12.源码阅读(IPC Binder机制-android api 26)

简介: 调用bindService方法绑定服务最终会执行Service的onBind方法并在ServiceConnection的onServiceConnected中得到IBinder对象,我们从源码角度看看这一过程是如何进行的首先从ContextImpl的...

调用bindService方法绑定服务最终会执行Service的onBind方法并在ServiceConnection的onServiceConnected中得到IBinder对象,我们从源码角度看看这一过程是如何进行的

首先从ContextImpl的bindService看起

@Override
1538    public boolean bindService(Intent service, ServiceConnection conn,
1539            int flags) {
1540        warnIfCallingFromSystemProcess();
1541        return bindServiceCommon(service, conn, flags, mMainThread.getHandler(),
1542                Process.myUserHandle());
1543    }
 private boolean bindServiceCommon(Intent service, ServiceConnection conn, int flags, Handler
1582            handler, UserHandle user) {
1583        //注意这里得到的一个IServiceConnection在后边会用到
1584        IServiceConnection sd;
1585        ......
1588        if (mPackageInfo != null) {
1589            sd = mPackageInfo.getServiceDispatcher(conn, getOuterContext(), handler, flags);
1590        } 
            ......
1602            int res = ActivityManager.getService().bindService(
1603                mMainThread.getApplicationThread(), getActivityToken(), service,
1604                service.resolveTypeIfNeeded(getContentResolver()),
1605                sd, flags, getOpPackageName(), user.getIdentifier());
1606        ......
1614    }
1615

ActivityManager.getService()这行代码我们已经非常熟悉了,前边看activity启动的时候就遇到过

4199    public static IActivityManager getService() {
4200        return IActivityManagerSingleton.get();
4201    }
        private static final Singleton<IActivityManager> IActivityManagerSingleton =
4204            new Singleton<IActivityManager>() {
4205                @Override
4206                protected IActivityManager create() {
4207                    final IBinder b = ServiceManager.getService(Context.ACTIVITY_SERVICE);
4208                    final IActivityManager am = IActivityManager.Stub.asInterface(b);
4209                    return am;
4210                }
4211            };

ActivityManager.getService()得到的是IActivityManger,而IActivityManger是一个接口,所以我们要去看它的实现类ActivityManagerService中的bindService方法

ActivityManagerService中

public int bindService(IApplicationThread caller, IBinder token, Intent service,
            String resolvedType, IServiceConnection connection, int flags, String callingPackage,
            int userId) throws TransactionTooLargeException {
        ......

        synchronized(this) {
            return mServices.bindServiceLocked(caller, token, service,
                    resolvedType, connection, flags, callingPackage, userId);
        }
    }

ActiveServices中

int bindServiceLocked(IApplicationThread caller, IBinder token, Intent service,
            String resolvedType, final IServiceConnection connection, int flags,
            String callingPackage, final int userId) throws TransactionTooLargeException {
            ......
                                    try {
                                    //注意,这个方法和下边是殊途同归的
                                        bringUpServiceLocked(serviceRecord,
                                                serviceIntent.getFlags(),
                                                callerFg, false, false);
                                    } catch (RemoteException e) {
                                        /* ignore - local call */
                                    }
            ......
          
            if (s.app != null && b.intent.received) {

                ......

                if (b.intent.apps.size() == 1 && b.intent.doRebind) {
                    requestServiceBindingLocked(s, b.intent, callerFg, true);
                }
            } else if (!b.intent.requested) {
                requestServiceBindingLocked(s, b.intent, callerFg, false);
            }

        ......
    }

private final boolean requestServiceBindingLocked(ServiceRecord r, IntentBindRecord i,
            boolean execInFg, boolean rebind) throws TransactionTooLargeException {
        ......
                bumpServiceExecutingLocked(r, execInFg, "bind");
                r.app.forceProcessStateUpTo(ActivityManager.PROCESS_STATE_SERVICE);
                r.app.thread.scheduleBindService(r, i.intent.getIntent(), rebind,
                        r.app.repProcState);
                if (!rebind) {
                    i.requested = true;
                }
                i.hasBound = true;
                i.doRebind = false;
           ......
    }

