一、概述
本篇和第二篇是强相关的,需要结合第二篇一起看。
以boot-properties为例,注意不需要看ANDROID-QEMUD.TXT,这个是和guest os中的qemud进行相关的,已废弃。
启动emulator时,有一个参数-prop <key>=<value>,用于向guest os中添加属性。
二、guest os中使用qemud service的方法
实现代码是:http://androidxref.com/5.1.0_r1/xref/device/generic/goldfish/qemu-props/qemu-props.c,用到了头文件:http://androidxref.com/5.1.0_r1/xref/hardware/libhardware/include/hardware/qemud.h
guest os中程序名为qemu-props,由/system/etc/init.goldfish.rc启动。
启动后循环几次,尝试打开boot-properties服务(qemud_fd = qemud_channel_open( "boot-properties" ))。
如果打开成功,发送list命令(qemud_channel_send(qemud_fd, "list", -1))给boot-properties。
然后在循环中读取启动emulator时通过-prop指定的属性(qemud_channel_recv(qemud_fd, temp, sizeof temp - 1))。
并设置guest os中的属性(property_set(temp, q))。
qemud_channel_open,先尝试打开/dev/qemu_pipe,写入pipe:qemud:boot-properties。
如果pipe方式失败,才会去通过socket和qemud进程通信,写入boot-properties,期待返回OK。
static __inline__ int
qemud_channel_open(const char* name)
{
int fd;
int namelen = strlen(name);
char answer[2];
char pipe_name[256];
/* First, try to connect to the pipe. */
snprintf(pipe_name, sizeof(pipe_name), "qemud:%s", name);
fd = qemu_pipe_open(pipe_name);
if (fd < 0) {
D("QEMUD pipe is not available for %s: %s", name, strerror(errno));
/* If pipe is not available, connect to qemud control socket */
fd = socket_local_client( "qemud",
ANDROID_SOCKET_NAMESPACE_RESERVED,
SOCK_STREAM );
if (fd < 0) {
D("no qemud control socket: %s", strerror(errno));
return -1;
}
/* send service name to connect */
if (qemud_fd_write(fd, name, namelen) != namelen) {
D("can't send service name to qemud: %s",
strerror(errno));
close(fd);
return -1;
}
/* read answer from daemon */
if (qemud_fd_read(fd, answer, 2) != 2 ||
answer[0] != 'O' || answer[1] != 'K') {
D("cant' connect to %s service through qemud", name);
close(fd);
return -1;
}
}
return fd;
}
qemud_channel_send和qemud_channel_recv是qemu-pipe和qemud所通用的,直接对fd进行读写,先读写4个字节,为size,然后读取具体的内容。
static __inline__ int
qemud_channel_send(int fd, const void* msg, int msglen)
{
char header[5];
if (msglen < 0)
msglen = strlen((const char*)msg);
if (msglen == 0)
return 0;
snprintf(header, sizeof header, "%04x", msglen);
if (qemud_fd_write(fd, header, 4) != 4) {
D("can't write qemud frame header: %s", strerror(errno));
return -1;
}
if (qemud_fd_write(fd, msg, msglen) != msglen) {
D("can4t write qemud frame payload: %s", strerror(errno));
return -1;
}
return 0;
}
static __inline__ int
qemud_channel_recv(int fd, void* msg, int msgsize)
{
char header[5];
int size, avail;
if (qemud_fd_read(fd, header, 4) != 4) {
D("can't read qemud frame header: %s", strerror(errno));
return -1;
}
header[4] = 0;
if (sscanf(header, "%04x", &size) != 1) {
D("malformed qemud frame header: '%.*s'", 4, header);
return -1;
}
if (size > msgsize)
return -1;
if (qemud_fd_read(fd, msg, size) != size) {
D("can't read qemud frame payload: %s", strerror(errno));
return -1;
}
return size;
}
三、注册新的qemud service
所有的qemud service都使用pipe:qemud这个pipe service,是它的子服务。如何去实现这种子服务呢?
emulator里面有两中结构体QemudService, QemudClient分别表示子服务,以及子服务的client。
QemudPipe和之前说的pipe类似,每次打开/dev/qemu_pipe时,kernel和emulator中都会产生一个pipe,对应一个CHANNEL,在guest os第一次通过/dev/qemu_pipe发送数据时,会创建一个QemudPipe,也就是peer,作为pipe:qemud funcs中的opaque。
pipeConnector_sendBuffers函数代码片段:
Pipe* pipe = pcon->pipe;
void* peer = svc->funcs.init(pipe->hwpipe, svc->opaque, pipeArgs);
if (peer == NULL) {
D("%s: Initialization failed for pipe %s!", __FUNCTION__, pipeName);
return PIPE_ERROR_INVAL;
}
/* Do the evil switch now */
pipe->opaque = peer;
pipe->service = svc;
pipe->funcs = &svc->funcs;
pipe->args = ASTRDUP(pipeArgs);
AFREE(pcon);
3.1、pipe:qemud服务
代码为external/qemu/android/emulation/android_qemud.cpp,我在android源码中没有找到,在另一个模拟器的repo中找到了。注意代码中夹杂着一些guest os中qemud相关的东西,关键词serial,不需要看。
初始化代码如下,_qemudPipe_funcs就是第二篇中所说的svc->funcs,从第二次通信开始,qemu_pipe都使用这些funcs去读写。
/* QEMUD pipe functions.
