (nullptr == mCameraProviderManager.get()) {
205 mCameraProviderManager = new CameraProviderManager();
206 res = mCameraProviderManager->initialize(this);
207 if (res != OK) {
208 ALOGE("%s: Unable to initialize camera provider manager: %s (%d)",
209 __FUNCTION__, strerror(-res), res);
210 return res;
211 }
212 }
213
214 mNumberOfCameras = mCameraProviderManager->getCameraCount();
215 mNumberOfNormalCameras =
216 mCameraProviderManager->getAPI1CompatibleCameraCount();
217
218 // Setup vendor tags before we call get_camera_info the first time
219 // because HAL might need to setup static vendor keys in get_camera_info
220 // TODO: maybe put this into CameraProviderManager::initialize()?
221 mCameraProviderManager->setUpVendorTags();
222
223 if (nullptr == mFlashlight.get()) {
224 mFlashlight = new CameraFlashlight(mCameraProviderManager, this);
225 }
226
227 res = mFlashlight->findFlashUnits();
228 if (res != OK) {
229 ALOGE("Failed to enumerate flash units: %s (%d)", strerror(-res), res);
230 }
231
232 for (auto& cameraId : mCameraProviderManager->getCameraDeviceIds()) {
233 String8 id8 = String8(cameraId.c_str());
234 {
235 Mutex::Autolock lock(mCameraStatesLock);
236 auto iter = mCameraStates.find(id8);
237 if (iter != mCameraStates.end()) {
238 continue;
239 }
240 }
241
242 hardware::camera::common::V1_0::CameraResourceCost cost;
243 res = mCameraProviderManager->getResourceCost(cameraId, &cost);
244 if (res != OK) {
245 ALOGE("Failed to query device resource cost: %s (%d)", strerror(-res), res);
246 continue;
247 }
248 std::set<String8> conflicting;
249 for (size_t i = 0; i < cost.conflictingDevices.size(); i++) {
250 conflicting.emplace(String8(cost.conflictingDevices[i].c_str()));
251 }
252
253 {
254 Mutex::Autolock lock(mCameraStatesLock);
255 mCameraStates.emplace(id8,
256 std::make_shared<CameraState>(id8, cost.resourceCost, conflicting));
257 }
258
259 onDeviceStatusChanged(id8, CameraDeviceStatus::PRESENT);
260
261 if (mFlashlight->hasFlashUnit(id8)) {
262 mTorchStatusMap.add(id8, TorchModeStatus::AVAILABLE_OFF);
263 }
264 }
265
266 return OK;
267 }
268
getCameraServiceProxy()269 sp<ICameraServiceProxy> CameraService::getCameraServiceProxy() {
270 sp<ICameraServiceProxy> proxyBinder = nullptr;
271 #ifndef __BRILLO__
272 sp<IServiceManager> sm = defaultServiceManager();
273 // Use checkService because cameraserver normally starts before the
274 // system server and the proxy service. So the long timeout that getService
275 // has before giving up is inappropriate.
276 sp<IBinder> binder = sm->checkService(String16("media.camera.proxy"));
277 if (binder != nullptr) {
278 proxyBinder = interface_cast<ICameraServiceProxy>(binder);
279 }
280 #endif
281 return proxyBinder;
282 }
283
pingCameraServiceProxy()284 void CameraService::pingCameraServiceProxy() {
285 sp<ICameraServiceProxy> proxyBinder = getCameraServiceProxy();
286 if (proxyBinder == nullptr) return;
287 proxyBinder->pingForUserUpdate();
288 }
289
~CameraService()290 CameraService::~CameraService() {
291 VendorTagDescriptor::clearGlobalVendorTagDescriptor();
292 }
293
onNewProviderRegistered()294 void CameraService::onNewProviderRegistered() {
295 enumerateProviders();
296 }
297
onDeviceStatusChanged(const String8 & id,CameraDeviceStatus newHalStatus)298 void CameraService::onDeviceStatusChanged(const String8& id,
299 CameraDeviceStatus newHalStatus) {
300 ALOGI("%s: Status changed for cameraId=%s, newStatus=%d", __FUNCTION__,
301 id.string(), newHalStatus);
302
303 StatusInternal newStatus = mapToInternal(newHalStatus);
304
305 std::shared_ptr<CameraState> state = getCameraState(id);
306
307 if (state == nullptr) {
308 if (newStatus == StatusInternal::PRESENT) {
309 ALOGW("%s: Unknown camera ID %s, probably newly registered?",
310 __FUNCTION__, id.string());
311 } else {
312 ALOGE("%s: Bad camera ID %s", __FUNCTION__, id.string());
313 }
314 return;
315 }
316
317 StatusInternal oldStatus = state->getStatus();
318
319 if (oldStatus == newStatus) {
320 ALOGE("%s: State transition to the same status %#x not allowed", __FUNCTION__, newStatus);
321 return;
322 }
323
324 if (newStatus == StatusInternal::NOT_PRESENT) {
325 logDeviceRemoved(id, String8::format("Device status changed from %d to %d", oldStatus,
326 newStatus));
327 sp<BasicClient> clientToDisconnect;
328 {
329 // Don't do this in updateStatus to avoid deadlock over mServiceLock
330 Mutex::Autolock lock(mServiceLock);
331
332 // Set the device status to NOT_PRESENT, clients will no longer be able to connect
333 // to this device until the status changes
334 updateStatus(StatusInternal::NOT_PRESENT, id);
335
336 // Remove cached shim parameters
337 state->setShimParams(CameraParameters());
338
339 // Remove the client from the list of active clients, if there is one
340 clientToDisconnect = removeClientLocked(id);
341 }
342
343 // Disconnect client
344 if (clientToDisconnect.get() != nullptr) {
345 ALOGI("%s: Client for camera ID %s evicted due to device status change from HAL",
346 __FUNCTION__, id.string());
347 // Notify the client of disconnection
348 clientToDisconnect->notifyError(
349 hardware::camera2::ICameraDeviceCallbacks::ERROR_CAMERA_DISCONNECTED,
350 CaptureResultExtras{});
351 // Ensure not in binder RPC so client disconnect PID checks work correctly
352 LOG_ALWAYS_FATAL_IF(getCallingPid() != getpid(),
353 "onDeviceStatusChanged must be called from the camera service process!");
354 clientToDisconnect->disconnect();
355 }
356
357 } else {
358 if (oldStatus == StatusInternal::NOT_PRESENT) {
359 logDeviceAdded(id, String8::format("Device status changed from %d to %d", oldStatus,
360 newStatus));
361 }
362 updateStatus(newStatus, id);
363 }
364
365 }
366
onTorchStatusChanged(const String8 & cameraId,TorchModeStatus newStatus)367 void CameraService::onTorchStatusChanged(const String8& cameraId,
368 TorchModeStatus newStatus) {
369 Mutex::Autolock al(mTorchStatusMutex);
370 onTorchStatusChangedLocked(cameraId, newStatus);
371 }
372
onTorchStatusChangedLocked(const String8 & cameraId,TorchModeStatus newStatus)373 void CameraService::onTorchStatusChangedLocked(const String8& cameraId,
374 TorchModeStatus newStatus) {
375 ALOGI("%s: Torch status changed for cameraId=%s, newStatus=%d",
376 __FUNCTION__, cameraId.string(), newStatus);
377
378 TorchModeStatus status;
379 status_t res = getTorchStatusLocked(cameraId, &status);
380 if (res) {
381 ALOGE("%s: cannot get torch status of camera %s: %s (%d)",
382 __FUNCTION__, cameraId.string(), strerror(-res), res);
383 return;
384 }
385 if (status == newStatus) {
386 return;
387 }
388
389 res = setTorchStatusLocked(cameraId, newStatus);
390 if (res) {
391 ALOGE("%s: Failed to set the torch status to %d: %s (%d)", __FUNCTION__,
392 (uint32_t)newStatus, strerror(-res), res);
393 return;
394 }
395
396 {
397 // Update battery life logging for flashlight
398 Mutex::Autolock al(mTorchUidMapMutex);
399 auto iter = mTorchUidMap.find(cameraId);
400 if (iter != mTorchUidMap.end()) {
401 int oldUid = iter->second.second;
402 int newUid = iter->second.first;
403 BatteryNotifier& notifier(BatteryNotifier::getInstance());
404 if (oldUid != newUid) {
405 // If the UID has changed, log the status and update current UID in mTorchUidMap
406 if (status == TorchModeStatus::AVAILABLE_ON) {
407 notifier.noteFlashlightOff(cameraId, oldUid);
408 }
409 if (newStatus == TorchModeStatus::AVAILABLE_ON) {
410 notifier.noteFlashlightOn(cameraId, newUid);
411 }
412 iter->second.second = newUid;
413 } else {
414 // If the UID has not changed, log the status
415 if (newStatus == TorchModeStatus::AVAILABLE_ON) {
416 notifier.noteFlashlightOn(cameraId, oldUid);
417 } else {
418 notifier.noteFlashlightOff(cameraId, oldUid);
419 }
420 }
421 }
422 }
423
424 {
425 Mutex::Autolock lock(mStatusListenerLock);
426 for (auto& i : mListenerList) {
427 i->onTorchStatusChanged(mapToInterface(newStatus), String16{cameraId});
428 }
429 }
430 }
431
getNumberOfCameras(int32_t type,int32_t * numCameras)432 Status CameraService::getNumberOfCameras(int32_t type, int32_t* numCameras) {
433 ATRACE_CALL();
434 Mutex::Autolock l(mServiceLock);
435 switch (type) {
436 case CAMERA_TYPE_BACKWARD_COMPATIBLE:
437 *numCameras = mNumberOfNormalCameras;
438 break;
439 case CAMERA_TYPE_ALL:
440 *numCameras = mNumberOfCameras;
441 break;
442 default:
443 ALOGW("%s: Unknown camera type %d",
444 __FUNCTION__, type);
445 return STATUS_ERROR_FMT(ERROR_ILLEGAL_ARGUMENT,
446 "Unknown camera type %d", type);
447 }
448 return Status::ok();
449 }
450
getCameraInfo(int cameraId,CameraInfo * cameraInfo)451 Status CameraService::getCameraInfo(int cameraId,
452 CameraInfo* cameraInfo) {
453 ATRACE_CALL();
454 Mutex::Autolock l(mServiceLock);
455
456 if (!mInitialized) {
457 return STATUS_ERROR(ERROR_DISCONNECTED,
458 "Camera subsystem is not available");
459 }
460
461 if (cameraId < 0 || cameraId >= mNumberOfCameras) {
462 return STATUS_ERROR(ERROR_ILLEGAL_ARGUMENT,
463 "CameraId is not valid");
464 }
465
466 Status ret = Status::ok();
467 status_t err = mCameraProviderManager->getCameraInfo(std::to_string(cameraId), cameraInfo);
468 if (err != OK) {
469 ret = STATUS_ERROR_FMT(ERROR_INVALID_OPERATION,
470 "Error retrieving camera info from device %d: %s (%d)", cameraId,
471 strerror(-err), err);
472 }
473
474 return ret;
475 }
476
cameraIdToInt(const String8 & cameraId)477 int CameraService::cameraIdToInt(const String8& cameraId) {
478 int id;
479 bool success = base::ParseInt(cameraId.string(), &id, 0);
480 if (!success) {
481 return -1;
482 }
483 return id;
484 }
485
getCameraCharacteristics(const String16 & cameraId,CameraMetadata * cameraInfo)486 Status CameraService::getCameraCharacteristics(const String16& cameraId,
487 CameraMetadata* cameraInfo) {
488 ATRACE_CALL();
489 if (!cameraInfo) {
490 ALOGE("%s: cameraInfo is NULL", __FUNCTION__);
491 return STATUS_ERROR(ERROR_ILLEGAL_ARGUMENT, "cameraInfo is NULL");
492 }
493
494 if (!mInitialized) {
495 ALOGE("%s: Camera HAL couldn't be initialized", __FUNCTION__);
496 return STATUS_ERROR(ERROR_DISCONNECTED,
497 "Camera subsystem is not available");;
498 }
499
500 Status ret{};
501
502 status_t res = mCameraProviderManager->getCameraCharacteristics(
503 String8(cameraId).string(), cameraInfo);
504 if (res != OK) {
505 return STATUS_ERROR_FMT(ERROR_INVALID_OPERATION, "Unable to retrieve camera "
506 "characteristics for device %s: %s (%d)", String8(cameraId).string(),
507 strerror(-res), res);
508 }
509
510 return ret;
511 }
512
getCallingPid()513 int CameraService::getCallingPid() {
514 return IPCThreadState::self()->getCallingPid();
515 }
516
getCallingUid()517 int CameraService::getCallingUid() {
518 return IPCThreadState::self()->getCallingUid();
519 }
520
getFormattedCurrentTime()521 String8 CameraService::getFormattedCurrentTime() {
522 time_t now = time(nullptr);
523 char formattedTime[64];
524 strftime(formattedTime, sizeof(formattedTime), "%m-%d %H:%M:%S", localtime(&now));
525 return String8(formattedTime);
526 }
527
getCameraVendorTagDescriptor(hardware::camera2::params::VendorTagDescriptor * desc)528 Status CameraService::getCameraVendorTagDescriptor(
529 /*out*/
530 hardware::camera2::params::VendorTagDescriptor* desc) {
531 ATRACE_CALL();
532 if (!mInitialized) {
533 ALOGE("%s: Camera HAL couldn't be initialized", __FUNCTION__);
534 return STATUS_ERROR(ERROR_DISCONNECTED, "Camera subsystem not available");
535 }
536 sp<VendorTagDescriptor> globalDescriptor = VendorTagDescriptor::getGlobalVendorTagDescriptor();
537 if (globalDescriptor != nullptr) {
538 *desc = *(globalDescriptor.get());
539 }
540 return Status::ok();
541 }
542
getCameraVendorTagCache(hardware::camera2::params::VendorTagDescriptorCache * cache)543 Status CameraService::getCameraVendorTagCache(
544 /*out*/ hardware::camera2::params::VendorTagDescriptorCache* cache) {
545 ATRACE_CALL();
546 if (!mInitialized) {
547 ALOGE("%s: Camera HAL couldn't be initialized", __FUNCTION__);
548 return STATUS_ERROR(ERROR_DISCONNECTED,
549 "Camera subsystem not available");
550 }
551 sp<VendorTagDescriptorCache> globalCache =
552 VendorTagDescriptorCache::getGlobalVendorTagCache();
553 if (globalCache != nullptr) {
554 *cache = *(globalCache.get());
555 }
556 return Status::ok();
557 }
558
getDeviceVersion(const String8 & cameraId,int * facing)559 int CameraService::getDeviceVersion(const String8& cameraId, int* facing) {
560 ATRACE_CALL();
561
562 int deviceVersion = 0;
563
564 status_t res;
565 hardware::hidl_version maxVersion{0,0};
566 res = mCameraProviderManager->getHighestSupportedVersion(cameraId.string(),
567 &maxVersion);
568 if (res != OK) return -1;
569 deviceVersion = HARDWARE_DEVICE_API_VERSION(maxVersion.get_major(), maxVersion.get_minor());
570
571 hardware::CameraInfo info;
572 if (facing) {
573 res = mCameraProviderManager->getCameraInfo(cameraId.string(), &info);
574 if (res != OK) return -1;
575 *facing = info.facing;
576 }
577
578 return deviceVersion;
579 }
580
filterGetInfoErrorCode(status_t err)581 Status CameraService::filterGetInfoErrorCode(status_t err) {
582 switch(err) {
583 case NO_ERROR:
584 return Status::ok();
585 case BAD_VALUE:
586 return STATUS_ERROR(ERROR_ILLEGAL_ARGUMENT,
587 "CameraId is not valid for HAL module");
588 case NO_INIT:
589 return STATUS_ERROR(ERROR_DISCONNECTED,
590 "Camera device not available");
591 default:
592 return STATUS_ERROR_FMT(ERROR_INVALID_OPERATION,
593 "Camera HAL encountered error %d: %s",
594 err, strerror(-err));
595 }
596 }
597
makeClient(const sp<CameraService> & cameraService,const sp<IInterface> & cameraCb,const String16 & packageName,const String8 & cameraId,int facing,int clientPid,uid_t clientUid,int servicePid,bool legacyMode,int halVersion,int deviceVersion,apiLevel effectiveApiLevel,sp<BasicClient> * client)598 Status CameraService::makeClient(const sp<CameraService>& cameraService,
599 const sp<IInterface>& cameraCb, const String16& packageName, const String8& cameraId,
600 int facing, int clientPid, uid_t clientUid, int servicePid, bool legacyMode,
601 int halVersion, int deviceVersion, apiLevel effectiveApiLevel,
602 /*out*/sp<BasicClient>* client) {
603
604 if (halVersion < 0 || halVersion == deviceVersion) {
605 // Default path: HAL version is unspecified by caller, create CameraClient
606 // based on device version reported by the HAL.
