1/* 2 * Copyright (C) 2008 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17#define LOG_TAG "CameraService" 18#define ATRACE_TAG ATRACE_TAG_CAMERA 19//#define LOG_NDEBUG 0 20 21#include <algorithm> 22#include <climits> 23#include <stdio.h> 24#include <cstring> 25#include <ctime> 26#include <string> 27#include <sys/types.h> 28#include <inttypes.h> 29#include <pthread.h> 30 31#include <android/hardware/ICamera.h> 32#include <android/hardware/ICameraClient.h> 33 34#include <android-base/macros.h> 35#include <android-base/parseint.h> 36#include <binder/AppOpsManager.h> 37#include <binder/IPCThreadState.h> 38#include <binder/IServiceManager.h> 39#include <binder/MemoryBase.h> 40#include <binder/MemoryHeapBase.h> 41#include <binder/ProcessInfoService.h> 42#include <cutils/atomic.h> 43#include <cutils/properties.h> 44#include <gui/Surface.h> 45#include <hardware/hardware.h> 46#include <memunreachable/memunreachable.h> 47#include <media/AudioSystem.h> 48#include <media/IMediaHTTPService.h> 49#include <media/mediaplayer.h> 50#include <mediautils/BatteryNotifier.h> 51#include <utils/Errors.h> 52#include <utils/Log.h> 53#include <utils/String16.h> 54#include <utils/Trace.h> 55#include <private/android_filesystem_config.h> 56#include <system/camera_vendor_tags.h> 57#include <system/camera_metadata.h> 58 59#include <system/camera.h> 60 61#include "CameraService.h" 62#include "api1/CameraClient.h" 63#include "api1/Camera2Client.h" 64#include "api2/CameraDeviceClient.h" 65#include "utils/CameraTraces.h" 66 67namespace { 68 const char* kPermissionServiceName = "permission"; 69}; // namespace anonymous 70 71namespace android { 72 73using binder::Status; 74using hardware::ICamera; 75using hardware::ICameraClient; 76using hardware::ICameraServiceListener; 77using hardware::camera::common::V1_0::CameraDeviceStatus; 78using hardware::camera::common::V1_0::TorchModeStatus; 79 80// ---------------------------------------------------------------------------- 81// Logging support -- this is for debugging only 82// Use "adb shell dumpsys media.camera -v 1" to change it. 83volatile int32_t gLogLevel = 0; 84 85#define LOG1(...) ALOGD_IF(gLogLevel >= 1, __VA_ARGS__); 86#define LOG2(...) ALOGD_IF(gLogLevel >= 2, __VA_ARGS__); 87 88static void setLogLevel(int level) { 89 android_atomic_write(level, &gLogLevel); 90} 91 92// Convenience methods for constructing binder::Status objects for error returns 93 94#define STATUS_ERROR(errorCode, errorString) \ 95 binder::Status::fromServiceSpecificError(errorCode, \ 96 String8::format("%s:%d: %s", __FUNCTION__, __LINE__, errorString)) 97 98#define STATUS_ERROR_FMT(errorCode, errorString, ...) \ 99 binder::Status::fromServiceSpecificError(errorCode, \ 100 String8::format("%s:%d: " errorString, __FUNCTION__, __LINE__, \ 101 __VA_ARGS__)) 102 103// ---------------------------------------------------------------------------- 104 105extern "C" { 106static void camera_device_status_change( 107 const struct camera_module_callbacks* callbacks, 108 int camera_id, 109 int new_status) { 110 sp<CameraService> cs = const_cast<CameraService*>( 111 static_cast<const CameraService*>(callbacks)); 112 String8 id = String8::format("%d", camera_id); 113 114 CameraDeviceStatus newStatus{CameraDeviceStatus::NOT_PRESENT}; 115 switch (new_status) { 116 case CAMERA_DEVICE_STATUS_NOT_PRESENT: 117 newStatus = CameraDeviceStatus::NOT_PRESENT; 118 break; 119 case CAMERA_DEVICE_STATUS_PRESENT: 120 newStatus = CameraDeviceStatus::PRESENT; 121 break; 122 case CAMERA_DEVICE_STATUS_ENUMERATING: 123 newStatus = CameraDeviceStatus::ENUMERATING; 124 break; 125 default: 126 ALOGW("Unknown device status change to %d", new_status); 127 break; 128 } 129 cs->onDeviceStatusChanged(id, newStatus); 130} 131 132static void torch_mode_status_change( 133 const struct camera_module_callbacks* callbacks, 134 const char* camera_id, 135 int new_status) { 136 if (!callbacks || !camera_id) { 137 ALOGE("%s invalid parameters. callbacks %p, camera_id %p", __FUNCTION__, 138 callbacks, camera_id); 139 } 140 sp<CameraService> cs = const_cast<CameraService*>( 141 static_cast<const CameraService*>(callbacks)); 142 143 TorchModeStatus status; 144 switch (new_status) { 145 case TORCH_MODE_STATUS_NOT_AVAILABLE: 146 status = TorchModeStatus::NOT_AVAILABLE; 147 break; 148 case TORCH_MODE_STATUS_AVAILABLE_OFF: 149 status = TorchModeStatus::AVAILABLE_OFF; 150 break; 151 case TORCH_MODE_STATUS_AVAILABLE_ON: 152 status = TorchModeStatus::AVAILABLE_ON; 153 break; 154 default: 155 ALOGE("Unknown torch status %d", new_status); 156 return; 157 } 158 159 cs->onTorchStatusChanged( 160 String8(camera_id), 161 status); 162} 163} // extern "C" 164 165// ---------------------------------------------------------------------------- 166 167CameraService::CameraService() : 168 mEventLog(DEFAULT_EVENT_LOG_LENGTH), 169 mNumberOfCameras(0), mNumberOfNormalCameras(0), 170 mSoundRef(0), mInitialized(false) { 171 ALOGI("CameraService started (pid=%d)", getpid()); 172 173 this->camera_device_status_change = android::camera_device_status_change; 174 this->torch_mode_status_change = android::torch_mode_status_change; 175 176 mServiceLockWrapper = std::make_shared<WaitableMutexWrapper>(&mServiceLock); 177} 178 179void CameraService::onFirstRef() 180{ 181 ALOGI("CameraService process starting"); 182 183 BnCameraService::onFirstRef(); 184 185 // Update battery life tracking if service is restarting 186 BatteryNotifier& notifier(BatteryNotifier::getInstance()); 187 notifier.noteResetCamera(); 188 notifier.noteResetFlashlight(); 189 190 status_t res = INVALID_OPERATION; 191 192 res = enumerateProviders(); 193 if (res == OK) { 194 mInitialized = true; 195 } 196 197 CameraService::pingCameraServiceProxy(); 198} 199 200status_t CameraService::enumerateProviders() { 201 status_t res; 202 Mutex::Autolock l(mServiceLock); 203 204 if (nullptr == mCameraProviderManager.get()) { 205 mCameraProviderManager = new CameraProviderManager(); 206 res = mCameraProviderManager->initialize(this); 207 if (res != OK) { 208 ALOGE("%s: Unable to initialize camera provider manager: %s (%d)", 209 __FUNCTION__, strerror(-res), res); 210 return res; 211 } 212 } 213 214 mNumberOfCameras = mCameraProviderManager->getCameraCount(); 215 mNumberOfNormalCameras = 216 mCameraProviderManager->getAPI1CompatibleCameraCount(); 217 218 // Setup vendor tags before we call get_camera_info the first time 219 // because HAL might need to setup static vendor keys in get_camera_info 220 // TODO: maybe put this into CameraProviderManager::initialize()? 221 mCameraProviderManager->setUpVendorTags(); 222 223 if (nullptr == mFlashlight.get()) { 224 mFlashlight = new CameraFlashlight(mCameraProviderManager, this); 225 } 226 227 res = mFlashlight->findFlashUnits(); 228 if (res != OK) { 229 ALOGE("Failed to enumerate flash units: %s (%d)", strerror(-res), res); 230 } 231 232 for (auto& cameraId : mCameraProviderManager->getCameraDeviceIds()) { 233 String8 id8 = String8(cameraId.c_str()); 234 { 235 Mutex::Autolock lock(mCameraStatesLock); 236 auto iter = mCameraStates.find(id8); 237 if (iter != mCameraStates.end()) { 238 continue; 239 } 240 } 241 242 hardware::camera::common::V1_0::CameraResourceCost cost; 243 res = mCameraProviderManager->getResourceCost(cameraId, &cost); 244 if (res != OK) { 245 ALOGE("Failed to query device resource cost: %s (%d)", strerror(-res), res); 246 continue; 247 } 248 std::set<String8> conflicting; 249 for (size_t i = 0; i < cost.conflictingDevices.size(); i++) { 250 conflicting.emplace(String8(cost.conflictingDevices[i].c_str())); 251 } 252 253 { 254 Mutex::Autolock lock(mCameraStatesLock); 255 mCameraStates.emplace(id8, 256 std::make_shared<CameraState>(id8, cost.resourceCost, conflicting)); 257 } 258 259 onDeviceStatusChanged(id8, CameraDeviceStatus::PRESENT); 260 261 if (mFlashlight->hasFlashUnit(id8)) { 262 mTorchStatusMap.add(id8, TorchModeStatus::AVAILABLE_OFF); 263 } 264 } 265 266 return OK; 267} 268 269sp<ICameraServiceProxy> CameraService::getCameraServiceProxy() { 270 sp<ICameraServiceProxy> proxyBinder = nullptr; 271#ifndef __BRILLO__ 272 sp<IServiceManager> sm = defaultServiceManager(); 273 // Use checkService because cameraserver normally starts before the 274 // system server and the proxy service. So the long timeout that getService 275 // has before giving up is inappropriate. 276 sp<IBinder> binder = sm->checkService(String16("media.camera.proxy")); 277 if (binder != nullptr) { 278 proxyBinder = interface_cast<ICameraServiceProxy>(binder); 279 } 280#endif 281 return proxyBinder; 282} 283 284void CameraService::pingCameraServiceProxy() { 285 sp<ICameraServiceProxy> proxyBinder = getCameraServiceProxy(); 286 if (proxyBinder == nullptr) return; 287 proxyBinder->pingForUserUpdate(); 288} 289 290CameraService::~CameraService() { 291 VendorTagDescriptor::clearGlobalVendorTagDescriptor(); 292} 293 294void CameraService::onNewProviderRegistered() { 295 enumerateProviders(); 296} 297 298void CameraService::onDeviceStatusChanged(const String8& id, 299 CameraDeviceStatus newHalStatus) { 300 ALOGI("%s: Status changed for cameraId=%s, newStatus=%d", __FUNCTION__, 301 id.string(), newHalStatus); 302 303 StatusInternal newStatus = mapToInternal(newHalStatus); 304 305 std::shared_ptr<CameraState> state = getCameraState(id); 306 307 if (state == nullptr) { 308 if (newStatus == StatusInternal::PRESENT) { 309 ALOGW("%s: Unknown camera ID %s, probably newly registered?", 310 __FUNCTION__, id.string()); 311 } else { 312 ALOGE("%s: Bad camera ID %s", __FUNCTION__, id.string()); 313 } 314 return; 315 } 316 317 StatusInternal oldStatus = state->getStatus(); 318 319 if (oldStatus == newStatus) { 320 ALOGE("%s: State transition to the same status %#x not allowed", __FUNCTION__, newStatus); 321 return; 322 } 323 324 if (newStatus == StatusInternal::NOT_PRESENT) { 325 logDeviceRemoved(id, String8::format("Device status changed from %d to %d", oldStatus, 326 newStatus)); 327 sp<BasicClient> clientToDisconnect; 328 { 329 // Don't do this in updateStatus to avoid deadlock over mServiceLock 330 Mutex::Autolock lock(mServiceLock); 331 332 // Set the device status to NOT_PRESENT, clients will no longer be able to connect 333 // to this device until the status changes 334 updateStatus(StatusInternal::NOT_PRESENT, id); 335 336 // Remove cached shim parameters 337 state->setShimParams(CameraParameters()); 338 339 // Remove the client from the list of active clients, if there is one 340 clientToDisconnect = removeClientLocked(id); 341 } 342 343 // Disconnect client 344 if (clientToDisconnect.get() != nullptr) { 345 ALOGI("%s: Client for camera ID %s evicted due to device status change from HAL", 346 __FUNCTION__, id.string()); 347 // Notify the client of disconnection 348 clientToDisconnect->notifyError( 349 hardware::camera2::ICameraDeviceCallbacks::ERROR_CAMERA_DISCONNECTED, 350 CaptureResultExtras{}); 351 // Ensure not in binder RPC so client disconnect PID checks work correctly 352 LOG_ALWAYS_FATAL_IF(getCallingPid() != getpid(), 353 "onDeviceStatusChanged must be called from the camera service process!"); 354 clientToDisconnect->disconnect(); 355 } 356 357 } else { 358 if (oldStatus == StatusInternal::NOT_PRESENT) { 359 logDeviceAdded(id, String8::format("Device status changed from %d to %d", oldStatus, 360 newStatus)); 361 } 362 updateStatus(newStatus, id); 363 } 364 365} 366 367void CameraService::onTorchStatusChanged(const String8& cameraId, 368 TorchModeStatus newStatus) { 369 Mutex::Autolock al(mTorchStatusMutex); 370 onTorchStatusChangedLocked(cameraId, newStatus); 371} 372 373void CameraService::onTorchStatusChangedLocked(const String8& cameraId, 374 TorchModeStatus newStatus) { 375 ALOGI("%s: Torch status changed for cameraId=%s, newStatus=%d", 376 __FUNCTION__, cameraId.string(), newStatus); 377 378 TorchModeStatus status; 379 status_t res = getTorchStatusLocked(cameraId, &status); 380 if (res) { 381 ALOGE("%s: cannot get torch status of camera %s: %s (%d)", 382 __FUNCTION__, cameraId.string(), strerror(-res), res); 383 return; 384 } 385 if (status == newStatus) { 386 return; 387 } 388 389 res = setTorchStatusLocked(cameraId, newStatus); 390 if (res) { 391 ALOGE("%s: Failed to set the torch status to %d: %s (%d)", __FUNCTION__, 392 (uint32_t)newStatus, strerror(-res), res); 393 return; 394 } 395 396 { 397 // Update battery life logging for flashlight 398 Mutex::Autolock al(mTorchUidMapMutex); 399 auto iter = mTorchUidMap.find(cameraId); 400 if (iter != mTorchUidMap.end()) { 401 int oldUid = iter->second.second; 402 int newUid = iter->second.first; 403 BatteryNotifier& notifier(BatteryNotifier::getInstance()); 404 if (oldUid != newUid) { 405 // If the UID has changed, log the status and update current UID in mTorchUidMap 406 if (status == TorchModeStatus::AVAILABLE_ON) { 407 notifier.noteFlashlightOff(cameraId, oldUid); 408 } 409 if (newStatus == TorchModeStatus::AVAILABLE_ON) { 410 notifier.noteFlashlightOn(cameraId, newUid); 411 } 412 iter->second.second = newUid; 413 } else { 414 // If the UID has not changed, log the status 415 if (newStatus == TorchModeStatus::AVAILABLE_ON) { 416 notifier.noteFlashlightOn(cameraId, oldUid); 417 } else { 418 notifier.noteFlashlightOff(cameraId, oldUid); 419 } 420 } 421 } 422 } 423 424 { 425 Mutex::Autolock lock(mStatusListenerLock); 426 for (auto& i : mListenerList) { 427 i->onTorchStatusChanged(mapToInterface(newStatus), String16{cameraId}); 428 } 429 } 430} 431 432Status CameraService::getNumberOfCameras(int32_t type, int32_t* numCameras) { 433 ATRACE_CALL(); 434 Mutex::Autolock l(mServiceLock); 435 switch (type) { 436 case CAMERA_TYPE_BACKWARD_COMPATIBLE: 437 *numCameras = mNumberOfNormalCameras; 438 break; 439 case CAMERA_TYPE_ALL: 440 *numCameras = mNumberOfCameras; 441 break; 442 default: 443 ALOGW("%s: Unknown camera type %d", 444 __FUNCTION__, type); 445 return STATUS_ERROR_FMT(ERROR_ILLEGAL_ARGUMENT, 446 "Unknown camera type %d", type); 447 } 448 return Status::ok(); 449} 450 451Status CameraService::getCameraInfo(int cameraId, 452 CameraInfo* cameraInfo) { 453 ATRACE_CALL(); 454 Mutex::Autolock l(mServiceLock); 455 456 if (!mInitialized) { 457 return STATUS_ERROR(ERROR_DISCONNECTED, 458 "Camera subsystem is not available"); 459 } 460 461 if (cameraId < 0 || cameraId >= mNumberOfCameras) { 462 return STATUS_ERROR(ERROR_ILLEGAL_ARGUMENT, 463 "CameraId is not valid"); 464 } 465 466 Status ret = Status::ok(); 467 status_t err = mCameraProviderManager->getCameraInfo(std::to_string(cameraId), cameraInfo); 468 if (err != OK) { 469 ret = STATUS_ERROR_FMT(ERROR_INVALID_OPERATION, 470 "Error retrieving camera info from device %d: %s (%d)", cameraId, 471 strerror(-err), err); 472 } 473 474 return ret; 475} 476 477int CameraService::cameraIdToInt(const String8& cameraId) { 478 int id; 479 bool success = base::ParseInt(cameraId.string(), &id, 0); 480 if (!success) { 481 return -1; 482 } 483 return id; 484} 485 486Status CameraService::getCameraCharacteristics(const String16& cameraId, 487 CameraMetadata* cameraInfo) { 488 ATRACE_CALL(); 489 if (!cameraInfo) { 490 ALOGE("%s: cameraInfo is NULL", __FUNCTION__); 491 return STATUS_ERROR(ERROR_ILLEGAL_ARGUMENT, "cameraInfo is NULL"); 492 } 493 494 if (!mInitialized) { 495 ALOGE("%s: Camera HAL couldn't be initialized", __FUNCTION__); 496 return STATUS_ERROR(ERROR_DISCONNECTED, 497 "Camera subsystem is not available");; 498 } 499 500 Status ret{}; 501 502 status_t res = mCameraProviderManager->getCameraCharacteristics( 503 String8(cameraId).string(), cameraInfo); 504 if (res != OK) { 505 return STATUS_ERROR_FMT(ERROR_INVALID_OPERATION, "Unable to retrieve camera " 506 "characteristics for device %s: %s (%d)", String8(cameraId).string(), 507 strerror(-res), res); 508 } 509 510 return ret; 511} 512 513int CameraService::getCallingPid() { 514 return IPCThreadState::self()->getCallingPid(); 515} 516 517int CameraService::getCallingUid() { 518 return IPCThreadState::self()->getCallingUid(); 519} 520 521String8 CameraService::getFormattedCurrentTime() { 522 time_t now = time(nullptr); 523 char formattedTime[64]; 524 strftime(formattedTime, sizeof(formattedTime), "%m-%d %H:%M:%S", localtime(&now)); 525 return String8(formattedTime); 526} 527 528Status CameraService::getCameraVendorTagDescriptor( 529 /*out*/ 530 hardware::camera2::params::VendorTagDescriptor* desc) { 531 ATRACE_CALL(); 532 if (!mInitialized) { 533 ALOGE("%s: Camera HAL couldn't be initialized", __FUNCTION__); 534 return STATUS_ERROR(ERROR_DISCONNECTED, "Camera subsystem not available"); 535 } 536 sp<VendorTagDescriptor> globalDescriptor = VendorTagDescriptor::getGlobalVendorTagDescriptor(); 537 if (globalDescriptor != nullptr) { 538 *desc = *(globalDescriptor.get()); 539 } 540 return Status::ok(); 541} 542 543Status CameraService::getCameraVendorTagCache( 544 /*out*/ hardware::camera2::params::VendorTagDescriptorCache* cache) { 545 ATRACE_CALL(); 546 if (!mInitialized) { 547 ALOGE("%s: Camera HAL couldn't be initialized", __FUNCTION__); 548 return STATUS_ERROR(ERROR_DISCONNECTED, 549 "Camera subsystem not available"); 550 } 551 sp<VendorTagDescriptorCache> globalCache = 552 VendorTagDescriptorCache::getGlobalVendorTagCache(); 553 if (globalCache != nullptr) { 554 *cache = *(globalCache.get()); 555 } 556 return Status::ok(); 557} 558 559int CameraService::getDeviceVersion(const String8& cameraId, int* facing) { 560 ATRACE_CALL(); 561 562 int deviceVersion = 0; 563 564 status_t res; 565 hardware::hidl_version maxVersion{0,0}; 566 res = mCameraProviderManager->getHighestSupportedVersion(cameraId.string(), 567 &maxVersion); 568 if (res != OK) return -1; 569 deviceVersion = HARDWARE_DEVICE_API_VERSION(maxVersion.get_major(), maxVersion.get_minor()); 570 571 hardware::CameraInfo info; 572 if (facing) { 573 res = mCameraProviderManager->getCameraInfo(cameraId.string(), &info); 574 if (res != OK) return -1; 575 *facing = info.facing; 576 } 577 578 return deviceVersion; 579} 580 581Status CameraService::filterGetInfoErrorCode(status_t err) { 582 switch(err) { 583 case NO_ERROR: 584 return Status::ok(); 585 case BAD_VALUE: 586 return STATUS_ERROR(ERROR_ILLEGAL_ARGUMENT, 587 "CameraId is not valid for HAL module"); 588 case NO_INIT: 589 return STATUS_ERROR(ERROR_DISCONNECTED, 590 "Camera device not available"); 591 default: 592 return STATUS_ERROR_FMT(ERROR_INVALID_OPERATION, 593 "Camera HAL encountered error %d: %s", 594 err, strerror(-err)); 595 } 596} 597 598Status CameraService::makeClient(const sp<CameraService>& cameraService, 599 const sp<IInterface>& cameraCb, const String16& packageName, const String8& cameraId, 600 int facing, int clientPid, uid_t clientUid, int servicePid, bool legacyMode, 601 int halVersion, int deviceVersion, apiLevel effectiveApiLevel, 602 /*out*/sp<BasicClient>* client) { 603 604 if (halVersion < 0 || halVersion == deviceVersion) { 605 // Default path: HAL version is unspecified by caller, create CameraClient 606 // based on device version reported by the HAL. 607 switch(deviceVersion) { 608 case CAMERA_DEVICE_API_VERSION_1_0: 609 if (effectiveApiLevel == API_1) { // Camera1 API route 610 sp<ICameraClient> tmp = static_cast<ICameraClient*>(cameraCb.get()); 611 *client = new CameraClient(cameraService, tmp, packageName, cameraIdToInt(cameraId), 612 facing, clientPid, clientUid, getpid(), legacyMode); 613 } else { // Camera2 API route 614 ALOGW("Camera using old HAL version: %d", deviceVersion); 615 return STATUS_ERROR_FMT(ERROR_DEPRECATED_HAL, 616 "Camera device \"%s\" HAL version %d does not support camera2 API", 617 cameraId.string(), deviceVersion); 618 } 619 break; 620 case CAMERA_DEVICE_API_VERSION_3_0: 621 case CAMERA_DEVICE_API_VERSION_3_1: 622 case CAMERA_DEVICE_API_VERSION_3_2: 623 case CAMERA_DEVICE_API_VERSION_3_3: 624 case CAMERA_DEVICE_API_VERSION_3_4: 625 if (effectiveApiLevel == API_1) { // Camera1 API route 626 sp<ICameraClient> tmp = static_cast<ICameraClient*>(cameraCb.get()); 627 *client = new Camera2Client(cameraService, tmp, packageName, cameraIdToInt(cameraId), 628 facing, clientPid, clientUid, servicePid, legacyMode); 629 } else { // Camera2 API route 630 sp<hardware::camera2::ICameraDeviceCallbacks> tmp = 631 static_cast<hardware::camera2::ICameraDeviceCallbacks*>(cameraCb.get()); 632 *client = new CameraDeviceClient(cameraService, tmp, packageName, cameraId, 633 facing, clientPid, clientUid, servicePid); 634 } 635 break; 636 default: 637 // Should not be reachable 638 ALOGE("Unknown camera device HAL version: %d", deviceVersion); 639 return STATUS_ERROR_FMT(ERROR_INVALID_OPERATION, 640 "Camera device \"%s\" has unknown HAL version %d", 641 cameraId.string(), deviceVersion); 642 } 643 } else { 644 // A particular HAL version is requested by caller. Create CameraClient 645 // based on the requested HAL version. 646 if (deviceVersion > CAMERA_DEVICE_API_VERSION_1_0 && 647 halVersion == CAMERA_DEVICE_API_VERSION_1_0) { 648 // Only support higher HAL version device opened as HAL1.0 device. 649 sp<ICameraClient> tmp = static_cast<ICameraClient*>(cameraCb.get()); 650 *client = new CameraClient(cameraService, tmp, packageName, cameraIdToInt(cameraId), 651 facing, clientPid, clientUid, servicePid, legacyMode); 652 } else { 653 // Other combinations (e.g. HAL3.x open as HAL2.x) are not supported yet. 654 ALOGE("Invalid camera HAL version %x: HAL %x device can only be" 655 " opened as HAL %x device", halVersion, deviceVersion, 656 CAMERA_DEVICE_API_VERSION_1_0); 657 return STATUS_ERROR_FMT(ERROR_ILLEGAL_ARGUMENT, 658 "Camera device \"%s\" (HAL version %d) cannot be opened as HAL version %d", 659 cameraId.string(), deviceVersion, halVersion); 660 } 661 } 662 return Status::ok(); 663} 664 665String8 CameraService::toString(std::set<userid_t> intSet) { 666 String8 s(""); 667 bool first = true; 668 for (userid_t i : intSet) { 669 if (first) { 670 s.appendFormat("%d", i); 671 first = false; 672 } else { 673 s.appendFormat(", %d", i); 674 } 675 } 676 return s; 677} 678 679int32_t CameraService::mapToInterface(TorchModeStatus status) { 680 int32_t serviceStatus = ICameraServiceListener::TORCH_STATUS_NOT_AVAILABLE; 681 switch (status) { 682 case TorchModeStatus::NOT_AVAILABLE: 683 serviceStatus = ICameraServiceListener::TORCH_STATUS_NOT_AVAILABLE; 684 break; 685 case TorchModeStatus::AVAILABLE_OFF: 686 serviceStatus = ICameraServiceListener::TORCH_STATUS_AVAILABLE_OFF; 687 break; 688 case TorchModeStatus::AVAILABLE_ON: 689 serviceStatus = ICameraServiceListener::TORCH_STATUS_AVAILABLE_ON; 690 break; 691 default: 692 ALOGW("Unknown new flash status: %d", status); 693 } 694 return serviceStatus; 695} 696 697CameraService::StatusInternal CameraService::mapToInternal(CameraDeviceStatus status) { 698 StatusInternal serviceStatus = StatusInternal::NOT_PRESENT; 699 switch (status) { 700 case CameraDeviceStatus::NOT_PRESENT: 701 serviceStatus = StatusInternal::NOT_PRESENT; 702 break; 703 case CameraDeviceStatus::PRESENT: 704 serviceStatus = StatusInternal::PRESENT; 705 break; 706 case CameraDeviceStatus::ENUMERATING: 707 serviceStatus = StatusInternal::ENUMERATING; 708 break; 709 default: 710 ALOGW("Unknown new HAL device status: %d", status); 711 } 712 return serviceStatus; 713} 714 715int32_t CameraService::mapToInterface(StatusInternal status) { 716 int32_t serviceStatus = ICameraServiceListener::STATUS_NOT_PRESENT; 717 switch (status) { 718 case StatusInternal::NOT_PRESENT: 719 serviceStatus = ICameraServiceListener::STATUS_NOT_PRESENT; 720 break; 721 case StatusInternal::PRESENT: 722 serviceStatus = ICameraServiceListener::STATUS_PRESENT; 723 break; 724 case StatusInternal::ENUMERATING: 725 serviceStatus = ICameraServiceListener::STATUS_ENUMERATING; 726 break; 727 case StatusInternal::NOT_AVAILABLE: 728 serviceStatus = ICameraServiceListener::STATUS_NOT_AVAILABLE; 729 break; 730 case StatusInternal::UNKNOWN: 731 serviceStatus = ICameraServiceListener::STATUS_UNKNOWN; 732 break; 733 default: 734 ALOGW("Unknown new internal device status: %d", status); 735 } 736 return serviceStatus; 737} 738 739Status CameraService::initializeShimMetadata(int cameraId) { 740 int uid = getCallingUid(); 741 742 String16 internalPackageName("cameraserver"); 743 String8 id = String8::format("%d", cameraId); 744 Status ret = Status::ok(); 745 sp<Client> tmp = nullptr; 746 if (!