一、参考文章:
1. Android系统开篇;
2. Android系统启动-zygote篇;
3. Android系统启动-SystemServer上篇;
4. Android系统启动-SystemServer下篇;
5. Binder系列3—启动ServiceManager;
6. 理解Android进程创建流程;
二、相关源码地址:
- 1、https://www.androidos.net.cn/android/6.0.1_r16/xref/frameworks/base/cmds/app_process/app_main.cpp
- 2、https://www.androidos.net.cn/android/6.0.1_r16/xref/frameworks/base/core/jni/AndroidRuntime.cpp
- 3、https://www.androidos.net.cn/android/6.0.1_r16/xref/frameworks/base/core/jni/com_android_internal_os_Zygote.cpp
- 4、https://www.androidos.net.cn/android/6.0.1_r16/xref/frameworks/native/libs/binder/ProcessState.cpp
三、本文主要涉及到以下几个进程的创建流程 :
- 1、init进程;
- 2、Zygote进程;
- 3、system_server进程;
- 4、servicemanager进程;
- 5、app进程;
四、Android系统启动流程 :
进程启动流程图
android系统启动流程图
| 序号 | 进程启动 | 概述 |
|---|---|---|
| 1 | init进程 | Linux系统中用户空间的第一个进程 |
| 2 | Zygote进程 | 所有App进程的父进程 |
| 3 | system_server进程 | 系统各大服务的载体 |
| 4 | ServiceManager进程 | Binder服务的大管家, 守护进程循环运行在binder_loop |
| 5 | APP进程 | 通过Process.start启动APP进程 |
五、init进程 :
1. 正如对init进程的定义, 手机启动之后, 内核进程启动完毕之后, 会启动用户进程(init进程);
2. 关于init进程的创建流程, 了解个大概流程即可:
3. init进程在启动的过程中会分析和运行所有的init.rc文件;
image.png
4. 如果在解析rc文件的时候, 遇到如下语句, 就会进行Zygote进程的创建:
创建Zygote进程的语句.png
六、Zygote进程 :
- 在创建init进程的过程中, 如果解析rc文件时, 遇到创建Zygote进程的语句, 则会转而进行Zygote进程的创建;
6.1 App_main.main:
int main(int argc, char* const argv[]) {
AppRuntime runtime(argv[0], computeArgBlockSize(argc, argv));
if (zygote) {
runtime.start("com.android.internal.os.ZygoteInit", args, zygote); 模块<6.2>
} else if (className) {
runtime.start("com.android.internal.os.RuntimeInit", args, zygote);
}
}
- 1、解析rc文件时, 如果遇到创建Zygote的语句, 则会从App_main.main方法开始执行;
6.2 AndroidRuntime.start :
void AndroidRuntime::start(const char* className, const Vector<String8>& options, bool zygote)
{
//**
* 打算开启system_server进程;
*/
static const String8 startSystemServer("start-system-server");
JNIEnv* env;
if (startVm(&mJavaVM, &env, zygote) != 0) {
return;
}
onVmCreated(env);
if (startReg(env) < 0) {
return;
}
classNameStr = env->NewStringUTF(className);
env->SetObjectArrayElement(strArray, 0, classNameStr);
//**
* 创建vm虚拟机, 创建线程, 知道虚拟机退出, 线程停止运行;
*/
char* slashClassName = toSlashClassName(className);
jclass startClass = env->FindClass(slashClassName);
<<1>>
jmethodID startMeth = env->GetStaticMethodID(startClass, "main", "([Ljava/lang/String;)V");
//**
* 结合模块<5.1>以及<<1>>可知, 此时调用了java层ZygoteInit的的main方法;
*/
env->CallStaticVoidMethod(startClass, startMeth, strArray); 模块<6.3>
}
6.3 ZygoteInit.main :
public class ZygoteInit {
public static void main(String argv[]) {
try {
boolean startSystemServer = false;
String socketName = "zygote";
String abiList = null;
for (int i = 1; i < argv.length; i++) {
if ("start-system-server".equals(argv[i])) {
startSystemServer = true;
} else if (argv[i].startsWith(ABI_LIST_ARG)) {
abiList = argv[i].substring(ABI_LIST_ARG.length());
} else if (argv[i].startsWith(SOCKET_NAME_ARG)) {
socketName = argv[i].substring(SOCKET_NAME_ARG.length());
}
}
//**
* 为Zygote注册socket, 为了后续system_server进程通过socket与zygote进程进行通信;
*/
registerZygoteSocket(socketName); 模块<6.4>
//**
* 进行资源的预加载, 在谈jvm与dvm的区别时, 提到的一些概念涉及到这里, Zygote进程创建时
* 会进行部分资源的预加载, 然后在fork创建子进程时, 直接拷贝这些资源;
*/
preload(); 模块<6.5>
if (startSystemServer) {
//**
* 这里进行system_server进程的创建, 传入socketName, 方便后续system_server进程与
* zygote进程进行通信;
*/
