OS 1.5.1 (Chameleon) release notes
Our OS is a standardized operating system for IP cameras that include a supported system on a chip (SoC). It is based on the Android Open Source Project (AOSP) and has been customized for use in embedded devices by our hardware partners. It includes our APIs and OS components.
The new release OS 1.5.1 comes with a number of new features, improvements and fixes.
Emulator
Change
- The default RTSP streams are now defined via a device specific configuration file.
UserDb
New
- Getting the UserDb capabilities is added to the UserDb API.
- Functions to add, remove and update multiple users are added to the UserDb API.
Change
- There should be at least one user which has the ACCESS_WEB_INTERFACES and MANAGE_USERS user permissions. UserDb will not allow operations which deletes this user or removes these user permissions from this user.
- Permission OPERATE_ONVIF was added to get operator access on the ONVIF server.
- Permission MANAGE_INTRUSION_DETECTION_SYSTEM was added to control who can manage intrusion detection system settings.
- Permission ACCESS_DEVICE_LOG was added to control who can access the device logs.
- Permission MANAGE_CERTIFICATES was added to control who can manage the webserver certificates.
- Permission MANAGE_CLOUD_CONNECTION was added to control who can manage the cloud connection.
- Permission MANAGE_IO was added to control who can manage the IO service.
Core
New
- The WebServerManager.registerServerPathHandler has been introduced giving the possibility to register on a root path and getting traffic forwarded on that path.
- In this release, the Gateway Service supports connections between external REST server and client. A new gateway.rest package has been added to support this functionality. Users can control the communication with external applications through REST protocol using the API provided in the RestGatewayManager and RestGatewayConnection classes. The REST Gateway complements the MessageBroker service in extending the reach of communication to outside the device. In other words, applications inside the device can now exchange Message objects with various other external application through REST protocol.
- Introduction of the Event service for event management. In particular, applications can now create pull-points, store the messages for interested events using the created pull-points and pull the stored messages when needed. A new package event.pullpoint has been added to support this functionality.
- Introduction of the IOService enabling the device to discover and configure devices present in the system. The supported devices are currently limited to type Relay. The devices cannot be activated directly on the WebUI, but rather through configurable Actions. These actions are triggered by application Events. In this release, application events are messages sent via the MessageBroker. Interaction with the IoService can be done via an IoManager instance.
Bugfix
- VideoCaptureHelper.getJpegSnapshotFromVideoCapture now provide a snapshot with lower width if passed maxWidth value can not be applied.
Change
- The IPC Binder communication between an app and the WebServer is now asynchronous for incoming WebServerRequests.
- Long running handleRequest methods now get timed out after 60 seconds of process time and the client gets notified by receiving a WebServerResponse including the status code 504 (Gateway timeout).
- The signatures of methods AppEventManager.addAppListener, AppEventManager.addLicenseListener, AppEventManager.addDeveloperModeListener, and CrashEventManager.addCrashEventListener have been modified so that each one takes a Handler object as a second parameter.
WebUI
New
- The cloud connection page now offers the option to unclaim a device directly from the WebUI.
- Device logs can be exported through the Camera health page. Requires the ACCESS_DEVICE_LOGS user permission.
- The cloud connection page now also shows information about the Internet connectivity status and the device claiming status.
Change
- Use CsrfFilter from restutils library
- The user permission MANAGE_CLOUD_CONNECTION is required to modify any cloud connection settings.
- WebUI is persistent
DeviceManagement
New
- Introduced REST endpoints to handle device claiming
- Introduced REST endpoints to get and set NTP mode on the device
Change
- Use CsrfFilter from restutils library
OnvifServer
New
- Introduced the feature Pull-point event handling.
- The Advanced Security service is introduced with an initial partial implementation towards supporting the security features keystore and TLS server.
Change
- The Device Management service is extended with the features user handling, network configuration and scope handling.
- The DeviceIO and PTZ services are not exposed anymore.
- The standalone ONVIF server based on NanoHTTPD has been replaced by the Azena Webserver which can route ONVIF requests as well.
- Digest authentication handling is moved to the Azena Webserver.