(ret = connectHelper<ICameraClient,Client>( 747 sp<ICameraClient>{nullptr}, id, static_cast<int>(CAMERA_HAL_API_VERSION_UNSPECIFIED), 748 internalPackageName, uid, USE_CALLING_PID, 749 API_1, /*legacyMode*/ false, /*shimUpdateOnly*/ true, 750 /*out*/ tmp) 751 ).isOk()) { 752 ALOGE("%s: Error initializing shim metadata: %s", __FUNCTION__, ret.toString8().string()); 753 } 754 return ret; 755} 756 757Status CameraService::getLegacyParametersLazy(int cameraId, 758 /*out*/ 759 CameraParameters* parameters) { 760 761 ALOGV("%s: for cameraId: %d", __FUNCTION__, cameraId); 762 763 Status ret = Status::ok(); 764 765 if (parameters == NULL) { 766 ALOGE("%s: parameters must not be null", __FUNCTION__); 767 return STATUS_ERROR(ERROR_ILLEGAL_ARGUMENT, "Parameters must not be null"); 768 } 769 770 String8 id = String8::format("%d", cameraId); 771 772 // Check if we already have parameters 773 { 774 // Scope for service lock 775 Mutex::Autolock lock(mServiceLock); 776 auto cameraState = getCameraState(id); 777 if (cameraState == nullptr) { 778 ALOGE("%s: Invalid camera ID: %s", __FUNCTION__, id.string()); 779 return STATUS_ERROR_FMT(ERROR_ILLEGAL_ARGUMENT, 780 "Invalid camera ID: %s", id.string()); 781 } 782 CameraParameters p = cameraState->getShimParams(); 783 if (!p.isEmpty()) { 784 *parameters = p; 785 return ret; 786 } 787 } 788 789 int64_t token = IPCThreadState::self()->clearCallingIdentity(); 790 ret = initializeShimMetadata(cameraId); 791 IPCThreadState::self()->restoreCallingIdentity(token); 792 if (!ret.isOk()) { 793 // Error already logged by callee 794 return ret; 795 } 796 797 // Check for parameters again 798 { 799 // Scope for service lock 800 Mutex::Autolock lock(mServiceLock); 801 auto cameraState = getCameraState(id); 802 if (cameraState == nullptr) { 803 ALOGE("%s: Invalid camera ID: %s", __FUNCTION__, id.string()); 804 return STATUS_ERROR_FMT(ERROR_ILLEGAL_ARGUMENT, 805 "Invalid camera ID: %s", id.string()); 806 } 807 CameraParameters p = cameraState->getShimParams(); 808 if (!p.isEmpty()) { 809 *parameters = p; 810 return ret; 811 } 812 } 813 814 ALOGE("%s: Parameters were not initialized, or were empty. Device may not be present.", 815 __FUNCTION__); 816 return STATUS_ERROR(ERROR_INVALID_OPERATION, "Unable to initialize legacy parameters"); 817} 818 819// Can camera service trust the caller based on the calling UID? 820static bool isTrustedCallingUid(uid_t uid) { 821 switch (uid) { 822 case AID_MEDIA: // mediaserver 823 case AID_CAMERASERVER: // cameraserver 824 case AID_RADIO: // telephony 825 return true; 826 default: 827 return false; 828 } 829} 830 831Status CameraService::validateConnectLocked(const String8& cameraId, 832 const String8& clientName8, /*inout*/int& clientUid, /*inout*/int& clientPid, 833 /*out*/int& originalClientPid) const { 834 835#ifdef __BRILLO__ 836 UNUSED(clientName8); 837 UNUSED(clientUid); 838 UNUSED(clientPid); 839 UNUSED(originalClientPid); 840#else 841 Status allowed = validateClientPermissionsLocked(cameraId, clientName8, clientUid, clientPid, 842 originalClientPid); 843 if (!allowed.isOk()) { 844 return allowed; 845 } 846#endif // __BRILLO__ 847 848 int callingPid = getCallingPid(); 849 850 if (!mInitialized) { 851 ALOGE("CameraService::connect X (PID %d) rejected (camera HAL module not loaded)", 852 callingPid); 853 return STATUS_ERROR_FMT(ERROR_DISCONNECTED, 854 "No camera HAL module available to open camera device \"%s\"", cameraId.string()); 855 } 856 857 if (getCameraState(cameraId) == nullptr) { 858 ALOGE("CameraService::connect X (PID %d) rejected (invalid camera ID %s)", callingPid, 859 cameraId.string()); 860 return STATUS_ERROR_FMT(ERROR_DISCONNECTED, 861 "No camera device with ID \"%s\" available", cameraId.string()); 862 } 863 864 status_t err = checkIfDeviceIsUsable(cameraId); 865 if (err != NO_ERROR) { 866 switch(err) { 867 case -ENODEV: 868 case -EBUSY: 869 return STATUS_ERROR_FMT(ERROR_DISCONNECTED, 870 "No camera device with ID \"%s\" currently available", cameraId.string()); 871 default: 872 return STATUS_ERROR_FMT(ERROR_INVALID_OPERATION, 873 "Unknown error connecting to ID \"%s\"", cameraId.string()); 874 } 875 } 876 return Status::ok(); 877} 878 879Status CameraService::validateClientPermissionsLocked(const String8& cameraId, 880 const String8& clientName8, int& clientUid, int& clientPid, 881 /*out*/int& originalClientPid) const { 882 int callingPid = getCallingPid(); 883 int callingUid = getCallingUid(); 884 885 // Check if we can trust clientUid 886 if (clientUid == USE_CALLING_UID) { 887 clientUid = callingUid; 888 } else if (!isTrustedCallingUid(callingUid)) { 889 ALOGE("CameraService::connect X (calling PID %d, calling UID %d) rejected " 890 "(don't trust clientUid %d)", callingPid, callingUid, clientUid); 891 return STATUS_ERROR_FMT(ERROR_PERMISSION_DENIED, 892 "Untrusted caller (calling PID %d, UID %d) trying to " 893 "forward camera access to camera %s for client %s (PID %d, UID %d)", 894 callingPid, callingUid, cameraId.string(), 895 clientName8.string(), clientUid, clientPid); 896 } 897 898 // Check if we can trust clientPid 899 if (clientPid == USE_CALLING_PID) { 900 clientPid = callingPid; 901 } else if (!isTrustedCallingUid(callingUid)) { 902 ALOGE("CameraService::connect X (calling PID %d, calling UID %d) rejected " 903 "(don't trust clientPid %d)", callingPid, callingUid, clientPid); 904 return STATUS_ERROR_FMT(ERROR_PERMISSION_DENIED, 905 "Untrusted caller (calling PID %d, UID %d) trying to " 906 "forward camera access to camera %s for client %s (PID %d, UID %d)", 907 callingPid, callingUid, cameraId.string(), 908 clientName8.string(), clientUid, clientPid); 909 } 910 911 // If it's not calling from cameraserver, check the permission. 912 if (callingPid != getpid() && 913 !checkPermission(String16("android.permission.CAMERA"), clientPid, clientUid)) { 914 ALOGE("Permission Denial: can't use the camera pid=%d, uid=%d", clientPid, clientUid); 915 return STATUS_ERROR_FMT(ERROR_PERMISSION_DENIED, 916 "Caller \"%s\" (PID %d, UID %d) cannot open camera \"%s\" without camera permission", 917 clientName8.string(), clientUid, clientPid, cameraId.string()); 918 } 919 920 // Only use passed in clientPid to check permission. Use calling PID as the client PID that's 921 // connected to camera service directly. 922 originalClientPid = clientPid; 923 clientPid = callingPid; 924 925 userid_t clientUserId = multiuser_get_user_id(clientUid); 926 927 // Only allow clients who are being used by the current foreground device user, unless calling 928 // from our own process. 929 if (callingPid != getpid() && (mAllowedUsers.find(clientUserId) == mAllowedUsers.end())) { 930 ALOGE("CameraService::connect X (PID %d) rejected (cannot connect from " 931 "device user %d, currently allowed device users: %s)", callingPid, clientUserId, 932 toString(mAllowedUsers).string()); 933 return STATUS_ERROR_FMT(ERROR_PERMISSION_DENIED, 934 "Callers from device user %d are not currently allowed to connect to camera \"%s\"", 935 clientUserId, cameraId.string()); 936 } 937 938 return Status::ok(); 939} 940 941status_t CameraService::checkIfDeviceIsUsable(const String8& cameraId) const { 942 auto cameraState = getCameraState(cameraId); 943 int callingPid = getCallingPid(); 944 if (cameraState == nullptr) { 945 ALOGE("CameraService::connect X (PID %d) rejected (invalid camera ID %s)", callingPid, 946 cameraId.string()); 947 return -ENODEV; 948 } 949 950 StatusInternal currentStatus = cameraState->getStatus(); 951 if (currentStatus == StatusInternal::NOT_PRESENT) { 952 ALOGE("CameraService::connect X (PID %d) rejected (camera %s is not connected)", 953 callingPid, cameraId.string()); 954 return -ENODEV; 955 } else if (currentStatus == StatusInternal::ENUMERATING) { 956 ALOGE("CameraService::connect X (PID %d) rejected, (camera %s is initializing)", 957 callingPid, cameraId.string()); 958 return -EBUSY; 959 } 960 961 return NO_ERROR; 962} 963 964void CameraService::finishConnectLocked(const sp<BasicClient>& client, 965 const CameraService::DescriptorPtr& desc) { 966 967 // Make a descriptor for the incoming client 968 auto clientDescriptor = CameraService::CameraClientManager::makeClientDescriptor(client, desc); 969 auto evicted = mActiveClientManager.addAndEvict(clientDescriptor); 970 971 logConnected(desc->getKey(), static_cast<int>(desc->getOwnerId()), 972 String8(client->getPackageName())); 973 974 if (evicted.size() > 0) { 975 // This should never happen - clients should already have been removed in disconnect 976 for (auto& i : evicted) { 977 ALOGE("%s: Invalid state: Client for camera %s was not removed in disconnect", 978 __FUNCTION__, i->getKey().string()); 979 } 980 981 LOG_ALWAYS_FATAL("%s: Invalid state for CameraService, clients not evicted properly", 982 __FUNCTION__); 983 } 984 985 // And register a death notification for the client callback. Do 986 // this last to avoid Binder policy where a nested Binder 987 // transaction might be pre-empted to service the client death 988 // notification if the client process dies before linkToDeath is 989 // invoked. 990 sp<IBinder> remoteCallback = client->getRemote(); 991 if (remoteCallback != nullptr) { 992 remoteCallback->linkToDeath(this); 993 } 994} 995 996status_t CameraService::handleEvictionsLocked(const String8& cameraId, int clientPid, 997 apiLevel effectiveApiLevel, const sp<IBinder>& remoteCallback, const String8& packageName, 998 /*out*/ 999 sp<BasicClient>* client, 1000 std::shared_ptr<resource_policy::ClientDescriptor<String8, sp<BasicClient>>>* partial) { 1001 ATRACE_CALL(); 1002 status_t ret = NO_ERROR; 1003 std::vector<DescriptorPtr> evictedClients; 1004 DescriptorPtr clientDescriptor; 1005 { 1006 if (effectiveApiLevel == API_1) { 1007 // If we are using API1, any existing client for this camera ID with the same remote 1008 // should be returned rather than evicted to allow MediaRecorder to work properly. 