文章目录
Android 插件化系列文章目录
前言
一、ActivityManagerService 进程相关源码
1、ActivityManagerService 源码分析
2、ActivityStarter 源码分析
a、obtainStarter 方法分析
b、execute 方法分析
c、startActivityMayWait 方法分析
d、startActivity 方法分析
e、startActivityUnchecked 方法分析
3、ActivityStackSupervisor 源码分析
4、ActivityStack 源码分析
a、resumeTopActivityUncheckedLocked 方法分析
b、resumeTopActivityInnerLocked 方法分析
c、startPausingLocked 方法分析
d、继续回到 resumeTopActivityInnerLocked 方法分析
4、后续 ActivityStackSupervisor 源码分析
二、ActivityThread 主进程相关源码
前言
上一篇博客 【Android 插件化】Hook 插件化框架 ( 从 Hook 应用角度分析 Activity 启动流程 一 | Activity 进程相关源码 ) 分析了 Activity 启动流程中 , Activity 进程中相关调用链涉及的源码 ;
本博客中着重分析 AMS 中涉及到的源码 和 AMS 启动主进程 Activity 源码 ;
一、ActivityManagerService 进程相关源码
1、ActivityManagerService 源码分析
在 Instrumentation 的 execStartActivity 方法中 , 最核心的代码是
int result = ActivityTaskManager.getService().startActivity(whoThread, who.getBasePackageName(), who.getAttributionTag(), intent, intent.resolveTypeIfNeeded(who.getContentResolver()), token, target != null ? target.mEmbeddedID : null, requestCode, 0, null, options);
先通过 ActivityTaskManager.getService() 获取服务 ,
public class ActivityTaskManager { /** @hide */ public static IActivityTaskManager getService() { return IActivityTaskManagerSingleton.get(); } @UnsupportedAppUsage(trackingBug = 129726065) private static final Singleton<IActivityTaskManager> IActivityTaskManagerSingleton = new Singleton<IActivityTaskManager>() { @Override protected IActivityTaskManager create() { final IBinder b = ServiceManager.getService(Context.ACTIVITY_TASK_SERVICE); return IActivityTaskManager.Stub.asInterface(b); } }; }
调用 IActivityTaskManagerSingleton.get() 方法 , 就是调用 IActivityTaskManagerSingleton 的 create 方法 , 返回如下结果
final IBinder b = ServiceManager.getService(Context.ACTIVITY_TASK_SERVICE);
return IActivityTaskManager.Stub.asInterface(b);
1
2
该 IActivityTaskManager 没有找到对应 Java 代码 , 是 AIDL 文件 ; 返回的结果是 Binder 的代理类 , 该类主要作用是使用了 Binder 机制 , 进行进程间通信 ;
获取的远程服务是 ActivityManagerService , 在 Instrumentation 中调用 ActivityTaskManager.getService().startActivity() 方法 , 就是调用 AMS ( ActivityManagerService ) 的 startActivity 方法 , 最终调用的是 AMS 的 startActivityAsUser 方法 , 在该方法中调用了 ActivityStartController mActivityStartController 成员的 obtainStarter 方法 ,
public class ActivityManagerService extends IActivityManager.Stub implements Watchdog.Monitor, BatteryStatsImpl.BatteryCallback { private final ActivityStartController mActivityStartController; @Override public final int startActivity(IApplicationThread caller, String callingPackage, Intent intent, String resolvedType, IBinder resultTo, String resultWho, int requestCode, int startFlags, ProfilerInfo profilerInfo, Bundle bOptions) { return startActivityAsUser(caller, callingPackage, intent, resolvedType, resultTo, resultWho, requestCode, startFlags, profilerInfo, bOptions, UserHandle.getCallingUserId()); } @Override public final int startActivityAsUser(IApplicationThread caller, String callingPackage, Intent intent, String resolvedType, IBinder resultTo, String resultWho, int requestCode, int startFlags, ProfilerInfo profilerInfo, Bundle bOptions, int userId) { return startActivityAsUser(caller, callingPackage, intent, resolvedType, resultTo, resultWho, requestCode, startFlags, profilerInfo, bOptions, userId, true /*validateIncomingUser*/); } public final int startActivityAsUser(IApplicationThread caller, String callingPackage, Intent intent, String resolvedType, IBinder resultTo, String resultWho, int requestCode, int startFlags, ProfilerInfo profilerInfo, Bundle bOptions, int userId, boolean validateIncomingUser) { enforceNotIsolatedCaller("startActivity"); userId = mActivityStartController.checkTargetUser(userId, validateIncomingUser, Binder.getCallingPid(), Binder.getCallingUid(), "startActivityAsUser"); // TODO: Switch to user app stacks here. return mActivityStartController.obtainStarter(intent, "startActivityAsUser") .setCaller(caller) .setCallingPackage(callingPackage) .setResolvedType(resolvedType) .setResultTo(resultTo) .setResultWho(resultWho) .setRequestCode(requestCode) .setStartFlags(startFlags) .setProfilerInfo(profilerInfo) .setActivityOptions(bOptions) .setMayWait(userId) .execute(); } }
