探索Android Framework底层开发:从应用层到系统内核的深度之旅
Android Framework底层开发是Android系统中最具挑战性也是最具价值的技术领域。它连接着应用层的业务逻辑和Linux内核的系统资源,掌握这一层意味着真正理解了Android系统的运行机制。
Android系统架构全景
四层架构深度解析
应用层 (Applications)
↓
应用框架层 (Application Framework)
↓
系统运行库层 (Libraries + Android Runtime)
↓
Linux内核层 (Linux Kernel)
Binder机制:Android的进程间通信基石
Binder驱动原理分析
// Binder驱动关键代码分析
// drivers/android/binder.c
struct binder_transaction_data {
union {
size_t handle; // 目标Binder引用
void *ptr; // 目标Binder实体
} target;
void *cookie; // Binder实体关联的数据
unsigned int code; // 交易代码
unsigned int flags; // 交易标志
pid_t sender_pid; // 发送进程PID
uid_t sender_euid; // 发送进程UID
size_t data_size; // 数据大小
size_t offsets_size;// 对象偏移大小
union {
struct {
const void *buffer; // 数据缓冲区
const void *offsets;// 对象偏移数组
} ptr;
uint8_t buf[8];
} data;
};
// Binder IOCTL命令处理
static long binder_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) {
struct binder_proc *proc = filp->private_data;
void __user *ubuf = (void __user *)arg;
int ret;
switch (cmd) {
case BINDER_WRITE_READ:
ret = binder_ioctl_write_read(filp, cmd, arg, thread);
break;
case BINDER_SET_MAX_THREADS:
// 设置Binder线程数
break;
case BINDER_SET_CONTEXT_MGR:
// 设置Service Manager
break;
default:
ret = -EINVAL;
}
return ret;
}
// Binder内存映射
static int binder_mmap(struct file *filp, struct vm_area_struct *vma) {
struct binder_proc *proc = filp->private_data;
// 限制映射大小
if ((vma->vm_end - vma->vm_start) > SZ_4M)
vma->vm_end = vma->vm_start + SZ_4M;
// 建立物理页面映射
return binder_alloc_mmap_handler(&proc->alloc, vma);
}
Binder Native层实现
// frameworks/native/libs/binder/IPCThreadState.cpp
// Binder线程状态管理
status_t IPCThreadState::executeCommand(int32_t cmd) {
status_t result = NO_ERROR;
switch ((uint32_t)cmd) {
case BR_TRANSACTION: {
binder_transaction_data tr;
result = mIn.read(&tr, sizeof(tr));
if (result != NO_ERROR) break;
// 处理Binder交易
Parcel buffer;
buffer.ipcSetDataReference(
reinterpret_cast<const uint8_t*>(tr.data.ptr.buffer),
tr.data_size,
reinterpret_cast<const binder_size_t*>(tr.data.ptr.offsets),
tr.offsets_size);
// 调用目标对象
if (tr.target.ptr) {
sp<BBinder> b((BBinder*)tr.cookie);
result = b->transact(tr.code, buffer, &reply, tr.flags);
}
break;
}
case BR_REPLY: {
// 处理Binder回复
break;
}
default:
result = UNKNOWN_ERROR;
break;
}
return result;
}
// Binder交易发送
status_t IPCThreadState::transact(int32_t handle,
uint32_t code, const Parcel& data,
Parcel* reply, uint32_t flags) {
status_t err = data.errorCheck();
if (err == NO_ERROR) {
// 准备Binder交易数据
binder_transaction_data tr;
tr.target.handle = handle;
tr.code = code;
tr.flags = flags;
// 开始交易
err = writeTransactionData(BC_TRANSACTION, flags, handle, code, data, NULL);
}
if ((flags & TF_ONE_WAY) == 0) {
// 等待回复
err = waitForResponse(reply);
}
return err;
}
Activity启动流程深度剖析
Activity启动序列
// frameworks/base/services/core/java/com/android/server/am/ActivityStarter.java
class ActivityStarter {
// Activity启动入口
int execute() {
int res;
try {
// 检查权限
res = startActivityUnchecked();
} finally {
onExecutionComplete();
}
return res;
}
