OS 1.5.0 (Chameleon) release notes

Our OS is a standardized operating system for IP cameras that include a supported system on a chip (SoC). It is based on the Android Open Source Project (AOSP) and has been customized for use in embedded devices by our hardware partners. It includes our APIs and OS components.

Our new release OS 1.5.0 comes with a number of new features, improvements and fixes.

Emulator

Change

• The default RTSP streams are now defined via a device specific configuration file.

UserDb

Change

• Permission OPERATE_ONVIF was added to get operator access on the ONVIF server.
• Permission MANAGE_INTRUSION_DETECTION_SYSTEM was added to control who can manage intrusion detection system settings.
• There should be at least one user which has the ACCESS_WEB_INTERFACES and MANAGE_USERS user permissions. UserDb will not allow operations which deletes this user or removes these user permissions from this user.
• Permission ACCESS_DEVICE_LOG was added to control who can access the device logs.
• Permission MANAGE_CERTIFICATES was added to control who can manage the webserver certificates.
• Permission MANAGE_CLOUD_CONNECTION was added to control who can manage the cloud connection.
• Permission MANAGE_IO was added to control who can manage the IO service.

New

• Getting the UserDb capabilities is added to the UserDb API.
• Functions to add, remove and update multiple users are added to the UserDb API.

Core

New

• The WebServerManager.registerServerPathHandler has been introduced giving the possibility to register on a root path and getting traffic forwarded on that path.
• In this release, the Gateway Service supports connections between external REST server and client. A new gateway.rest package has been added to support this functionality. Users can control the communication with external applications through REST protocol using the API provided in the RestGatewayManager and RestGatewayConnection classes. The REST Gateway complements the MessageBroker service in extending the reach of communication to outside the device. In other words, applications inside the device can now exchange Message objects with various other external application through REST protocol.
• Introduction of the Event service for event management. In particular, applications can now create pull-points, store the messages for interested events using the created pull-points and pull the stored messages when needed. A new package event.pullpoint has been added to support this functionality.
• Introduction of the IOService enabling the device to discover and configure devices present in the system. The supported devices are currently limited to type Relay. The devices cannot be activated directly on the WebUI, but rather through configurable Actions. These actions are triggered by application Events. In this release, application events are messages sent via the MessageBroker. Interaction with the IoService can be done via an IoManager instance.

Bugfix

• VideoCaptureHelper.getJpegSnapshotFromVideoCapture now provide a snapshot with lower width if passed maxWidth value can not be applied.

Change*

• The IPC Binder communication between an app and the WebServer is now asynchronous for incoming WebServerRequests.
• Long running handleRequest methods now get timed out after 60 seconds of process time and the client gets notified by receiving a WebServerResponse including the status code 504 (Gateway timeout).
• The signatures of methods AppEventManager.addAppListener, AppEventManager.addLicenseListener, AppEventManager.addDeveloperModeListener, and CrashEventManager.addCrashEventListener have been modified so that each one takes a Handler object as a second parameter.

WebUI

Change

• Use CsrfFilter from restutils library
• The user permission MANAGE_CLOUD_CONNECTION is required to modify any cloud connection settings.

New

• The cloud connection page now offers the option to unclaim a device directly from the WebUI.
• Device logs can be exported through the Camera health page. Requires the ACCESS_DEVICE_LOGS user permission.
• The cloud connection page now also shows information about the Internet connectivity status and the device claiming status.

DeviceManagement

Change

• Use CsrfFilter from restutils library

New

• Introduced REST endpoints to handle device claiming
• Introduced REST endpoints to get and set NTP mode on the device

OnvifServer

New

• Introduced the feature Pull-point event handling.
• The Advanced Security service is introduced with an initial partial implementation towards supporting the security features keystore and TLS server.

Change

• The Device Management service is extended with the features user handling, network configuration and scope handling.
• The DeviceIO and PTZ services are not exposed anymore.
• The standalone ONVIF server based on NanoHTTPD has been replaced by the SnST Webserver which can route ONVIF requests as well.
• Digest authentication handling is moved to the SnST Webserver.

Bugfix

• Fixed various bugs related to device discovery, capabilities, nonce handling, version number of services and GetVideoEncoderConfigurationOptions.

Cloud Connector

New

• Added API (AIDL) implementation to get claiming information.
• Added API (AIDL) implementation to unclaim a device.
• Added CloudEventService to handle the registration and removal of listeners (external apps) for cloud events.
• Added the handling and broadcasting of claim events.
• Added the broadcasting of connection status change events.
• Added API (AIDL) implementation to check if the cloud is reachable from the device or not.
• Added the broadcasting of cloud reachability change events.
• Added support for creating a WebServer certificate signing request and support for installing and applying a WebServer certificate as provided by the cloud.

Security

List of fixed issues

• Licenses are protected with authentication
• ONVIF service no longer uses unmaintained HTTP server
• Firmware updater: Downgrade protection is in plae
• Nonce Value in Digest Authentication is properly handeled
• Licences are no longer usable after a factory reset
• CVEs patched from Android Security Bulletin:
  • CVE-2018-9552
  • CVE-2018-9549
  • CVE-2019-2223
  • CVE-2019-2232
  • CVE-2019-2206
  • CVE-2019-2205