startSystemServer(abiList, socketName); <模块7.1>
}
//**
* 进程创建完成以后, zygote进程便会进入休眠状态, 利用io多路复用机制监听文件描述符;
*/
runSelectLoop(abiList); 模块<6.6>
} catch (MethodAndArgsCaller caller) {
//**
* 1. 在创建system_server和app进程时, 都会通过抛MethodAndArgsCaller来触发这里caller.run的执行;
*/
caller.run();
}
}
}
6.4 ZygoteInit.registerZygoteSocket:
public class ZygoteInit {
private static void registerZygoteSocket(String socketName) {
if (sServerSocket == null) {
int fileDesc;
final String fullSocketName = ANDROID_SOCKET_PREFIX + socketName;
String env = System.getenv(fullSocketName);
fileDesc = Integer.parseInt(env);
FileDescriptor fd = new FileDescriptor();
fd.setInt$(fileDesc);
//**
* 创建文件描述符fd, 然后创建本地socket服务端, 用于监听从客户端发送来的socket;
*/
sServerSocket = new LocalServerSocket(fd);
}
}
}
6.5 ZygoteInit.preload:
public class ZygoteInit {
static void preload() {
preloadClasses();
preloadResources();
preloadOpenGL();
preloadSharedLibraries();
preloadTextResources();
}
}
- 1、这里进行一系列的预加载, 方便后续创建APP进程时使用, 节省时间;https://link.jianshu.com/?t=https%3A%2F%2Fwww.zhihu.com%2Fquestion%2F20207106这里会涉及到;
6.6 ZygoteInit.runSelectLoop:
public class ZygoteInit {
private static void runSelectLoop(String abiList) throws MethodAndArgsCaller {
ArrayList<FileDescriptor> fds = new ArrayList<FileDescriptor>();
ArrayList<ZygoteConnection> peers = new ArrayList<ZygoteConnection>();
//**
* 将服务端socket添加至文件描述符集合中;
*/
fds.add(sServerSocket.getFileDescriptor());
peers.add(null);
while (true) {
StructPollfd[] pollFds = new StructPollfd[fds.size()];
for (int i = 0; i < pollFds.length; ++i) {
pollFds[i] = new StructPollfd();
pollFds[i].fd = fds.get(i);
pollFds[i].events = (short) POLLIN;
}
//**
* 利用IO多路复用机制, 监听pollFds, 当pollFds发生变化时, 向下执行, 否则线程被阻塞在这里;
*/
Os.poll(pollFds, -1);
for (int i = pollFds.length - 1; i >= 0; --i) {
if ((pollFds[i].revents & POLLIN) == 0) {
continue;
}
if (i == 0) {
ZygoteConnection newPeer = acceptCommandPeer(abiList);
peers.add(newPeer);
fds.add(newPeer.getFileDesciptor());
} else {
//**
* 表示通过socket接收了来自对端(客户端)的数据, 模块<6.7>;
*/
boolean done = peers.get(i).runOnce();
if (done) {
peers.remove(i);
fds.remove(i);
}
}
}
}
}
}
6.7 ZygoteConnection.runOnce:
class ZygoteConnection {
boolean runOnce() throws ZygoteInit.MethodAndArgsCaller {
String args[];
Arguments parsedArgs = null;
FileDescriptor[] descriptors;
//**
* 读取客户端发过来的参数信息;
*/
<<1>>
args = readArgumentList();
//**
* 读取客户端通过socket发送过来的数据;
*/
descriptors = mSocket.getAncillaryFileDescriptors();
/** the stderr of the most recent request, if avail */
PrintStream newStderr = null;
if (descriptors != null && descriptors.length >= 3) {
newStderr = new PrintStream(new FileOutputStream(descriptors[2]));
}
int pid = -1;
FileDescriptor childPipeFd = null;
FileDescriptor serverPipeFd = null;
//**
* 读取客户端通过socket发送过来的参数信息, 然后封装进Arguments中;
*/
parsedArgs = new Arguments(args);
int [] fdsToClose = { -1, -1 };
FileDescriptor fd = mSocket.getFileDescriptor();
if (fd != null) {
fdsToClose[0] = fd.getInt$();
}
fd = ZygoteInit.getServerSocketFileDescriptor();
if (fd != null) {
fdsToClose[1] = fd.getInt$();
}
fd = null;
<<3>>
//**
* 通过fork方式创建子进程, 模块<八>app进程的创建;
*/
pid = Zygote.forkAndSpecialize(parsedArgs.uid, parsedArgs.gid, parsedArgs.gids,
parsedArgs.debugFlags, rlimits, parsedArgs.mountExternal, parsedArgs.seInfo,
