1 page.title=Automotive 2 @jd:body 3 4 <!-- 5 Copyright 2016 The Android Open Source Project 6 7 Licensed under the Apache License, Version 2.0 (the "License"); 8 you may not use this file except in compliance with the License. 9 You may obtain a copy of the License at 10 11 http://www.apache.org/licenses/LICENSE-2.0 12 13 Unless required by applicable law or agreed to in writing, software 14 distributed under the License is distributed on an "AS IS" BASIS, 15 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 See the License for the specific language governing permissions and 17 limitations under the License. 18 --> 19 <div id="qv-wrapper"> 20 <div id="qv"> 21 <h2>In this document</h2> 22 <ol id="auto-toc"> 23 </ol> 24 </div> 25 </div> 26 27 <img style="float: right; margin: 0px 15px 15px 15px;" 28 src="images/ape_fwk_hal_vehicle.png" alt="Android vehicle HAL icon"/> 29 30 <p>Many car subsystems interconnect with each other and the in-vehicle 31 infotainment (IVI) system via various bus topologies. The exact bus type and 32 protocols vary widely between manufacturers (and even between different vehicle 33 models of the same brand); examples include Controller Area Network (CAN) bus, 34 Local Interconnect Network (LIN) bus, Media Oriented Systems Transport (MOST), 35 as well as automotive-grade Ethernet and TCP/IP networks such as BroadR-Reach. 36 </p> 37 <p>Android Automotive has a hardware abstraction layer (HAL) that provides a 38 consistent interface to the Android framework regardless of physical transport 39 layer. This vehicle HAL is the interface for developing Android Automotive 40 implementations.</p> 41 <p>System integrators can implement a vehicle HAL module by connecting 42 function-specific platform HAL interfaces (e.g. HVAC) with technology-specific 43 network interfaces (e.g. CAN bus). Typical implementations may include a 44 dedicated Microcontroller Unit (MCU) running a proprietary real-time operating 45 system (RTOS) for CAN bus access or similar, which may be connected via a serial 46 link to the CPU running Android Automotive. Instead of a dedicated MCU, it may 47 also be possible to implement the bus access as a virtualized CPU. It is up to 48 each partner to choose the architecture suitable for the hardware as long as the 49 implementation fulfills the interface requirements for the vehicle HAL.</p> 50 51 <h2 id=arch>Architecture</h2> 52 <p>The vehicle HAL is the interface definition between the car and the vehicle 53 network service:</p> 54 55 <img src="images/vehicle_hal_arch.png" alt="Android vehicle HAL architecture"> 56 <p class="img-caption"><strong>Figure 1</strong>. Vehicle HAL and Android 57 automotive architecture</p> 58 59 <ul> 60 <li><strong>Car API</strong>. Contains the APIs such as CarHvacManager, 61 CarSensorManager, and CarCameraManager. For details on all supported APIs, 62 refer to <code>/platform/packages/services/Car/car-lib</code>.</li> 63 <li><strong>CarService</strong>. Located at 64 <code>/platform/packages/services/Car/</code>.</li> 65 <li><strong>VehicleNetworkService</strong>. Controls vehicle HAL with built-in 66 security. Access restricted to system components only (non-system components 67 such as third party apps should use car API instead). OEMs can control access 68 using <code>vns_policy.xml</code> and <code>vendor_vns_policy.xml</code>. 69 Located at <code>/platform/packages/services/Car/vehicle_network_service/</code>; 70 for libraries to access the vehicle network, refer to 71 <code>/platform/packages/services/Car/libvehiclenetwork/</code>.</li> 72 <li><strong>Vehicle HAL</strong>. Interface that defines the properties OEMs can 73 implement and contains property metadata (for example, whether the property is 74 an int and which change modes are allowed). Located at 75 <code>hardware/libhardware/include/hardware/vehicle.h</code>. For a basic 76 reference implementation, refer to 77 <code>hardware/libhardware/modules/vehicle/</code>.