文章目录
一、ActivityThread 源码分析
二、ActivityThread 部分代码示例
dex 解密时 , 需要将 代理 Application 替换为 真实 Application ; 替换 Application 首先要理解系统如何注册应用的 Application 的 ;
一、ActivityThread 源码分析
参考源码 : /frameworks/base/core/java/android/app/ActivityThread.java
Zygote 进程孵化器 fork 出应用进程后 , 就会执行 ActivityThread 中的 main 函数 ;
在 main 函数中 , 调用了 Looper.prepareMainLooper() 方法 , 初始化了 Looper , 在 main 方法最后 , 执行了 Looper.loop() , 开启了无限循环获取 Message 并执行 ;
准备完 Looper 之后 , ActivityThread thread = new ActivityThread() 创建了 ActivityThread 对象 , 并调用了该对象的 attach 函数 , thread.attach(false) ;
public static void main(String[] args) {
public static void main(String[] args) { Looper.prepareMainLooper(); ActivityThread thread = new ActivityThread(); thread.attach(false); Looper.loop(); }
在 attach 函数中 , private void attach(boolean system) , 传入的参数是 false , 进入第一个分支 if (!system) { ;
在该分支中 , final IActivityManager mgr = ActivityManagerNative.getDefault() , 通过 ActivityManager 拿到了 Binder 对象 ;
通过调用该 Binder 对象的 attachApplication 方法 , mgr.attachApplication(mAppThread) , 将本 ApplicationThread 对象传送出去 ;
private void attach(boolean system) { sCurrentActivityThread = this; mSystemThread = system; if (!system) { RuntimeInit.setApplicationObject(mAppThread.asBinder()); final IActivityManager mgr = ActivityManagerNative.getDefault(); try { mgr.attachApplication(mAppThread); } catch (RemoteException ex) { // Ignore } // Watch for getting close to heap limit. } else { // Don't set application object here -- if the system crashes, // we can't display an alert, we just want to die die die. } }
在 main 函数中创建 ActivityThread 对象时 , 会自动创建其内部的成员属性 , 包括主线程的 Handler , final H mH = new H() 成员 , H 类型就是 Handler 的子类 , private class H extends Handler ;
利用 Binder 调用 ActivityThread 的 bindApplication 方法 , public final void bindApplication , 在 bindApplication 方法中 , 接收 ActivityManagerService 发送来的参数 , 最后发送一条 Message 给 H mH 对象 , 即 Hander 子类对象 , sendMessage(H.BIND_APPLICATION, data) ;
最终由 H 对象 , private class H extends Handler 类型 , 处理上述逻辑 , 最终调用 handleBindApplication 方法处理 , private void handleBindApplication(AppBindData data) ;
final H mH = new H(); private class H extends Handler { public void handleMessage(Message msg) { switch (msg.what) { case BIND_APPLICATION: Trace.traceBegin(Trace.TRACE_TAG_ACTIVITY_MANAGER, "bindApplication"); AppBindData data = (AppBindData)msg.obj; handleBindApplication(data); Trace.traceEnd(Trace.TRACE_TAG_ACTIVITY_MANAGER); break; } }
在 ActivityThread 的 handleBindApplication 方法中就是进行的 Application 准备工作 , 构建 Application , 并调用 Application 中的 onCreate 等生命周期函数 ;
在 handleBindApplication 方法 中 , Application app = data.info.makeApplication(data.restrictedBackupMode, null) , 此处创建 Application ;
应用 Application 的具体创建方法 , 需要查看该 data.info.makeApplication 方法 , makeApplication 是 data.info 对象中的函数 , data.info 对象类型是 android.app.LoadedApk 类型 , data.info 是调用 getPackageInfoNoCheck 获取的 , data.info = getPackageInfoNoCheck(data.appInfo, data.compatInfo) ;
private void handleBindApplication(AppBindData data) { try { // If the app is being launched for full backup or restore, bring it up in // a restricted environment with the base application class. Application app = data.info.makeApplication(data.restrictedBackupMode, null); mInitialApplication = app; } finally { StrictMode.setThreadPolicy(savedPolicy); } }
二、ActivityThread 部分代码示例
ActivityThread 部分代码示例 :
public final class ActivityThread { final ApplicationThread mAppThread = new ApplicationThread(); final Looper mLooper = Looper.myLooper(); final H mH = new H(); private class H extends Handler { public void handleMessage(Message msg) { switch (msg.what) { case BIND_APPLICATION: Trace.traceBegin(Trace.TRACE_TAG_ACTIVITY_MANAGER, "bindApplication"); AppBindData data = (AppBindData)msg.obj; handleBindApplication(data); Trace.traceEnd(Trace.TRACE_TAG_ACTIVITY_MANAGER); break; } } private void handleBindApplication(AppBindData data) { try { // If the app is being launched for full backup or restore, bring it up in // a restricted environment with the base application class. Application app = data.info.makeApplication(data.restrictedBackupMode, null); mInitialApplication = app; } finally { StrictMode.setThreadPolicy(savedPolicy); } } public final void bindApplication(String processName, ApplicationInfo appInfo, List<ProviderInfo> providers, ComponentName instrumentationName, ProfilerInfo profilerInfo, Bundle instrumentationArgs, IInstrumentationWatcher instrumentationWatcher, IUiAutomationConnection instrumentationUiConnection, int debugMode, boolean enableOpenGlTrace, boolean isRestrictedBackupMode, boolean persistent, Configuration config, CompatibilityInfo compatInfo, Map<String, IBinder> services, Bundle coreSettings) { sendMessage(H.BIND_APPLICATION, data); } private void attach(boolean system) { sCurrentActivityThread = this; mSystemThread = system; if (!system) { RuntimeInit.setApplicationObject(mAppThread.asBinder()); final IActivityManager mgr = ActivityManagerNative.getDefault(); try { mgr.attachApplication(mAppThread); } catch (RemoteException ex) { // Ignore } // Watch for getting close to heap limit. } else { // Don't set application object here -- if the system crashes, // we can't display an alert, we just want to die die die. } } public static void main(String[] args) { Looper.prepareMainLooper(); ActivityThread thread = new ActivityThread(); thread.attach(false); Looper.loop(); } }