parsedArgs.niceName, fdsToClose, parsedArgs.instructionSet,
parsedArgs.appDataDir);
if (pid == 0) {
// in child
serverPipeFd = null;
<<4>>
//**
* 创建子进程之后, 进入到子进程中处理子进程的相关逻辑;
*/
handleChildProc(parsedArgs, descriptors, childPipeFd, newStderr);
return true;
} else {
// in parent...pid of < 0 means failure
childPipeFd = null;
return handleParentProc(pid, descriptors, serverPipeFd, parsedArgs);
}
}
}
6.8 Zygote进程创建时所做的事情:
- 1、init进程创建过程中解析rc文件, 创建Zygote进程;
- 2、Zygote进程创建时, 会创建一个服务端Socket, 用于与system_server进程进行通信;
- 3、创建Zygote进程时, 会创建system_server进程, 并且传入SocketName, 方便system_server向Zygote进程发送消息;
- 4、system_server进程创建完成以后, Zygote进入到阻塞状态, 通过IO多路复用机制监听文件描述符, 当外界即system_server通过socket像Zygote进程发送消息时, Zygote进程内的线程被唤醒, 然后解析消息, 并进行响应的操作;
- 5、Zygote进程在创建时, 会进行一系列资源的预加载, 方便后续app进程使用;
- 6、Zygote监听fd, 如果遇到是要创建进程的请求时, 便会通过fork方式创建子进程;
Zygote进程与system_server进程, APP进程的关系
七、system_server进程:
在创建Zygote进程过程中, 通过ZygoteInit.main内部的startSystemServer创建system_server进程;
7.1 ZygoteInit.startSystemServer:
public class ZygoteInit {
private static boolean startSystemServer(String abiList, String socketName)
throws MethodAndArgsCaller, RuntimeException {
...
/* Hardcoded command line to start the system server */
String args[] = {
"--setuid=1000",
"--setgid=1000",
"--setgroups=1001,1002,1003,1004,1005,1006,1007,1008,1009,1010,1018,1021,1032,3001,3002,3003,3006,3007",
"--capabilities=" + capabilities + "," + capabilities,
"--nice-name=system_server",
"--runtime-args",
"com.android.server.SystemServer",
};
ZygoteConnection.Arguments parsedArgs = null;
int pid;
parsedArgs = new ZygoteConnection.Arguments(args);
ZygoteConnection.applyDebuggerSystemProperty(parsedArgs);
ZygoteConnection.applyInvokeWithSystemProperty(parsedArgs);
<<1>>
//**
* 1. 创建system_server进程, 模块<7.2>;
* 2. system_server进程创建完成以后, 进入<<2>>处理system_server进程的相关业务;
*/
pid = Zygote.forkSystemServer(
parsedArgs.uid, parsedArgs.gid,
parsedArgs.gids,
parsedArgs.debugFlags,
null,
parsedArgs.permittedCapabilities,
parsedArgs.effectiveCapabilities);
if (pid == 0) {
<<2>>
//**
* <<1>>完成system_server进程的创建, 然后在模块<7.4>处理system_server的逻辑;
*/
handleSystemServerProcess(parsedArgs);
}
return true;
}
}
7.2 Zygote.forkSystemServer:
public final class Zygote {
public static int forkSystemServer(int uid, int gid, int[] gids, int debugFlags,
int[][] rlimits, long permittedCapabilities, long effectiveCapabilities) {
//**
* 通过<<1>>在native层完成system_server进程的创建;<模块7.3>
*/
int pid = nativeForkSystemServer(
uid, gid, gids, debugFlags, rlimits, permittedCapabilities, effectiveCapabilities);
return pid;
}
<<1>>
native private static int nativeForkAndSpecialize(int uid, int gid, int[] gids,int debugFlags,
int[][] rlimits, int mountExternal, String seInfo, String niceName, int[] fdsToClose,
String instructionSet, String appDataDir);
}
7.3 com_android_internal_os_Zygote.com_android_internal_os_Zygote_nativeForkSystemServer:
static jint com_android_internal_os_Zygote_nativeForkSystemServer(
JNIEnv* env, jclass, uid_t uid, gid_t gid, jintArray gids,
jint debug_flags, jobjectArray rlimits, jlong permittedCapabilities,
jlong effectiveCapabilities) {
pid_t pid = ForkAndSpecializeCommon(env, uid, gid, gids,
debug_flags, rlimits,
permittedCapabilities, effectiveCapabilities,
MOUNT_EXTERNAL_DEFAULT, NULL, NULL, true, NULL,
NULL, NULL);
...