private int startActivityUnchecked() {
// 设置Activity启动标志
setInitialState();
// 计算启动栈
computeLaunchingTaskFlags();
// 查找或创建目标栈
mTargetStack = computeStackFocus();
// 启动Activity
return startActivityInner();
}
private int startActivityInner() {
// 创建Activity记录
final ActivityRecord r = new ActivityRecord(mService,
callerApp, callingPid, callingUid, callingPackage, intent,
resolvedType, aInfo, mService.getConfiguration(),
resultTo, resultWho, requestCode, componentSpecified,
mNotResolution, this, options, sourceRecord);
// 添加到任务栈
mTargetStack.startActivityLocked(r, newTask, mKeepCurTransition, options);
// 启动目标Activity
mRootActivityContainer.resumeFocusedStacksTopActivities();
return START_SUCCESS;
}
}
// frameworks/base/services/core/java/com/android/server/am/ActivityStack.java
class ActivityStack {
// 启动Activity的核心方法
final void startActivityLocked(ActivityRecord r, boolean newTask,
boolean keepCurTransition, ActivityOptions options) {
// 暂停当前Activity
startPausingLocked(false, false, null, false);
// 准备启动新Activity
mStackSupervisor.startSpecificActivityLocked(r, newTask, true);
}
}
// ActivityThread处理启动
// frameworks/base/core/java/android/app/ActivityThread.java
private class H extends Handler {
public void handleMessage(Message msg) {
switch (msg.what) {
case LAUNCH_ACTIVITY: {
final ActivityClientRecord r = (ActivityClientRecord) msg.obj;
// 创建Activity实例
Activity activity = null;
try {
java.lang.ClassLoader cl = r.packageInfo.getClassLoader();
activity = mInstrumentation.newActivity(
cl, r.activityInfo.name, r.intent);
} catch (Exception e) {
// 处理异常
}
// 调用Activity生命周期
if (activity != null) {
activity.attach(appContext, this, getInstrumentation(), r.token,
r.ident, app, r.intent, r.activityInfo, title, r.parent,
r.embeddedID, r.lastNonConfigurationInstances, config,
r.referrer, r.voiceInteractor, window, r.configCallback);
// 调用onCreate
mInstrumentation.callActivityOnCreate(activity, r.state);
}
break;
}
}
}
}
窗口管理系统原理
WindowManagerService核心机制
// frameworks/base/services/core/java/com/android/server/wm/WindowManagerService.java
public class WindowManagerService extends IWindowManager.Stub {
// 添加窗口
public int addWindow(Session session, IWindow client, int seq,
WindowManager.LayoutParams attrs, int viewVisibility,
int displayId, Rect outContentInsets, Rect outStableInsets,
InputChannel outInputChannel) {
// 创建窗口状态对象
final WindowState win = new WindowState(this, session, client, token,
parentWindow, appOp[0], seq, attrs, viewVisibility, session.mUid,
session.mCanAddInternalSystemWindow);
// 检查权限
res = mPolicy.checkAddPermission(attrs, appOp, win.getOwningUid());
if (res != ADD_OKAY) {
return res;
}
// 添加到窗口列表
mWindowMap.put(client.asBinder(), win);
// 执行窗口布局
win.attach();
mWindowPlacerLocked.performSurfacePlacement();
return ADD_OKAY;
}
// 窗口布局
void performSurfacePlacement() {
try {
// 开始事务
mSurfaceTransaction = new SurfaceControl.Transaction();
// 计算窗口位置大小
for (int i = mWindows.size() - 1; i >= 0; i--) {
final WindowState win = mWindows.get(i);
if (win.mHasSurface) {
// 计算窗口帧