*/
static const AndroidPipeFuncs _qemudPipe_funcs = {
_qemudPipe_init,
_qemudPipe_closeFromGuest,
_qemudPipe_sendBuffers,
_qemudPipe_recvBuffers,
_qemudPipe_poll,
_qemudPipe_wakeOn,
_qemudPipe_save,
_qemudPipe_load,
};
/* Initializes QEMUD pipe interface.
*/
static void _android_qemud_pipe_init(void) {
static bool _qemud_pipe_initialized = false;
if (!_qemud_pipe_initialized) {
android_pipe_add_type("qemud", looper_getForThread(), &_qemudPipe_funcs);
_qemud_pipe_initialized = true;
}
}
static bool isInited = false;
void android_qemud_init(CSerialLine* sl) {
D("%s", __FUNCTION__);
/* We don't know in advance whether the guest system supports qemud pipes,
* so we will initialize both qemud machineries, the legacy (over serial
* port), and the new one (over qemu pipe). Then we let the guest to connect
* via one, or the other. */
_android_qemud_serial_init(sl);
_android_qemud_pipe_init();
isInited = true;
}
_qemudPipe_init是建立连接后,初始化QemudPipe的代码。
QemudMultiplexer中只有两个链表有用。
先根据service name查找子服务QemudService,然后调用子服务的qemud_service_connect_client去创建QemudClient,然后去创建QemudPipe
/* This is a callback that gets invoked when guest is connecting to the service.
*
* Here we will create a new client as well as pipe descriptor representing new
* connection.
*/
static void*
_qemudPipe_init(void* hwpipe, void* _looper, const char* args) {
QemudMultiplexer* m = qemud_multiplexer;
QemudService* sv = m->services;
QemudClient* client;
QemudPipe* pipe = NULL;
char service_name[512];
const char* client_args;
size_t srv_name_len;
/* 'args' passed in this callback represents name of the service the guest is
* connecting to. It can't be NULL. */
if (args == NULL) {
D("%s: Missing address!", __FUNCTION__);
return NULL;
}
/* 'args' contain service name, and optional parameters for the client that
* is about to be created in this call. The parameters are separated from the
* service name wit ':'. Separate service name from the client param. */
client_args = strchr(args, ':');
if (client_args != NULL) {
srv_name_len = min(client_args - args, (intptr_t) sizeof(service_name) - 1);
client_args++; // Past the ':'
if (*client_args == '\0') {
/* No actual parameters. */
client_args = NULL;
}
} else {
srv_name_len = min(strlen(args), sizeof(service_name) - 1);
}
memcpy(service_name, args, srv_name_len);
service_name[srv_name_len] = '\0';
/* Lookup registered service by its name. */
while (sv != NULL && strcmp(sv->name, service_name)) {
sv = sv->next;
}
if (sv == NULL) {
D("%s: Service '%s' has not been registered!", __FUNCTION__, service_name);
return NULL;
}
/* Create a client for this connection. -1 as a channel ID signals that this
* is a pipe client. */
client = qemud_service_connect_client(sv, -1, client_args);
if (client != NULL) {
pipe = static_cast<QemudPipe*>(android_alloc0(sizeof(*pipe)));
pipe->hwpipe = hwpipe;
pipe->looper = _looper;
pipe->service = sv;
pipe->client = client;
client->ProtocolSelector.Pipe.qemud_pipe = pipe;
}
return pipe;
}
_qemudPipe_sendBuffers是guest通过/dev/qemu_pipe写数据时,将被调用的函数,也就是QemudClient接收到数据的函数,注意不要把send/recv的概念搞错了。
代码就是把guest发送的buffers拼起来,然后调用QemudClient的接收函数qemud_client_recv去处理。
/* Called when the guest has sent some data to the client.