1009 1010 auto current = mActiveClientManager.get(cameraId); 1011 if (current != nullptr) { 1012 auto clientSp = current->getValue(); 1013 if (clientSp.get() != nullptr) { // should never be needed 1014 if (!clientSp->canCastToApiClient(effectiveApiLevel)) { 1015 ALOGW("CameraService connect called from same client, but with a different" 1016 " API level, evicting prior client..."); 1017 } else if (clientSp->getRemote() == remoteCallback) { 1018 ALOGI("CameraService::connect X (PID %d) (second call from same" 1019 " app binder, returning the same client)", clientPid); 1020 *client = clientSp; 1021 return NO_ERROR; 1022 } 1023 } 1024 } 1025 } 1026 1027 // Get current active client PIDs 1028 std::vector<int> ownerPids(mActiveClientManager.getAllOwners()); 1029 ownerPids.push_back(clientPid); 1030 1031 std::vector<int> priorityScores(ownerPids.size()); 1032 std::vector<int> states(ownerPids.size()); 1033 1034 // Get priority scores of all active PIDs 1035 status_t err = ProcessInfoService::getProcessStatesScoresFromPids( 1036 ownerPids.size(), &ownerPids[0], /*out*/&states[0], 1037 /*out*/&priorityScores[0]); 1038 if (err != OK) { 1039 ALOGE("%s: Priority score query failed: %d", 1040 __FUNCTION__, err); 1041 return err; 1042 } 1043 1044 // Update all active clients' priorities 1045 std::map<int,resource_policy::ClientPriority> pidToPriorityMap; 1046 for (size_t i = 0; i < ownerPids.size() - 1; i++) { 1047 pidToPriorityMap.emplace(ownerPids[i], 1048 resource_policy::ClientPriority(priorityScores[i], states[i])); 1049 } 1050 mActiveClientManager.updatePriorities(pidToPriorityMap); 1051 1052 // Get state for the given cameraId 1053 auto state = getCameraState(cameraId); 1054 if (state == nullptr) { 1055 ALOGE("CameraService::connect X (PID %d) rejected (no camera device with ID %s)", 1056 clientPid, cameraId.string()); 1057 // Should never get here because validateConnectLocked should have errored out 1058 return BAD_VALUE; 1059 } 1060 1061 // Make descriptor for incoming client 1062 clientDescriptor = CameraClientManager::makeClientDescriptor(cameraId, 1063 sp<BasicClient>{nullptr}, static_cast<int32_t>(state->getCost()), 1064 state->getConflicting(), 1065 priorityScores[priorityScores.size() - 1], 1066 clientPid, 1067 states[states.size() - 1]); 1068 1069 // Find clients that would be evicted 1070 auto evicted = mActiveClientManager.wouldEvict(clientDescriptor); 1071 1072 // If the incoming client was 'evicted,' higher priority clients have the camera in the 1073 // background, so we cannot do evictions 1074 if (std::find(evicted.begin(), evicted.end(), clientDescriptor) != evicted.end()) { 1075 ALOGE("CameraService::connect X (PID %d) rejected (existing client(s) with higher" 1076 " priority).", clientPid); 1077 1078 sp<BasicClient> clientSp = clientDescriptor->getValue(); 1079 String8 curTime = getFormattedCurrentTime(); 1080 auto incompatibleClients = 1081 mActiveClientManager.getIncompatibleClients(clientDescriptor); 1082 1083 String8 msg = String8::format("%s : DENIED connect device %s client for package %s " 1084 "(PID %d, score %d state %d) due to eviction policy", curTime.string(), 1085 cameraId.string(), packageName.string(), clientPid, 1086 priorityScores[priorityScores.size() - 1], 1087 states[states.size() - 1]); 1088 1089 for (auto& i : incompatibleClients) { 1090 msg.appendFormat("\n - Blocked by existing device %s client for package %s" 1091 "(PID %" PRId32 ", score %" PRId32 ", state %" PRId32 ")", 1092 i->getKey().string(), 1093 String8{i->getValue()->getPackageName()}.string(), 1094 i->getOwnerId(), i->getPriority().getScore(), 1095 i->getPriority().getState()); 1096 ALOGE(" Conflicts with: Device %s, client package %s (PID %" 1097 PRId32 ", score %" PRId32 ", state %" PRId32 ")", i->getKey().string(), 1098 String8{i->getValue()->getPackageName()}.string(), i->getOwnerId(), 1099 i->getPriority().getScore(), i->getPriority().getState()); 1100 } 1101 1102 // Log the client's attempt 1103 Mutex::Autolock l(mLogLock); 1104 mEventLog.add(msg); 1105 1106 return -EBUSY; 1107 } 1108 1109 for (auto& i : evicted) { 1110 sp<BasicClient> clientSp = i->getValue(); 1111 if (clientSp.get() == nullptr) { 1112 ALOGE("%s: Invalid state: Null client in active client list.", __FUNCTION__); 1113 1114 // TODO: Remove this 1115 LOG_ALWAYS_FATAL("%s: Invalid state for CameraService, null client in active list", 1116 __FUNCTION__); 1117 mActiveClientManager.remove(i); 1118 continue; 1119 } 1120 1121 ALOGE("CameraService::connect evicting conflicting client for camera ID %s", 1122 i->getKey().string()); 1123 evictedClients.push_back(i); 1124 1125 // Log the clients evicted 1126 logEvent(String8::format("EVICT device %s client held by package %s (PID" 1127 " %" PRId32 ", score %" PRId32 ", state %" PRId32 ")\n - Evicted by device %s client for" 1128 " package %s (PID %d, score %" PRId32 ", state %" PRId32 ")", 1129 i->getKey().string(), String8{clientSp->getPackageName()}.string(), 1130 i->getOwnerId(), i->getPriority().getScore(), 1131 i->getPriority().getState(), cameraId.string(), 1132 packageName.string(), clientPid, 1133 priorityScores[priorityScores.size() - 1], 1134 states[states.size() - 1])); 1135 1136 // Notify the client of disconnection 1137 clientSp->notifyError(hardware::camera2::ICameraDeviceCallbacks::ERROR_CAMERA_DISCONNECTED, 1138 CaptureResultExtras()); 1139 } 1140 } 1141 1142 // Do not hold mServiceLock while disconnecting clients, but retain the condition blocking 1143 // other clients from connecting in mServiceLockWrapper if held 1144 mServiceLock.unlock(); 1145 1146 // Clear caller identity temporarily so client disconnect PID checks work correctly 1147 int64_t token = IPCThreadState::self()->clearCallingIdentity(); 1148 1149 // Destroy evicted clients 1150 for (auto& i : evictedClients) { 1151 // Disconnect is blocking, and should only have returned when HAL has cleaned up 1152 i->getValue()->disconnect(); // Clients will remove themselves from the active client list 1153 } 1154 1155 IPCThreadState::self()->restoreCallingIdentity(token); 1156 1157 for (const auto& i : evictedClients) { 1158 ALOGV("%s: Waiting for disconnect to complete for client for device %s (PID %" PRId32 ")", 1159 __FUNCTION__, i->getKey().string(), i->getOwnerId()); 1160 ret = mActiveClientManager.waitUntilRemoved(i, DEFAULT_DISCONNECT_TIMEOUT_NS); 1161 if (ret == TIMED_OUT) { 1162 ALOGE("%s: Timed out waiting for client for device %s to disconnect, " 1163 "current clients:\n%s", __FUNCTION__, i->getKey().string(), 1164 mActiveClientManager.toString().string()); 1165 return -EBUSY; 1166 } 1167 if (ret != NO_ERROR) { 1168 ALOGE("%s: Received error waiting for client for device %s to disconnect: %s (%d), " 1169 "current clients:\n%s", __FUNCTION__, i->getKey().string(), strerror(-ret), 1170 ret, mActiveClientManager.toString().string()); 1171 return ret; 1172 } 1173 } 1174 1175 evictedClients.clear(); 1176 1177 // Once clients have been disconnected, relock 1178 mServiceLock.lock(); 1179 1180 // Check again if the device was unplugged or something while we weren't holding mServiceLock 1181 if ((ret = checkIfDeviceIsUsable(cameraId)) != NO_ERROR) { 1182 return ret; 1183 } 1184 1185 *partial = clientDescriptor; 1186 return NO_ERROR; 1187} 1188 1189Status CameraService::connect( 1190 const sp<ICameraClient>& cameraClient, 1191 int cameraId, 1192 const String16& clientPackageName, 1193 int clientUid, 1194 int clientPid, 1195 /*out*/ 1196 sp<ICamera>* device) { 1197 1198 ATRACE_CALL(); 1199 Status ret = Status::ok(); 1200 String8 id = String8::format("%d", cameraId); 1201 sp<Client> client = nullptr; 1202 ret = connectHelper<ICameraClient,Client>(cameraClient, id, 1203 CAMERA_HAL_API_VERSION_UNSPECIFIED, clientPackageName, clientUid, clientPid, API_1, 1204 /*legacyMode*/ false, /*shimUpdateOnly*/ false, 1205 /*out*/client); 1206 1207 if(!ret.isOk()) { 1208 logRejected(id, getCallingPid(), String8(clientPackageName), 1209 ret.toString8()); 1210 return ret; 1211 } 1212 1213 *device = client; 1214 return ret; 1215} 1216 1217Status CameraService::connectLegacy( 1218 const sp<ICameraClient>& cameraClient, 1219 int cameraId, int halVersion, 1220 const String16& clientPackageName, 1221 int clientUid, 1222 /*out*/ 1223 sp<ICamera>* device) { 1224 1225 ATRACE_CALL(); 1226 String8 id = String8::format("%d", cameraId); 1227 1228 Status ret = Status::ok(); 1229 sp<Client> client = nullptr; 1230 ret = connectHelper<ICameraClient,Client>(cameraClient, id, halVersion, 1231 clientPackageName, clientUid, USE_CALLING_PID, API_1, 1232 /*legacyMode*/ true, /*shimUpdateOnly*/ false, 1233 /*out*/client); 1234 1235 if(!ret.isOk()) { 1236 logRejected(id, getCallingPid(), String8(clientPackageName), 1237 ret.toString8()); 1238 return ret; 1239 } 1240 1241 *device = client; 1242 return ret; 1243} 1244 1245Status CameraService::connectDevice( 1246 const sp<hardware::camera2::ICameraDeviceCallbacks>& cameraCb, 1247 const String16& cameraId, 1248 const String16& clientPackageName, 1249 int clientUid, 1250 /*out*/ 1251 sp<hardware::camera2::ICameraDeviceUser>* device) { 1252 1253 ATRACE_CALL(); 1254 Status ret = Status::ok(); 1255 String8 id = String8(cameraId); 1256 sp<CameraDeviceClient> client = nullptr; 1257 ret = connectHelper<hardware::camera2::ICameraDeviceCallbacks,CameraDeviceClient>(cameraCb, id, 1258 CAMERA_HAL_API_VERSION_UNSPECIFIED, clientPackageName, 1259 clientUid, USE_CALLING_PID, API_2, 1260 /*legacyMode*/ false, /*shimUpdateOnly*/ false, 1261 /*out*/client); 1262 1263 if(!ret.isOk()) { 1264 logRejected(id, getCallingPid(), String8(clientPackageName), 1265 ret.toString8()); 1266 return ret; 1267 } 1268 1269 *device = client; 1270 return ret; 1271} 1272 1273template<class CALLBACK, class CLIENT> 1274Status CameraService::connectHelper(const sp<CALLBACK>& cameraCb, const String8& cameraId, 1275 int halVersion, const String16& clientPackageName, int clientUid, int clientPid, 1276 apiLevel effectiveApiLevel, bool legacyMode, bool shimUpdateOnly, 1277 /*out*/sp<CLIENT>& device) { 1278 binder::Status ret = binder::Status::ok(); 1279 1280 String8 clientName8(clientPackageName); 1281 1282 int originalClientPid = 0; 1283 1284 ALOGI("CameraService::connect call (PID %d \"%s\", camera ID %s) for HAL version %s and " 1285 "Camera API version %d", clientPid, clientName8.string(), cameraId.string(), 1286 (halVersion == -1) ? "default" : std::to_string(halVersion).c_str(), 1287 static_cast<int>(effectiveApiLevel)); 1288 1289 sp<CLIENT> client = nullptr; 1290 { 1291 // Acquire mServiceLock and prevent other clients from connecting 1292 std::unique_ptr<AutoConditionLock> lock = 1293 AutoConditionLock::waitAndAcquire(mServiceLockWrapper, DEFAULT_CONNECT_TIMEOUT_NS); 1294 1295 if (lock == nullptr) { 1296 ALOGE("CameraService::connect (PID %d) rejected (too many other clients connecting)." 1297 , clientPid); 1298 return STATUS_ERROR_FMT(ERROR_MAX_CAMERAS_IN_USE, 1299 "Cannot open camera %s for \"%s\" (PID %d): Too many other clients connecting", 1300 cameraId.string(), clientName8.string(), clientPid); 1301 } 1302 1303 // Enforce client permissions and do basic sanity checks 1304 if(!(ret = validateConnectLocked(cameraId, clientName8, 1305 /*inout*/clientUid, /*inout*/clientPid, /*out*/originalClientPid)).isOk()) { 1306 return ret; 1307 } 1308 1309 // Check the shim parameters after acquiring lock, if they have already been updated and 1310 // we were doing a shim update, return immediately 1311 if (shimUpdateOnly) { 1312 auto cameraState = getCameraState(cameraId); 1313 if (cameraState != nullptr) { 1314 if (!cameraState->getShimParams().isEmpty()) return ret; 1315 } 1316 } 1317 1318 status_t err; 1319 1320 sp<BasicClient> clientTmp = nullptr; 1321 std::shared_ptr<resource_policy::ClientDescriptor<String8, sp<BasicClient>>> partial; 1322 if ((err = handleEvictionsLocked(cameraId, originalClientPid, effectiveApiLevel, 1323 IInterface::asBinder(cameraCb), clientName8, /*out*/&clientTmp, 1324 /*out*/&partial)) != NO_ERROR) { 1325 switch (err) { 1326 case -ENODEV: 1327 return STATUS_ERROR_FMT(ERROR_DISCONNECTED, 1328 "No camera device with ID \"%s\" currently available", 1329 cameraId.string()); 1330 case -EBUSY: 1331 return STATUS_ERROR_FMT(ERROR_CAMERA_IN_USE, 1332 "Higher-priority client using camera, ID \"%s\" currently unavailable", 1333 cameraId.string()); 1334 default: 1335 return STATUS_ERROR_FMT(ERROR_INVALID_OPERATION, 1336 "Unexpected error %s (%d) opening camera \"%s\"", 1337 strerror(-err), err, cameraId.string()); 1338 } 1339 } 1340 1341 if (clientTmp.get() != nullptr) { 1342 // Handle special case for API1 MediaRecorder where the existing client is returned 1343 device = static_cast<CLIENT*>(clientTmp.get()); 1344 return ret; 1345 } 1346 1347 // give flashlight a chance to close devices if necessary. 1348 mFlashlight->prepareDeviceOpen(cameraId); 1349 1350 int facing = -1; 1351 int deviceVersion = getDeviceVersion(cameraId, /*out*/&facing); 1352 if (facing == -1) { 1353 ALOGE("%s: Unable to get camera device \"%s\" facing", __FUNCTION__, cameraId.string()); 1354 return STATUS_ERROR_FMT(ERROR_INVALID_OPERATION, 1355 "Unable to get camera device \"%s\" facing", cameraId.string()); 1356 } 1357 1358 sp<BasicClient> tmp = nullptr; 1359 if(!