computeFrameLw(win, win.mContainingFrame,
win.mContentInsets, win.mVisibleInsets,
win.mStableInsets, win.mOutsets);
// 应用窗口变换
win.applySurfaceChangesTransaction(mSurfaceTransaction);
}
}
// 提交事务
mSurfaceTransaction.apply();
} finally {
mSurfaceTransaction = null;
}
}
}
// SurfaceFlinger交互
// frameworks/base/services/core/java/com/android/server/wm/WindowSurfaceController.java
class WindowSurfaceController {
// 创建Surface
void createSurface() {
final String name = "Surface for " + mWindow.toString();
// 通过SurfaceControl创建Surface
mSurfaceControl = new SurfaceControl.Builder()
.setName(name)
.setBufferSize(mWidth, mHeight)
.setFormat(mFormat)
.setFlags(mFlags)
.setParent(mWindowContainer.getSurfaceControl())
.build();
// 获取Surface
mSurface = new Surface();
mSurface.copyFrom(mSurfaceControl);
}
// 更新Surface位置
void setPosition(float x, float y) {
if (mSurfaceControl != null) {
mSurfaceControl.setPosition(x, y);
}
}
// 设置Surface大小
void setSize(int width, int height) {
if (mSurfaceControl != null) {
mSurfaceControl.setBufferSize(width, height);
}
}
}
电源管理子系统
PowerManagerService工作机制
// frameworks/base/services/core/java/com/android/server/power/PowerManagerService.java
public class PowerManagerService extends SystemService {
// 唤醒锁管理
public void acquireWakeLock(IBinder lock, int flags, String tag,
String packageName, WorkSource ws, String historyTag) {
// 创建唤醒锁
WakeLock wakeLock = new WakeLock(lock, flags, tag, packageName, ws, historyTag);
// 添加到唤醒锁列表
synchronized (mLock) {
mWakeLocks.add(wakeLock);
// 更新电源状态
updatePowerStateLocked();
}
}
// 更新电源状态
private void updatePowerStateLocked() {
// 计算唤醒锁组合
int wakeLockSummary = getWakeLockSummaryLocked();
// 确定用户活动状态
int userActivitySummary = getUserActivitySummaryLocked();
// 决定屏幕状态
boolean shouldWakeUp = (wakeLockSummary & WAKE_LOCK_SCREEN_BRIGHT) != 0
|| (userActivitySummary & USER_ACTIVITY_SCREEN_BRIGHT) != 0;
if (shouldWakeUp) {
// 唤醒设备
wakeUpNoUpdateLocked(SystemClock.uptimeMillis(),
PowerManager.WAKE_REASON_APPLICATION, "application");
} else {
// 进入睡眠
goToSleepNoUpdateLocked(SystemClock.uptimeMillis(),
PowerManager.GO_TO_SLEEP_REASON_TIMEOUT, 0);
}
}
// 用户活动处理
public void userActivity(long eventTime, int event, int flags) {
synchronized (mLock) {
if (eventTime > mLastUserActivityTime) {
mLastUserActivityTime = eventTime;
mLastUserActivityEvent = event;
// 重置用户活动计时器
mUserActivitySummary = USER_ACTIVITY_SCREEN_BRIGHT;
scheduleUserActivityTimeout();
}
}
}
}
// 底层交互
// frameworks/base/services/core/jni/com_android_server_power_PowerManagerService.cpp
static void nativeSetInteractive(JNIEnv* env, jclass /* clazz */, jboolean enable) {
// 通过sysfs控制设备
if (enable) {
// 唤醒设备
set_screen_state(1);
} else {
// 休眠设备
set_screen_state(0);
}
}
static void nativeSetAutoSuspend(JNIEnv* env, jclass /* clazz */, jboolean enable) {
if (enable) {
// 启用自动挂起
autosuspend_enable();
} else {
// 禁用自动挂起
autosuspend_disable();
}
}
自定义系统服务开发
创建系统服务实例
// 自定义系统服务
public class CustomManagerService extends SystemService {
private static final String TAG = "CustomManagerService";
