AMS服务获取过程2

贾东风
332 阅读1分钟

基于android10.0

介绍

Binder:AMS服务获取过程1章节我们知道,要获取ams服务,需要先获取servicemanager本地代理,因为ams服务是注册在servicemanager进程中的.

获取sm得到的是一个ServiceManagerNative。ServiceManagerProxy对象实例。

获取到servicemanager本地代理后,就可以按照下图流程,获取服务了。

AMS获取流程.jpg

由上节可知,获取AMS的服务之前,我们得到ServiceManager本地代理对象ServiceManagerProxy,里面通过ServiceManager.aidl自动生成的proxy持有BinderProxy,该proxy对象负责后续的通信

java与native通信流程

AMS获取流程.png

ServiceManagerProxy#getService

//ServiceManagerProxy.java
@UnsupportedAppUsage
public IBinder getService(String name) throws RemoteException {
    // Same as checkService (old versions of servicemanager had both methods).
    //mServiceManager==Service.stub.proxy
    return mServiceManager.checkService(name);
}

proxy#checkService


  @Override public android.os.IBinder checkService(java.lang.String name) throws android.os.RemoteException
  {
    android.os.Parcel _data = android.os.Parcel.obtain();
    android.os.Parcel _reply = android.os.Parcel.obtain();
    android.os.IBinder _result;
    try {
      _data.writeInterfaceToken(DESCRIPTOR);
      _data.writeString(name);
      boolean _status = mRemote.transact(Stub.TRANSACTION_checkService, _data, _reply, 0);
      if (!_status && getDefaultImpl() != null) {
        return getDefaultImpl().checkService(name);
      }
      _reply.readException();
      _result = _reply.readStrongBinder();
    }
    finally {
      _reply.recycle();
      _data.recycle();
    }
    return _result;
  }
}

BinderProxy#transact

public boolean transact(int code, Parcel data, Parcel reply, int flags) throws RemoteException {
    ...
    try {
        return transactNative(code, data, reply, flags);
    } finally {
    ...
    }
}

android_os_BinderProxy_transact

android_util_binder.cpp


static jboolean android_os_BinderProxy_transact(JNIEnv* env, jobject obj,
        jint code, jobject dataObj, jobject replyObj, jint flags) // throws RemoteException
{
    Parcel* data = parcelForJavaObject(env, dataObj);
    Parcel* reply = parcelForJavaObject(env, replyObj);
    IBinder* target = getBPNativeData(env, obj)->mObject.get();
    //printf("Transact from Java code to %p sending: ", target); data->print();
    status_t err = target->transact(code, *data, reply, flags);
    //if (reply) printf("Transact from Java code to %p received: ", target); reply->print();
    if (err == NO_ERROR) {
        return JNI_TRUE;
    } else if (err == UNKNOWN_TRANSACTION) {
        return JNI_FALSE;
    }
    return JNI_FALSE;
}

BpBinder#transact

status_t BpBinder::transact(
    uint32_t code, const Parcel& data, Parcel* reply, uint32_t flags)
{
    // Once a binder has died, it will never come back to life.
    if (mAlive) {
        bool privateVendor = flags & FLAG_PRIVATE_VENDOR;
        // don't send userspace flags to the kernel
        flags = flags & ~FLAG_PRIVATE_VENDOR;
        ...

        status_t status = IPCThreadState::self()->transact(
            mHandle, code, data, reply, flags);
        if (status == DEAD_OBJECT) mAlive = 0;

        return status;
    }

    return DEAD_OBJECT;
}

最总进入IPCThreadState的transact方法,里面会通过ioctl与binder驱动进行通信,这些内容,我们下节继续.

经过以上过程,应用进程得到了AMS的本地代理对象ActivityManagerProxy.java,对应的服务端是ActivityMangerservices.java

native与驱动通信流程

avatar
文章
阅读
粉丝