*/
static int
_qemudPipe_sendBuffers(void* opaque,
const AndroidPipeBuffer* buffers,
int numBuffers) {
QemudPipe* pipe = static_cast<QemudPipe*>(opaque);
QemudClient* client = pipe->client;
size_t transferred = 0;
if (client == NULL) {
D("%s: Unexpected NULL client", __FUNCTION__);
return -1;
}
if (numBuffers == 1) {
/* Simple case: all data are in one buffer. */
D("%s: %s", __FUNCTION__, quote_bytes((char*) buffers->data, buffers->size));
qemud_client_recv(client, buffers->data, buffers->size);
transferred = buffers->size;
} else {
/* If there are multiple buffers involved, collect all data in one buffer
* before calling the high level client. */
uint8_t* msg, * wrk;
int n;
for (n = 0; n < numBuffers; n++) {
transferred += buffers[n].size;
}
msg = static_cast<uint8_t*>(malloc(transferred));
wrk = msg;
for (n = 0; n < numBuffers; n++) {
memcpy(wrk, buffers[n].data, buffers[n].size);
wrk += buffers[n].size;
}
D("%s: %s", __FUNCTION__, quote_bytes((char*) msg, transferred));
qemud_client_recv(client, msg, transferred);
free(msg);
}
return transferred;
}
_qemudPipe_recvBuffers是guest想从/dev/qemu_pipe读取数据时被调用的。
QemudClient写数据时是写到自己的ProtocolSelector.Pipe.messages中的,在这个函数中把QemudClient中的ProtocolSelector.Pipe.messages倒腾到buffers中。
/* Called when the guest is reading data from the client.
*/
static int
_qemudPipe_recvBuffers(void* opaque, AndroidPipeBuffer* buffers, int numBuffers) {
QemudPipe* pipe = static_cast<QemudPipe*>(opaque);
QemudClient* client = pipe->client;
QemudPipeMessage** msg_list;
AndroidPipeBuffer* buff = buffers;
AndroidPipeBuffer* endbuff = buffers + numBuffers;
size_t sent_bytes = 0;
size_t off_in_buff = 0;
if (client == NULL) {
D("%s: Unexpected NULL client", __FUNCTION__);
return -1;
}
msg_list = &client->ProtocolSelector.Pipe.messages;
if (*msg_list == NULL) {
/* No data to send. Let it block until we wake it up with
* PIPE_WAKE_READ when service sends data to the client. */
return PIPE_ERROR_AGAIN;
}
/* Fill in goldfish buffers while they are still available, and there are
* messages in the client's message list. */
while (buff != endbuff && *msg_list != NULL) {
QemudPipeMessage* msg = *msg_list;
/* Message data fiting the current pipe's buffer. */
size_t to_copy = min(msg->size - msg->offset, buff->size - off_in_buff);
memcpy(buff->data + off_in_buff, msg->message + msg->offset, to_copy);
/* Update offsets. */
off_in_buff += to_copy;
msg->offset += to_copy;
sent_bytes += to_copy;
if (msg->size == msg->offset) {
/* We're done with the current message. Go to the next one. */
*msg_list = msg->next;
free(msg);
}
if (off_in_buff == buff->size) {
/* Current pipe buffer is full. Continue with the next one. */
buff++;
off_in_buff = 0;
}
}
D("%s: -> %u (of %u)", __FUNCTION__, sent_bytes, buffers->size);
return sent_bytes;
}
_qemudPipe_poll,PIPE_POLL_OUT总是有效,PIPE_POLL_IN需要看QemudClient的ProtocolSelector.Pipe.messages中是否有数据
static unsigned
_qemudPipe_poll(void* opaque) {
QemudPipe* pipe = static_cast<QemudPipe*>(opaque);
QemudClient* client = pipe->client;
unsigned ret = 0;
if (client != NULL) {
ret |= PIPE_POLL_OUT;
if (client->ProtocolSelector.Pipe.messages != NULL) {
ret |= PIPE_POLL_IN;
}
} else {
D("%s: Unexpected NULL client", __FUNCTION__);
}
return ret;
}
_qemudPipe_wakeOn,发现ProtocolSelector.Pipe.messages中有数据时,会调用android_pipe_wake,把pipe添加到dev->signaled链表中。
static void
_qemudPipe_wakeOn(void* opaque, int flags) {
QemudPipe* qemud_pipe = (QemudPipe*) opaque;
QemudClient* c = qemud_pipe->client;
D("%s: -> %X", __FUNCTION__, flags);
if (flags & PIPE_WAKE_READ) {
if (c->ProtocolSelector.Pipe.messages != NULL) {
android_pipe_wake(c->ProtocolSelector.Pipe.qemud_pipe->hwpipe,
PIPE_WAKE_READ);
}
}
}
3.2、qemud service
代码是external/qemu/android/boot-properties.c,也是在模拟器repo中的
boot_property_init_service去注册一个QemudService,主要函数就一个boot_property_service_connect,用于创建新的QemudClient