(ret = makeClient(this, cameraCb, clientPackageName, cameraId, facing, clientPid, 1360 clientUid, getpid(), legacyMode, halVersion, deviceVersion, effectiveApiLevel, 1361 /*out*/&tmp)).isOk()) { 1362 return ret; 1363 } 1364 client = static_cast<CLIENT*>(tmp.get()); 1365 1366 LOG_ALWAYS_FATAL_IF(client.get() == nullptr, "%s: CameraService in invalid state", 1367 __FUNCTION__); 1368 1369 err = client->initialize(mCameraProviderManager); 1370 if (err != OK) { 1371 ALOGE("%s: Could not initialize client from HAL.", __FUNCTION__); 1372 // Errors could be from the HAL module open call or from AppOpsManager 1373 switch(err) { 1374 case BAD_VALUE: 1375 return STATUS_ERROR_FMT(ERROR_ILLEGAL_ARGUMENT, 1376 "Illegal argument to HAL module for camera \"%s\"", cameraId.string()); 1377 case -EBUSY: 1378 return STATUS_ERROR_FMT(ERROR_CAMERA_IN_USE, 1379 "Camera \"%s\" is already open", cameraId.string()); 1380 case -EUSERS: 1381 return STATUS_ERROR_FMT(ERROR_MAX_CAMERAS_IN_USE, 1382 "Too many cameras already open, cannot open camera \"%s\"", 1383 cameraId.string()); 1384 case PERMISSION_DENIED: 1385 return STATUS_ERROR_FMT(ERROR_PERMISSION_DENIED, 1386 "No permission to open camera \"%s\"", cameraId.string()); 1387 case -EACCES: 1388 return STATUS_ERROR_FMT(ERROR_DISABLED, 1389 "Camera \"%s\" disabled by policy", cameraId.string()); 1390 case -ENODEV: 1391 default: 1392 return STATUS_ERROR_FMT(ERROR_INVALID_OPERATION, 1393 "Failed to initialize camera \"%s\": %s (%d)", cameraId.string(), 1394 strerror(-err), err); 1395 } 1396 } 1397 1398 // Update shim paremeters for legacy clients 1399 if (effectiveApiLevel == API_1) { 1400 // Assume we have always received a Client subclass for API1 1401 sp<Client> shimClient = reinterpret_cast<Client*>(client.get()); 1402 String8 rawParams = shimClient->getParameters(); 1403 CameraParameters params(rawParams); 1404 1405 auto cameraState = getCameraState(cameraId); 1406 if (cameraState != nullptr) { 1407 cameraState->setShimParams(params); 1408 } else { 1409 ALOGE("%s: Cannot update shim parameters for camera %s, no such device exists.", 1410 __FUNCTION__, cameraId.string()); 1411 } 1412 } 1413 1414 if (shimUpdateOnly) { 1415 // If only updating legacy shim parameters, immediately disconnect client 1416 mServiceLock.unlock(); 1417 client->disconnect(); 1418 mServiceLock.lock(); 1419 } else { 1420 // Otherwise, add client to active clients list 1421 finishConnectLocked(client, partial); 1422 } 1423 } // lock is destroyed, allow further connect calls 1424 1425 // Important: release the mutex here so the client can call back into the service from its 1426 // destructor (can be at the end of the call) 1427 device = client; 1428 return ret; 1429} 1430 1431Status CameraService::setTorchMode(const String16& cameraId, bool enabled, 1432 const sp<IBinder>& clientBinder) { 1433 Mutex::Autolock lock(mServiceLock); 1434 1435 ATRACE_CALL(); 1436 if (enabled && clientBinder == nullptr) { 1437 ALOGE("%s: torch client binder is NULL", __FUNCTION__); 1438 return STATUS_ERROR(ERROR_ILLEGAL_ARGUMENT, 1439 "Torch client Binder is null"); 1440 } 1441 1442 String8 id = String8(cameraId.string()); 1443 int uid = getCallingUid(); 1444 1445 // verify id is valid. 1446 auto state = getCameraState(id); 1447 if (state == nullptr) { 1448 ALOGE("%s: camera id is invalid %s", __FUNCTION__, id.string()); 1449 return STATUS_ERROR_FMT(ERROR_ILLEGAL_ARGUMENT, 1450 "Camera ID \"%s\" is a not valid camera ID", id.string()); 1451 } 1452 1453 StatusInternal cameraStatus = state->getStatus(); 1454 if (cameraStatus != StatusInternal::PRESENT && 1455 cameraStatus != StatusInternal::NOT_AVAILABLE) { 1456 ALOGE("%s: camera id is invalid %s, status %d", __FUNCTION__, id.string(), (int)cameraStatus); 1457 return STATUS_ERROR_FMT(ERROR_ILLEGAL_ARGUMENT, 1458 "Camera ID \"%s\" is a not valid camera ID", id.string()); 1459 } 1460 1461 { 1462 Mutex::Autolock al(mTorchStatusMutex); 1463 TorchModeStatus status; 1464 status_t err = getTorchStatusLocked(id, &status); 1465 if (err != OK) { 1466 if (err == NAME_NOT_FOUND) { 1467 return STATUS_ERROR_FMT(ERROR_ILLEGAL_ARGUMENT, 1468 "Camera \"%s\" does not have a flash unit", id.string()); 1469 } 1470 ALOGE("%s: getting current torch status failed for camera %s", 1471 __FUNCTION__, id.string()); 1472 return STATUS_ERROR_FMT(ERROR_INVALID_OPERATION, 1473 "Error updating torch status for camera \"%s\": %s (%d)", id.string(), 1474 strerror(-err), err); 1475 } 1476 1477 if (status == TorchModeStatus::NOT_AVAILABLE) { 1478 if (cameraStatus == StatusInternal::NOT_AVAILABLE) { 1479 ALOGE("%s: torch mode of camera %s is not available because " 1480 "camera is in use", __FUNCTION__, id.string()); 1481 return STATUS_ERROR_FMT(ERROR_CAMERA_IN_USE, 1482 "Torch for camera \"%s\" is not available due to an existing camera user", 1483 id.string()); 1484 } else { 1485 ALOGE("%s: torch mode of camera %s is not available due to " 1486 "insufficient resources", __FUNCTION__, id.string()); 1487 return STATUS_ERROR_FMT(ERROR_MAX_CAMERAS_IN_USE, 1488 "Torch for camera \"%s\" is not available due to insufficient resources", 1489 id.string()); 1490 } 1491 } 1492 } 1493 1494 { 1495 // Update UID map - this is used in the torch status changed callbacks, so must be done 1496 // before setTorchMode 1497 Mutex::Autolock al(mTorchUidMapMutex); 1498 if (mTorchUidMap.find(id) == mTorchUidMap.end()) { 1499 mTorchUidMap[id].first = uid; 1500 mTorchUidMap[id].second = uid; 1501 } else { 1502 // Set the pending UID 1503 mTorchUidMap[id].first = uid; 1504 } 1505 } 1506 1507 status_t err = mFlashlight->setTorchMode(id, enabled); 1508 1509 if (err != OK) { 1510 int32_t errorCode; 1511 String8 msg; 1512 switch (err) { 1513 case -ENOSYS: 1514 msg = String8::format("Camera \"%s\" has no flashlight", 1515 id.string()); 1516 errorCode = ERROR_ILLEGAL_ARGUMENT; 1517 break; 1518 default: 1519 msg = String8::format( 1520 "Setting torch mode of camera \"%s\" to %d failed: %s (%d)", 1521 id.string(), enabled, strerror(-err), err); 1522 errorCode = ERROR_INVALID_OPERATION; 1523 } 1524 ALOGE("%s: %s", __FUNCTION__, msg.string()); 1525 return STATUS_ERROR(errorCode, msg.string()); 1526 } 1527 1528 { 1529 // update the link to client's death 1530 Mutex::Autolock al(mTorchClientMapMutex); 1531 ssize_t index = mTorchClientMap.indexOfKey(id); 1532 if (enabled) { 1533 if (index == NAME_NOT_FOUND) { 1534 mTorchClientMap.add(id, clientBinder); 1535 } else { 1536 mTorchClientMap.valueAt(index)->unlinkToDeath(this); 1537 mTorchClientMap.replaceValueAt(index, clientBinder); 1538 } 1539 clientBinder->linkToDeath(this); 1540 } else if (index != NAME_NOT_FOUND) { 1541 mTorchClientMap.valueAt(index)->unlinkToDeath(this); 1542 } 1543 } 1544 1545 return Status::ok(); 1546} 1547 1548Status CameraService::notifySystemEvent(int32_t eventId, 1549 const std::vector<int32_t>& args) { 1550 ATRACE_CALL(); 1551 1552 switch(eventId) { 1553 case ICameraService::EVENT_USER_SWITCHED: { 1554 doUserSwitch(/*newUserIds*/ args); 1555 break; 1556 } 1557 case ICameraService::EVENT_NONE: 1558 default: { 1559 ALOGW("%s: Received invalid system event from system_server: %d", __FUNCTION__, 1560 eventId); 1561 break; 1562 } 1563 } 1564 return Status::ok(); 1565} 1566 1567Status CameraService::addListener(const sp<ICameraServiceListener>& listener, 1568 /*out*/ 1569 std::vector<hardware::CameraStatus> *cameraStatuses) { 1570 ATRACE_CALL(); 1571 1572 ALOGV("%s: Add listener %p", __FUNCTION__, listener.get()); 1573 1574 if (listener == nullptr) { 1575 ALOGE("%s: Listener must not be null", __FUNCTION__); 1576 return STATUS_ERROR(ERROR_ILLEGAL_ARGUMENT, "Null listener given to addListener"); 1577 } 1578 1579 Mutex::Autolock lock(mServiceLock); 1580 1581 { 1582 Mutex::Autolock lock(mStatusListenerLock); 1583 for (auto& it : mListenerList) { 1584 if (IInterface::asBinder(it) == IInterface::asBinder(listener)) { 1585 ALOGW("%s: Tried to add listener %p which was already subscribed", 1586 __FUNCTION__, listener.get()); 1587 return STATUS_ERROR(ERROR_ALREADY_EXISTS, "Listener already registered"); 1588 } 1589 } 1590 1591 mListenerList.push_back(listener); 1592 } 1593 1594 /* Collect current devices and status */ 1595 { 1596 Mutex::Autolock lock(mCameraStatesLock); 1597 for (auto& i : mCameraStates) { 1598 cameraStatuses->emplace_back(i.first, mapToInterface(i.second->getStatus())); 1599 } 1600 } 1601 1602 /* 1603 * Immediately signal current torch status to this listener only 1604 * This may be a subset of all the devices, so don't include it in the response directly 1605 */ 1606 { 1607 Mutex::Autolock al(mTorchStatusMutex); 1608 for (size_t i = 0; i < mTorchStatusMap.size(); i++ ) { 1609 String16 id = String16(mTorchStatusMap.keyAt(i).string()); 1610 listener->onTorchStatusChanged(mapToInterface(mTorchStatusMap.valueAt(i)), id); 1611 } 1612 } 1613 1614 return Status::ok(); 1615} 1616 1617Status CameraService::removeListener(const sp<ICameraServiceListener>& listener) { 1618 ATRACE_CALL(); 1619 1620 ALOGV("%s: Remove listener %p", __FUNCTION__, listener.get()); 1621 1622 if (listener == 0) { 1623 ALOGE("%s: Listener must not be null", __FUNCTION__); 1624 return STATUS_ERROR(ERROR_ILLEGAL_ARGUMENT, "Null listener given to removeListener"); 1625 } 1626 1627 Mutex::Autolock lock(mServiceLock); 1628 1629 { 1630 Mutex::Autolock lock(mStatusListenerLock); 1631 for (auto it = mListenerList.begin(); it != mListenerList.end(); it++) { 1632 if (IInterface::asBinder(*it) == IInterface::asBinder(listener)) { 1633 mListenerList.erase(it); 1634 return Status::ok(); 1635 } 1636 } 1637 } 1638 1639 ALOGW("%s: Tried to remove a listener %p which was not subscribed", 1640 __FUNCTION__, listener.get()); 1641 1642 return STATUS_ERROR(ERROR_ILLEGAL_ARGUMENT, "Unregistered listener given to removeListener"); 1643} 1644 1645Status CameraService::getLegacyParameters(int cameraId, /*out*/String16* parameters) { 1646 1647 ATRACE_CALL(); 1648 ALOGV("%s: for camera ID = %d", __FUNCTION__, cameraId); 1649 1650 if (parameters == NULL) { 1651 ALOGE("%s: parameters must not be null", __FUNCTION__); 1652 return STATUS_ERROR(ERROR_ILLEGAL_ARGUMENT, "Parameters must not be null"); 1653 } 1654 1655 Status ret = Status::ok(); 1656 1657 CameraParameters shimParams; 1658 if (!(ret = getLegacyParametersLazy(cameraId, /*out*/&shimParams)).isOk()) { 1659 // Error logged by caller 1660 return ret; 1661 } 1662 1663 String8 shimParamsString8 = shimParams.flatten(); 1664 String16 shimParamsString16 = String16(shimParamsString8); 1665 1666 *parameters = shimParamsString16; 1667 1668 return ret; 1669} 1670 1671Status CameraService::supportsCameraApi(const String16& cameraId, int apiVersion, 1672 /*out*/ bool *isSupported) { 1673 ATRACE_CALL(); 1674 1675 const String8 id = String8(cameraId); 1676 1677 ALOGV("%s: for camera ID = %s", __FUNCTION__, id.string()); 1678 1679 switch (apiVersion) { 1680 case API_VERSION_1: 1681 case API_VERSION_2: 1682 break; 1683 default: 1684 String8 msg = String8::format("Unknown API version %d", apiVersion); 1685 ALOGE("%s: %s", __FUNCTION__, msg.string()); 1686 return STATUS_ERROR(ERROR_ILLEGAL_ARGUMENT, msg.string()); 1687 } 1688 1689 int deviceVersion = getDeviceVersion(id); 1690 switch(deviceVersion) { 1691 case CAMERA_DEVICE_API_VERSION_1_0: 1692 case CAMERA_DEVICE_API_VERSION_3_0: 1693 case CAMERA_DEVICE_API_VERSION_3_1: 1694 if (apiVersion == API_VERSION_2) { 1695 ALOGV("%s: Camera id %s uses HAL version %d <3.2, doesn't support api2 without shim", 1696 __FUNCTION__, id.string(), deviceVersion); 1697 *isSupported = false; 1698 } else { // if (apiVersion == API_VERSION_1) { 1699 ALOGV("%s: Camera id %s uses older HAL before 3.2, but api1 is always supported", 1700 __FUNCTION__, id.string()); 1701 *isSupported = true; 1702 } 1703 break; 1704 case CAMERA_DEVICE_API_VERSION_3_2: 1705 case CAMERA_DEVICE_API_VERSION_3_3: 1706 case CAMERA_DEVICE_API_VERSION_3_4: 1707 ALOGV("%s: Camera id %s uses HAL3.2 or newer, supports api1/api2 directly", 1708 __FUNCTION__, id.string()); 1709 *isSupported = true; 1710 break; 1711 case -1: { 1712 String8 msg = String8::format("Unknown camera ID %s", id.string()); 1713 ALOGE("%s: %s", __FUNCTION__, msg.string()); 1714 return STATUS_ERROR(ERROR_ILLEGAL_ARGUMENT, msg.string()); 1715 } 1716 default: { 1717 String8 msg = String8::format("Unknown device version %x for device %s", 1718 deviceVersion, id.string()); 1719 ALOGE("%s: %s", __FUNCTION__, msg.string()); 1720 return STATUS_ERROR(ERROR_INVALID_OPERATION, msg.string()); 1721 } 1722 } 1723 1724 return Status::ok(); 1725} 1726 1727void CameraService::removeByClient(const BasicClient* client) { 1728 Mutex::Autolock lock(mServiceLock); 1729 for (auto& i : mActiveClientManager.getAll()) { 1730 auto clientSp = i->getValue(); 1731 if (clientSp.get() == client) { 1732 mActiveClientManager.remove(i); 1733 } 1734 } 1735} 1736 1737bool CameraService::evictClientIdByRemote(const wp<IBinder>& remote) { 1738 const int callingPid = getCallingPid(); 1739 const int servicePid = getpid(); 1740 bool ret = false; 1741 { 1742 // Acquire mServiceLock and prevent other clients from connecting 1743 std::unique_ptr<AutoConditionLock> lock = 1744 AutoConditionLock::waitAndAcquire(mServiceLockWrapper); 1745 1746 1747 std::vector<sp<BasicClient>> evicted; 1748 for (auto& i : mActiveClientManager.getAll()) { 1749 auto clientSp = i->getValue(); 1750 if (clientSp.get() == nullptr) { 1751 ALOGE("%s: Dead client still in mActiveClientManager.", __FUNCTION__); 1752 mActiveClientManager.remove(i); 1753 continue; 1754 } 1755 if (remote == clientSp->getRemote() && (callingPid == servicePid || 1756 callingPid == clientSp->getClientPid())) { 1757 mActiveClientManager.remove(i); 1758 evicted.push_back(clientSp); 1759 1760 // Notify the client of disconnection 1761 clientSp->notifyError( 1762 hardware::camera2::ICameraDeviceCallbacks::ERROR_CAMERA_DISCONNECTED, 1763 CaptureResultExtras()); 1764 } 1765 } 1766 1767 // Do not hold mServiceLock while disconnecting clients, but retain the condition blocking 1768 // other clients from connecting in mServiceLockWrapper if held 1769 mServiceLock.unlock(); 1770 1771 // Do not clear caller identity, remote caller should be client proccess 1772 1773 for (auto& i : evicted) { 1774 if (i.get() != nullptr) { 1775 i->disconnect(); 1776 ret = true; 1777 } 1778 } 1779 1780 // Reacquire mServiceLock 1781 mServiceLock.lock(); 1782 1783 } // lock is destroyed, allow further connect calls 1784 1785 return ret; 1786} 1787 1788std::shared_ptr<CameraService::CameraState> CameraService::getCameraState( 1789 const String8& cameraId) const { 1790 std::shared_ptr<CameraState> state; 1791 { 1792 Mutex::Autolock lock(mCameraStatesLock); 1793 auto iter = mCameraStates.find(cameraId); 1794 if (iter != mCameraStates.end()) { 1795 state = iter->second; 1796 } 1797 } 1798 return state; 1799} 1800 1801sp<CameraService::BasicClient> CameraService::removeClientLocked(const String8& cameraId) { 1802 // Remove from active clients list 1803 auto clientDescriptorPtr = mActiveClientManager.remove(cameraId); 1804 if (clientDescriptorPtr == nullptr) { 1805 ALOGW("%s: Could not evict client, no client for camera ID %s", __FUNCTION__, 1806 cameraId.string()); 1807 return sp<BasicClient>{nullptr}; 1808 } 1809 1810 return clientDescriptorPtr->getValue(); 1811} 1812 1813void CameraService::doUserSwitch(const std::vector<int32_t>& newUserIds) { 1814 // Acquire mServiceLock and prevent other clients from connecting 1815 std::unique_ptr<AutoConditionLock> lock = 1816 AutoConditionLock::waitAndAcquire(mServiceLockWrapper); 1817 1818 std::set<userid_t> newAllowedUsers; 1819 for (size_t i = 0; i < newUserIds.size(); i++) { 1820 if (newUserIds[i] < 0) { 1821 ALOGE("%s: Bad user ID %d given during user switch, ignoring.", 1822 __FUNCTION__, newUserIds[i]); 1823 return; 1824 } 1825 newAllowedUsers.insert(static_cast<userid_t>(newUserIds[i])); 1826 } 1827 1828 1829 if (newAllowedUsers == mAllowedUsers) { 1830 ALOGW("%s: Received notification of user switch with no updated user IDs.", __FUNCTION__); 1831 return; 1832 } 1833 1834 logUserSwitch(mAllowedUsers, newAllowedUsers); 1835 1836 mAllowedUsers = std::move(newAllowedUsers); 1837 1838 // Current user has switched, evict all current clients. 1839 std::vector<sp<BasicClient>> evicted; 1840 for (auto& i : mActiveClientManager.getAll()) { 1841 auto clientSp = i->getValue(); 1842 1843 if (clientSp.get() == nullptr) { 1844 ALOGE("%s: Dead client still in mActiveClientManager.", __FUNCTION__); 1845 continue; 1846 } 1847 1848 // Don't evict clients that are still allowed. 1849 uid_t clientUid = clientSp->getClientUid(); 1850 userid_t clientUserId = multiuser_get_user_id(clientUid); 1851 if (mAllowedUsers.find(clientUserId) != mAllowedUsers.end()) { 1852 continue; 1853 } 1854 1855 evicted.push_back(clientSp); 1856 1857 String8 curTime = getFormattedCurrentTime(); 1858 1859 ALOGE("Evicting conflicting client for camera ID %s due to user change", 1860 i->getKey().string()); 1861 1862 // Log the clients evicted 1863 logEvent(String8::format("EVICT device %s client held by package %s (PID %" 1864 PRId32 ", score %" PRId32 ", state %" PRId32 ")\n - Evicted due" 1865 " to user switch.", i->getKey().string(), 1866 String8{clientSp->getPackageName()}.string(), 1867 i->getOwnerId(), i->getPriority().getScore(), 1868 i->getPriority().getState())); 1869 1870 } 1871 1872 // Do not hold mServiceLock while disconnecting clients, but retain the condition 1873 // blocking other clients from connecting in mServiceLockWrapper if held. 1874 mServiceLock.unlock(); 1875 1876 // Clear caller identity temporarily so client disconnect PID checks work correctly 1877 int64_t token = IPCThreadState::self()->clearCallingIdentity(); 1878 1879 for (auto& i : evicted) { 1880 i->disconnect(); 1881 } 1882 1883 IPCThreadState::self()->restoreCallingIdentity(token); 1884 1885 // Reacquire mServiceLock 1886 mServiceLock.lock(); 1887} 1888 1889void CameraService::logEvent(const char* event) { 1890 String8 curTime = getFormattedCurrentTime(); 1891 Mutex::Autolock l(mLogLock); 1892 mEventLog.add(String8::format("%s : %s", curTime.string(), event)); 1893} 1894 1895void CameraService::logDisconnected(const char* cameraId, int clientPid, 1896 const char* clientPackage) { 1897 // Log the clients evicted 1898 logEvent(String8::format("DISCONNECT device %s client for package %s (PID %d)", cameraId, 1899 clientPackage, clientPid)); 1900} 1901 1902void CameraService::logConnected(const char* cameraId, int clientPid, 1903 const char* clientPackage) { 1904 // Log the clients evicted 1905 logEvent(String8::format("CONNECT device %s client for package %s (PID %d)", cameraId, 1906 clientPackage, clientPid)); 1907} 1908 1909void CameraService::logRejected(const char* cameraId, int clientPid, 1910 const char* clientPackage, const char* reason) { 1911 // Log the client rejected 1912 logEvent(String8::format("REJECT device %s client for package %s (PID %d), reason: (%s)", 1913 cameraId, clientPackage, clientPid, reason)); 1914} 1915 1916void CameraService::logUserSwitch(const std::set<userid_t>& oldUserIds, 1917 const std::set<userid_t>& newUserIds) { 1918 String8 newUsers = toString(newUserIds); 1919 String8 oldUsers = toString(oldUserIds); 1920 if (oldUsers.size() == 0) { 1921 oldUsers = "<None>"; 1922 } 1923 // Log the new and old users 1924 logEvent(String8::format("USER_SWITCH previous allowed user IDs: %s, current allowed user IDs: %s", 1925 oldUsers.string(), newUsers.string())); 1926} 1927 1928void CameraService::logDeviceRemoved(const char* cameraId, const char* reason) { 1929 // Log the device removal 1930 logEvent(String8::format("REMOVE device %s, reason: (%s)", cameraId, reason)); 1931} 1932 1933void CameraService::logDeviceAdded(const char* cameraId, const char* reason) { 1934 // Log the device removal 1935 logEvent(String8::format("ADD device %s, reason: (%s)", cameraId, reason)); 1936} 1937 1938void CameraService::logClientDied(int clientPid, const char* reason) { 1939 // Log the device removal 1940 logEvent(String8::format("DIED client(s) with PID %d, reason: (%s)", clientPid, reason)); 1941} 1942 1943void CameraService::logServiceError(const char* msg, int errorCode) { 1944 String8 curTime = getFormattedCurrentTime(); 1945 logEvent(String8::format("SERVICE ERROR: %s : %d (%s)", msg, errorCode, strerror(-errorCode))); 1946} 1947 1948status_t CameraService::onTransact(uint32_t code, const Parcel& data, Parcel* reply, 1949 uint32_t flags) { 1950 1951 const int pid = getCallingPid(); 1952 const int selfPid = getpid(); 1953 1954 // Permission checks 1955 switch (code) { 1956 case BnCameraService::NOTIFYSYSTEMEVENT: { 1957 if (pid != selfPid) { 1958 // Ensure we're being called by system_server, or similar process with 1959 // permissions to notify the camera service about system events 1960 if (!checkCallingPermission( 1961 String16("android.permission.CAMERA_SEND_SYSTEM_EVENTS"))) { 1962 const int uid = getCallingUid(); 1963 ALOGE("Permission Denial: cannot send updates to camera service about system" 1964 " events from pid=%d, uid=%d", pid, uid); 1965 return PERMISSION_DENIED; 1966 } 1967 } 1968 break; 1969 } 1970 } 1971 1972 return BnCameraService::onTransact(code, data, reply, flags); 1973} 1974 1975// We share the media players for shutter and recording sound for all clients. 1976// A reference count is kept to determine when we will actually release the 1977// media players. 1978 1979MediaPlayer* CameraService::newMediaPlayer(const char *file) { 1980 MediaPlayer* mp = new MediaPlayer(); 1981 if (mp->setDataSource(NULL /* httpService */, file, NULL) == NO_ERROR) { 1982 mp->setAudioStreamType(AUDIO_STREAM_ENFORCED_AUDIBLE); 1983 mp->prepare(); 1984 } else { 1985 ALOGE("Failed to load CameraService sounds: %s", file); 1986 return NULL; 1987 } 1988 return mp; 1989} 1990 1991void CameraService::loadSound() { 1992 ATRACE_CALL(); 1993 1994 Mutex::Autolock lock(mSoundLock); 1995 LOG1("CameraService::loadSound ref=%d", mSoundRef); 1996 if (mSoundRef++) return; 1997 1998 mSoundPlayer[SOUND_SHUTTER] = newMediaPlayer("/system/media/audio/ui/camera_click.ogg"); 1999 mSoundPlayer[SOUND_RECORDING_START] = newMediaPlayer("/system/media/audio/ui/VideoRecord.ogg"); 2000 mSoundPlayer[SOUND_RECORDING_STOP] = newMediaPlayer("/system/media/audio/ui/VideoStop.ogg"); 2001} 2002 2003void CameraService::releaseSound() { 2004 Mutex::Autolock lock(mSoundLock); 2005 LOG1("CameraService::releaseSound ref=%d", mSoundRef); 2006 if (--mSoundRef) return; 2007 2008 for (int i = 0; i < NUM_SOUNDS; i++) { 2009 if (mSoundPlayer[i] != 0) { 2010 mSoundPlayer[i]->disconnect(); 2011 mSoundPlayer[i].clear(); 2012 } 2013 } 2014} 2015 2016void CameraService::playSound(sound_kind kind) { 2017 ATRACE_CALL(); 2018 2019 LOG1("playSound(%d)", kind); 2020 Mutex::Autolock lock(mSoundLock); 2021 sp<MediaPlayer> player = mSoundPlayer[kind]; 2022 if (player != 0) { 2023 player->seekTo(0); 2024 player->start(); 2025 } 2026} 2027 2028// ---------------------------------------------------------------------------- 2029 2030CameraService::Client::Client(const sp<CameraService>& cameraService, 2031 const sp<ICameraClient>& cameraClient, 2032 const String16& clientPackageName, 2033 const String8& cameraIdStr, int cameraFacing, 2034 int clientPid, uid_t clientUid, 2035 int servicePid) : 2036 CameraService::BasicClient(cameraService, 2037 IInterface::asBinder(cameraClient), 2038 clientPackageName, 2039 cameraIdStr, cameraFacing, 2040 clientPid, clientUid, 2041 servicePid), 2042 mCameraId(CameraService::cameraIdToInt(cameraIdStr)) 2043{ 2044 int callingPid = getCallingPid(); 2045 LOG1("Client::Client E (pid %d, id %d)", callingPid, mCameraId); 2046 2047 mRemoteCallback = cameraClient; 2048 2049 cameraService->loadSound(); 2050 2051 LOG1("Client::Client X (pid %d, id %d)", callingPid, mCameraId); 2052} 2053 2054// tear down the client 2055CameraService::Client::~Client() { 2056 ALOGV("~Client"); 2057 mDestructionStarted = true; 2058 2059 sCameraService->releaseSound(); 2060 // unconditionally disconnect. function is idempotent 2061 Client::disconnect(); 2062} 2063 2064sp<CameraService> CameraService::BasicClient::BasicClient::sCameraService; 2065 2066CameraService::BasicClient::BasicClient(const sp<CameraService>& cameraService, 2067 const sp<IBinder>& remoteCallback, 2068 const String16& clientPackageName, 2069 const String8& cameraIdStr, int cameraFacing, 2070 int clientPid, uid_t clientUid, 2071 int servicePid): 2072 mCameraIdStr(cameraIdStr), mCameraFacing(cameraFacing), 2073 mClientPackageName(clientPackageName), mClientPid(clientPid), mClientUid(clientUid), 2074 mServicePid(servicePid), 2075 mDisconnected(false), 2076 mRemoteBinder(remoteCallback) 2077{ 2078 if (sCameraService == nullptr) { 2079 sCameraService = cameraService; 2080 } 2081 mOpsActive = false; 2082 mDestructionStarted = false; 2083 2084 // In some cases the calling code has no access to the package it runs under. 