return pid;
}
static pid_t ForkAndSpecializeCommon(JNIEnv* env, uid_t uid, gid_t gid, jintArray javaGids,
jint debug_flags, jobjectArray javaRlimits,
jlong permittedCapabilities, jlong effectiveCapabilities,
jint mount_external,
jstring java_se_info, jstring java_se_name,
bool is_system_server, jintArray fdsToClose,
jstring instructionSet, jstring dataDir) {
//**
* fork方式完成对system_server进程的创建;
*/
pid_t pid = fork();
return pid;
}
7.4 ZygoteInit.handleSystemServerProcess:
public class ZygoteInit {
private static void handleSystemServerProcess(
ZygoteConnection.Arguments parsedArgs)
throws ZygoteInit.MethodAndArgsCaller {
...
if (parsedArgs.invokeWith != null) {
...
} else {
ClassLoader cl = null;
if (systemServerClasspath != null) {
cl = new PathClassLoader(systemServerClasspath, ClassLoader.getSystemClassLoader());
Thread.currentThread().setContextClassLoader(cl);
}
//**
* 这里就很关键了, 做了很多重要的事;
*/
RuntimeInit.zygoteInit(parsedArgs.targetSdkVersion, parsedArgs.remainingArgs, cl); 模块<7.5>
}
}
}
7.5 RuntimeInit.zygoteInit:
public class RuntimeInit {
private static final native void nativeZygoteInit();
public static final void zygoteInit(int targetSdkVersion, String[] argv, ClassLoader classLoader)
throws ZygoteInit.MethodAndArgsCaller {
...
commonInit();
nativeZygoteInit(); 模块<7.6>
applicationInit(targetSdkVersion, argv, classLoader); 模块<7.8>
}
}
7.6 RuntimeInit.nativeZygoteInit:
AndroidRuntime--->
static void com_android_internal_os_RuntimeInit_nativeZygoteInit(JNIEnv* env, jobject clazz)
{
gCurRuntime->onZygoteInit();
}
app_main--->
virtual void onZygoteInit()
{
sp<ProcessState> proc = ProcessState::self();
//**
* 启动新的binder线程;
*/
proc->startThreadPool(); 模块<7.7>
}
7.7 ProcessState.self/startThreadPool:
ProcessState--->
sp<ProcessState> ProcessState::self()
{
Mutex::Autolock _l(gProcessMutex);
if (gProcess != NULL) {
return gProcess;
}
gProcess = new ProcessState;
return gProcess;
}
void ProcessState::startThreadPool()
{
AutoMutex _l(mLock);
if (!mThreadPoolStarted) {
mThreadPoolStarted = true;
spawnPooledThread(true);
}
}
void ProcessState::spawnPooledThread(bool isMain)
{
if (mThreadPoolStarted) {
String8 name = makeBinderThreadName();
sp<Thread> t = new PoolThread(isMain);
//**
* t->run触发<//1--->>的执行;
*/
t->run(name.string());
}
}
class PoolThread : public Thread
{
public:
PoolThread(bool isMain) : mIsMain(isMain)
{
}
protected:
//1--->
/**
* 在线程模块进行分析;
*/
virtual bool threadLoop()
{
IPCThreadState::self()->joinThreadPool(mIsMain);
return false;
}
const bool mIsMain;
};
7.8 RuntimeInit.applicationInit:
public class RuntimeInit {
private static void applicationInit(int targetSdkVersion, String[] argv, ClassLoader classLoader)
throws ZygoteInit.MethodAndArgsCaller {
final Arguments args;
args = new Arguments(argv);
/**
* 结合模块<7.1>对args的初始化可知, 这里会调用到SystemServer.main方法;模块<7.9>
*/
/**
* 模块<7.9>
*/
invokeStaticMain(args.startClass, args.startArgs, classLoader);
}
}
7.9 SystemServer.invokeStaticMain:
public class RuntimeInit {
private static void invokeStaticMain(String className, String[] argv, ClassLoader classLoader)
throws ZygoteInit.MethodAndArgsCaller {
Class<?> cl = Class.forName(className, true, classLoader);
Method m = cl.getMethod("main", new Class[] { String[].class });
int modifiers = m.getModifiers();