607 switch(deviceVersion) {
608 case CAMERA_DEVICE_API_VERSION_1_0:
609 if (effectiveApiLevel == API_1) { // Camera1 API route
610 sp<ICameraClient> tmp = static_cast<ICameraClient*>(cameraCb.get());
611 *client = new CameraClient(cameraService, tmp, packageName, cameraIdToInt(cameraId),
612 facing, clientPid, clientUid, getpid(), legacyMode);
613 } else { // Camera2 API route
614 ALOGW("Camera using old HAL version: %d", deviceVersion);
615 return STATUS_ERROR_FMT(ERROR_DEPRECATED_HAL,
616 "Camera device \"%s\" HAL version %d does not support camera2 API",
617 cameraId.string(), deviceVersion);
618 }
619 break;
620 case CAMERA_DEVICE_API_VERSION_3_0:
621 case CAMERA_DEVICE_API_VERSION_3_1:
622 case CAMERA_DEVICE_API_VERSION_3_2:
623 case CAMERA_DEVICE_API_VERSION_3_3:
624 case CAMERA_DEVICE_API_VERSION_3_4:
625 if (effectiveApiLevel == API_1) { // Camera1 API route
626 sp<ICameraClient> tmp = static_cast<ICameraClient*>(cameraCb.get());
627 *client = new Camera2Client(cameraService, tmp, packageName, cameraIdToInt(cameraId),
628 facing, clientPid, clientUid, servicePid, legacyMode);
629 } else { // Camera2 API route
630 sp<hardware::camera2::ICameraDeviceCallbacks> tmp =
631 static_cast<hardware::camera2::ICameraDeviceCallbacks*>(cameraCb.get());
632 *client = new CameraDeviceClient(cameraService, tmp, packageName, cameraId,
633 facing, clientPid, clientUid, servicePid);
634 }
635 break;
636 default:
637 // Should not be reachable
638 ALOGE("Unknown camera device HAL version: %d", deviceVersion);
639 return STATUS_ERROR_FMT(ERROR_INVALID_OPERATION,
640 "Camera device \"%s\" has unknown HAL version %d",
641 cameraId.string(), deviceVersion);
642 }
643 } else {
644 // A particular HAL version is requested by caller. Create CameraClient
645 // based on the requested HAL version.
646 if (deviceVersion > CAMERA_DEVICE_API_VERSION_1_0 &&
647 halVersion == CAMERA_DEVICE_API_VERSION_1_0) {
648 // Only support higher HAL version device opened as HAL1.0 device.
649 sp<ICameraClient> tmp = static_cast<ICameraClient*>(cameraCb.get());
650 *client = new CameraClient(cameraService, tmp, packageName, cameraIdToInt(cameraId),
651 facing, clientPid, clientUid, servicePid, legacyMode);
652 } else {
653 // Other combinations (e.g. HAL3.x open as HAL2.x) are not supported yet.
654 ALOGE("Invalid camera HAL version %x: HAL %x device can only be"
655 " opened as HAL %x device", halVersion, deviceVersion,
656 CAMERA_DEVICE_API_VERSION_1_0);
657 return STATUS_ERROR_FMT(ERROR_ILLEGAL_ARGUMENT,
658 "Camera device \"%s\" (HAL version %d) cannot be opened as HAL version %d",
659 cameraId.string(), deviceVersion, halVersion);
660 }
661 }
662 return Status::ok();
663 }
664
toString(std::set<userid_t> intSet)665 String8 CameraService::toString(std::set<userid_t> intSet) {
666 String8 s("");
667 bool first = true;
668 for (userid_t i : intSet) {
669 if (first) {
670 s.appendFormat("%d", i);
671 first = false;
672 } else {
673 s.appendFormat(", %d", i);
674 }
675 }
676 return s;
677 }
678
mapToInterface(TorchModeStatus status)679 int32_t CameraService::mapToInterface(TorchModeStatus status) {
680 int32_t serviceStatus = ICameraServiceListener::TORCH_STATUS_NOT_AVAILABLE;
681 switch (status) {
682 case TorchModeStatus::NOT_AVAILABLE:
683 serviceStatus = ICameraServiceListener::TORCH_STATUS_NOT_AVAILABLE;
684 break;
685 case TorchModeStatus::AVAILABLE_OFF:
686 serviceStatus = ICameraServiceListener::TORCH_STATUS_AVAILABLE_OFF;
687 break;
688 case TorchModeStatus::AVAILABLE_ON:
689 serviceStatus = ICameraServiceListener::TORCH_STATUS_AVAILABLE_ON;
690 break;
691 default:
692 ALOGW("Unknown new flash status: %d", status);
693 }
694 return serviceStatus;
695 }
696
mapToInternal(CameraDeviceStatus status)697 CameraService::StatusInternal CameraService::mapToInternal(CameraDeviceStatus status) {
698 StatusInternal serviceStatus = StatusInternal::NOT_PRESENT;
699 switch (status) {
700 case CameraDeviceStatus::NOT_PRESENT:
701 serviceStatus = StatusInternal::NOT_PRESENT;
702 break;
703 case CameraDeviceStatus::PRESENT:
704 serviceStatus = StatusInternal::PRESENT;
705 break;
706 case CameraDeviceStatus::ENUMERATING:
707 serviceStatus = StatusInternal::ENUMERATING;
708 break;
709 default:
710 ALOGW("Unknown new HAL device status: %d", status);
711 }
712 return serviceStatus;
713 }
714
mapToInterface(StatusInternal status)715 int32_t CameraService::mapToInterface(StatusInternal status) {
716 int32_t serviceStatus = ICameraServiceListener::STATUS_NOT_PRESENT;
717 switch (status) {
718 case StatusInternal::NOT_PRESENT:
719 serviceStatus = ICameraServiceListener::STATUS_NOT_PRESENT;
720 break;
721 case StatusInternal::PRESENT:
722 serviceStatus = ICameraServiceListener::STATUS_PRESENT;
723 break;
724 case StatusInternal::ENUMERATING:
725 serviceStatus = ICameraServiceListener::STATUS_ENUMERATING;
726 break;
727 case StatusInternal::NOT_AVAILABLE:
728 serviceStatus = ICameraServiceListener::STATUS_NOT_AVAILABLE;
729 break;
730 case StatusInternal::UNKNOWN:
731 serviceStatus = ICameraServiceListener::STATUS_UNKNOWN;
732 break;
733 default:
734 ALOGW("Unknown new internal device status: %d", status);
735 }
736 return serviceStatus;
737 }
738
initializeShimMetadata(int cameraId)739 Status CameraService::initializeShimMetadata(int cameraId) {
740 int uid = getCallingUid();
741
742 String16 internalPackageName("cameraserver");
743 String8 id = String8::format("%d", cameraId);
744 Status ret = Status::ok();
745 sp<Client> tmp = nullptr;
746 if (!(ret = connectHelper<ICameraClient,Client>(
747 sp<ICameraClient>{nullptr}, id, static_cast<int>(CAMERA_HAL_API_VERSION_UNSPECIFIED),
748 internalPackageName, uid, USE_CALLING_PID,
749 API_1, /*legacyMode*/ false, /*shimUpdateOnly*/ true,
750 /*out*/ tmp)
751 ).isOk()) {
752 ALOGE("%s: Error initializing shim metadata: %s", __FUNCTION__, ret.toString8().string());
753 }
754 return ret;
755 }
756
getLegacyParametersLazy(int cameraId,CameraParameters * parameters)757 Status CameraService::getLegacyParametersLazy(int cameraId,
758 /*out*/
759 CameraParameters* parameters) {
760
761 ALOGV("%s: for cameraId: %d", __FUNCTION__, cameraId);
762
763 Status ret = Status::ok();
764
765 if (parameters == NULL) {
766 ALOGE("%s: parameters must not be null", __FUNCTION__);
767 return STATUS_ERROR(ERROR_ILLEGAL_ARGUMENT, "Parameters must not be null");
768 }
769
770 String8 id = String8::format("%d", cameraId);
771
772 // Check if we already have parameters
773 {
774 // Scope for service lock
775 Mutex::Autolock lock(mServiceLock);
776 auto cameraState = getCameraState(id);
777 if (cameraState == nullptr) {
778 ALOGE("%s: Invalid camera ID: %s", __FUNCTION__, id.string());
779 return STATUS_ERROR_FMT(ERROR_ILLEGAL_ARGUMENT,
780 "Invalid camera ID: %s", id.string());
781 }
782 CameraParameters p = cameraState->getShimParams();
783 if (!p.isEmpty()) {
784 *parameters = p;
785 return ret;
786 }
787 }
788
789 int64_t token = IPCThreadState::self()->clearCallingIdentity();
790 ret = initializeShimMetadata(cameraId);
791 IPCThreadState::self()->restoreCallingIdentity(token);
792 if (!ret.isOk()) {
793 // Error already logged by callee
794 return ret;
795 }
796
797 // Check for parameters again
798 {
799 // Scope for service lock
800 Mutex::Autolock lock(mServiceLock);
801 auto cameraState = getCameraState(id);
802 if (cameraState == nullptr) {
803 ALOGE("%s: Invalid camera ID: %s", __FUNCTION__, id.string());
804 return STATUS_ERROR_FMT(ERROR_ILLEGAL_ARGUMENT,
805 "Invalid camera ID: %s", id.string());
806 }
807 CameraParameters p = cameraState->getShimParams();
808 if (!p.isEmpty()) {
809 *parameters = p;
810 return ret;
811 }
812 }
813
814 ALOGE("%s: Parameters were not initialized, or were empty. Device may not be present.",
815 __FUNCTION__);
816 return STATUS_ERROR(ERROR_INVALID_OPERATION, "Unable to initialize legacy parameters");
817 }
818
819 // Can camera service trust the caller based on the calling UID?