private final Context mContext;
private final CustomHandler mHandler;
public CustomManagerService(Context context) {
super(context);
mContext = context;
mHandler = new CustomHandler(FgThread.get().getLooper());
}
@Override
public void onStart() {
// 发布Binder服务
publishBinderService(Context.CUSTOM_SERVICE, new CustomManagerStub());
// 初始化服务
initialize();
}
@Override
public void onBootPhase(int phase) {
if (phase == SystemService.PHASE_SYSTEM_SERVICES_READY) {
// 系统服务就绪阶段
onSystemServicesReady();
} else if (phase == SystemService.PHASE_BOOT_COMPLETED) {
// 启动完成阶段
onBootCompleted();
}
}
private final class CustomManagerStub extends ICustomManager.Stub {
@Override
public void customOperation(int param) throws RemoteException {
// 执行自定义操作
mHandler.obtainMessage(MSG_CUSTOM_OPERATION, param).sendToTarget();
}
@Override
public String getCustomData() throws RemoteException {
return "Custom Data";
}
}
private class CustomHandler extends Handler {
public CustomHandler(Looper looper) {
super(looper);
}
@Override
public void handleMessage(Message msg) {
switch (msg.what) {
case MSG_CUSTOM_OPERATION:
handleCustomOperation(msg.arg1);
break;
}
}
}
}
// 系统服务注册
// frameworks/base/core/java/android/content/Context.java
public abstract class Context {
/**
* 自定义系统服务标识
*/
public static final String CUSTOM_SERVICE = "custom";
}
// 在SystemServer中启动服务
// frameworks/base/services/java/com/android/server/SystemServer.java
private void startOtherServices() {
// 创建并启动自定义服务
mSystemServiceManager.startService(CustomManagerService.class);
}
性能优化与调试技巧
系统性能分析工具
// 性能监控服务
public class PerformanceMonitor {
private static final int SAMPLE_INTERVAL = 1000; // 1秒
// 监控CPU使用率
public void monitorCpuUsage() {
new Thread(() -> {
while (true) {
try {
// 读取/proc/stat获取CPU信息
String[] cpuLines = readProcStat();
calculateCpuUsage(cpuLines);
Thread.sleep(SAMPLE_INTERVAL);
} catch (Exception e) {
Log.e(TAG, "CPU监控异常", e);
}
}
}).start();
}
// 监控内存使用
public void monitorMemoryUsage() {
Debug.MemoryInfo memoryInfo = new Debug.MemoryInfo();
Debug.getMemoryInfo(memoryInfo);
Log.d(TAG, "PSS: " + memoryInfo.getTotalPss() + " KB");
Log.d(TAG, "Private Dirty: " + memoryInfo.getTotalPrivateDirty() + " KB");
}
// 监控Binder调用
public void monitorBinderCalls() {
IBinder.ProxyListener listener = new IBinder.ProxyListener() {
@Override
public void onBinderProxyMeasurement(IBinder binder,
int transactionCode, long timeTakenMicros) {
if (timeTakenMicros > 1000000) { // 超过1秒
Log.w(TAG, "Binder调用耗时: " + timeTakenMicros + "微秒");
}
}
};
// 设置Binder代理监听器
IBinder.setProxyTransactListener(listener, null);
}
}
学习路径建议
系统化学习框架
-
基础阶段(1-2个月)
- Android系统架构理解
- Binder机制原理
- AOSP源码编译环境搭建
-
核心阶段(2-3个月)
- Activity启动流程
- 窗口管理系统
- 电源管理机制
-
高级阶段(3-4个月)
- 自定义系统服务开发
- 系统性能优化
- 内核驱动交互
-
专家阶段(持续学习)
- 系统安全机制
- 性能调优实战
- 架构设计能力
总结
Android Framework底层开发的核心价值:
- 深度技术理解:掌握Android系统运行的本质原理
- 问题解决能力:能够诊断和修复复杂的系统问题
- 性能优化技能:从系统层面进行性能调优
- 架构设计思维:设计可扩展的系统架构
通过系统学习Android Framework底层开发,开发者能够从应用层程序员成长为系统级专家,在Android生态中具备更强的技术竞争力。这不仅是技术的深度挖掘,更是职业生涯的重要跃迁。