/**
* 1. 这里是以抛异常结束了该方法的调用;
* 2. 结合模块<7.1>可知, 此处的className指向的是SystemServer;
* 3. 此处的抛异常会触发模块<6.3>的caller.run方法的执行;模块<7.10>
*/
throw new ZygoteInit.MethodAndArgsCaller(m, argv);
}
}
7.10 MethodAndArgsCaller.run:
public static class MethodAndArgsCaller extends Exception implements Runnable {
private final Method mMethod;
private final String[] mArgs;
public MethodAndArgsCaller(Method method, String[] args) {
mMethod = method;
mArgs = args;
}
public void run() {
/**
* 这里实际触发的是SystemServer.main方法;模块<7.11>
*/
mMethod.invoke(null, new Object[] { mArgs });
}
}
7.11 SystemServer.main:
public final class SystemServer {
public static void main(String[] args) {
new SystemServer().run();
}
private void run() {
android.os.Process.setThreadPriority(android.os.Process.THREAD_PRIORITY_FOREGROUND);
Looper.prepareMainLooper();
createSystemContext();
/**
* 1. 创建SSM;
* 2. 然后进行SSM的注册;
*/
mSystemServiceManager = new SystemServiceManager(mSystemContext);
LocalServices.addService(SystemServiceManager.class, mSystemServiceManager);
/**
* 连续三个模块的服务的启动, 模块<7.12, 7.19>
*/
startBootstrapServices();
startCoreServices();
startOtherServices();
Looper.loop();
}
}
7.12 SystemServer.startBootstrapServices:
public final class SystemServer {
private void startBootstrapServices() {
Installer installer = mSystemServiceManager.startService(Installer.class);
mActivityManagerService = mSystemServiceManager.startService(
ActivityManagerService.Lifecycle.class).getService();
mActivityManagerService.setSystemServiceManager(mSystemServiceManager);
mActivityManagerService.setInstaller(installer);
mPowerManagerService = mSystemServiceManager.startService(PowerManagerService.class);
mActivityManagerService.initPowerManagement();
mSystemServiceManager.startService(LightsService.class);
mDisplayManagerService = mSystemServiceManager.startService(DisplayManagerService.class);
mSystemServiceManager.startBootPhase(SystemService.PHASE_WAIT_FOR_DEFAULT_DISPLAY);
mPackageManagerService = PackageManagerService.main(mSystemContext, installer,
mFactoryTestMode != FactoryTest.FACTORY_TEST_OFF, mOnlyCore);
mFirstBoot = mPackageManagerService.isFirstBoot();
mPackageManager = mSystemContext.getPackageManager();
ServiceManager.addService(Context.USER_SERVICE, UserManagerService.getInstance());
/**
* 这里是很关键的一步, 这里完成一系列的服务的注册工作;模块<7.13>
*/
mActivityManagerService.setSystemProcess();
startSensorService();
}
}
- 1、依次进行AMS, PowerManagerService, DisplayManagerService, PackageManagerService等服务的启动;
7.13 AMS.setSystemProcess:
public abstract class ActivityManagerNative extends Binder;
public final class ActivityManagerService extends ActivityManagerNative {
public static final String ACTIVITY_SERVICE = "activity";
public void setSystemProcess() {
/**
* 1. 这里进行了activity服务的注册, 模块<7.14>
* 2. 后续activity的启动, 与这里的Context.ACTIVITY_SERVICE注册息息相关;
*/
ServiceManager.addService(Context.ACTIVITY_SERVICE, this, true);
ServiceManager.addService(ProcessStats.SERVICE_NAME, mProcessStats);
ServiceManager.addService("meminfo", new MemBinder(this));
ServiceManager.addService("gfxinfo", new GraphicsBinder(this));
ServiceManager.addService("dbinfo", new DbBinder(this));
if (MONITOR_CPU_USAGE) {
ServiceManager.addService("cpuinfo", new CpuBinder(this));
}
ServiceManager.addService("permission", new PermissionController(this));