isTrustedCallingUid(uid_t uid)820 static bool isTrustedCallingUid(uid_t uid) {
821 switch (uid) {
822 case AID_MEDIA: // mediaserver
823 case AID_CAMERASERVER: // cameraserver
824 case AID_RADIO: // telephony
825 return true;
826 default:
827 return false;
828 }
829 }
830
validateConnectLocked(const String8 & cameraId,const String8 & clientName8,int & clientUid,int & clientPid,int & originalClientPid) const831 Status CameraService::validateConnectLocked(const String8& cameraId,
832 const String8& clientName8, /*inout*/int& clientUid, /*inout*/int& clientPid,
833 /*out*/int& originalClientPid) const {
834
835 #ifdef __BRILLO__
836 UNUSED(clientName8);
837 UNUSED(clientUid);
838 UNUSED(clientPid);
839 UNUSED(originalClientPid);
840 #else
841 Status allowed = validateClientPermissionsLocked(cameraId, clientName8, clientUid, clientPid,
842 originalClientPid);
843 if (!allowed.isOk()) {
844 return allowed;
845 }
846 #endif // __BRILLO__
847
848 int callingPid = getCallingPid();
849
850 if (!mInitialized) {
851 ALOGE("CameraService::connect X (PID %d) rejected (camera HAL module not loaded)",
852 callingPid);
853 return STATUS_ERROR_FMT(ERROR_DISCONNECTED,
854 "No camera HAL module available to open camera device \"%s\"", cameraId.string());
855 }
856
857 if (getCameraState(cameraId) == nullptr) {
858 ALOGE("CameraService::connect X (PID %d) rejected (invalid camera ID %s)", callingPid,
859 cameraId.string());
860 return STATUS_ERROR_FMT(ERROR_DISCONNECTED,
861 "No camera device with ID \"%s\" available", cameraId.string());
862 }
863
864 status_t err = checkIfDeviceIsUsable(cameraId);
865 if (err != NO_ERROR) {
866 switch(err) {
867 case -ENODEV:
868 case -EBUSY:
869 return STATUS_ERROR_FMT(ERROR_DISCONNECTED,
870 "No camera device with ID \"%s\" currently available", cameraId.string());
871 default:
872 return STATUS_ERROR_FMT(ERROR_INVALID_OPERATION,
873 "Unknown error connecting to ID \"%s\"", cameraId.string());
874 }
875 }
876 return Status::ok();
877 }
878
validateClientPermissionsLocked(const String8 & cameraId,const String8 & clientName8,int & clientUid,int & clientPid,int & originalClientPid) const879 Status CameraService::validateClientPermissionsLocked(const String8& cameraId,
880 const String8& clientName8, int& clientUid, int& clientPid,
881 /*out*/int& originalClientPid) const {
882 int callingPid = getCallingPid();
883 int callingUid = getCallingUid();
884
885 // Check if we can trust clientUid
886 if (clientUid == USE_CALLING_UID) {
887 clientUid = callingUid;
888 } else if (!isTrustedCallingUid(callingUid)) {
889 ALOGE("CameraService::connect X (calling PID %d, calling UID %d) rejected "
890 "(don't trust clientUid %d)", callingPid, callingUid, clientUid);
891 return STATUS_ERROR_FMT(ERROR_PERMISSION_DENIED,
892 "Untrusted caller (calling PID %d, UID %d) trying to "
893 "forward camera access to camera %s for client %s (PID %d, UID %d)",
894 callingPid, callingUid, cameraId.string(),
895 clientName8.string(), clientUid, clientPid);
896 }
897
898 // Check if we can trust clientPid
899 if (clientPid == USE_CALLING_PID) {
900 clientPid = callingPid;
901 } else if (!isTrustedCallingUid(callingUid)) {
902 ALOGE("CameraService::connect X (calling PID %d, calling UID %d) rejected "
903 "(don't trust clientPid %d)", callingPid, callingUid, clientPid);
904 return STATUS_ERROR_FMT(ERROR_PERMISSION_DENIED,
905 "Untrusted caller (calling PID %d, UID %d) trying to "
906 "forward camera access to camera %s for client %s (PID %d, UID %d)",
907 callingPid, callingUid, cameraId.string(),
908 clientName8.string(), clientUid, clientPid);
909 }
910
911 // If it's not calling from cameraserver, check the permission.
912 if (callingPid != getpid() &&
913 !checkPermission(String16("android.permission.CAMERA"), clientPid, clientUid)) {
914 ALOGE("Permission Denial: can't use the camera pid=%d, uid=%d", clientPid, clientUid);
915 return STATUS_ERROR_FMT(ERROR_PERMISSION_DENIED,
916 "Caller \"%s\" (PID %d, UID %d) cannot open camera \"%s\" without camera permission",
917 clientName8.string(), clientUid, clientPid, cameraId.string());
918 }
919
920 // Only use passed in clientPid to check permission. Use calling PID as the client PID that's
921 // connected to camera service directly.
922 originalClientPid = clientPid;
923 clientPid = callingPid;
924
925 userid_t clientUserId = multiuser_get_user_id(clientUid);
926
927 // Only allow clients who are being used by the current foreground device user, unless calling
928 // from our own process.
929 if (callingPid != getpid() && (mAllowedUsers.find(clientUserId) == mAllowedUsers.end())) {
930 ALOGE("CameraService::connect X (PID %d) rejected (cannot connect from "
931 "device user %d, currently allowed device users: %s)", callingPid, clientUserId,
932 toString(mAllowedUsers).string());
933 return STATUS_ERROR_FMT(ERROR_PERMISSION_DENIED,
934 "Callers from device user %d are not currently allowed to connect to camera \"%s\"",
935 clientUserId, cameraId.string());
936 }
937
938 return Status::ok();
939 }
940
checkIfDeviceIsUsable(const String8 & cameraId) const941 status_t CameraService::checkIfDeviceIsUsable(const String8& cameraId) const {
942 auto cameraState = getCameraState(cameraId);
943 int callingPid = getCallingPid();
944 if (cameraState == nullptr) {
945 ALOGE("CameraService::connect X (PID %d) rejected (invalid camera ID %s)", callingPid,
946 cameraId.string());
947 return -ENODEV;
948 }
949
950 StatusInternal currentStatus = cameraState->getStatus();
951 if (currentStatus == StatusInternal::NOT_PRESENT) {
952 ALOGE("CameraService::connect X (PID %d) rejected (camera %s is not connected)",
953 callingPid, cameraId.string());
954 return -ENODEV;
955 } else if (currentStatus == StatusInternal::ENUMERATING) {
956 ALOGE("CameraService::connect X (PID %d) rejected, (camera %s is initializing)",
957 callingPid, cameraId.string());
958 return -EBUSY;
959 }
960
961 return NO_ERROR;
962 }
963
finishConnectLocked(const sp<BasicClient> & client,const CameraService::DescriptorPtr & desc)964 void CameraService::finishConnectLocked(const sp<BasicClient>& client,
965 const CameraService::DescriptorPtr& desc) {
966
967 // Make a descriptor for the incoming client
968 auto clientDescriptor = CameraService::CameraClientManager::makeClientDescriptor(client, desc);
969 auto evicted = mActiveClientManager.addAndEvict(clientDescriptor);
970
971 logConnected(desc->getKey(), static_cast<int>(desc->getOwnerId()),
972 String8(client->getPackageName()));
973
974 if (evicted.size() > 0) {
975 // This should never happen - clients should already have been removed in disconnect
976 for (auto& i : evicted) {
977 ALOGE("%s: Invalid state: Client for camera %s was not removed in disconnect",
978 __FUNCTION__, i->getKey().string());
979 }
980
981 LOG_ALWAYS_FATAL("%s: Invalid state for CameraService, clients not evicted properly",
982 __FUNCTION__);
983 }
984
985 // And register a death notification for the client callback. Do
986 // this last to avoid Binder policy where a nested Binder
987 // transaction might be pre-empted to service the client death
988 // notification if the client process dies before linkToDeath is
989 // invoked.
990 sp<IBinder> remoteCallback = client->getRemote();
991 if (remoteCallback != nullptr) {
992 remoteCallback->linkToDeath(this);
993 }
994 }
995
handleEvictionsLocked(const String8 & cameraId,int clientPid,apiLevel effectiveApiLevel,const sp<IBinder> & remoteCallback,const String8 & packageName,sp<BasicClient> * client,std::shared_ptr<resource_policy::ClientDescriptor<String8,sp<BasicClient>>> * partial)996 status_t CameraService::handleEvictionsLocked(const String8& cameraId, int clientPid,
997 apiLevel effectiveApiLevel, const sp<IBinder>& remoteCallback, const String8& packageName,
998 /*out*/
999 sp<BasicClient>* client,
1000 std::shared_ptr<resource_policy::ClientDescriptor<String8, sp<BasicClient>>>* partial) {
1001 ATRACE_CALL();
1002 status_t ret = NO_ERROR;
1003 std::vector<DescriptorPtr> evictedClients;
1004 DescriptorPtr clientDescriptor;
1005 {
1006 if (effectiveApiLevel == API_1) {
1007 // If we are using API1, any existing client for this camera ID with the same remote
1008 // should be returned rather than evicted to allow MediaRecorder to work properly.
1009
1010 auto current = mActiveClientManager.get(cameraId);
1011 if (current != nullptr) {
1012 auto clientSp = current->getValue();
1013 if (clientSp.get() != nullptr) { // should never be needed
1014 if (!clientSp->canCastToApiClient(effectiveApiLevel)) {
1015 ALOGW("CameraService connect called from same client, but with a different"
1016 " API level, evicting prior client...");
1017 } else if (clientSp->getRemote() == remoteCallback) {
1018 ALOGI("CameraService::connect X (PID %d) (second call from same"
1019 " app binder, returning the same client)", clientPid);
1020 *client = clientSp;
1021 return NO_ERROR;
1022 }
1023 }
1024 }
1025 }
1026
1027 // Get current active client PIDs
1028 std::vector<int> ownerPids(mActiveClientManager.getAllOwners());
1029 ownerPids.push_back(clientPid);
1030
1031 std::vector<int> priorityScores(ownerPids.size());
1032 std::vector<int> states(ownerPids.size());
1033
1034 // Get priority scores of all active PIDs
1035 status_t err = ProcessInfoService::getProcessStatesScoresFromPids(
1036 ownerPids.size(), &ownerPids[0], /*out*/&states[0],
1037 /*out*/&priorityScores[0]);
1038 if (err != OK) {
1039 ALOGE("%s: Priority score query failed: %d",
1040 __FUNCTION__, err);
1041 return err;
1042 }
1043
1044 // Update all active clients' priorities
1045 std::map<int,resource_policy::ClientPriority> pidToPriorityMap;
1046 for (size_t i = 0; i < ownerPids.size() - 1; i++) {
1047 pidToPriorityMap.emplace(ownerPids[i],
1048 resource_policy::ClientPriority(priorityScores[i], states[i]));
1049 }
1050 mActiveClientManager.updatePriorities(pidToPriorityMap);
1051
1052 // Get state for the given cameraId
1053 auto state = getCameraState(cameraId);
1054 if (state == nullptr) {
1055 ALOGE("CameraService::connect X (PID %d) rejected (no camera device with ID %s)",
1056 clientPid, cameraId.string());
1057 // Should never get here because validateConnectLocked should have errored out
1058 return BAD_VALUE;
1059 }
1060
1061 // Make descriptor for incoming client
1062 clientDescriptor = CameraClientManager::makeClientDescriptor(cameraId,
1063 sp<BasicClient>{nullptr}, static_cast<int32_t>(state->getCost()),
1064 state->getConflicting(),
1065 priorityScores[priorityScores.size() - 1],
1066 clientPid,
1067 states[states.size() - 1]);
1068
1069 // Find clients that would be evicted
1070 auto evicted = mActiveClientManager.wouldEvict(clientDescriptor);
1071
1072 // If the incoming client was 'evicted,' higher priority clients have the camera in the
1073 // background, so we cannot do evictions
1074 if (std::find(evicted.begin(), evicted.end(), clientDescriptor) != evicted.end()) {
1075 ALOGE("CameraService::connect X (PID %d) rejected (existing client(s) with higher"
1076 " priority).", clientPid);
1077
1078 sp<BasicClient> clientSp = clientDescriptor->getValue();
1079 String8 curTime = getFormattedCurrentTime();
1080 auto incompatibleClients =
1081 mActiveClientManager.getIncompatibleClients(clientDescriptor);
1082
1083 String8 msg = String8::format("%s : DENIED connect device %s client for package %s "
1084 "(PID %d, score %d state %d) due to eviction policy", curTime.string(),
1085 cameraId.string(), packageName.string(), clientPid,
1086 priorityScores[priorityScores.size() - 1],
1087 states[states.size() - 1]);
1088
1089 for (auto& i : incompatibleClients) {
1090 msg.appendFormat("\n - Blocked by existing device %s client for package %s"
1091 "(PID %" PRId32 ", score %" PRId32 ", state %" PRId32 ")",
1092 i->getKey().string(),
1093 String8{i->getValue()->getPackageName()}.string(),
1094 i->getOwnerId(), i->getPriority().getScore(),
1095 i->getPriority().getState());
1096 ALOGE(" Conflicts with: Device %s, client package %s (PID %"
1097 PRId32 ", score %" PRId32 ", state %" PRId32 ")", i->getKey().string(),
1098 String8{i->getValue()->getPackageName()}.string(), i->getOwnerId(),
1099 i->getPriority().getScore(), i->getPriority().getState());
1100 }
1101
1102 // Log the client's attempt
1103 Mutex::Autolock l(mLogLock);
1104 mEventLog.add(msg);
1105
1106 return -EBUSY;
1107 }
1108
1109 for (auto& i : evicted) {
1110 sp<BasicClient> clientSp = i->getValue();
1111 if (clientSp.get() == nullptr) {
1112 ALOGE("%s: Invalid state: Null client in active client list.", __FUNCTION__);
1113
1114 // TODO: Remove this
1115 LOG_ALWAYS_FATAL("%s: Invalid state for CameraService, null client in active list",
1116 __FUNCTION__);
1117 mActiveClientManager.remove(i);
1118 continue;
1119 }
1120
1121 ALOGE("CameraService::connect evicting conflicting client for camera ID %s",