</li> 78 </ul> 79 80 <h2 id=prop>Vehicle properties</h2> 81 <p>The vehicle HAL interface is based on accessing (read, write, subscribe) a 82 property, which is an abstraction for a specific function. Properties can be 83 read-only, write-only (used to pass information to vehicle HAL level), or read 84 and write. Support of most properties is optional.</p> 85 <p>Each property is uniquely identified by an int32 key and has a predefined 86 type (<code>value_type</code>):</p> 87 88 <ul> 89 <li><code>INT32</code> (and array), <code>INT64</code>, <code>BOOLEAN</code>, 90 <code>FLOAT</code> (and array), string, bytes.</li> 91 <li>Zoned type has zone in addition to value.</li> 92 </ul> 93 94 <h3 id-=zone_type>Zone types</h3> 95 <p>The vehicle HAL defines three zone types:</p> 96 <ul> 97 <li><code>vehicle_zone</code>: Zone based on rows.</li> 98 <li><code>vehicle_seat</code>: Zone based on seats.</li> 99 <li><code>vehicle_window</code>: Zone based on windows.</li> 100 </ul> 101 <p>Each zoned property should use pre-defined zone type. If necessary, you can 102 use a custom zone type for each property (for details, see 103 <a href=#prop_custom>Handling custom properties</a>).</p> 104 105 <h3 id=prop_config>Configuring a property</h3> 106 <p>Use <code>vehicle_prop_config_t</code> to provide configuration information 107 for each property. Information includes:</p> 108 <ul> 109 <li><code>access</code> (r, w, rw)</li> 110 <li><code>change_mode</code> (represents how property is monitored: on change vs 111 continuous)</li> 112 <li><code>min_value</code> (int32, float, int64), <code>max_value</code> (int32, 113 float, int64)</li> 114 <li><code>min_sample_rate</code>, <code>max_sample_rate</code></li> 115 <li><code>permission_model</code></li> 116 <li><code>prop</code> (Property ID, int)</li> 117 <li><code>value_type</code></li> 118 <li><code>zone_flags</code> (represents supported zones as bit flags)</li> 119 </ul> 120 <p>In addition, some properties have specific configuration flags to represent 121 capability.</p> 122 123 <h2 id=interfaces>HAL interfaces</h2> 124 <p>The vehicle HAL uses the following interfaces:</p> 125 <ul> 126 <li><code>vehicle_prop_config_t const *(*list_properties)(..., int* 127 num_properties)</code>. List configuration of all properties supported by the 128 vehicle HAL. Only supported properties will be used by vehicle network service. 129 </li> 130 <li><code>(*get)(..., vehicle_prop_value_t *data)</code>. Read the current value 131 of the property. For zoned property, each zone may have different value.</li> 132 <li><code>(*set)(..., const vehicle_prop_value_t *data)</code>. Write a value to 133 property. Result of write is defined per each property.</li> 134 <li><code>(*subscribe)(..., int32_t prop, float sample_rate, int32_t 135 zones)</code>.<ul> 136 <li>Start monitoring property value's change. For zoned property, subscription 137 applies to requested zones. Zones = 0 is used to request all zones supported. 138 </li> 139 <li>Vehicle HAL should call separate callback when the property's value changes 140 (=on change) or in const interval (=continuous type).</ul></li> 141 <li><code>(*release_memory_from_get)(struct vehicle_hw_device* device, 142 vehicle_prop_value_t *data)</code>. Release memory allocated from get call.</ul> 143 </li> 144 </ul> 145 146 <p>The vehicle HAL uses the following callback interfaces:</p> 147 <ul> 148 <li><code>(*vehicle_event_callback_fn)(const vehicle_prop_value_t 149 *event_data)</code>. Notifies vehicle property's value change. Should be done 150 only for subscribed properties.</li> 151 <li><code>(*vehicle_error_callback_fn)(int32_t error_code, int32_t property, 152 int32_t operation).</code> Return global vehicle HAL level error or error per 153 each property. Global error causes HAL restart, which can lead to restarting 154 other components, including applications.