ServiceManager.addService("processinfo", new ProcessInfoService(this));
ApplicationInfo info = mContext.getPackageManager().getApplicationInfo("android", STOCK_PM_FLAGS);
mSystemThread.installSystemApplicationInfo(info, getClass().getClassLoader());
}
}
public final class ProcessStats implements Parcelable {
public static final String SERVICE_NAME = "procstats";
}
7.14 ServiceManager.addService:
public final class ServiceManager {
public static void addService(String name, IBinder service, boolean allowIsolated) {
/**
* 1. getIServiceManager返回SMP的实例, 应用层"activity"服务的注册, 交给了SMP进行注册;模块<7.15>
*/
getIServiceManager().addService(name, service, allowIsolated);
}
private static IServiceManager getIServiceManager() {
if (sServiceManager != null) {
return sServiceManager;
}
/**
* 1. 通过ServiceManagerNative.asInterface完成SMP的初始化;
* 2. 在对SMP进行初始化时, 通过native层获取IBinder的实例;
* 3. https://www.jianshu.com/p/2d4acd5942e1可知getContextObject最终返回的是BinderProxy实例;
*/
sServiceManager = ServiceManagerNative.asInterface(BinderInternal.getContextObject());
return sServiceManager;
}
}
public abstract class ServiceManagerNative extends Binder implements IServiceManager {
static public IServiceManager asInterface(IBinder obj) {
...
IServiceManager in = (IServiceManager)obj.queryLocalInterface(descriptor);
if (in != null) {
return in;
}
/**
* 通过对下文的分析可知, 从native获取的IBinder实际指向BinderProxy, 应用层的服务的注册最终
* 通过SMP交给BinderProxy来完成;
*/
return new ServiceManagerProxy(obj);
}
public IBinder asBinder() {
return mRemote;
}
}
public class BinderInternal {
/**
* 1. 由https://www.jianshu.com/p/2d4acd5942e1的模块<1.1>可知getContextObject()返回的是BinderProxy实例;
*/
public static final native IBinder getContextObject();
}
7.15 SMP.addService:
class ServiceManagerProxy implements IServiceManager {
private IBinder mRemote;
public ServiceManagerProxy(IBinder remote) {
mRemote = remote;
}
public void addService(String name, IBinder service, boolean allowIsolated) throws RemoteException {
Parcel data = Parcel.obtain();
Parcel reply = Parcel.obtain();
/**
* 1. 将服务名, service(为AMP)写入Parcel中;
* 2. 通过mRemote与native层进行交互;模块<7.16>
* 3. 通过writeStrongBinder将service即AMS(模块<7.13>)写入到data中模块<7.20>;
*/
data.writeInterfaceToken(IServiceManager.descriptor);
data.writeString(name);
data.writeStrongBinder(service);
data.writeInt(allowIsolated ? 1 : 0);
mRemote.transact(ADD_SERVICE_TRANSACTION, data, reply, 0);
reply.recycle();
data.recycle();
}
}
7.16 BinderProxy.transact:
final class BinderProxy implements IBinder {
public boolean transact(int code, Parcel data, Parcel reply, int flags) {
return transactNative(code, data, reply, flags);
}
/**
* 通过BinderProxy与native层进行交互, 模块<7.17>
*/
public native boolean transactNative(int code, Parcel data, Parcel reply, int flags);
}
7.17 android_util_Binder.transactNative:
/**
* 这里不过多解释, 是现在比较流行的一种用法, 将java层与native层方法进行映射, 方便native层书写;
*/
static const JNINativeMethod gBinderProxyMethods[] = {
{"transactNative", "(ILandroid/os/Parcel;Landroid/os/Parcel;I)Z", (void*)android_os_BinderProxy_transact}
};
static jboolean android_os_BinderProxy_transact(JNIEnv* env, jobject obj,
jint code, jobject dataObj, jobject replyObj, jint flags) // throws RemoteException
{
Parcel* data = parcelForJavaObject(env, dataObj);