1122 i->getKey().string());
1123 evictedClients.push_back(i);
1124
1125 // Log the clients evicted
1126 logEvent(String8::format("EVICT device %s client held by package %s (PID"
1127 " %" PRId32 ", score %" PRId32 ", state %" PRId32 ")\n - Evicted by device %s client for"
1128 " package %s (PID %d, score %" PRId32 ", state %" PRId32 ")",
1129 i->getKey().string(), String8{clientSp->getPackageName()}.string(),
1130 i->getOwnerId(), i->getPriority().getScore(),
1131 i->getPriority().getState(), cameraId.string(),
1132 packageName.string(), clientPid,
1133 priorityScores[priorityScores.size() - 1],
1134 states[states.size() - 1]));
1135
1136 // Notify the client of disconnection
1137 clientSp->notifyError(hardware::camera2::ICameraDeviceCallbacks::ERROR_CAMERA_DISCONNECTED,
1138 CaptureResultExtras());
1139 }
1140 }
1141
1142 // Do not hold mServiceLock while disconnecting clients, but retain the condition blocking
1143 // other clients from connecting in mServiceLockWrapper if held
1144 mServiceLock.unlock();
1145
1146 // Clear caller identity temporarily so client disconnect PID checks work correctly
1147 int64_t token = IPCThreadState::self()->clearCallingIdentity();
1148
1149 // Destroy evicted clients
1150 for (auto& i : evictedClients) {
1151 // Disconnect is blocking, and should only have returned when HAL has cleaned up
1152 i->getValue()->disconnect(); // Clients will remove themselves from the active client list
1153 }
1154
1155 IPCThreadState::self()->restoreCallingIdentity(token);
1156
1157 for (const auto& i : evictedClients) {
1158 ALOGV("%s: Waiting for disconnect to complete for client for device %s (PID %" PRId32 ")",
1159 __FUNCTION__, i->getKey().string(), i->getOwnerId());
1160 ret = mActiveClientManager.waitUntilRemoved(i, DEFAULT_DISCONNECT_TIMEOUT_NS);
1161 if (ret == TIMED_OUT) {
1162 ALOGE("%s: Timed out waiting for client for device %s to disconnect, "
1163 "current clients:\n%s", __FUNCTION__, i->getKey().string(),
1164 mActiveClientManager.toString().string());
1165 return -EBUSY;
1166 }
1167 if (ret != NO_ERROR) {
1168 ALOGE("%s: Received error waiting for client for device %s to disconnect: %s (%d), "
1169 "current clients:\n%s", __FUNCTION__, i->getKey().string(), strerror(-ret),
1170 ret, mActiveClientManager.toString().string());
1171 return ret;
1172 }
1173 }
1174
1175 evictedClients.clear();
1176
1177 // Once clients have been disconnected, relock
1178 mServiceLock.lock();
1179
1180 // Check again if the device was unplugged or something while we weren't holding mServiceLock
1181 if ((ret = checkIfDeviceIsUsable(cameraId)) != NO_ERROR) {
1182 return ret;
1183 }
1184
1185 *partial = clientDescriptor;
1186 return NO_ERROR;
1187 }
1188
connect(const sp<ICameraClient> & cameraClient,int cameraId,const String16 & clientPackageName,int clientUid,int clientPid,sp<ICamera> * device)1189 Status CameraService::connect(
1190 const sp<ICameraClient>& cameraClient,
1191 int cameraId,
1192 const String16& clientPackageName,
1193 int clientUid,
1194 int clientPid,
1195 /*out*/
1196 sp<ICamera>* device) {
1197
1198 ATRACE_CALL();
1199 Status ret = Status::ok();
1200 String8 id = String8::format("%d", cameraId);
1201 sp<Client> client = nullptr;
1202 ret = connectHelper<ICameraClient,Client>(cameraClient, id,
1203 CAMERA_HAL_API_VERSION_UNSPECIFIED, clientPackageName, clientUid, clientPid, API_1,
1204 /*legacyMode*/ false, /*shimUpdateOnly*/ false,
1205 /*out*/client);
1206
1207 if(!ret.isOk()) {
1208 logRejected(id, getCallingPid(), String8(clientPackageName),
1209 ret.toString8());
1210 return ret;
1211 }
1212
1213 *device = client;
1214 return ret;
1215 }
1216
connectLegacy(const sp<ICameraClient> & cameraClient,int cameraId,int halVersion,const String16 & clientPackageName,int clientUid,sp<ICamera> * device)1217 Status CameraService::connectLegacy(
1218 const sp<ICameraClient>& cameraClient,
1219 int cameraId, int halVersion,
1220 const String16& clientPackageName,
1221 int clientUid,
1222 /*out*/
1223 sp<ICamera>* device) {
1224
1225 ATRACE_CALL();
1226 String8 id = String8::format("%d", cameraId);
1227
1228 Status ret = Status::ok();
1229 sp<Client> client = nullptr;
1230 ret = connectHelper<ICameraClient,Client>(cameraClient, id, halVersion,
1231 clientPackageName, clientUid, USE_CALLING_PID, API_1,
1232 /*legacyMode*/ true, /*shimUpdateOnly*/ false,
1233 /*out*/client);
1234
1235 if(!ret.isOk()) {
1236 logRejected(id, getCallingPid(), String8(clientPackageName),
1237 ret.toString8());
1238 return ret;
1239 }
1240
1241 *device = client;
1242 return ret;
1243 }
1244
connectDevice(const sp<hardware::camera2::ICameraDeviceCallbacks> & cameraCb,const String16 & cameraId,const String16 & clientPackageName,int clientUid,sp<hardware::camera2::ICameraDeviceUser> * device)1245 Status CameraService::connectDevice(
1246 const sp<hardware::camera2::ICameraDeviceCallbacks>& cameraCb,
1247 const String16& cameraId,
1248 const String16& clientPackageName,
1249 int clientUid,
1250 /*out*/
1251 sp<hardware::camera2::ICameraDeviceUser>* device) {
1252
1253 ATRACE_CALL();
1254 Status ret = Status::ok();
1255 String8 id = String8(cameraId);
1256 sp<CameraDeviceClient> client = nullptr;
1257 ret = connectHelper<hardware::camera2::ICameraDeviceCallbacks,CameraDeviceClient>(cameraCb, id,
1258 CAMERA_HAL_API_VERSION_UNSPECIFIED, clientPackageName,
1259 clientUid, USE_CALLING_PID, API_2,
1260 /*legacyMode*/ false, /*shimUpdateOnly*/ false,
1261 /*out*/client);
1262
1263 if(!ret.isOk()) {
1264 logRejected(id, getCallingPid(), String8(clientPackageName),
1265 ret.toString8());
1266 return ret;
1267 }
1268
1269 *device = client;
1270 return ret;
1271 }
1272
1273 template<class CALLBACK, class CLIENT>
connectHelper(const sp<CALLBACK> & cameraCb,const String8 & cameraId,int halVersion,const String16 & clientPackageName,int clientUid,int clientPid,apiLevel effectiveApiLevel,bool legacyMode,bool shimUpdateOnly,sp<CLIENT> & device)1274 Status CameraService::connectHelper(const sp<CALLBACK>& cameraCb, const String8& cameraId,
1275 int halVersion, const String16& clientPackageName, int clientUid, int clientPid,
1276 apiLevel effectiveApiLevel, bool legacyMode, bool shimUpdateOnly,
1277 /*out*/sp<CLIENT>& device) {
1278 binder::Status ret = binder::Status::ok();
1279
1280 String8 clientName8(clientPackageName);
1281
1282 int originalClientPid = 0;
1283
1284 ALOGI("CameraService::connect call (PID %d \"%s\", camera ID %s) for HAL version %s and "
1285 "Camera API version %d", clientPid, clientName8.string(), cameraId.string(),
1286 (halVersion == -1) ? "default" : std::to_string(halVersion).c_str(),
1287 static_cast<int>(effectiveApiLevel));
1288
1289 sp<CLIENT> client = nullptr;
1290 {
1291 // Acquire mServiceLock and prevent other clients from connecting
1292 std::unique_ptr<AutoConditionLock> lock =
1293 AutoConditionLock::waitAndAcquire(mServiceLockWrapper, DEFAULT_CONNECT_TIMEOUT_NS);
1294
1295 if (lock == nullptr) {
1296 ALOGE("CameraService::connect (PID %d) rejected (too many other clients connecting)."
1297 , clientPid);
1298 return STATUS_ERROR_FMT(ERROR_MAX_CAMERAS_IN_USE,
1299 "Cannot open camera %s for \"%s\" (PID %d): Too many other clients connecting",
1300 cameraId.string(), clientName8.string(), clientPid);
1301 }
1302
1303 // Enforce client permissions and do basic sanity checks
1304 if(!(ret = validateConnectLocked(cameraId, clientName8,
1305 /*inout*/clientUid, /*inout*/clientPid, /*out*/originalClientPid)).isOk()) {
1306 return ret;
1307 }
1308
1309 // Check the shim parameters after acquiring lock, if they have already been updated and
1310 // we were doing a shim update, return immediately
1311 if (shimUpdateOnly) {
1312 auto cameraState = getCameraState(cameraId);
1313 if (cameraState != nullptr) {
1314 if (!cameraState->getShimParams().isEmpty()) return ret;
1315 }
1316 }
1317
1318 status_t err;
1319
1320 sp<BasicClient> clientTmp = nullptr;
1321 std::shared_ptr<resource_policy::ClientDescriptor<String8, sp<BasicClient>>> partial;
1322 if ((err = handleEvictionsLocked(cameraId, originalClientPid, effectiveApiLevel,
1323 IInterface::asBinder(cameraCb), clientName8, /*out*/&clientTmp,
1324 /*out*/&partial)) != NO_ERROR) {
1325 switch (err) {
1326 case -ENODEV:
1327 return STATUS_ERROR_FMT(ERROR_DISCONNECTED,
1328 "No camera device with ID \"%s\" currently available",
1329 cameraId.string());
1330 case -EBUSY:
1331 return STATUS_ERROR_FMT(ERROR_CAMERA_IN_USE,
1332 "Higher-priority client using camera, ID \"%s\" currently unavailable",
1333 cameraId.string());
1334 default:
1335 return STATUS_ERROR_FMT(ERROR_INVALID_OPERATION,
1336 "Unexpected error %s (%d) opening camera \"%s\"",
1337 strerror(-err), err, cameraId.string());
1338 }
1339 }
1340
1341 if (clientTmp.get() != nullptr) {
1342 // Handle special case for API1 MediaRecorder where the existing client is returned
1343 device = static_cast<CLIENT*>(clientTmp.get());
1344 return ret;
1345 }
1346
1347 // give flashlight a chance to close devices if necessary.
1348 mFlashlight->prepareDeviceOpen(cameraId);
1349
1350 int facing = -1;
1351 int deviceVersion = getDeviceVersion(cameraId, /*out*/&facing);
1352 if (facing == -1) {
1353 ALOGE("%s: Unable to get camera device \"%s\" facing", __FUNCTION__, cameraId.string());
1354 return STATUS_ERROR_FMT(ERROR_INVALID_OPERATION,
1355 "Unable to get camera device \"%s\" facing", cameraId.string());
1356 }
1357
1358 sp<BasicClient> tmp = nullptr;
1359 if(!(ret = makeClient(this, cameraCb, clientPackageName, cameraId, facing, clientPid,
1360 clientUid, getpid(), legacyMode, halVersion, deviceVersion, effectiveApiLevel,
1361 /*out*/&tmp)).isOk()) {
1362 return ret;
1363 }
1364 client = static_cast<CLIENT*>(tmp.get());
1365
1366 LOG_ALWAYS_FATAL_IF(client.get() == nullptr, "%s: CameraService in invalid state",
1367 __FUNCTION__);
1368
1369 err = client->initialize(mCameraProviderManager);
1370 if (err != OK) {
1371 ALOGE("%s: Could not initialize client from HAL.", __FUNCTION__);
1372 // Errors could be from the HAL module open call or from AppOpsManager
1373 switch(err) {
1374 case BAD_VALUE:
1375 return STATUS_ERROR_FMT(ERROR_ILLEGAL_ARGUMENT,
1376 "Illegal argument to HAL module for camera \"%s\"", cameraId.string());
1377 case -EBUSY:
1378 return STATUS_ERROR_FMT(ERROR_CAMERA_IN_USE,
1379 "Camera \"%s\" is already open", cameraId.string());
1380 case -EUSERS:
1381 return STATUS_ERROR_FMT(ERROR_MAX_CAMERAS_IN_USE,
1382 "Too many cameras already open, cannot open camera \"%s\"",
1383 cameraId.string());
1384 case PERMISSION_DENIED:
1385 return STATUS_ERROR_FMT(ERROR_PERMISSION_DENIED,
1386 "No permission to open camera \"%s\"", cameraId.string());
1387 case -EACCES:
1388 return STATUS_ERROR_FMT(ERROR_DISABLED,
1389 "Camera \"%s\" disabled by policy", cameraId.string());
1390 case -ENODEV:
1391 default:
1392 return STATUS_ERROR_FMT(ERROR_INVALID_OPERATION,
1393 "Failed to initialize camera \"%s\": %s (%d)", cameraId.string(),
1394 strerror(-err), err);
1395 }
1396 }
1397
1398 // Update shim paremeters for legacy clients
1399 if (effectiveApiLevel == API_1) {
1400 // Assume we have always received a Client subclass for API1
1401 sp<Client> shimClient = reinterpret_cast<Client*>(client.get());
1402 String8 rawParams = shimClient->getParameters();
1403 CameraParameters params(rawParams);
1404
1405 auto cameraState = getCameraState(cameraId);
1406 if (cameraState != nullptr) {
1407 cameraState->setShimParams(params);
1408 } else {
1409 ALOGE("%s: Cannot update shim parameters for camera %s, no such device exists.",
1410 __FUNCTION__, cameraId.string());
1411 }
1412 }
1413
1414 if (shimUpdateOnly) {
1415 // If only updating legacy shim parameters, immediately disconnect client
1416 mServiceLock.unlock();
1417 client->disconnect();
1418 mServiceLock.lock();
1419 } else {
1420 // Otherwise, add client to active clients list
1421 finishConnectLocked(client, partial);
1422 }
1423 } // lock is destroyed, allow further connect calls
1424
1425 // Important: release the mutex here so the client can call back into the service from its
1426 // destructor (can be at the end of the call)
1427 device = client;
1428 return ret;
1429 }
1430
setTorchMode(const String16 & cameraId,bool enabled,const sp<IBinder> & clientBinder)1431 Status CameraService::setTorchMode(const String16& cameraId, bool enabled,
1432 const sp<IBinder>& clientBinder) {
1433 Mutex::Autolock lock(mServiceLock);
1434
1435 ATRACE_CALL();
1436 if (enabled && clientBinder == nullptr) {
1437 ALOGE("%s: torch client binder is NULL", __FUNCTION__);
1438 return STATUS_ERROR(ERROR_ILLEGAL_ARGUMENT,
1439 "Torch client Binder is null");
1440 }
1441
1442 String8 id = String8(cameraId.string());
1443 int uid = getCallingUid();
1444
1445 // verify id is valid.