需要找到 r.app.thread.scheduleBindService这个方法究竟是哪个类中的方法,r是ServiceRecord,那么到它里边去找发现app是ProcessRecord类,然后进入到ProcessRecord中去找thread,可以看到IApplicationThread thread,IApplicationThread很明显是一个接口,我们还要找到它的实现类才行,这里也不再卖关子了,我们要找的实现类就是ApplicationThread,而ApplicationThread是ActivityThread的一个内部类,所以去ActivityThread中继续寻找

public final void scheduleBindService(IBinder token, Intent intent,
                boolean rebind, int processState) {
            updateProcessState(processState, false);
            BindServiceData s = new BindServiceData();
            s.token = token;
            s.intent = intent;
            s.rebind = rebind;

            if (DEBUG_SERVICE)
                Slog.v(TAG, "scheduleBindService token=" + token + " intent=" + intent + " uid="
                        + Binder.getCallingUid() + " pid=" + Binder.getCallingPid());
            sendMessage(H.BIND_SERVICE, s);
        }

private void sendMessage(int what, Object obj) {
        sendMessage(what, obj, 0, 0, false);
    }

可以看到是通过handler发送了一个消息,找到这个消息的处理

case BIND_SERVICE:
                    Trace.traceBegin(Trace.TRACE_TAG_ACTIVITY_MANAGER, "serviceBind");
                    handleBindService((BindServiceData)msg.obj);
                    Trace.traceEnd(Trace.TRACE_TAG_ACTIVITY_MANAGER);
                    break;
private void handleBindService(BindServiceData data) {
        //从集合中取出service,可以猜测服务在之前已经被存储起来了
        Service s = mServices.get(data.token);
       
        ......
                    if (!data.rebind) {
                        //调用service的onBind方法,这里终于找到了
                        IBinder binder = s.onBind(data.intent);
                        //这里是回调到onServiceConnected方法的关键
                        ActivityManager.getService().publishService(
                                data.token, data.intent, binder);
                    } else {
                        s.onRebind(data.intent);
                        ActivityManager.getService().serviceDoneExecuting(
                                data.token, SERVICE_DONE_EXECUTING_ANON, 0, 0);
                    }
                   ......
        }
    }

再次回到ActivityManagerService中

public void publishService(IBinder token, Intent intent, IBinder service) {
        // Refuse possible leaked file descriptors
        if (intent != null && intent.hasFileDescriptors() == true) {
            throw new IllegalArgumentException("File descriptors passed in Intent");
        }

        synchronized(this) {
            if (!(token instanceof ServiceRecord)) {
                throw new IllegalArgumentException("Invalid service token");
            }
            mServices.publishServiceLocked((ServiceRecord)token, intent, service);
        }
    }

再次回到ActiveServices类中

void publishServiceLocked(ServiceRecord r, Intent intent, IBinder service) {
        final long origId = Binder.clearCallingIdentity();
        try {
            if (DEBUG_SERVICE) Slog.v(TAG_SERVICE, "PUBLISHING " + r
                    + " " + intent + ": " + service);
            if (r != null) {
                Intent.FilterComparison filter
                        = new Intent.FilterComparison(intent);
                IntentBindRecord b = r.bindings.get(filter);
                if (b != null && !b.received) {
                    b.binder = service;
                    b.requested = true;
                    b.received = true;
                    for (int conni=r.connections.size()-1; conni>=0; conni--) {
                        ArrayList<ConnectionRecord> clist = r.connections.valueAt(conni);
                        for (int i=0; i<clist.size(); i++) {
                            ConnectionRecord c = clist.get(i);
                            if (!filter.equals(c.binding.intent.intent)) {
                                if (DEBUG_SERVICE) Slog.v(
                                        TAG_SERVICE, "Not publishing to: " + c);
                                if (DEBUG_SERVICE) Slog.v(
                                        TAG_SERVICE, "Bound intent: " + c.binding.intent.intent);
                                if (DEBUG_SERVICE) Slog.v(
                                        TAG_SERVICE, "Published intent: " + intent);
                                continue;
                            }
                            if (DEBUG_SERVICE) Slog.v(TAG_SERVICE, "Publishing to: " + c);
                            try {
                                c.conn.connected(r.name, service, false);
                            } catch (Exception e) {
                                Slog.w(TAG, "Failure sending service " + r.name +
                                      " to connection " + c.conn.asBinder() +
                                      " (in " + c.binding.client.processName + ")", e);
                            }
                        }
                    }
                }

                serviceDoneExecutingLocked(r, mDestroyingServices.contains(r), false);
            }
        } finally {
            Binder.restoreCallingIdentity(origId);
        }
    }