</li> 155 </ul> 156 157 <h2 id=zone_prop>Handling zone properties</h2> 158 <p>A zoned property is equivalent to a collection of multiple properties where 159 each sub property is accessible by specified zone value.</p> 160 <ul> 161 <li><code>get</code> call for zoned property always includes zone in request, so 162 only the current value for the requested zone should be returned.</li> 163 <li><code>set</code> call for zoned property always includes zone in request, so 164 only the requested zone should be changed.</li> 165 <li><code>subscribe</code> call includes flags of all zones subscribed. Events 166 from un-subscribed zones should not be reported.</li> 167 </ul> 168 169 <h3 id=get>Get calls</h3> 170 <p>During initialization, the value for the property may not be available yet as 171 the matching vehicle network message has not yet been received. In such cases, 172 the <code>get</code> call should return <code>-EAGAIN</code>. Some properties 173 (such as HVAC) have separate on/off power property. Calling <code>get</code> for 174 such a property (when powered off) should return a special value 175 <code>(VEHICLE_INT_OUT_OF_RANGE_OFF/VEHICLE_FLOAT_OUT_OF_RANGE_OFF)</code> 176 rather than returning an error.</p> 177 <p>In addition, some properties (such as HVAC temperature) can have a value to 178 indicate it is in max power mode rather than in specific temperature value. In 179 such cases, use special values to represent such state.</p> 180 <ul> 181 <li>VEHICLE_INT_OUT_OF_RANGE_MAX/MIN</li> 182 <li>VEHICLE_FLOAT_OUT_OF_RANGE_MAX/MIN</li> 183 </ul> 184 185 <p>Example: get HVAC Temperature</p> 186 <img src="images/vehicle_hvac_get.png" alt="Vehicle HAL get HVAC example"> 187 <p class="img-caption"><strong>Figure 2</strong>. Get HVAC temperature (CD = 188 CarService, VNS = VehicleNetworkService, VHAL = Vehicle HAL)</p> 189 190 <h3 id=set>Set calls</h3> 191 <p>A <code>set</code> call is an asynchronous operation involving event 192 notification after a requested change is made. In a typical operation, a 193 <code>set</code> call leads to making a change request across vehicle network. 194 When the change is performed by the electronic control unit (ECU) owning the 195 property, the updated value is returned through vehicle network and the vehicle 196 HAL sends an updated value as an event to vehicle network service (VNS).</p> 197 <p>Some <code>set</code> calls may require initial data to be ready but during 198 initialization, such data may not be available yet. In such cases, the 199 <code>set</code> call should return <code>-EAGAIN</code>. Some properties with 200 separate power on /off should return <code>-ESHUTDOWN</code> when the property 201 is powered off and set cannot be done.</p> 202 <p>Until <code>set</code> is made effective, <code>get</code> does not 203 necessarily return the same value as what is set. The exception is a property 204 with change mode of <code>VEHICLE_PROP_CHANGE_MODE_ON_SET.</code> This property 205 notifies change only when it is set by external component outside Android (for 206 example, clock properties such as <code>VEHICLE_PROPERTY_UNIX_TIME</code>).</p> 207 208 <p>Example: set HVAC Temperature</p> 209 <img src="images/vehicle_hvac_set.png" alt="Vehicle HAL set HVAC example"> 210 <p class="img-caption"><strong>Figure 3</strong>. Set HVAC temperature (CD = 211 CarService, VNS = VehicleNetworkService, VHAL = Vehicle HAL)</p> 212 213 <h2 id=prop_custom>Handling custom properties</h2> 214 <p>To support partner-specific needs, the vehicle HAL allows custom properties 215 that are restricted to system apps. Use the following guidelines when working 216 with custom properties:</p> 217 <ul> 218 <li>Key should be in [<code>VEHICLE_PROPERTY_CUSTOM_START, 219 VEHICLE_PROPERTY_CUSTOM_END</code>] range. Other ranges are reserved for future 220 extension; using such ranges can cause conflicts in future Android releases.