1446 auto state = getCameraState(id);
1447 if (state == nullptr) {
1448 ALOGE("%s: camera id is invalid %s", __FUNCTION__, id.string());
1449 return STATUS_ERROR_FMT(ERROR_ILLEGAL_ARGUMENT,
1450 "Camera ID \"%s\" is a not valid camera ID", id.string());
1451 }
1452
1453 StatusInternal cameraStatus = state->getStatus();
1454 if (cameraStatus != StatusInternal::PRESENT &&
1455 cameraStatus != StatusInternal::NOT_AVAILABLE) {
1456 ALOGE("%s: camera id is invalid %s, status %d", __FUNCTION__, id.string(), (int)cameraStatus);
1457 return STATUS_ERROR_FMT(ERROR_ILLEGAL_ARGUMENT,
1458 "Camera ID \"%s\" is a not valid camera ID", id.string());
1459 }
1460
1461 {
1462 Mutex::Autolock al(mTorchStatusMutex);
1463 TorchModeStatus status;
1464 status_t err = getTorchStatusLocked(id, &status);
1465 if (err != OK) {
1466 if (err == NAME_NOT_FOUND) {
1467 return STATUS_ERROR_FMT(ERROR_ILLEGAL_ARGUMENT,
1468 "Camera \"%s\" does not have a flash unit", id.string());
1469 }
1470 ALOGE("%s: getting current torch status failed for camera %s",
1471 __FUNCTION__, id.string());
1472 return STATUS_ERROR_FMT(ERROR_INVALID_OPERATION,
1473 "Error updating torch status for camera \"%s\": %s (%d)", id.string(),
1474 strerror(-err), err);
1475 }
1476
1477 if (status == TorchModeStatus::NOT_AVAILABLE) {
1478 if (cameraStatus == StatusInternal::NOT_AVAILABLE) {
1479 ALOGE("%s: torch mode of camera %s is not available because "
1480 "camera is in use", __FUNCTION__, id.string());
1481 return STATUS_ERROR_FMT(ERROR_CAMERA_IN_USE,
1482 "Torch for camera \"%s\" is not available due to an existing camera user",
1483 id.string());
1484 } else {
1485 ALOGE("%s: torch mode of camera %s is not available due to "
1486 "insufficient resources", __FUNCTION__, id.string());
1487 return STATUS_ERROR_FMT(ERROR_MAX_CAMERAS_IN_USE,
1488 "Torch for camera \"%s\" is not available due to insufficient resources",
1489 id.string());
1490 }
1491 }
1492 }
1493
1494 {
1495 // Update UID map - this is used in the torch status changed callbacks, so must be done
1496 // before setTorchMode
1497 Mutex::Autolock al(mTorchUidMapMutex);
1498 if (mTorchUidMap.find(id) == mTorchUidMap.end()) {
1499 mTorchUidMap[id].first = uid;
1500 mTorchUidMap[id].second = uid;
1501 } else {
1502 // Set the pending UID
1503 mTorchUidMap[id].first = uid;
1504 }
1505 }
1506
1507 status_t err = mFlashlight->setTorchMode(id, enabled);
1508
1509 if (err != OK) {
1510 int32_t errorCode;
1511 String8 msg;
1512 switch (err) {
1513 case -ENOSYS:
1514 msg = String8::format("Camera \"%s\" has no flashlight",
1515 id.string());
1516 errorCode = ERROR_ILLEGAL_ARGUMENT;
1517 break;
1518 default:
1519 msg = String8::format(
1520 "Setting torch mode of camera \"%s\" to %d failed: %s (%d)",
1521 id.string(), enabled, strerror(-err), err);
1522 errorCode = ERROR_INVALID_OPERATION;
1523 }
1524 ALOGE("%s: %s", __FUNCTION__, msg.string());
1525 return STATUS_ERROR(errorCode, msg.string());
1526 }
1527
1528 {
1529 // update the link to client's death
1530 Mutex::Autolock al(mTorchClientMapMutex);
1531 ssize_t index = mTorchClientMap.indexOfKey(id);
1532 if (enabled) {
1533 if (index == NAME_NOT_FOUND) {
1534 mTorchClientMap.add(id, clientBinder);
1535 } else {
1536 mTorchClientMap.valueAt(index)->unlinkToDeath(this);
1537 mTorchClientMap.replaceValueAt(index, clientBinder);
1538 }
1539 clientBinder->linkToDeath(this);
1540 } else if (index != NAME_NOT_FOUND) {
1541 mTorchClientMap.valueAt(index)->unlinkToDeath(this);
1542 }
1543 }
1544
1545 return Status::ok();
1546 }
1547
notifySystemEvent(int32_t eventId,const std::vector<int32_t> & args)1548 Status CameraService::notifySystemEvent(int32_t eventId,
1549 const std::vector<int32_t>& args) {
1550 ATRACE_CALL();
1551
1552 switch(eventId) {
1553 case ICameraService::EVENT_USER_SWITCHED: {
1554 doUserSwitch(/*newUserIds*/ args);
1555 break;
1556 }
1557 case ICameraService::EVENT_NONE:
1558 default: {
1559 ALOGW("%s: Received invalid system event from system_server: %d", __FUNCTION__,
1560 eventId);
1561 break;
1562 }
1563 }
1564 return Status::ok();
1565 }
1566
addListener(const sp<ICameraServiceListener> & listener,std::vector<hardware::CameraStatus> * cameraStatuses)1567 Status CameraService::addListener(const sp<ICameraServiceListener>& listener,
1568 /*out*/
1569 std::vector<hardware::CameraStatus> *cameraStatuses) {
1570 ATRACE_CALL();
1571
1572 ALOGV("%s: Add listener %p", __FUNCTION__, listener.get());
1573
1574 if (listener == nullptr) {
1575 ALOGE("%s: Listener must not be null", __FUNCTION__);
1576 return STATUS_ERROR(ERROR_ILLEGAL_ARGUMENT, "Null listener given to addListener");
1577 }
1578
1579 Mutex::Autolock lock(mServiceLock);
1580
1581 {
1582 Mutex::Autolock lock(mStatusListenerLock);
1583 for (auto& it : mListenerList) {
1584 if (IInterface::asBinder(it) == IInterface::asBinder(listener)) {
1585 ALOGW("%s: Tried to add listener %p which was already subscribed",
1586 __FUNCTION__, listener.get());
1587 return STATUS_ERROR(ERROR_ALREADY_EXISTS, "Listener already registered");
1588 }
1589 }
1590
1591 mListenerList.push_back(listener);
1592 }
1593
1594 /* Collect current devices and status */
1595 {
1596 Mutex::Autolock lock(mCameraStatesLock);
1597 for (auto& i : mCameraStates) {
1598 cameraStatuses->emplace_back(i.first, mapToInterface(i.second->getStatus()));
1599 }
1600 }
1601
1602 /*
1603 * Immediately signal current torch status to this listener only
1604 * This may be a subset of all the devices, so don't include it in the response directly
1605 */
1606 {
1607 Mutex::Autolock al(mTorchStatusMutex);
1608 for (size_t i = 0; i < mTorchStatusMap.size(); i++ ) {
1609 String16 id = String16(mTorchStatusMap.keyAt(i).string());
1610 listener->onTorchStatusChanged(mapToInterface(mTorchStatusMap.valueAt(i)), id);
1611 }
1612 }
1613
1614 return Status::ok();
1615 }
1616
removeListener(const sp<ICameraServiceListener> & listener)1617 Status CameraService::removeListener(const sp<ICameraServiceListener>& listener) {
1618 ATRACE_CALL();
1619
1620 ALOGV("%s: Remove listener %p", __FUNCTION__, listener.get());
1621
1622 if (listener == 0) {
1623 ALOGE("%s: Listener must not be null", __FUNCTION__);
1624 return STATUS_ERROR(ERROR_ILLEGAL_ARGUMENT, "Null listener given to removeListener");
1625 }
1626
1627 Mutex::Autolock lock(mServiceLock);
1628
1629 {
1630 Mutex::Autolock lock(mStatusListenerLock);
1631 for (auto it = mListenerList.begin(); it != mListenerList.end(); it++) {
1632 if (IInterface::asBinder(*it) == IInterface::asBinder(listener)) {
1633 mListenerList.erase(it);
1634 return Status::ok();
1635 }
1636 }
1637 }
1638
1639 ALOGW("%s: Tried to remove a listener %p which was not subscribed",
1640 __FUNCTION__, listener.get());
1641
1642 return STATUS_ERROR(ERROR_ILLEGAL_ARGUMENT, "Unregistered listener given to removeListener");
1643 }
1644
getLegacyParameters(int cameraId,String16 * parameters)1645 Status CameraService::getLegacyParameters(int cameraId, /*out*/String16* parameters) {
1646
1647 ATRACE_CALL();
1648 ALOGV("%s: for camera ID = %d", __FUNCTION__, cameraId);
1649
1650 if (parameters == NULL) {
1651 ALOGE("%s: parameters must not be null", __FUNCTION__);
1652 return STATUS_ERROR(ERROR_ILLEGAL_ARGUMENT, "Parameters must not be null");
1653 }
1654
1655 Status ret = Status::ok();
1656
1657 CameraParameters shimParams;
1658 if (!(ret = getLegacyParametersLazy(cameraId, /*out*/&shimParams)).isOk()) {
1659 // Error logged by caller
1660 return ret;
1661 }
1662
1663 String8 shimParamsString8 = shimParams.flatten();
1664 String16 shimParamsString16 = String16(shimParamsString8);
1665
1666 *parameters = shimParamsString16;
1667
1668 return ret;
1669 }
1670
supportsCameraApi(const String16 & cameraId,int apiVersion,bool * isSupported)1671 Status CameraService::supportsCameraApi(const String16& cameraId, int apiVersion,
1672 /*out*/ bool *isSupported) {
1673 ATRACE_CALL();
1674
1675 const String8 id = String8(cameraId);
1676
1677 ALOGV("%s: for camera ID = %s", __FUNCTION__, id.string());
1678
1679 switch (apiVersion) {
1680 case API_VERSION_1:
1681 case API_VERSION_2:
1682 break;
1683 default:
1684 String8 msg = String8::format("Unknown API version %d", apiVersion);
1685 ALOGE("%s: %s", __FUNCTION__, msg.string());
1686 return STATUS_ERROR(ERROR_ILLEGAL_ARGUMENT, msg.string());
1687 }
1688
1689 int deviceVersion = getDeviceVersion(id);
1690 switch(deviceVersion) {
1691 case CAMERA_DEVICE_API_VERSION_1_0:
1692 case CAMERA_DEVICE_API_VERSION_3_0:
1693 case CAMERA_DEVICE_API_VERSION_3_1:
1694 if (apiVersion == API_VERSION_2) {
1695 ALOGV("%s: Camera id %s uses HAL version %d <3.2, doesn't support api2 without shim",
1696 __FUNCTION__, id.string(), deviceVersion);
1697 *isSupported = false;
1698 } else { // if (apiVersion == API_VERSION_1) {
1699 ALOGV("%s: Camera id %s uses older HAL before 3.2, but api1 is always supported",
1700 __FUNCTION__, id.string());
1701 *isSupported = true;
1702 }
1703 break;
1704 case CAMERA_DEVICE_API_VERSION_3_2:
1705 case CAMERA_DEVICE_API_VERSION_3_3:
1706 case CAMERA_DEVICE_API_VERSION_3_4:
1707 ALOGV("%s: Camera id %s uses HAL3.2 or newer, supports api1/api2 directly",
1708 __FUNCTION__, id.string());
1709 *isSupported = true;
1710 break;
1711 case -1: {
1712 String8 msg = String8::format("Unknown camera ID %s", id.string());
1713 ALOGE("%s: %s", __FUNCTION__, msg.string());
1714 return STATUS_ERROR(ERROR_ILLEGAL_ARGUMENT, msg.string());
1715 }
1716 default: {
1717 String8 msg = String8::format("Unknown device version %x for device %s",
1718 deviceVersion, id.string());
1719 ALOGE("%s: %s", __FUNCTION__, msg.string());
1720 return STATUS_ERROR(ERROR_INVALID_OPERATION, msg.string());
1721 }
1722 }
1723
1724 return Status::ok();
1725 }
1726
removeByClient(const BasicClient * client)1727 void CameraService::removeByClient(const BasicClient* client) {
1728 Mutex::Autolock lock(mServiceLock);
1729 for (auto& i : mActiveClientManager.getAll()) {
1730 auto clientSp = i->getValue();
1731 if (clientSp.get() == client) {
1732 mActiveClientManager.remove(i);
1733 }
1734 }
1735 }
1736
evictClientIdByRemote(const wp<IBinder> & remote)1737 bool CameraService::evictClientIdByRemote(const wp<IBinder>& remote) {
1738 const int callingPid = getCallingPid();
1739 const int servicePid = getpid();
1740 bool ret = false;
1741 {
1742 // Acquire mServiceLock and prevent other clients from connecting
1743 std::unique_ptr<AutoConditionLock> lock =
1744 AutoConditionLock::waitAndAcquire(mServiceLockWrapper);
1745
1746
1747 std::vector<sp<BasicClient>> evicted;
1748 for (auto& i : mActiveClientManager.getAll()) {
1749 auto clientSp = i->getValue();
1750 if (clientSp.get() == nullptr) {
1751 ALOGE("%s: Dead client still in mActiveClientManager.", __FUNCTION__);
1752 mActiveClientManager.remove(i);
1753 continue;
1754 }
1755 if (remote == clientSp->getRemote() && (callingPid == servicePid ||
1756 callingPid == clientSp->getClientPid())) {
1757 mActiveClientManager.remove(i);
1758 evicted.push_back(clientSp);
1759
1760 // Notify the client of disconnection
1761 clientSp->notifyError(
1762 hardware::camera2::ICameraDeviceCallbacks::ERROR_CAMERA_DISCONNECTED,
1763 CaptureResultExtras());
1764 }
1765 }
1766
1767 // Do not hold mServiceLock while disconnecting clients, but retain the condition blocking
1768 // other clients from connecting in mServiceLockWrapper if held
1769 mServiceLock.unlock();
1770
1771 // Do not clear caller identity, remote caller should be client proccess
1772
1773 for (auto& i : evicted) {
1774 if (i.get() != nullptr) {
1775 i->disconnect();
1776 ret = true;
1777 }
1778 }
1779
1780 // Reacquire mServiceLock
1781 mServiceLock.lock();
1782
1783 } // lock is destroyed, allow further connect calls
1784
1785 return ret;
1786 }
1787
getCameraState(const String8 & cameraId) const1788 std::shared_ptr<CameraService::CameraState> CameraService::getCameraState(
1789 const String8& cameraId) const {
1790 std::shared_ptr<CameraState> state;
1791 {
1792 Mutex::Autolock lock(mCameraStatesLock);
1793 auto iter = mCameraStates.find(cameraId);
1794 if (iter != mCameraStates.end()) {
1795 state = iter->second;
1796 }
1797 }
1798 return state;
1799 }
1800
removeClientLocked(const String8 & cameraId)1801 sp<CameraService::BasicClient> CameraService::removeClientLocked(const String8& cameraId) {
1802 // Remove from active clients list
1803 auto clientDescriptorPtr = mActiveClientManager.remove(cameraId);
1804 if (clientDescriptorPtr == nullptr) {
1805 ALOGW("%s: Could not evict client, no client for camera ID %s", __FUNCTION__,
1806 cameraId.string());
1807 return sp<BasicClient>{nullptr};
1808 }
1809
1810 return clientDescriptorPtr->getValue();
1811 }
1812
doUserSwitch(const std::vector<int32_t> & newUserIds)1813 void CameraService::doUserSwitch(const std::vector<int32_t>& newUserIds) {
1814 // Acquire mServiceLock and prevent other clients from connecting
1815 std::unique_ptr<AutoConditionLock> lock =
1816 AutoConditionLock::waitAndAcquire(mServiceLockWrapper);
1817
1818 std::set<userid_t> newAllowedUsers;
1819 for (size_t i = 0; i < newUserIds.size(); i++) {
1820 if (newUserIds[i] < 0) {
1821 ALOGE("%s: Bad user ID %d given during user switch, ignoring.",
1822 __FUNCTION__, newUserIds[i]);
1823 return;
1824 }
1825 newAllowedUsers.insert(static_cast<userid_t>(newUserIds[i]));
1826 }
1827
1828
1829 if (newAllowedUsers == mAllowedUsers) {
1830 ALOGW("%s: Received notification of user switch with no updated user IDs.", __FUNCTION__);
1831 return;
1832 }
1833
1834 logUserSwitch(mAllowedUsers, newAllowedUsers);
1835
1836 mAllowedUsers = std::move(newAllowedUsers);
1837
1838 // Current user has switched, evict all current clients.