关键代码

c.conn.connected(r.name, service, false);

c表示ConnectionRecord,conn就是IServiceConnection,看到这个IServiceConnection我们很容易把它和ServiceConnection联系起来,是不是这样呢,其实这时候我们可以回到最初的那个地方埋下的伏笔,我们写了一句注释

//注意这里得到的一个IServiceConnection在后边会用到
IServiceConnection sd;

从代码ArrayList<ConnectionRecord> clist = r.connections.valueAt(conni);中就可以看出,每一个ConnectionRecord都是提前存入集合中保存的,那么每个ConnectionRecord中的IServiceConnection也就在那时候已经存在了,IServiceConnection是一个接口,我们同样要找到它的实现类,那么回到ContextImpl中,看看,这个IServiceConnection是如何创建出来的

        IServiceConnection sd;
        if (conn == null) {
            throw new IllegalArgumentException("connection is null");
        }
        if (mPackageInfo != null) {
           sd = mPackageInfo.getServiceDispatcher(conn, getOuterContext(), handler, flags);
        @Override
1564    public IServiceConnection getServiceDispatcher(ServiceConnection conn, Handler handler,
1565            int flags) {
1566        return mPackageInfo.getServiceDispatcher(conn, getOuterContext(), handler, flags);
1567    }

进入LoadedApk中

public final IServiceConnection getServiceDispatcher(ServiceConnection c,
1397            Context context, Handler handler, int flags) {
1398        synchronized (mServices) {
1399            LoadedApk.ServiceDispatcher sd = null;
1400            ArrayMap<ServiceConnection, LoadedApk.ServiceDispatcher> map = mServices.get(context);
1401            if (map != null) {
1402                if (DEBUG) Slog.d(TAG, "Returning existing dispatcher " + sd + " for conn " + c);
1403                sd = map.get(c);
1404            }
1405            if (sd == null) {
1406                sd = new ServiceDispatcher(c, context, handler, flags);
1407                if (DEBUG) Slog.d(TAG, "Creating new dispatcher " + sd + " for conn " + c);
1408                if (map == null) {
1409                    map = new ArrayMap<>();
1410                    mServices.put(context, map);
1411                }
1412                map.put(c, sd);
1413            } else {
1414                sd.validate(context, handler);
1415            }
1416            return sd.getIServiceConnection();
1417        }
1418    }
1419
                IServiceConnection getIServiceConnection() {
1553            return mIServiceConnection;
1554        }

看到这个
private final ServiceDispatcher.InnerConnection mIServiceConnection;

我们找到了IServiceConnection的实现类,InnerConnection,那么c.conn.connected(r.name, service, false);执行的就是它的connect方法

private static class InnerConnection extends IServiceConnection.Stub {
1489            final WeakReference<LoadedApk.ServiceDispatcher> mDispatcher;
1490
1491            InnerConnection(LoadedApk.ServiceDispatcher sd) {
1492                mDispatcher = new WeakReference<LoadedApk.ServiceDispatcher>(sd);
1493            }
1494
1495            public void connected(ComponentName name, IBinder service, boolean dead)
1496                    throws RemoteException {
1497                LoadedApk.ServiceDispatcher sd = mDispatcher.get();
1498                if (sd != null) {
1499                    sd.connected(name, service, dead);
1500                }
1501            }
1502        }
public void connected(ComponentName name, IBinder service, boolean dead) {
1569            if (mActivityThread != null) {
1570                mActivityThread.post(new RunConnection(name, service, 0, dead));
1571            } else {
1572                doConnected(name, service, dead);
1573            }
1574        }



public void connected(ComponentName name, IBinder service, boolean dead) {
1569            if (mActivityThread != null) {
1570                mActivityThread.post(new RunConnection(name, service, 0, dead));
1571            } else {
1572                doConnected(name, service, dead);
1573            }
1574        }

