OS 1.4.0 (Butterfly) release notes
Our OS is a standardized operating system for IP cameras that include a supported system on a chip (SoC). It is based on the Android Open Source Project (AOSP) and has been customized for use in embedded devices by our hardware partners. It includes our APIs and OS components.
Our new release OS 1.4.0 comes with a number of new features, improvements and fixes.
Messaging Access Control
- We introduce Messaging Access control. With this option, integrators can manage which apps can publish messages via the internal message broker, and which apps can subscribe to those published messages.
- We introduce IoT gateway. Integrators can use IoT gateway to manage the data exchange between the device and the outside world. It enables applications on a device to communicate with applications on another device or with an external MQTT client.
- We have removed the UHD H.264 stream from the emulator, because it only supports video streams up to 2048x2048 pixels.
- We have changed the topic to publish full metadata from onvif/MetadataStream/# to onvif/MetadataStream. Also, to comply with OSSA specification 1.0, we added support for the topic onvif/MetadataStream/VideoAnalytics, only to publish VideoAnalytics metadata.
- We have added dumpsys support to the MediaService.
- The authentication mechanism now uses the constant time algorithm, to prevent timing attacks.
- We have added several user permissions:
- We have renamed several user permissions (and their corresponding constants):
- STREAMING => VIEW_VIDEO_OUTPUT
- ONVIF_ADMIN => ADMINISTRATE_ONVIF
- ONVIF_USER= > USE_ONVIF
- WEB= > ACCESS_WEB_INTERFACES
- USER_MANAGEMENT => MANAGE_USERS
- FACTORY_RESET=> RESET_DEVICE
- DEVELOPER_MODE= > ENABLE_DEVELOPER_MODE
- GATEWAY_MANAGEMENT => MANAGE_GATEWAYS
- When VideoManager.requestVideoSession() is called with a 'Surface' that is already in use with another VideoSession, the system no longer crashes. Instead, an IllegalArgumentException is thrown.
- When VideoManager.requestVideoSession() is called with a closed 'ImageReader/BufferQueue', the system no longer crashes. Instead, an IllegalArgumentException is thrown.
- VideoPipeline modules (for example the PrivacyMask module) are only loaded from the system partition.
- The login page is now a static html side, and no longer uses vue and other node modules.
- Validating sessions now use the constant time algorithm to prevent timing attacks.
- When a user is logging out, the backend answer will no longer be a redirect to the login page, but a plain 200 (OK). The WebUI itself will redirect to the login page.
- You can now change the session timeout by setting the System Property persist.webserver.sessiontimeout. The session will be refreshed with every authenticated request to the WebServer, which means there is no longer a hard timeout. Setting a value of -1 will disable the timeout, which means a session will exist until the WebServer gets restarted or the user logs out. The timeout value will only be read when the WebServer is starting, so changes to the timeout value won't be applied to the running Service.
- StaticAssetHandler was deleted and consolidated with StaticAssetsHandler in restutils.
- The WebServerResponse.FileDescriptorBody is now accessed in a non-blocking way. This assures that serving other connections on the same thread can continue, even if the read on a file descriptor blocks.
- We have replaced the fixed WebServer certificate with a per instance generated, self-signed X509 certificate with a one-year validity. The certificate is automatically regenerated when the validity ends.
- The dumpsys activity command now shows activity for the webserver, to wit: the active sessions with usernames.
- We have extended the ONVIF server towards achieving Profile S and T compliancy.
- We have removed support of manually provisioned certificates in the Cloud Connector.
- We have added a factory reset reporting mechanism.
App Manager (app)
- We have changed the return type of installLicense to _LicenseOperationResult.
- We have added a README file to the DeviceManagement git project.
- We have introduced REST endpoints to handle the Licenses APIs of DeviceManagement.
- We have added CSRF protection for POST, PUT, and DELETE requests.
- We have moved the Firmware service to its own git project
- We fixed the framerate calculation. A VideoSession RefreshRate like '15 fps' is no longer shown as '15.151516 fps'.
- We have added functions to enable/disable daylight savings handling and to check whether it is enabled. This is an ONVIF requirement.
- Apps can no longer be uninstalled via the WebUI.
- Downgrading the OS to an earlier version using ota is no longer possible. If attempted, a message is displayed to the user and the update won't get initialized.
- The user permission MANAGE_DATE_TIME is required to modify the date and/or time.
- The cloud connection status is published on the Cloud connection page.
- We have removed the 'Enable Crash reporting' button from the Cloud connection page.
- We have added a table with app web traffic data to the Application overview page.
- We have moved DeviceIdService to its own repository.
- We have removed support of manually provisioned certificates.
- We have changed the return type of installLicense in the AppManager to _LicenseOperationResult.
- We have added functions to the DateTime API to enable/disable daylight savings handling and to check whether it is enabled. This is an ONVIF requirement.
- We have added an additional setOnCaptureCompletedListener method in the ControlManager. It allows passing a Handler to make sure the callback from the VideoPipeline is executed on the corresponding handler thread.
- We have added two additional methods of requestVideoSession in the VideoManager and requestMetadataForTimeStamp in VideoSession. They allow passing a Handler to make sure the listener callbacks from the VideoPipeline are executed on the corresponding handler threads.
- We have renamed non-public user permissions in the UserPermissions class, so that all permissions have uniform names.
- We have added an additional subscribe method in the MessagingManager. It allows passing a Handler to make sure that the onMessage callback from the MessageBroker is executed on that handler.
- We made the MediaCodec API inaccessible for App Developers.
- We have created a new 'UserPermissions' class with the user permissions VIEW_VIDEO_OUTPUT and CONFIGURE_APP_SETTINGS
- We have introduced WebServerRequest.hasUserPermission() to check UserPermissions on requesting users.
- We have introduced WebServerRequest.getRemoteUserName() to get the name of the currently logged in user.
- We have introduced FirmwareManager.getFirmwareBuildTimestamp().
- We have created a 'test user api' WebServerManager.addTestUser() that you can use to create a temporary user for testing web interfaces.
- Starting with OS version 1.5, apps will no longer be allowed to create their own web server, but should only use the S&ST WebServer API instead. To ease the transition, we have already incorporated this feature into the Emulator, so developers can test their apps and, if necessary, adjust them in time. If needed, this behaviour in the Emulator can be disabled.
- We have added 'dwarf_emu.mk' as a sample product for our harware partners.
List of fixed issues
- TCP_SYNCOOKIES in the kernel are enabled to prevent SYN Flood attack (DoS)
- Firmware update is restricted with user permission
- “Unsafe-inline” in CSP of webserver is restricted.
- Certificate key storage no longer uses insecure passwords.
- Security patch for Live555 is applied that solves Remote stack-based buffer
- overflow in live555 library used in media server
- Restrict access to the NTP settings to admin users only
- UserDB: Token and password comparison are timing-protected
- Communication protocol used by cloud connector is upgraded to TLSv1.2