1839 std::vector<sp<BasicClient>> evicted;
1840 for (auto& i : mActiveClientManager.getAll()) {
1841 auto clientSp = i->getValue();
1842
1843 if (clientSp.get() == nullptr) {
1844 ALOGE("%s: Dead client still in mActiveClientManager.", __FUNCTION__);
1845 continue;
1846 }
1847
1848 // Don't evict clients that are still allowed.
1849 uid_t clientUid = clientSp->getClientUid();
1850 userid_t clientUserId = multiuser_get_user_id(clientUid);
1851 if (mAllowedUsers.find(clientUserId) != mAllowedUsers.end()) {
1852 continue;
1853 }
1854
1855 evicted.push_back(clientSp);
1856
1857 String8 curTime = getFormattedCurrentTime();
1858
1859 ALOGE("Evicting conflicting client for camera ID %s due to user change",
1860 i->getKey().string());
1861
1862 // Log the clients evicted
1863 logEvent(String8::format("EVICT device %s client held by package %s (PID %"
1864 PRId32 ", score %" PRId32 ", state %" PRId32 ")\n - Evicted due"
1865 " to user switch.", i->getKey().string(),
1866 String8{clientSp->getPackageName()}.string(),
1867 i->getOwnerId(), i->getPriority().getScore(),
1868 i->getPriority().getState()));
1869
1870 }
1871
1872 // Do not hold mServiceLock while disconnecting clients, but retain the condition
1873 // blocking other clients from connecting in mServiceLockWrapper if held.
1874 mServiceLock.unlock();
1875
1876 // Clear caller identity temporarily so client disconnect PID checks work correctly
1877 int64_t token = IPCThreadState::self()->clearCallingIdentity();
1878
1879 for (auto& i : evicted) {
1880 i->disconnect();
1881 }
1882
1883 IPCThreadState::self()->restoreCallingIdentity(token);
1884
1885 // Reacquire mServiceLock
1886 mServiceLock.lock();
1887 }
1888
logEvent(const char * event)1889 void CameraService::logEvent(const char* event) {
1890 String8 curTime = getFormattedCurrentTime();
1891 Mutex::Autolock l(mLogLock);
1892 mEventLog.add(String8::format("%s : %s", curTime.string(), event));
1893 }
1894
logDisconnected(const char * cameraId,int clientPid,const char * clientPackage)1895 void CameraService::logDisconnected(const char* cameraId, int clientPid,
1896 const char* clientPackage) {
1897 // Log the clients evicted
1898 logEvent(String8::format("DISCONNECT device %s client for package %s (PID %d)", cameraId,
1899 clientPackage, clientPid));
1900 }
1901
logConnected(const char * cameraId,int clientPid,const char * clientPackage)1902 void CameraService::logConnected(const char* cameraId, int clientPid,
1903 const char* clientPackage) {
1904 // Log the clients evicted
1905 logEvent(String8::format("CONNECT device %s client for package %s (PID %d)", cameraId,
1906 clientPackage, clientPid));
1907 }
1908
logRejected(const char * cameraId,int clientPid,const char * clientPackage,const char * reason)1909 void CameraService::logRejected(const char* cameraId, int clientPid,
1910 const char* clientPackage, const char* reason) {
1911 // Log the client rejected
1912 logEvent(String8::format("REJECT device %s client for package %s (PID %d), reason: (%s)",
1913 cameraId, clientPackage, clientPid, reason));
1914 }
1915
logUserSwitch(const std::set<userid_t> & oldUserIds,const std::set<userid_t> & newUserIds)1916 void CameraService::logUserSwitch(const std::set<userid_t>& oldUserIds,
1917 const std::set<userid_t>& newUserIds) {
1918 String8 newUsers = toString(newUserIds);
1919 String8 oldUsers = toString(oldUserIds);
1920 if (oldUsers.size() == 0) {
1921 oldUsers = "<None>";
1922 }
1923 // Log the new and old users
1924 logEvent(String8::format("USER_SWITCH previous allowed user IDs: %s, current allowed user IDs: %s",
1925 oldUsers.string(), newUsers.string()));
1926 }
1927
logDeviceRemoved(const char * cameraId,const char * reason)1928 void CameraService::logDeviceRemoved(const char* cameraId, const char* reason) {
1929 // Log the device removal
1930 logEvent(String8::format("REMOVE device %s, reason: (%s)", cameraId, reason));
1931 }
1932
logDeviceAdded(const char * cameraId,const char * reason)1933 void CameraService::logDeviceAdded(const char* cameraId, const char* reason) {
1934 // Log the device removal
1935 logEvent(String8::format("ADD device %s, reason: (%s)", cameraId, reason));
1936 }
1937
logClientDied(int clientPid,const char * reason)1938 void CameraService::logClientDied(int clientPid, const char* reason) {
1939 // Log the device removal
1940 logEvent(String8::format("DIED client(s) with PID %d, reason: (%s)", clientPid, reason));
1941 }
1942
logServiceError(const char * msg,int errorCode)1943 void CameraService::logServiceError(const char* msg, int errorCode) {
1944 String8 curTime = getFormattedCurrentTime();
1945 logEvent(String8::format("SERVICE ERROR: %s : %d (%s)", msg, errorCode, strerror(-errorCode)));
1946 }
1947
onTransact(uint32_t code,const Parcel & data,Parcel * reply,uint32_t flags)1948 status_t CameraService::onTransact(uint32_t code, const Parcel& data, Parcel* reply,
1949 uint32_t flags) {
1950
1951 const int pid = getCallingPid();
1952 const int selfPid = getpid();
1953
1954 // Permission checks
1955 switch (code) {
1956 case BnCameraService::NOTIFYSYSTEMEVENT: {
1957 if (pid != selfPid) {
1958 // Ensure we're being called by system_server, or similar process with
1959 // permissions to notify the camera service about system events
1960 if (!checkCallingPermission(
1961 String16("android.permission.CAMERA_SEND_SYSTEM_EVENTS"))) {
1962 const int uid = getCallingUid();
1963 ALOGE("Permission Denial: cannot send updates to camera service about system"
1964 " events from pid=%d, uid=%d", pid, uid);
1965 return PERMISSION_DENIED;
1966 }
1967 }
1968 break;
1969 }
1970 }
1971
1972 return BnCameraService::onTransact(code, data, reply, flags);
1973 }
1974
1975 // We share the media players for shutter and recording sound for all clients.
1976 // A reference count is kept to determine when we will actually release the
1977 // media players.
1978
newMediaPlayer(const char * file)1979 MediaPlayer* CameraService::newMediaPlayer(const char *file) {
1980 MediaPlayer* mp = new MediaPlayer();
1981 if (mp->setDataSource(NULL /* httpService */, file, NULL) == NO_ERROR) {
1982 mp->setAudioStreamType(AUDIO_STREAM_ENFORCED_AUDIBLE);
1983 mp->prepare();
1984 } else {
1985 ALOGE("Failed to load CameraService sounds: %s", file);
1986 return NULL;
1987 }
1988 return mp;
1989 }
1990
loadSound()1991 void CameraService::loadSound() {
1992 ATRACE_CALL();
1993
1994 Mutex::Autolock lock(mSoundLock);
1995 LOG1("CameraService::loadSound ref=%d", mSoundRef);
1996 if (mSoundRef++) return;
1997
1998 mSoundPlayer[SOUND_SHUTTER] = newMediaPlayer("/system/media/audio/ui/camera_click.ogg");
1999 mSoundPlayer[SOUND_RECORDING_START] = newMediaPlayer("/system/media/audio/ui/VideoRecord.ogg");
2000 mSoundPlayer[SOUND_RECORDING_STOP] = newMediaPlayer("/system/media/audio/ui/VideoStop.ogg");
2001 }
2002
releaseSound()2003 void CameraService::releaseSound() {
2004 Mutex::Autolock lock(mSoundLock);
2005 LOG1("CameraService::releaseSound ref=%d", mSoundRef);
2006 if (--mSoundRef) return;
2007
2008 for (int i = 0; i < NUM_SOUNDS; i++) {
2009 if (mSoundPlayer[i] != 0) {
2010 mSoundPlayer[i]->disconnect();
2011 mSoundPlayer[i].clear();
2012 }
2013 }
2014 }
2015
playSound(sound_kind kind)2016 void CameraService::playSound(sound_kind kind) {
2017 ATRACE_CALL();
2018
2019 LOG1("playSound(%d)", kind);
2020 Mutex::Autolock lock(mSoundLock);
2021 sp<MediaPlayer> player = mSoundPlayer[kind];
2022 if (player != 0) {
2023 player->seekTo(0);
2024 player->start();
2025 }
2026 }
2027
2028 // ----------------------------------------------------------------------------
2029
Client(const sp<CameraService> & cameraService,const sp<ICameraClient> & cameraClient,const String16 & clientPackageName,const String8 & cameraIdStr,int cameraFacing,int clientPid,uid_t clientUid,int servicePid)2030 CameraService::Client::Client(const sp<CameraService>& cameraService,
2031 const sp<ICameraClient>& cameraClient,
2032 const String16& clientPackageName,
2033 const String8& cameraIdStr, int cameraFacing,
2034 int clientPid, uid_t clientUid,
2035 int servicePid) :
2036 CameraService::BasicClient(cameraService,
2037 IInterface::asBinder(cameraClient),
2038 clientPackageName,
2039 cameraIdStr, cameraFacing,
2040 clientPid, clientUid,
2041 servicePid),
2042 mCameraId(CameraService::cameraIdToInt(cameraIdStr))
2043 {
2044 int callingPid = getCallingPid();
2045 LOG1("Client::Client E (pid %d, id %d)", callingPid, mCameraId);
2046
2047 mRemoteCallback = cameraClient;
2048
2049 cameraService->loadSound();
2050
2051 LOG1("Client::Client X (pid %d, id %d)", callingPid, mCameraId);
2052 }
2053
2054 // tear down the client
~Client()2055 CameraService::Client::~Client() {
2056 ALOGV("~Client");
2057 mDestructionStarted = true;
2058
2059 sCameraService->releaseSound();
2060 // unconditionally disconnect. function is idempotent
2061 Client::disconnect();
2062 }
2063
2064 sp<CameraService> CameraService::BasicClient::BasicClient::sCameraService;
2065
BasicClient(const sp<CameraService> & cameraService,const sp<IBinder> & remoteCallback,const String16 & clientPackageName,const String8 & cameraIdStr,int cameraFacing,int clientPid,uid_t clientUid,int servicePid)2066 CameraService::BasicClient::BasicClient(const sp<CameraService>& cameraService,
2067 const sp<IBinder>& remoteCallback,
2068 const String16& clientPackageName,
2069 const String8& cameraIdStr, int cameraFacing,
2070 int clientPid, uid_t clientUid,
2071 int servicePid):
2072 mCameraIdStr(cameraIdStr), mCameraFacing(cameraFacing),
2073 mClientPackageName(clientPackageName), mClientPid(clientPid), mClientUid(clientUid),
2074 mServicePid(servicePid),
2075 mDisconnected(false),
2076 mRemoteBinder(remoteCallback)
2077 {
2078 if (sCameraService == nullptr) {
2079 sCameraService = cameraService;
2080 }
2081 mOpsActive = false;
2082 mDestructionStarted = false;
2083
2084 // In some cases the calling code has no access to the package it runs under.
2085 // For example, NDK camera API.
2086 // In this case we will get the packages for the calling UID and pick the first one
2087 // for attributing the app op. This will work correctly for runtime permissions
2088 // as for legacy apps we will toggle the app op for all packages in the UID.
2089 // The caveat is that the operation may be attributed to the wrong package and
2090 // stats based on app ops may be slightly off.