</li> 221 <li>Use only defined <code>value_type</code>. BYTES type allows passing raw 222 data, so this is enough in most cases. Sending big data frequently through 223 custom properties can slow down the whole vehicle network access, so be careful 224 when you add a big payload.</li> 225 <li>Add access policy into <code>vendor_vns_policy.xml</code> (otherwise, all 226 access will be rejected).</li> 227 <li>Access via <code>VendorExtensionManager</code> (for Java components) or 228 via Vehicle Network Service API (for native). Do not modify other car APIs as it 229 can lead to compatibility issues in the future.</li> 230 </ul> 231 232 <h2 id=prop_hvac>Handling HVAC properties</h2> 233 <p>You can use the vehicle HAL to control HVAC by setting HVAC-related 234 properties. Most HVAC properties are zoned properties, but a few are non-zoned 235 (global) properties. Example properties defined include:</p> 236 <ul> 237 <li><code>VEHICLE_PROPERTY_HVAC_TEMPERATURE_SET</code> (set temperature per each 238 zone).</li> 239 <li><code>VEHICLE_PROPERTY_HVAC_RECIRC_ON</code> (control recirculation per each 240 zone).</li> 241 </ul> 242 <p>For full list of HVAC properties, search for 243 <code>VEHICLE_PROPERTY_HVAC_*</code> in <code>vehicle.h</code>.</p> 244 245 <h2 id=prop_sensor>Handling sensor properties</h2> 246 <p>Vehicle HAL sensor properties represent real sensor data or policy 247 information such as driving status. Some sensor information (such as driving 248 status and day/night mode) is accessible by any app without restriction as the 249 data is mandatory to build a safe vehicle application. Other sensor information 250 (such as vehicle speed) is more sensitive and requires specific permissions that 251 users can manage.</p> 252 <p>Supported sensor properties include:</p> 253 <ul> 254 <li><code>DRIVING_STATUS</code> (should support). Represents allowed operations 255 in the current driving state. This information is used to block unsafe 256 applications while driving.</li> 257 <li><code>NIGHT_MODE</code> (should support). Determines day/night mode of 258 display.</li> 259 <li><code>GEAR_SELECTION/CURRENT_GEAR</code>. Gear selected by driver vs. 260 actual gear.</li> 261 <li><code>VEHICLE_SPEED</code>. Vehicle speed. Protected with permission.</li> 262 <li><code>ODOMETER</code>. Current odometer reading. Protected with permission. 263 </li> 264 <li><code>FUEL_LEVEL</code>. Current fuel level in %.</li> 265 <li><code>FUEL_LEVEL_LOW</code>. Fuel level is low or not (boolean).</li> 266 </ul> 267 268 <h2 id=security>Security</h2> 269 <p>The vehicle HAL supports three levels of security for accessing data:</p> 270 <ul> 271 <li>System only (controlled by <code>vns_policy.xml</code>)</li> 272 <li>Accessible to app with permission (through car service)</li> 273 <li>Accessible without permission (through car service)</li> 274 </ul> 275 <p>Direct access to vehicle properties is allowed only to selected system 276 components with vehicle network service acting as the gatekeeper. Most 277 applications go through additional gatekeeping by car service (for example, only 278 system applications can control HVAC as it requires system permission granted 279 only to system apps).</p> 280 281 <h2 id=validation>Validation</h2> 282 <p>AOSP includes the following testing resources for use in development:</p> 283 <ul> 284 <li><code>hardware/libhardware/tests/vehicle/vehicle-hal-tool.c</code>. 285 Command-line native tool to load vehicle HAL and do simple operations. Useful 286 for getting the system up and running in the early stages of development.</li> 287 <li><code>packages/services/Car/tests/carservice_test/</code>. Contains car 288 service testing with mocked vehicle HAL properties. For each property, expected 289 behavior is implemented in the test. This can be a good starting point to 290 understand expected behavior.</li> 291 <li><code>hardware/libhardware/modules/vehicle/</code>. A basic reference 292 implementation.</li> 293 </ul> 294