终于找到了,看下边

public void doConnected(ComponentName name, IBinder service, boolean dead) {
1585            ServiceDispatcher.ConnectionInfo old;
1586            ServiceDispatcher.ConnectionInfo info;
1587
1588            ......
1625            // If there was an old service, it is now disconnected.
1626            if (old != null) {
1627                mConnection.onServiceDisconnected(name);
1628            }
1629            ......
1632            // If there is a new service, it is now connected.
1633            if (service != null) {
                        //onServiceConnected被调用
1634                mConnection.onServiceConnected(name, service);
1635            }
1636        }

相关文章
|
30天前
|
消息中间件 存储 Java
Android消息处理机制(Handler+Looper+Message+MessageQueue)
Android消息处理机制(Handler+Looper+Message+MessageQueue)
38 2
|
3月前
|
编译器 API Android开发
Android经典实战之Kotlin Multiplatform 中,如何处理不同平台的 API 调用
本文介绍Kotlin Multiplatform (KMP) 中使用 `expect` 和 `actual` 关键字处理多平台API调用的方法。通过共通代码集定义预期API,各平台提供具体实现,编译器确保正确匹配,支持依赖注入、枚举类处理等,实现跨平台代码重用与原生性能。附带示例展示如何定义跨平台函数与类。
93 0
|
14天前
|
消息中间件 存储 Java
Android面试高频知识点(2) 详解Android消息处理机制(Handler)
Android面试高频知识点(2) 详解Android消息处理机制(Handler)
|
17天前
|
消息中间件 存储 Java
Android面试高频知识点(2) 详解Android消息处理机制(Handler)
Android面试高频知识点(2) 详解Android消息处理机制(Handler)
41 1
|
18天前
|
存储 安全 数据安全/隐私保护
探索安卓与iOS的隐私保护机制####
【10月更文挑战第15天】 本文深入剖析了安卓和iOS两大操作系统在隐私保护方面的策略与技术实现,旨在揭示两者如何通过不同的技术手段来保障用户数据的安全与隐私。文章将逐一探讨各自的隐私控制功能、加密措施以及用户权限管理,为读者提供一个全面而深入的理解。 ####
33 1
|
21天前
|
消息中间件 存储 Java
Android消息处理机制(Handler+Looper+Message+MessageQueue)
Android消息处理机制(Handler+Looper+Message+MessageQueue)
43 2
|
2月前
|
存储 缓存 Android开发
Android RecyclerView 缓存机制深度解析与面试题
本文首发于公众号“AntDream”,详细解析了 `RecyclerView` 的缓存机制,包括多级缓存的原理与流程,并提供了常见面试题及答案。通过本文,你将深入了解 `RecyclerView` 的高性能秘诀,提升列表和网格的开发技能。
64 8
|
3月前
|
消息中间件 存储 Java
Android面试高频知识点(2) 详解Android消息处理机制(Handler)
Android 消息处理机制估计都被写烂了,但是依然还是要写一下,因为Android应用程序是通过消息来驱动的,Android某种意义上也可以说成是一个以消息驱动的系统,UI、事件、生命周期都和消息处理机制息息相关,并且消息处理机制在整个Android知识体系中也是尤其重要,在太多的源码分析的文章讲得比较繁琐,很多人对整个消息处理机制依然是懵懵懂懂,这篇文章通过一些问答的模式结合Android主线程(UI线程)的工作原理来讲解,源码注释很全,还有结合流程图,如果你对Android 消息处理机制还不是很理解,我相信只要你静下心来耐心的看,肯定会有不少的收获的。
186 3
Android面试高频知识点(2) 详解Android消息处理机制(Handler)
|
4月前
|
消息中间件 API 数据库
在微服务架构中,每个服务通常都是一个独立运行、独立部署、独立扩展的组件,它们之间通过轻量级的通信机制(如HTTP/RESTful API、gRPC等)进行通信。
在微服务架构中,每个服务通常都是一个独立运行、独立部署、独立扩展的组件,它们之间通过轻量级的通信机制(如HTTP/RESTful API、gRPC等)进行通信。
|
4月前
|
安全 Java API
构建基于Spring Boot的REST API安全机制
构建基于Spring Boot的REST API安全机制