void
boot_property_init_service( void )
{
if (!_inited) {
QemudService* serv = qemud_service_register( SERVICE_NAME,
1, NULL,
boot_property_service_connect,
boot_property_save,
boot_property_load);
if (serv == NULL) {
derror("could not register '%s' service", SERVICE_NAME);
return;
}
D("registered '%s' qemud service", SERVICE_NAME);
_inited = 1;
}
}
boot_property_service_connect创建新的QemudClient,channel一般都是-1,表示是pipe方式,而不是serial方式(使用guest qemud进程)
static QemudClient*
boot_property_service_connect( void* opaque,
QemudService* serv,
int channel,
const char* client_param )
{
QemudClient* client;
client = qemud_client_new( serv, channel, client_param, NULL,
boot_property_client_recv,
NULL, NULL, NULL );
qemud_client_set_framing(client, 1);
return client;
}
qemud_client_new会绑定QemudClient的读写函数,读函数boot_property_client_recv(也就是qemud_client_recv)是在_qemudPipe_sendBuffers中调用的
循环执行qemud_client_send将数据(-prop指定的属性值的列表)写到QemudClient的ProtocolSelector.Pipe.messages中,当_qemudPipe_recvBuffers函数执行时,从QemudClient的ProtocolSelector.Pipe.messages中倒腾数据返回给guest
void
boot_property_client_recv( void* opaque,
uint8_t* msg,
int msglen,
QemudClient* client )
{
/* the 'list' command shall send all boot properties
* to the client, then close the connection.
*/
if (msglen == 4 && !memcmp(msg, "list", 4)) {
BootProperty* prop;
for (prop = _boot_properties; prop != NULL; prop = prop->next) {
qemud_client_send(client, (uint8_t*)prop->property, prop->length);
}
/* Send a NUL to signal the end of the list. */
qemud_client_send(client, (uint8_t*)"", 1);
return;
}
/* unknown command ? */
D("%s: ignoring unknown command: %.*s", __FUNCTION__, msglen, msg);
}
boot-properties服务的入口函数是boot_property_parse_option,emulator在解析-prop参数时,会调用这个函数。
获得name和value后,调用boot_property_add2(name, namelen, value, valuelen)去添加属性到属性列表(_boot_properties)中
void
boot_property_parse_option( const char* param )
{
char* q = strchr(param,'=');
const char* name;
const char* value;
int namelen, valuelen, ret;
if (q == NULL) {
dwarning("boot property missing (=) separator: %s", param);
return;
}
name = param;
namelen = q - param;
value = q+1;
valuelen = strlen(name) - (namelen+1);
ret = boot_property_add2(name, namelen, value, valuelen);
if (ret < 0) {
boot_property_raise_warning(ret, name, namelen, value, valuelen);
}
}
boot_property_add2会检查服务是否已初始化,如果没有,将调用boot_property_init_service。如果属性名和值没有非法字符,将申请新的属性:prop = boot_property_alloc(name, namelen, value, valuelen)并添加到属性列表中
/* Appends a new boot property to the end of the internal list.
*/
int
boot_property_add2( const char* name, int namelen,
const char* value, int valuelen )
{
BootProperty* prop;
/* check the lengths
*/
if (namelen > PROPERTY_MAX_NAME)
return -1;
if (valuelen > PROPERTY_MAX_VALUE)
return -2;
/* check that there are not invalid characters in the
* property name
*/
const char* reject = " =$*?'\"";
int nn;
for (nn = 0; nn < namelen; nn++) {
if (strchr(reject, name[nn]) != NULL)
return -3;
}
/* init the service */
boot_property_init_service();
/* add to the end of the internal list */
prop = boot_property_alloc(name, namelen, value, valuelen);
*_boot_properties_tail = prop;
_boot_properties_tail = &prop->next;
return 0;
}
boot_property_init_service先检查是否已初始化,如果没有,将进行初始化
QemudService* serv = qemud_service_register( SERVICE_NAME,
1, NULL,
boot_property_service_connect,
boot_property_save,
boot_property_load);
第二个参数是max_clients,最大客户数量
第三个参数是serv_opaque,将传递给注册的serv_connect函数的第一个参数
第四个参数是注册的serv_connect函数
第五、第六是保存和恢复属性链表的函数
void
boot_property_init_service( void )
{
if (!_inited) {
QemudService* serv = qemud_service_register( SERVICE_NAME,
1, NULL,
boot_property_service_connect,
boot_property_save,
boot_property_load);
if (serv == NULL) {
derror("could not register '%s' service", SERVICE_NAME);
return;
}
D("registered '%s' qemud service", SERVICE_NAME);
_inited = 1;
}
}