Bugfix
- Fixed various bugs related to device discovery, capabilities, nonce handling, version number of services and GetVideoEncoderConfigurationOptions.
LicensePlate
events are being dropped during XML parsing in ONVIFPullMessages
- Accept ONVIF event messages with custom user-defined XML namespaces and fill the messages in
PullMessages
request - Adapt the ONVIF server to use event description information in
GetEventPropertiesResponse
- The ONVIF wildcard covers both the parent topic and all child topics.
- Rectify the namespace for
UnsubscribeResponse
. - Catch
KXmlParser
errors thrown byRuntimeException
.
New
- Reference HIDL Implementation for Altek reference cameras was incorporated.
Changes
- Added SEPolicies for vendor implementation.
- The
IOManager
instrumented test has been updated. - Dropping unnecessary state translation done in
IOService
based on the type of relay (normally open or normally close)
New
- The WebServer default certificate is now configurable per product via a configuration file. An example configuration can be found in
/device/securityandsafetythings/base/configs
together with a validation schema and further information. - The WebServer now supports
SNI
(server name indication). New generated or imported certificates are automatically used for the hostname indicated in theirCN field
if there is no active mapping. To create or modify mappings, WebServer offersWebServerManager.setActiveForHostname
.
Change
X-Content-Type-Options
,X-XSS-Protection
andStrict-Transport-Security
HTTP headers are now set by the WebServer and can not be set by the frontends for any outgoing response.
Cloud Connector
New
- Added API (AIDL) implementation to get claiming information.
- Added API (AIDL) implementation to unclaim a device.
- Added CloudEventService to handle the registration and removal of listeners (external apps) for cloud events.
- Added the handling and broadcasting of claim events.
- Added the broadcasting of connection status change events.
- Added API (AIDL) implementation to check if the cloud is reachable from the device or not.
- Added the broadcasting of cloud reachability change events.
- Added support for creating a WebServer certificate signing request and support for installing and applying a WebServer certificate as provided by the cloud.
Bugfixes
- Device cannot be claimed. All the interactions with the
KeyStoreManager
run on a thread that is NOT the main thread. The idea is to avoid a situation in which the main thread is blocked on a keystore operation because the underlyingHW Keystore
is overloaded with operations from other applications. - Reconnect after device is unclaimed. The
MqttClient
cannot be disconnected from within a callback function. Currently this is handled byExceptionHandling
. Change this by posting the reconnect call to the main thread to execute it only after the callback for handling the incoming message has finished. - Reconnect to cloud when disabling/enabling cloud when the camera is unclaimed. The fix was a
Nullpointer Exception
that occurs when the device persisted the following claiming data:{claimed=false, companyAssignment={}}
and the cloud sends the same information once again (e.g. after turning the cloud connection off and on again). - Will not interpret the license type. Make
licenseType
arbitrary. TreatlicenseType
as an arbitrary String. This enables differentlicenseTypes
than the ones specified in the enum.
Health Service
Bugfixes
- Avoid IEEE computational errors when the provided CPU total time is zero. In such a case the CPU usage cannot be determined and should be equal to
UNDEFINED_CPU_USAGE
. - Use undefined framerate instead of
NaN
. The Health Service interface defines a constant to indicate that the framerate is undefined. Instead of using this, Health Service was usingNaN
in specific situations. This value is not expected by the users of Health Service and can cause an exception when users try to serialize the data.
Bugfixes
- REST connection configuration(s) does not disappear after reboot irrespective of the MQTT connection configurations(s) present.
Bugfixes
- Excessive logging at function entry
- Large data transfer over service binder interface
Change
- The default RTSP streams are now defined via a device specific configuration file.
Security
List of fixed issues
- Licenses are protected with authentication
- ONVIF service no longer uses unmaintained HTTP server
- Firmware updater: Downgrade protection is in plae
- Nonce Value in Digest Authentication is properly handeled
- Licences are no longer usable after a factory reset
- CVEs patched from Android Security Bulletin:
- CVE-2018-9552
- CVE-2018-9549
- CVE-2019-2223
- CVE-2019-2232
- CVE-2019-2206
- CVE-2019-2205