2091 if (mClientPackageName.size() <= 0) {
2092 sp<IServiceManager> sm = defaultServiceManager();
2093 sp<IBinder> binder = sm->getService(String16(kPermissionServiceName));
2094 if (binder == 0) {
2095 ALOGE("Cannot get permission service");
2096 // Leave mClientPackageName unchanged (empty) and the further interaction
2097 // with camera will fail in BasicClient::startCameraOps
2098 return;
2099 }
2100
2101 sp<IPermissionController> permCtrl = interface_cast<IPermissionController>(binder);
2102 Vector<String16> packages;
2103
2104 permCtrl->getPackagesForUid(mClientUid, packages);
2105
2106 if (packages.isEmpty()) {
2107 ALOGE("No packages for calling UID");
2108 // Leave mClientPackageName unchanged (empty) and the further interaction
2109 // with camera will fail in BasicClient::startCameraOps
2110 return;
2111 }
2112 mClientPackageName = packages[0];
2113 }
2114 }
2115
~BasicClient()2116 CameraService::BasicClient::~BasicClient() {
2117 ALOGV("~BasicClient");
2118 mDestructionStarted = true;
2119 }
2120
disconnect()2121 binder::Status CameraService::BasicClient::disconnect() {
2122 binder::Status res = Status::ok();
2123 if (mDisconnected) {
2124 return res;
2125 }
2126 mDisconnected = true;
2127
2128 sCameraService->removeByClient(this);
2129 sCameraService->logDisconnected(mCameraIdStr, mClientPid,
2130 String8(mClientPackageName));
2131
2132 sp<IBinder> remote = getRemote();
2133 if (remote != nullptr) {
2134 remote->unlinkToDeath(sCameraService);
2135 }
2136
2137 finishCameraOps();
2138 // Notify flashlight that a camera device is closed.
2139 sCameraService->mFlashlight->deviceClosed(mCameraIdStr);
2140 ALOGI("%s: Disconnected client for camera %s for PID %d", __FUNCTION__, mCameraIdStr.string(),
2141 mClientPid);
2142
2143 // client shouldn't be able to call into us anymore
2144 mClientPid = 0;
2145
2146 return res;
2147 }
2148
dump(int,const Vector<String16> &)2149 status_t CameraService::BasicClient::dump(int, const Vector<String16>&) {
2150 // No dumping of clients directly over Binder,
2151 // must go through CameraService::dump
2152 android_errorWriteWithInfoLog(SN_EVENT_LOG_ID, "26265403",
2153 IPCThreadState::self()->getCallingUid(), NULL, 0);
2154 return OK;
2155 }
2156
getPackageName() const2157 String16 CameraService::BasicClient::getPackageName() const {
2158 return mClientPackageName;
2159 }
2160
2161
getClientPid() const2162 int CameraService::BasicClient::getClientPid() const {
2163 return mClientPid;
2164 }
2165
getClientUid() const2166 uid_t CameraService::BasicClient::getClientUid() const {
2167 return mClientUid;
2168 }
2169
canCastToApiClient(apiLevel level) const2170 bool CameraService::BasicClient::canCastToApiClient(apiLevel level) const {
2171 // Defaults to API2.
2172 return level == API_2;
2173 }
2174
startCameraOps()2175 status_t CameraService::BasicClient::startCameraOps() {
2176 ATRACE_CALL();
2177
2178 int32_t res;
2179 // Notify app ops that the camera is not available
2180 mOpsCallback = new OpsCallback(this);
2181
2182 {
2183 ALOGV("%s: Start camera ops, package name = %s, client UID = %d",
2184 __FUNCTION__, String8(mClientPackageName).string(), mClientUid);
2185 }
2186
2187 mAppOpsManager.startWatchingMode(AppOpsManager::OP_CAMERA,
2188 mClientPackageName, mOpsCallback);
2189 res = mAppOpsManager.startOp(AppOpsManager::OP_CAMERA,
2190 mClientUid, mClientPackageName);
2191
2192 if (res == AppOpsManager::MODE_ERRORED) {
2193 ALOGI("Camera %s: Access for \"%s\" has been revoked",
2194 mCameraIdStr.string(), String8(mClientPackageName).string());
2195 return PERMISSION_DENIED;
2196 }
2197
2198 if (res == AppOpsManager::MODE_IGNORED) {
2199 ALOGI("Camera %s: Access for \"%s\" has been restricted",
2200 mCameraIdStr.string(), String8(mClientPackageName).string());
2201 // Return the same error as for device policy manager rejection
2202 return -EACCES;
2203 }
2204
2205 mOpsActive = true;
2206
2207 // Transition device availability listeners from PRESENT -> NOT_AVAILABLE
2208 sCameraService->updateStatus(StatusInternal::NOT_AVAILABLE, mCameraIdStr);
2209
2210 // Transition device state to OPEN
2211 sCameraService->updateProxyDeviceState(ICameraServiceProxy::CAMERA_STATE_OPEN,
2212 mCameraIdStr);
2213
2214 return OK;
2215 }
2216
finishCameraOps()2217 status_t CameraService::BasicClient::finishCameraOps() {
2218 ATRACE_CALL();
2219
2220 // Check if startCameraOps succeeded, and if so, finish the camera op
2221 if (mOpsActive) {
2222 // Notify app ops that the camera is available again
2223 mAppOpsManager.finishOp(AppOpsManager::OP_CAMERA, mClientUid,
2224 mClientPackageName);
2225 mOpsActive = false;
2226
2227 std::initializer_list<StatusInternal> rejected = {StatusInternal::PRESENT,
2228 StatusInternal::ENUMERATING};
2229
2230 // Transition to PRESENT if the camera is not in either of the rejected states
2231 sCameraService->updateStatus(StatusInternal::PRESENT,
2232 mCameraIdStr, rejected);
2233
2234 // Transition device state to CLOSED
2235 sCameraService->updateProxyDeviceState(ICameraServiceProxy::CAMERA_STATE_CLOSED,
2236 mCameraIdStr);
2237 }
2238 // Always stop watching, even if no camera op is active
2239 if (mOpsCallback != NULL) {
2240 mAppOpsManager.stopWatchingMode(mOpsCallback);
2241 }
2242 mOpsCallback.clear();
2243
2244 return OK;
2245 }
2246
opChanged(int32_t op,const String16 & packageName)2247 void CameraService::BasicClient::opChanged(int32_t op, const String16& packageName) {
2248 ATRACE_CALL();
2249
2250 String8 name(packageName);
2251 String8 myName(mClientPackageName);
2252
2253 if (op != AppOpsManager::OP_CAMERA) {
2254 ALOGW("Unexpected app ops notification received: %d", op);
2255 return;
2256 }
2257
2258 int32_t res;
2259 res = mAppOpsManager.checkOp(AppOpsManager::OP_CAMERA,
2260 mClientUid, mClientPackageName);
2261 ALOGV("checkOp returns: %d, %s ", res,
2262 res == AppOpsManager::MODE_ALLOWED ? "ALLOWED" :
2263 res == AppOpsManager::MODE_IGNORED ? "IGNORED" :
2264 res == AppOpsManager::MODE_ERRORED ? "ERRORED" :
2265 "UNKNOWN");
2266
2267 if (res != AppOpsManager::MODE_ALLOWED) {
2268 ALOGI("Camera %s: Access for \"%s\" revoked", mCameraIdStr.string(),
2269 myName.string());
2270 // Reset the client PID to allow server-initiated disconnect,
2271 // and to prevent further calls by client.
2272 mClientPid = getCallingPid();
2273 CaptureResultExtras resultExtras; // a dummy result (invalid)
2274 notifyError(hardware::camera2::ICameraDeviceCallbacks::ERROR_CAMERA_SERVICE, resultExtras);
2275 disconnect();
2276 }
2277 }
2278
2279 // ----------------------------------------------------------------------------
2280
notifyError(int32_t errorCode,const CaptureResultExtras & resultExtras)2281 void CameraService::Client::notifyError(int32_t errorCode,
2282 const CaptureResultExtras& resultExtras) {
2283 (void) errorCode;
2284 (void) resultExtras;
2285 if (mRemoteCallback != NULL) {
2286 mRemoteCallback->notifyCallback(CAMERA_MSG_ERROR, CAMERA_ERROR_RELEASED, 0);
2287 } else {
2288 ALOGE("mRemoteCallback is NULL!!");
2289 }
2290 }
2291
2292 // NOTE: function is idempotent
disconnect()2293 binder::Status CameraService::Client::disconnect() {
2294 ALOGV("Client::disconnect");
2295 return BasicClient::disconnect();
2296 }
2297
canCastToApiClient(apiLevel level) const2298 bool CameraService::Client::canCastToApiClient(apiLevel level) const {
2299 return level == API_1;
2300 }
2301
OpsCallback(wp<BasicClient> client)2302 CameraService::Client::OpsCallback::OpsCallback(wp<BasicClient> client):
2303 mClient(client) {
2304 }
2305
opChanged(int32_t op,const String16 & packageName)2306 void CameraService::Client::OpsCallback::opChanged(int32_t op,
2307 const String16& packageName) {
2308 sp<BasicClient> client = mClient.promote();
2309 if (client != NULL) {
2310 client->opChanged(op, packageName);
2311 }
2312 }
2313
2314 // ----------------------------------------------------------------------------
2315 // CameraState
2316 // ----------------------------------------------------------------------------
2317
CameraState(const String8 & id,int cost,const std::set<String8> & conflicting)2318 CameraService::CameraState::CameraState(const String8& id, int cost,
2319 const std::set<String8>& conflicting) : mId(id),
2320 mStatus(StatusInternal::PRESENT), mCost(cost), mConflicting(conflicting) {}
2321
~CameraState()2322 CameraService::CameraState::~CameraState() {}
2323
getStatus() const2324 CameraService::StatusInternal CameraService::CameraState::getStatus() const {
2325 Mutex::Autolock lock(mStatusLock);
2326 return mStatus;
2327 }
2328
getShimParams() const2329 CameraParameters CameraService::CameraState::getShimParams() const {
2330 return mShimParams;
2331 }
2332
setShimParams(const CameraParameters & params)2333 void CameraService::CameraState::setShimParams(const CameraParameters& params) {
2334 mShimParams = params;
2335 }
2336
getCost() const2337 int CameraService::CameraState::getCost() const {
2338 return mCost;
2339 }
2340
getConflicting() const2341 std::set<String8> CameraService::CameraState::getConflicting() const {
2342 return mConflicting;
2343 }
2344
getId() const2345 String8 CameraService::CameraState::getId() const {
2346 return mId;
2347 }
2348
2349 // ----------------------------------------------------------------------------
2350 // ClientEventListener
2351 // ----------------------------------------------------------------------------
2352
onClientAdded(const resource_policy::ClientDescriptor<String8,sp<CameraService::BasicClient>> & descriptor)2353 void CameraService::ClientEventListener::onClientAdded(
2354 const resource_policy::ClientDescriptor<String8,
2355 sp<CameraService::BasicClient>>& descriptor) {
2356 const auto& basicClient = descriptor.getValue();
2357 if (basicClient.get() != nullptr) {
2358 BatteryNotifier& notifier(BatteryNotifier::getInstance());
2359 notifier.noteStartCamera(descriptor.getKey(),
2360 static_cast<int>(basicClient->getClientUid()));
2361 }
2362 }
2363
onClientRemoved(const resource_policy::ClientDescriptor<String8,sp<CameraService::BasicClient>> & descriptor)2364 void CameraService::ClientEventListener::onClientRemoved(
2365 const resource_policy::ClientDescriptor<String8,
2366 sp<CameraService::BasicClient>>& descriptor) {
2367 const auto& basicClient = descriptor.getValue();
2368 if (basicClient.get() != nullptr) {
2369 BatteryNotifier& notifier(BatteryNotifier::getInstance());
2370 notifier.noteStopCamera(descriptor.getKey(),
2371 static_cast<int>(basicClient->getClientUid()));
2372 }
2373 }
2374
2375
2376 // ----------------------------------------------------------------------------
2377 // CameraClientManager
2378 // ----------------------------------------------------------------------------
2379
CameraClientManager()2380 CameraService::CameraClientManager::CameraClientManager() {
2381 setListener(std::make_shared<ClientEventListener>());
2382 }
2383
~CameraClientManager()2384 CameraService::CameraClientManager::~CameraClientManager() {}
2385
getCameraClient(const String8 & id) const2386 sp<CameraService::BasicClient> CameraService::CameraClientManager::getCameraClient(
2387 const String8& id) const {
2388 auto descriptor = get(id);
2389 if (descriptor == nullptr) {
2390 return sp<BasicClient>{nullptr};
2391 }
2392 return descriptor->getValue();
2393 }
2394
toString() const2395 String8 CameraService::CameraClientManager::toString() const {
2396 auto all = getAll();
2397 String8 ret("[");
2398 bool hasAny = false;
2399 for (auto& i : all) {
2400 hasAny = true;
2401 String8 key = i->getKey();
2402 int32_t cost = i->getCost();
2403 int32_t pid = i->getOwnerId();
2404 int32_t score = i->getPriority().getScore();
2405 int32_t state = i->getPriority().getState();
2406 auto conflicting = i->getConflicting();
2407 auto clientSp = i->getValue();
2408 String8 packageName;
2409 userid_t clientUserId = 0;
2410 if (clientSp.get() != nullptr) {
2411 packageName = String8{clientSp->getPackageName()};
2412 uid_t clientUid = clientSp->getClientUid();
2413 clientUserId = multiuser_get_user_id(clientUid);
2414 }
2415 ret.appendFormat("\n(Camera ID: %s, Cost: %" PRId32 ", PID: %" PRId32 ", Score: %"
2416 PRId32 ", State: %" PRId32, key.string(), cost, pid, score, state);
2417
2418 if (clientSp.get() != nullptr) {
2419 ret.appendFormat("User Id: %d, ", clientUserId);
2420 }
2421 if (packageName.size() != 0) {
2422 ret.appendFormat("Client Package Name: %s", packageName.string());
2423 }
2424
2425 ret.append(", Conflicting Client Devices: {");
2426 for (auto& j : conflicting) {
2427 ret.appendFormat("%s, ", j.string());
2428 }
2429 ret.append("})");
2430 }