2085 // For example, NDK camera API. 2086 // In this case we will get the packages for the calling UID and pick the first one 2087 // for attributing the app op. This will work correctly for runtime permissions 2088 // as for legacy apps we will toggle the app op for all packages in the UID. 2089 // The caveat is that the operation may be attributed to the wrong package and 2090 // stats based on app ops may be slightly off. 2091 if (mClientPackageName.size() <= 0) { 2092 sp<IServiceManager> sm = defaultServiceManager(); 2093 sp<IBinder> binder = sm->getService(String16(kPermissionServiceName)); 2094 if (binder == 0) { 2095 ALOGE("Cannot get permission service"); 2096 // Leave mClientPackageName unchanged (empty) and the further interaction 2097 // with camera will fail in BasicClient::startCameraOps 2098 return; 2099 } 2100 2101 sp<IPermissionController> permCtrl = interface_cast<IPermissionController>(binder); 2102 Vector<String16> packages; 2103 2104 permCtrl->getPackagesForUid(mClientUid, packages); 2105 2106 if (packages.isEmpty()) { 2107 ALOGE("No packages for calling UID"); 2108 // Leave mClientPackageName unchanged (empty) and the further interaction 2109 // with camera will fail in BasicClient::startCameraOps 2110 return; 2111 } 2112 mClientPackageName = packages[0]; 2113 } 2114} 2115 2116CameraService::BasicClient::~BasicClient() { 2117 ALOGV("~BasicClient"); 2118 mDestructionStarted = true; 2119} 2120 2121binder::Status CameraService::BasicClient::disconnect() { 2122 binder::Status res = Status::ok(); 2123 if (mDisconnected) { 2124 return res; 2125 } 2126 mDisconnected = true; 2127 2128 sCameraService->removeByClient(this); 2129 sCameraService->logDisconnected(mCameraIdStr, mClientPid, 2130 String8(mClientPackageName)); 2131 2132 sp<IBinder> remote = getRemote(); 2133 if (remote != nullptr) { 2134 remote->unlinkToDeath(sCameraService); 2135 } 2136 2137 finishCameraOps(); 2138 // Notify flashlight that a camera device is closed. 2139 sCameraService->mFlashlight->deviceClosed(mCameraIdStr); 2140 ALOGI("%s: Disconnected client for camera %s for PID %d", __FUNCTION__, mCameraIdStr.string(), 2141 mClientPid); 2142 2143 // client shouldn't be able to call into us anymore 2144 mClientPid = 0; 2145 2146 return res; 2147} 2148 2149status_t CameraService::BasicClient::dump(int, const Vector<String16>&) { 2150 // No dumping of clients directly over Binder, 2151 // must go through CameraService::dump 2152 android_errorWriteWithInfoLog(SN_EVENT_LOG_ID, "26265403", 2153 IPCThreadState::self()->getCallingUid(), NULL, 0); 2154 return OK; 2155} 2156 2157String16 CameraService::BasicClient::getPackageName() const { 2158 return mClientPackageName; 2159} 2160 2161 2162int CameraService::BasicClient::getClientPid() const { 2163 return mClientPid; 2164} 2165 2166uid_t CameraService::BasicClient::getClientUid() const { 2167 return mClientUid; 2168} 2169 2170bool CameraService::BasicClient::canCastToApiClient(apiLevel level) const { 2171 // Defaults to API2. 2172 return level == API_2; 2173} 2174 2175status_t CameraService::BasicClient::startCameraOps() { 2176 ATRACE_CALL(); 2177 2178 int32_t res; 2179 // Notify app ops that the camera is not available 2180 mOpsCallback = new OpsCallback(this); 2181 2182 { 2183 ALOGV("%s: Start camera ops, package name = %s, client UID = %d", 2184 __FUNCTION__, String8(mClientPackageName).string(), mClientUid); 2185 } 2186 2187 mAppOpsManager.startWatchingMode(AppOpsManager::OP_CAMERA, 2188 mClientPackageName, mOpsCallback); 2189 res = mAppOpsManager.startOp(AppOpsManager::OP_CAMERA, 2190 mClientUid, mClientPackageName); 2191 2192 if (res == AppOpsManager::MODE_ERRORED) { 2193 ALOGI("Camera %s: Access for \"%s\" has been revoked", 2194 mCameraIdStr.string(), String8(mClientPackageName).string()); 2195 return PERMISSION_DENIED; 2196 } 2197 2198 if (res == AppOpsManager::MODE_IGNORED) { 2199 ALOGI("Camera %s: Access for \"%s\" has been restricted", 2200 mCameraIdStr.string(), String8(mClientPackageName).string()); 2201 // Return the same error as for device policy manager rejection 2202 return -EACCES; 2203 } 2204 2205 mOpsActive = true; 2206 2207 // Transition device availability listeners from PRESENT -> NOT_AVAILABLE 2208 sCameraService->updateStatus(StatusInternal::NOT_AVAILABLE, mCameraIdStr); 2209 2210 // Transition device state to OPEN 2211 sCameraService->updateProxyDeviceState(ICameraServiceProxy::CAMERA_STATE_OPEN, 2212 mCameraIdStr); 2213 2214 return OK; 2215} 2216 2217status_t CameraService::BasicClient::finishCameraOps() { 2218 ATRACE_CALL(); 2219 2220 // Check if startCameraOps succeeded, and if so, finish the camera op 2221 if (mOpsActive) { 2222 // Notify app ops that the camera is available again 2223 mAppOpsManager.finishOp(AppOpsManager::OP_CAMERA, mClientUid, 2224 mClientPackageName); 2225 mOpsActive = false; 2226 2227 std::initializer_list<StatusInternal> rejected = {StatusInternal::PRESENT, 2228 StatusInternal::ENUMERATING}; 2229 2230 // Transition to PRESENT if the camera is not in either of the rejected states 2231 sCameraService->updateStatus(StatusInternal::PRESENT, 2232 mCameraIdStr, rejected); 2233 2234 // Transition device state to CLOSED 2235 sCameraService->updateProxyDeviceState(ICameraServiceProxy::CAMERA_STATE_CLOSED, 2236 mCameraIdStr); 2237 } 2238 // Always stop watching, even if no camera op is active 2239 if (mOpsCallback != NULL) { 2240 mAppOpsManager.stopWatchingMode(mOpsCallback); 2241 } 2242 mOpsCallback.clear(); 2243 2244 return OK; 2245} 2246 2247void CameraService::BasicClient::opChanged(int32_t op, const String16& packageName) { 2248 ATRACE_CALL(); 2249 2250 String8 name(packageName); 2251 String8 myName(mClientPackageName); 2252 2253 if (op != AppOpsManager::OP_CAMERA) { 2254 ALOGW("Unexpected app ops notification received: %d", op); 2255 return; 2256 } 2257 2258 int32_t res; 2259 res = mAppOpsManager.checkOp(AppOpsManager::OP_CAMERA, 2260 mClientUid, mClientPackageName); 2261 ALOGV("checkOp returns: %d, %s ", res, 2262 res == AppOpsManager::MODE_ALLOWED ? "ALLOWED" : 2263 res == AppOpsManager::MODE_IGNORED ? "IGNORED" : 2264 res == AppOpsManager::MODE_ERRORED ? "ERRORED" : 2265 "UNKNOWN"); 2266 2267 if (res != AppOpsManager::MODE_ALLOWED) { 2268 ALOGI("Camera %s: Access for \"%s\" revoked", mCameraIdStr.string(), 2269 myName.string()); 2270 // Reset the client PID to allow server-initiated disconnect, 2271 // and to prevent further calls by client. 2272 mClientPid = getCallingPid(); 2273 CaptureResultExtras resultExtras; // a dummy result (invalid) 2274 notifyError(hardware::camera2::ICameraDeviceCallbacks::ERROR_CAMERA_SERVICE, resultExtras); 2275 disconnect(); 2276 } 2277} 2278 2279// ---------------------------------------------------------------------------- 2280 2281void CameraService::Client::notifyError(int32_t errorCode, 2282 const CaptureResultExtras& resultExtras) { 2283 (void) errorCode; 2284 (void) resultExtras; 2285 if (mRemoteCallback != NULL) { 2286 mRemoteCallback->notifyCallback(CAMERA_MSG_ERROR, CAMERA_ERROR_RELEASED, 0); 2287 } else { 2288 ALOGE("mRemoteCallback is NULL!!"); 2289 } 2290} 2291 2292// NOTE: function is idempotent 2293binder::Status CameraService::Client::disconnect() { 2294 ALOGV("Client::disconnect"); 2295 return BasicClient::disconnect(); 2296} 2297 2298bool CameraService::Client::canCastToApiClient(apiLevel level) const { 2299 return level == API_1; 2300} 2301 2302CameraService::Client::OpsCallback::OpsCallback(wp<BasicClient> client): 2303 mClient(client) { 2304} 2305 2306void CameraService::Client::OpsCallback::opChanged(int32_t op, 2307 const String16& packageName) { 2308 sp<BasicClient> client = mClient.promote(); 2309 if (client != NULL) { 2310 client->opChanged(op, packageName); 2311 } 2312} 2313 2314// ---------------------------------------------------------------------------- 2315// CameraState 2316// ---------------------------------------------------------------------------- 2317 2318CameraService::CameraState::CameraState(const String8& id, int cost, 2319 const std::set<String8>& conflicting) : mId(id), 2320 mStatus(StatusInternal::PRESENT), mCost(cost), mConflicting(conflicting) {} 2321 2322CameraService::CameraState::~CameraState() {} 2323 2324CameraService::StatusInternal CameraService::CameraState::getStatus() const { 2325 Mutex::Autolock lock(mStatusLock); 2326 return mStatus; 2327} 2328 2329CameraParameters CameraService::CameraState::getShimParams() const { 2330 return mShimParams; 2331} 2332 2333void CameraService::CameraState::setShimParams(const CameraParameters& params) { 2334 mShimParams = params; 2335} 2336 2337int CameraService::CameraState::getCost() const { 2338 return mCost; 2339} 2340 2341std::set<String8> CameraService::CameraState::getConflicting() const { 2342 return mConflicting; 2343} 2344 2345String8 CameraService::CameraState::getId() const { 2346 return mId; 2347} 2348 2349// ---------------------------------------------------------------------------- 2350// ClientEventListener 2351// ---------------------------------------------------------------------------- 2352 2353void CameraService::ClientEventListener::onClientAdded( 2354 const resource_policy::ClientDescriptor<String8, 2355 sp<CameraService::BasicClient>>& descriptor) { 2356 const auto& basicClient = descriptor.getValue(); 2357 if (basicClient.get() != nullptr) { 2358 BatteryNotifier& notifier(BatteryNotifier::getInstance()); 2359 notifier.noteStartCamera(descriptor.getKey(), 2360 static_cast<int>(basicClient->getClientUid())); 2361 } 2362} 2363 2364void CameraService::ClientEventListener::onClientRemoved( 2365 const resource_policy::ClientDescriptor<String8, 2366 sp<CameraService::BasicClient>>& descriptor) { 2367 const auto& basicClient = descriptor.getValue(); 2368 if (basicClient.get() != nullptr) { 2369 BatteryNotifier& notifier(BatteryNotifier::getInstance()); 2370 notifier.noteStopCamera(descriptor.getKey(), 2371 static_cast<int>(basicClient->getClientUid())); 2372 } 2373} 2374 2375 2376// ---------------------------------------------------------------------------- 2377// CameraClientManager 2378// ---------------------------------------------------------------------------- 2379 2380CameraService::CameraClientManager::CameraClientManager() { 2381 setListener(std::make_shared<ClientEventListener>()); 2382} 2383 2384CameraService::CameraClientManager::~CameraClientManager() {} 2385 2386sp<CameraService::BasicClient> CameraService::CameraClientManager::getCameraClient( 2387 const String8& id) const { 2388 auto descriptor = get(id); 2389 if (descriptor == nullptr) { 2390 return sp<BasicClient>{nullptr}; 2391 } 2392 return descriptor->getValue(); 2393} 2394 2395String8 CameraService::CameraClientManager::toString() const { 2396 auto all = getAll(); 2397 String8 ret("["); 2398 bool hasAny = false; 2399 for (auto& i : all) { 2400 hasAny = true; 2401 String8 key = i->getKey(); 2402 int32_t cost = i->getCost(); 2403 int32_t pid = i->getOwnerId(); 2404 int32_t score = i->getPriority().getScore(); 2405 int32_t state = i->getPriority().getState(); 2406 auto conflicting = i->getConflicting(); 2407 auto clientSp = i->getValue(); 2408 String8 packageName; 2409 userid_t clientUserId = 0; 2410 if (clientSp.get() != nullptr) { 2411 packageName = String8{clientSp->getPackageName()}; 2412 uid_t clientUid = clientSp->getClientUid(); 2413 clientUserId = multiuser_get_user_id(clientUid); 2414 } 2415 ret.appendFormat("\n(Camera ID: %s, Cost: %" PRId32 ", PID: %" PRId32 ", Score: %" 2416 PRId32 ", State: %" PRId32, key.string(), cost, pid, score, state); 2417 2418 if (clientSp.get() != nullptr) { 2419 ret.appendFormat("User Id: %d, ", clientUserId); 2420 } 2421 if (packageName.size() != 0) { 2422 ret.appendFormat("Client Package Name: %s", packageName.string()); 2423 } 2424 2425 ret.append(", Conflicting Client Devices: {"); 2426 for (auto& j : conflicting) { 2427 ret.appendFormat("%s, ", j.string()); 2428 } 2429 ret.append("})"); 2430 } 2431 if (hasAny) ret.append("\n"); 2432 ret.append("]\n"); 2433 return ret; 2434} 2435 2436CameraService::DescriptorPtr CameraService::CameraClientManager::makeClientDescriptor( 2437 const String8& key, const sp<BasicClient>& value, int32_t cost, 2438 const std::set<String8>& conflictingKeys, int32_t score, int32_t ownerId, 2439 int32_t state) { 2440 2441 return std::make_shared<resource_policy::ClientDescriptor<String8, sp<BasicClient>>>( 2442 key, value, cost, conflictingKeys, score, ownerId, state); 2443} 2444 2445CameraService::DescriptorPtr CameraService::CameraClientManager::makeClientDescriptor( 2446 const sp<BasicClient>& value, const CameraService::DescriptorPtr& partial) { 2447 return makeClientDescriptor(partial->getKey(), value, partial->getCost(), 2448 partial->getConflicting(), partial->getPriority().getScore(), 2449 partial->getOwnerId(), partial->getPriority().getState()); 2450} 2451 2452// ---------------------------------------------------------------------------- 2453 2454static const int kDumpLockRetries = 50; 2455static const int kDumpLockSleep = 60000; 2456 2457static bool tryLock(Mutex& mutex) 2458{ 2459 bool locked = false; 2460 for (int i = 0; i < kDumpLockRetries; ++i) { 2461 if (mutex.tryLock() == NO_ERROR) { 2462 locked = true; 2463 break; 2464 } 2465 usleep(kDumpLockSleep); 2466 } 2467 return locked; 2468} 2469 2470status_t CameraService::dump(int fd, const Vector<String16>& args) { 2471 ATRACE_CALL(); 2472 2473 if (checkCallingPermission(String16("android.permission.DUMP")) == false) { 2474 dprintf(fd, "Permission Denial: can't dump CameraService from pid=%d, uid=%d\n", 2475 getCallingPid(), 2476 getCallingUid()); 2477 return NO_ERROR; 2478 } 2479 bool locked = tryLock(mServiceLock); 2480 // failed to lock - CameraService is probably deadlocked 2481 if (!locked) { 2482 dprintf(fd, "!! CameraService may be deadlocked !!\n"); 2483 } 2484 2485 if (!mInitialized) { 2486 dprintf(fd, "!! No camera HAL available !!\n"); 2487 2488 // Dump event log for error information 2489 dumpEventLog(fd); 2490 2491 if (locked) mServiceLock.unlock(); 2492 return NO_ERROR; 2493 } 2494 dprintf(fd, "\n== Service global info: ==\n\n"); 2495 dprintf(fd, "Number of camera devices: %d\n", mNumberOfCameras); 2496 dprintf(fd, "Number of normal camera devices: %d\n", mNumberOfNormalCameras); 2497 String8 activeClientString = mActiveClientManager.toString(); 2498 dprintf(fd, "Active Camera Clients:\n%s", activeClientString.string()); 2499 dprintf(fd, "Allowed user IDs: %s\n", toString(mAllowedUsers).string()); 2500 2501 dumpEventLog(fd); 2502 2503 bool stateLocked = tryLock(mCameraStatesLock); 2504 if (!stateLocked) { 2505 dprintf(fd, "CameraStates in use, may be deadlocked\n"); 2506 } 2507 2508 for (auto& state : mCameraStates) { 2509 String8 cameraId = state.first; 2510 2511 dprintf(fd, "== Camera device %s dynamic info: ==\n", cameraId.string()); 2512 2513 CameraParameters p = state.second->getShimParams(); 2514 if (!p.isEmpty()) { 2515 dprintf(fd, " Camera1 API shim is using parameters:\n "); 2516 p.dump(fd, args); 2517 } 2518 2519 auto clientDescriptor = mActiveClientManager.get(cameraId); 2520 if (clientDescriptor != nullptr) { 2521 dprintf(fd, " Device %s is open. Client instance dump:\n", 2522 cameraId.string()); 2523 dprintf(fd, " Client priority score: %d state: %d\n", 2524 clientDescriptor->getPriority().getScore(), 2525 clientDescriptor->getPriority().getState()); 2526 dprintf(fd, " Client PID: %d\n", clientDescriptor->getOwnerId()); 2527 2528 auto client = clientDescriptor->getValue(); 2529 dprintf(fd, " Client package: %s\n", 2530 String8(client->getPackageName()).string()); 2531 2532 client->dumpClient(fd, args); 2533 } else { 2534 dprintf(fd, " Device %s is closed, no client instance\n", 2535 cameraId.string()); 2536 } 2537 2538 } 2539 2540 if (stateLocked) mCameraStatesLock.unlock(); 2541 2542 if (locked) mServiceLock.unlock(); 2543 2544 mCameraProviderManager->dump(fd, args); 2545 2546 dprintf(fd, "\n== Vendor tags: ==\n\n"); 2547 2548 sp<VendorTagDescriptor> desc = VendorTagDescriptor::getGlobalVendorTagDescriptor(); 2549 if (desc == NULL) { 2550 sp<VendorTagDescriptorCache> cache = 2551 VendorTagDescriptorCache::getGlobalVendorTagCache(); 2552 if (cache == NULL) { 2553 dprintf(fd, "No vendor tags.\n"); 2554 } else { 2555 cache->dump(fd, /*verbosity*/2, /*indentation*/2); 2556 } 2557 } else { 2558 desc->dump(fd, /*verbosity*/2, /*indentation*/2); 2559 } 2560 2561 // Dump camera traces if there were any 2562 dprintf(fd, "\n"); 2563 camera3::CameraTraces::dump(fd, args); 2564 2565 // Process dump arguments, if any 2566 int n = args.size(); 2567 String16 verboseOption("-v"); 2568 String16 unreachableOption("--unreachable"); 2569 for (int i = 0; i < n; i++) { 2570 if (args[i] == verboseOption) { 2571 // change logging level 2572 if (i + 1 >= n) continue; 2573 String8 levelStr(args[i+1]); 2574 int level = atoi(levelStr.string()); 2575 dprintf(fd, "\nSetting log level to %d.\n", level); 2576 setLogLevel(level); 2577 } else if (args[i] == unreachableOption) { 2578 // Dump memory analysis 2579 // TODO - should limit be an argument parameter? 2580 UnreachableMemoryInfo info; 2581 bool success = GetUnreachableMemory(info, /*limit*/ 10000); 2582 if (!success) { 2583 dprintf(fd, "\n== Unable to dump unreachable memory. " 2584 "Try disabling SELinux enforcement. ==\n"); 2585 } else { 2586 dprintf(fd, "\n== Dumping unreachable memory: ==\n"); 2587 std::string s = info.ToString(/*log_contents*/ true); 2588 write(fd, s.c_str(), s.size()); 2589 } 2590 } 2591 } 2592 return NO_ERROR; 2593} 2594 2595void CameraService::dumpEventLog(int fd) { 2596 dprintf(fd, "\n== Camera service events log (most recent at top): ==\n"); 2597 2598 Mutex::Autolock l(mLogLock); 2599 for (const auto& msg : mEventLog) { 2600 dprintf(fd, " %s\n", msg.string()); 2601 } 2602 2603 if (mEventLog.size() == DEFAULT_EVENT_LOG_LENGTH) { 2604 dprintf(fd, " ...\n"); 2605 } else if (mEventLog.size() == 0) { 2606 dprintf(fd, " [no events yet]\n"); 2607 } 2608 dprintf(fd, "\n"); 2609} 2610 2611void CameraService::handleTorchClientBinderDied(const wp<IBinder> &who) { 2612 Mutex::Autolock al(mTorchClientMapMutex); 2613 for (size_t i = 0; i < mTorchClientMap.size(); i++) { 2614 if (mTorchClientMap[i] == who) { 2615 // turn off the torch mode that was turned on by dead client 2616 String8 cameraId = mTorchClientMap.keyAt(i); 2617 status_t res = mFlashlight->setTorchMode(cameraId, false); 2618 if (res) { 2619 ALOGE("%s: torch client died but couldn't turn off torch: " 2620 "%s (%d)", __FUNCTION__, strerror(-res), res); 2621 return; 2622 } 2623 mTorchClientMap.removeItemsAt(i); 2624 break; 2625 } 2626 } 2627} 2628 2629/*virtual*/void CameraService::binderDied(const wp<IBinder> &who) { 2630 2631 /** 2632 * While tempting to promote the wp<IBinder> into a sp, it's actually not supported by the 2633 * binder driver 2634 */ 2635 2636 logClientDied(getCallingPid(), String8("Binder died unexpectedly")); 2637 2638 // check torch client 2639 handleTorchClientBinderDied(who); 2640 2641 // check camera device client 2642 if(!evictClientIdByRemote(who)) { 2643 ALOGV("%s: Java client's binder death already cleaned up (normal case)", __FUNCTION__); 2644 return; 2645 } 2646 2647 ALOGE("%s: Java client's binder died, removing it from the list of active clients", 2648 __FUNCTION__); 2649} 2650 2651void CameraService::updateStatus(StatusInternal status, const String8& cameraId) { 2652 updateStatus(status, cameraId, {}); 2653} 2654 2655void CameraService::updateStatus(StatusInternal status, const String8& cameraId, 2656 std::initializer_list<StatusInternal> rejectSourceStates) { 2657 // Do not lock mServiceLock here or can get into a deadlock from 2658 // connect() -> disconnect -> updateStatus 2659 2660 auto state = getCameraState(cameraId); 2661 2662 if (state == nullptr) { 2663 ALOGW("%s: Could not update the status for %s, no such device exists", __FUNCTION__, 2664 cameraId.string()); 2665 return; 2666 } 2667 2668 // Update the status for this camera state, then send the onStatusChangedCallbacks to each 2669 // of the listeners with both the mStatusStatus and mStatusListenerLock held 2670 state->updateStatus(status, cameraId, rejectSourceStates, [this] 2671 (const String8& cameraId, StatusInternal status) { 2672 2673 if (status != StatusInternal::ENUMERATING) { 2674 // Update torch status if it has a flash unit. 2675 Mutex::Autolock al(mTorchStatusMutex); 2676 TorchModeStatus torchStatus; 2677 if (getTorchStatusLocked(cameraId, &torchStatus) != 2678 NAME_NOT_FOUND) { 2679 TorchModeStatus newTorchStatus = 2680 status == StatusInternal::PRESENT ? 2681 TorchModeStatus::AVAILABLE_OFF : 2682 TorchModeStatus::NOT_AVAILABLE; 2683 if (torchStatus != newTorchStatus) { 2684 onTorchStatusChangedLocked(cameraId, newTorchStatus); 2685 } 2686 } 2687 } 2688 2689 Mutex::Autolock lock(mStatusListenerLock); 2690 2691 for (auto& listener : mListenerList) { 2692 listener->onStatusChanged(mapToInterface(status), String16(cameraId)); 2693 } 2694 }); 2695} 2696 2697template<class Func> 2698void CameraService::CameraState::updateStatus(StatusInternal status, 2699 const String8& cameraId, 2700 std::initializer_list<StatusInternal> rejectSourceStates, 2701 Func onStatusUpdatedLocked) { 2702 Mutex::Autolock lock(mStatusLock); 2703 StatusInternal oldStatus = mStatus; 2704 mStatus = status; 2705 2706 if (oldStatus == status) { 2707 return; 2708 } 2709 2710 ALOGV("%s: Status has changed for camera ID %s from %#x to %#x", __FUNCTION__, 2711 cameraId.string(), oldStatus, status); 2712 2713 if (oldStatus == StatusInternal::NOT_PRESENT && 2714 (status != StatusInternal::PRESENT && 2715 status != StatusInternal::ENUMERATING)) { 2716 2717 ALOGW("%s: From NOT_PRESENT can only transition into PRESENT or ENUMERATING", 2718 __FUNCTION__); 2719 mStatus = oldStatus; 2720 return; 2721 } 2722 2723 /** 2724 * Sometimes we want to conditionally do a transition. 2725 * For example if a client disconnects, we want to go to PRESENT 2726 * only if we weren't already in NOT_PRESENT or ENUMERATING. 2727 */ 2728 for (auto& rejectStatus : rejectSourceStates) { 2729 if (oldStatus == rejectStatus) { 2730 ALOGV("%s: Rejecting status transition for Camera ID %s, since the source " 2731 "state was was in one of the bad states.", __FUNCTION__, cameraId.string()); 2732 mStatus = oldStatus; 2733 return; 2734 } 2735 } 2736 2737 onStatusUpdatedLocked(cameraId, status); 2738} 2739 2740void CameraService::updateProxyDeviceState(ICameraServiceProxy::CameraState newState, 2741 const String8& cameraId) { 2742 sp<ICameraServiceProxy> proxyBinder = getCameraServiceProxy(); 2743 if (proxyBinder == nullptr) return; 2744 String16 id(cameraId); 2745 proxyBinder->notifyCameraState(id, newState); 2746} 2747 2748status_t CameraService::getTorchStatusLocked( 2749 const String8& cameraId, 2750 TorchModeStatus *status) const { 2751 if (!status) { 2752 return BAD_VALUE; 2753 } 2754 ssize_t index = mTorchStatusMap.indexOfKey(cameraId); 2755 if (index == NAME_NOT_FOUND) { 2756 // invalid camera ID or the camera doesn't have a flash unit 2757 return NAME_NOT_FOUND; 2758 } 2759 2760 *status = mTorchStatusMap.valueAt(index); 2761 return OK; 2762} 2763 2764status_t CameraService::setTorchStatusLocked(const String8& cameraId, 2765 TorchModeStatus status) { 2766 ssize_t index = mTorchStatusMap.indexOfKey(cameraId); 2767 if (index == NAME_NOT_FOUND) { 2768 return BAD_VALUE; 2769 } 2770 mTorchStatusMap.editValueAt(index) = status; 2771 2772 return OK; 2773} 2774 2775}; // namespace android 2776