/frameworks/base/services/core/java/com/android/server/am/ActivityManagerService.java
2、ActivityStarter 源码分析
/frameworks/base/services/core/java/com/android/server/am/ActivityStarter.java
a、obtainStarter 方法分析
调用 ActivityStartController 的 obtainStarter 方法 , 得到的是 ActivityStarter 方法 , Activity 的启动是由该 ActivityStarter 来完成的 ;
public class ActivityStartController { /** * @return A starter to configure and execute starting an activity. It is valid until after * {@link ActivityStarter#execute} is invoked. At that point, the starter should be * considered invalid and no longer modified or used. */ ActivityStarter obtainStarter(Intent intent, String reason) { return mFactory.obtain().setIntent(intent).setReason(reason); } }
b、execute 方法分析
Activity 启动过程很复杂 , 封装在 ActivityStarter 类中 , 该类有 2700 27002700 行代码 , 也是个重量级的类 , 因此没有在 ActivityManagerService 中定义 , 而是拆分出来 , 进行处理 ;
class ActivityStarter { /** * Starts an activity based on the request parameters provided earlier. * @return The starter result. */ int execute() { try { // TODO(b/64750076): Look into passing request directly to these methods to allow // for transactional diffs and preprocessing. if (mRequest.mayWait) { return startActivityMayWait(mRequest.caller, mRequest.callingUid, mRequest.callingPackage, mRequest.intent, mRequest.resolvedType, mRequest.voiceSession, mRequest.voiceInteractor, mRequest.resultTo, mRequest.resultWho, mRequest.requestCode, mRequest.startFlags, mRequest.profilerInfo, mRequest.waitResult, mRequest.globalConfig, mRequest.activityOptions, mRequest.ignoreTargetSecurity, mRequest.userId, mRequest.inTask, mRequest.reason, mRequest.allowPendingRemoteAnimationRegistryLookup); } else { return startActivity(mRequest.caller, mRequest.intent, mRequest.ephemeralIntent, mRequest.resolvedType, mRequest.activityInfo, mRequest.resolveInfo, mRequest.voiceSession, mRequest.voiceInteractor, mRequest.resultTo, mRequest.resultWho, mRequest.requestCode, mRequest.callingPid, mRequest.callingUid, mRequest.callingPackage, mRequest.realCallingPid, mRequest.realCallingUid, mRequest.startFlags, mRequest.activityOptions, mRequest.ignoreTargetSecurity, mRequest.componentSpecified, mRequest.outActivity, mRequest.inTask, mRequest.reason, mRequest.allowPendingRemoteAnimationRegistryLookup); } } finally { onExecutionComplete(); } } }
c、startActivityMayWait 方法分析
如果需要等待 , 则调用 ActivityStarter 的 startActivityMayWait 方法 , 在该方法中需要获取调用的 进程 ID , 用户 ID ,
final int realCallingPid = Binder.getCallingPid(); final int realCallingUid = Binder.getCallingUid();
然后 Activity 任务栈管理者 mSupervisor 解析 Intent , 将解析的信息放在 ResolveInfo rInfo 中 ;
ResolveInfo rInfo = mSupervisor.resolveIntent(intent, resolvedType, userId, 0 /* matchFlags */, computeResolveFilterUid( callingUid, realCallingUid, mRequest.filterCallingUid));
通过 Activity 任务栈管理者 mSupervisor 解析 Activity , 将获取的 Activity 信息放在 ActivityInfo aInfo 中 ;
// Collect information about the target of the Intent. ActivityInfo aInfo = mSupervisor.resolveActivity(intent, rInfo, startFlags, profilerInfo);
最后 , 调用 ActivityStarter 的 startActivity 方法 , 进行界面启动 ;
int res = startActivity(caller, intent, ephemeralIntent, resolvedType, aInfo, rInfo, voiceSession, voiceInteractor, resultTo, resultWho, requestCode, callingPid, callingUid, callingPackage, realCallingPid, realCallingUid, startFlags, options, ignoreTargetSecurity, componentSpecified, outRecord, inTask, reason, allowPendingRemoteAnimationRegistryLookup);