2431 if (hasAny) ret.append("\n");
2432 ret.append("]\n");
2433 return ret;
2434 }
2435
makeClientDescriptor(const String8 & key,const sp<BasicClient> & value,int32_t cost,const std::set<String8> & conflictingKeys,int32_t score,int32_t ownerId,int32_t state)2436 CameraService::DescriptorPtr CameraService::CameraClientManager::makeClientDescriptor(
2437 const String8& key, const sp<BasicClient>& value, int32_t cost,
2438 const std::set<String8>& conflictingKeys, int32_t score, int32_t ownerId,
2439 int32_t state) {
2440
2441 return std::make_shared<resource_policy::ClientDescriptor<String8, sp<BasicClient>>>(
2442 key, value, cost, conflictingKeys, score, ownerId, state);
2443 }
2444
makeClientDescriptor(const sp<BasicClient> & value,const CameraService::DescriptorPtr & partial)2445 CameraService::DescriptorPtr CameraService::CameraClientManager::makeClientDescriptor(
2446 const sp<BasicClient>& value, const CameraService::DescriptorPtr& partial) {
2447 return makeClientDescriptor(partial->getKey(), value, partial->getCost(),
2448 partial->getConflicting(), partial->getPriority().getScore(),
2449 partial->getOwnerId(), partial->getPriority().getState());
2450 }
2451
2452 // ----------------------------------------------------------------------------
2453
2454 static const int kDumpLockRetries = 50;
2455 static const int kDumpLockSleep = 60000;
2456
tryLock(Mutex & mutex)2457 static bool tryLock(Mutex& mutex)
2458 {
2459 bool locked = false;
2460 for (int i = 0; i < kDumpLockRetries; ++i) {
2461 if (mutex.tryLock() == NO_ERROR) {
2462 locked = true;
2463 break;
2464 }
2465 usleep(kDumpLockSleep);
2466 }
2467 return locked;
2468 }
2469
dump(int fd,const Vector<String16> & args)2470 status_t CameraService::dump(int fd, const Vector<String16>& args) {
2471 ATRACE_CALL();
2472
2473 if (checkCallingPermission(String16("android.permission.DUMP")) == false) {
2474 dprintf(fd, "Permission Denial: can't dump CameraService from pid=%d, uid=%d\n",
2475 getCallingPid(),
2476 getCallingUid());
2477 return NO_ERROR;
2478 }
2479 bool locked = tryLock(mServiceLock);
2480 // failed to lock - CameraService is probably deadlocked
2481 if (!locked) {
2482 dprintf(fd, "!! CameraService may be deadlocked !!\n");
2483 }
2484
2485 if (!mInitialized) {
2486 dprintf(fd, "!! No camera HAL available !!\n");
2487
2488 // Dump event log for error information
2489 dumpEventLog(fd);
2490
2491 if (locked) mServiceLock.unlock();
2492 return NO_ERROR;
2493 }
2494 dprintf(fd, "\n== Service global info: ==\n\n");
2495 dprintf(fd, "Number of camera devices: %d\n", mNumberOfCameras);
2496 dprintf(fd, "Number of normal camera devices: %d\n", mNumberOfNormalCameras);
2497 String8 activeClientString = mActiveClientManager.toString();
2498 dprintf(fd, "Active Camera Clients:\n%s", activeClientString.string());
2499 dprintf(fd, "Allowed user IDs: %s\n", toString(mAllowedUsers).string());
2500
2501 dumpEventLog(fd);
2502
2503 bool stateLocked = tryLock(mCameraStatesLock);
2504 if (!stateLocked) {
2505 dprintf(fd, "CameraStates in use, may be deadlocked\n");
2506 }
2507
2508 for (auto& state : mCameraStates) {
2509 String8 cameraId = state.first;
2510
2511 dprintf(fd, "== Camera device %s dynamic info: ==\n", cameraId.string());
2512
2513 CameraParameters p = state.second->getShimParams();
2514 if (!p.isEmpty()) {
2515 dprintf(fd, " Camera1 API shim is using parameters:\n ");
2516 p.dump(fd, args);
2517 }
2518
2519 auto clientDescriptor = mActiveClientManager.get(cameraId);
2520 if (clientDescriptor != nullptr) {
2521 dprintf(fd, " Device %s is open. Client instance dump:\n",
2522 cameraId.string());
2523 dprintf(fd, " Client priority score: %d state: %d\n",
2524 clientDescriptor->getPriority().getScore(),
2525 clientDescriptor->getPriority().getState());
2526 dprintf(fd, " Client PID: %d\n", clientDescriptor->getOwnerId());
2527
2528 auto client = clientDescriptor->getValue();
2529 dprintf(fd, " Client package: %s\n",
2530 String8(client->getPackageName()).string());
2531
2532 client->dumpClient(fd, args);
2533 } else {
2534 dprintf(fd, " Device %s is closed, no client instance\n",
2535 cameraId.string());
2536 }
2537
2538 }
2539
2540 if (stateLocked) mCameraStatesLock.unlock();
2541
2542 if (locked) mServiceLock.unlock();
2543
2544 mCameraProviderManager->dump(fd, args);
2545
2546 dprintf(fd, "\n== Vendor tags: ==\n\n");
2547
2548 sp<VendorTagDescriptor> desc = VendorTagDescriptor::getGlobalVendorTagDescriptor();
2549 if (desc == NULL) {
2550 sp<VendorTagDescriptorCache> cache =
2551 VendorTagDescriptorCache::getGlobalVendorTagCache();
2552 if (cache == NULL) {
2553 dprintf(fd, "No vendor tags.\n");
2554 } else {
2555 cache->dump(fd, /*verbosity*/2, /*indentation*/2);
2556 }
2557 } else {
2558 desc->dump(fd, /*verbosity*/2, /*indentation*/2);
2559 }
2560
2561 // Dump camera traces if there were any
2562 dprintf(fd, "\n");
2563 camera3::CameraTraces::dump(fd, args);
2564
2565 // Process dump arguments, if any
2566 int n = args.size();
2567 String16 verboseOption("-v");
2568 String16 unreachableOption("--unreachable");
2569 for (int i = 0; i < n; i++) {
2570 if (args[i] == verboseOption) {
2571 // change logging level
2572 if (i + 1 >= n) continue;
2573 String8 levelStr(args[i+1]);
2574 int level = atoi(levelStr.string());
2575 dprintf(fd, "\nSetting log level to %d.\n", level);
2576 setLogLevel(level);
2577 } else if (args[i] == unreachableOption) {
2578 // Dump memory analysis
2579 // TODO - should limit be an argument parameter?
2580 UnreachableMemoryInfo info;
2581 bool success = GetUnreachableMemory(info, /*limit*/ 10000);
2582 if (!success) {
2583 dprintf(fd, "\n== Unable to dump unreachable memory. "
2584 "Try disabling SELinux enforcement. ==\n");
2585 } else {
2586 dprintf(fd, "\n== Dumping unreachable memory: ==\n");
2587 std::string s = info.ToString(/*log_contents*/ true);
2588 write(fd, s.c_str(), s.size());
2589 }
2590 }
2591 }
2592 return NO_ERROR;
2593 }
2594
dumpEventLog(int fd)2595 void CameraService::dumpEventLog(int fd) {
2596 dprintf(fd, "\n== Camera service events log (most recent at top): ==\n");
2597
2598 Mutex::Autolock l(mLogLock);
2599 for (const auto& msg : mEventLog) {
2600 dprintf(fd, " %s\n", msg.string());
2601 }
2602
2603 if (mEventLog.size() == DEFAULT_EVENT_LOG_LENGTH) {
2604 dprintf(fd, " ...\n");
2605 } else if (mEventLog.size() == 0) {
2606 dprintf(fd, " [no events yet]\n");
2607 }
2608 dprintf(fd, "\n");
2609 }
2610
handleTorchClientBinderDied(const wp<IBinder> & who)2611 void CameraService::handleTorchClientBinderDied(const wp<IBinder> &who) {
2612 Mutex::Autolock al(mTorchClientMapMutex);
2613 for (size_t i = 0; i < mTorchClientMap.size(); i++) {
2614 if (mTorchClientMap[i] == who) {
2615 // turn off the torch mode that was turned on by dead client
2616 String8 cameraId = mTorchClientMap.keyAt(i);
2617 status_t res = mFlashlight->setTorchMode(cameraId, false);
2618 if (res) {
2619 ALOGE("%s: torch client died but couldn't turn off torch: "
2620 "%s (%d)", __FUNCTION__, strerror(-res), res);
2621 return;
2622 }
2623 mTorchClientMap.removeItemsAt(i);
2624 break;
2625 }
2626 }
2627 }
2628
binderDied(const wp<IBinder> & who)2629 /*virtual*/void CameraService::binderDied(const wp<IBinder> &who) {
2630
2631 /**
2632 * While tempting to promote the wp<IBinder> into a sp, it's actually not supported by the
2633 * binder driver
2634 */
2635
2636 logClientDied(getCallingPid(), String8("Binder died unexpectedly"));
2637
2638 // check torch client
2639 handleTorchClientBinderDied(who);
2640
2641 // check camera device client
2642 if(!evictClientIdByRemote(who)) {
2643 ALOGV("%s: Java client's binder death already cleaned up (normal case)", __FUNCTION__);
2644 return;
2645 }
2646
2647 ALOGE("%s: Java client's binder died, removing it from the list of active clients",
2648 __FUNCTION__);
2649 }
2650
updateStatus(StatusInternal status,const String8 & cameraId)2651 void CameraService::updateStatus(StatusInternal status, const String8& cameraId) {
2652 updateStatus(status, cameraId, {});
2653 }
2654
updateStatus(StatusInternal status,const String8 & cameraId,std::initializer_list<StatusInternal> rejectSourceStates)2655 void CameraService::updateStatus(StatusInternal status, const String8& cameraId,
2656 std::initializer_list<StatusInternal> rejectSourceStates) {
2657 // Do not lock mServiceLock here or can get into a deadlock from
2658 // connect() -> disconnect -> updateStatus
2659
2660 auto state = getCameraState(cameraId);
2661
2662 if (state == nullptr) {
2663 ALOGW("%s: Could not update the status for %s, no such device exists", __FUNCTION__,
2664 cameraId.string());
2665 return;
2666 }
2667
2668 // Update the status for this camera state, then send the onStatusChangedCallbacks to each
2669 // of the listeners with both the mStatusStatus and mStatusListenerLock held
2670 state->updateStatus(status, cameraId, rejectSourceStates, [this]
2671 (const String8& cameraId, StatusInternal status) {
2672
2673 if (status != StatusInternal::ENUMERATING) {
2674 // Update torch status if it has a flash unit.
2675 Mutex::Autolock al(mTorchStatusMutex);
2676 TorchModeStatus torchStatus;
2677 if (getTorchStatusLocked(cameraId, &torchStatus) !=
2678 NAME_NOT_FOUND) {
2679 TorchModeStatus newTorchStatus =
2680 status == StatusInternal::PRESENT ?
2681 TorchModeStatus::AVAILABLE_OFF :
2682 TorchModeStatus::NOT_AVAILABLE;
2683 if (torchStatus != newTorchStatus) {
2684 onTorchStatusChangedLocked(cameraId, newTorchStatus);
2685 }
2686 }
2687 }
2688
2689 Mutex::Autolock lock(mStatusListenerLock);
2690
2691 for (auto& listener : mListenerList) {
2692 listener->onStatusChanged(mapToInterface(status), String16(cameraId));
2693 }
2694 });
2695 }
2696
2697 template<class Func>
updateStatus(StatusInternal status,const String8 & cameraId,std::initializer_list<StatusInternal> rejectSourceStates,Func onStatusUpdatedLocked)2698 void CameraService::CameraState::updateStatus(StatusInternal status,
2699 const String8& cameraId,
2700 std::initializer_list<StatusInternal> rejectSourceStates,
2701 Func onStatusUpdatedLocked) {
2702 Mutex::Autolock lock(mStatusLock);
2703 StatusInternal oldStatus = mStatus;
2704 mStatus = status;
2705
2706 if (oldStatus == status) {
2707 return;
2708 }
2709
2710 ALOGV("%s: Status has changed for camera ID %s from %#x to %#x", __FUNCTION__,
2711 cameraId.string(), oldStatus, status);
2712
2713 if (oldStatus == StatusInternal::NOT_PRESENT &&
2714 (status != StatusInternal::PRESENT &&
2715 status != StatusInternal::ENUMERATING)) {
2716
2717 ALOGW("%s: From NOT_PRESENT can only transition into PRESENT or ENUMERATING",
2718 __FUNCTION__);
2719 mStatus = oldStatus;
2720 return;
2721 }
2722
2723 /**
2724 * Sometimes we want to conditionally do a transition.
2725 * For example if a client disconnects, we want to go to PRESENT
2726 * only if we weren't already in NOT_PRESENT or ENUMERATING.
2727 */
2728 for (auto& rejectStatus : rejectSourceStates) {
2729 if (oldStatus == rejectStatus) {
2730 ALOGV("%s: Rejecting status transition for Camera ID %s, since the source "
2731 "state was was in one of the bad states.", __FUNCTION__, cameraId.string());
2732 mStatus = oldStatus;
2733 return;
2734 }
2735 }
2736
2737 onStatusUpdatedLocked(cameraId, status);
2738 }
2739
updateProxyDeviceState(ICameraServiceProxy::CameraState newState,const String8 & cameraId)2740 void CameraService::updateProxyDeviceState(ICameraServiceProxy::CameraState newState,
2741 const String8& cameraId) {
2742 sp<ICameraServiceProxy> proxyBinder = getCameraServiceProxy();
2743 if (proxyBinder == nullptr) return;
2744 String16 id(cameraId);
2745 proxyBinder->notifyCameraState(id, newState);
2746 }
2747
getTorchStatusLocked(const String8 & cameraId,TorchModeStatus * status) const2748 status_t CameraService::getTorchStatusLocked(
2749 const String8& cameraId,
2750 TorchModeStatus *status) const {
2751 if (!status) {
2752 return BAD_VALUE;
2753 }
2754 ssize_t index = mTorchStatusMap.indexOfKey(cameraId);
2755 if (index == NAME_NOT_FOUND) {
2756 // invalid camera ID or the camera doesn't have a flash unit
2757 return NAME_NOT_FOUND;
2758 }
2759
2760 *status = mTorchStatusMap.valueAt(index);
2761 return OK;
2762 }
2763
setTorchStatusLocked(const String8 & cameraId,TorchModeStatus status)2764 status_t CameraService::setTorchStatusLocked(const String8& cameraId,
2765 TorchModeStatus status) {
2766 ssize_t index = mTorchStatusMap.indexOfKey(cameraId);
2767 if (index == NAME_NOT_FOUND) {
2768 return BAD_VALUE;
2769 }
2770 mTorchStatusMap.editValueAt(index) = status;
2771
2772 return OK;
2773 }
2774
2775 }; // namespace android
2776