Parcel* reply = parcelForJavaObject(env, replyObj);
IBinder* target = (IBinder*) env->GetLongField(obj, gBinderProxyOffsets.mObject);
bool time_binder_calls;
int64_t start_millis;
if (kEnableBinderSample) {
time_binder_calls = should_time_binder_calls();
if (time_binder_calls) {
start_millis = uptimeMillis();
}
}
/**
* 结合https://www.jianshu.com/p/2d4acd5942e1 模块<1.1>可知, target指向BpBinder;
*/
status_t err = target->transact(code, *data, reply, flags);
if (kEnableBinderSample) {
if (time_binder_calls) {
conditionally_log_binder_call(start_millis, target, code);
}
}
if (err == NO_ERROR) {
return JNI_TRUE;
}
}
7.18 BpBinder.transact:
status_t BpBinder::transact(uint32_t code, const Parcel& data, Parcel* reply, uint32_t flags)
{
status_t status = IPCThreadState::self()->transact(mHandle, code, data, reply, flags);
return status;
}
7.19 SystemServer.startCoreServices:
public final class SystemServer {
private void startCoreServices() {
/**
* 只是进行了服务的开启;
*/
mSystemServiceManager.startService(BatteryService.class);
mSystemServiceManager.startService(UsageStatsService.class);
mActivityManagerService.setUsageStatsManager(LocalServices.getService(UsageStatsManagerInternal.class));
mPackageManagerService.getUsageStatsIfNoPackageUsageInfo();
mSystemServiceManager.startService(WebViewUpdateService.class);
}
}
7.20 Parcel.writeStrongBinder:
public final class Parcel {
private static native void nativeWriteStrongBinder(long nativePtr, IBinder val);
public final void writeStrongBinder(IBinder val) {
/**
* 触发native层的nativeWriteStrongBinder;模块<7.21>
*/
nativeWriteStrongBinder(mNativePtr, val);
}
}
7.21 android_os_Parcel.nativeWriteStrongBinder:
static const JNINativeMethod gParcelMethods[] = {
{"nativeWriteStrongBinder", "(JLandroid/os/IBinder;)V", (void*)android_os_Parcel_writeStrongBinder},
};
static void android_os_Parcel_writeStrongBinder(JNIEnv* env, jclass clazz, jlong nativePtr, jobject object)
{
Parcel* parcel = reinterpret_cast<Parcel*>(nativePtr);
if (parcel != NULL) {
/**
* 1. 这里的object指向的是java层的AMS;
* 2. ibinderForJavaObject获取与object对应的native层的Binder实例;模块<7.21>
* 3.
*/
const status_t err = parcel->writeStrongBinder(ibinderForJavaObject(env, object));
}
}
7.21 android_util_Binder.ibinderForJavaObject:
/**
* 1. 需要结合gBinderOffsets与gBinderProxyOffsets字节码类型;
* 2. 如果在java层传入的是AMS, 则执行<//1--->>, 构造JavaBBinderHolder实例;
* 3. 反之进入<//2--->>, 构造BinderProxy实例;
*/
sp<IBinder> ibinderForJavaObject(JNIEnv* env, jobject obj)
{
//1--->
if (env->IsInstanceOf(obj, gBinderOffsets.mClass)) {
/**
* 1. 构造JavaBBinderHolder实例;
* 2. jbh->get(env, obj)返回JavaBBinder实例;模块<7.22>
*/
JavaBBinderHolder* jbh = (JavaBBinderHolder*) env->GetLongField(obj, gBinderOffsets.mObject);
return jbh != NULL ? jbh->get(env, obj) : NULL;
}
//2--->
if (env->IsInstanceOf(obj, gBinderProxyOffsets.mClass)) {
return (IBinder*) env->GetLongField(obj, gBinderProxyOffsets.mObject);
}
return NULL;
}
7.22 JavaBBinderHolder.get:
class JavaBBinderHolder : public RefBase
{
public:
sp<JavaBBinder> get(JNIEnv* env, jobject obj)
{
/**
* 构造JavaBBinder的实例, 并将java层的AMS赋值给JavaBBinder.mObject变量;
*/
sp<JavaBBinder> b = mBinder.promote();
if (b == NULL) {
b = new JavaBBinder(env, obj);
mBinder = b;
}
return b;
}
};
zygote进程
八、app进程:
app进程与app启动绑定;https://www.jianshu.com/p/eee43ec8a7cc
网友评论