目录:
-
Android : 跟我学Binder --- (1) 什么是Binder IPC?为何要使用Binder机制?
-
Android : 跟我学Binder --- (2) AIDL分析及手动实现
-
Android : 跟我学Binder --- (3) C程序示例
-
Android : 跟我学Binder --- (4) 驱动情景分析
-
Android : 跟我学Binder --- (5) C++实现
-
Android : 跟我学Binder --- (6) JAVA实现
一、Binder框架分析
1、IPC、LPC和RPC的概念:
IPC: (Inter Process Communication )跨进程通信,泛指进程之间任何形式的通信行为,它不仅包括各种形式的消息传递,还可以指共享资源,以及同步对象;
LPC: (Local Procedure Call )本地过程调用,用在多任务操作系统中,使得同时运行的任务能互相会话。这些任务共享内存空间使任务同步和互相发送信息;(IPC的封装)
RPC:(Reomote Procedure Call )远程过程调用,类似于LPC,只是在网上工作。RPC开始是出现在Sun微系统公司和HP公司的运行UNIX操作系统的计算机中;
2、通信架构:
Client/Server <---> service manager 交互流程:
server ---------addservice-------> service manager
client ---------getservice--------> service manager
注:ServiceManager首先向binder驱动注册为服务管理者,handle为0;
3、简析示例代码(非完整流程):
①android_5.0.2_32frameworks ativecmdsservicemanagerservice_manager.c //管理server注册的服务(进程)
a. binder_open //打开驱动 b. binder_become_context_manager //告诉驱动注册为service manager c. binder_loop(bs, svcmgr_handler); c.1 res = ioctl(bs->fd, BINDER_WRITE_READ, &bwr); //读数据 c.2 binder_parse // 解析数据 /*处理数据 : svcmgr_handler*/ SVC_MGR_GET_SERVICE/SVC_MGR_CHECK_SERVICE : 获取服务 SVC_MGR_ADD_SERVICE : 注册服务 /*有必要则回复数据*/
.......
②android_5.0.2_32frameworks ativecmdsservicemanagerctest.c //client测试代码
注册服务的过程: a. binder_open //打开驱动 b. svcmgr_publish //构造数据 c. binder_call(bs, &msg, &reply, 0, SVC_MGR_ADD_SERVICE) // 含有服务的名字 // 它会含有servicemanager回复的数据 // 0表示servicemanager // code: 表示要调用servicemanager中的"addservice函数" 获取服务的过程: a. binder_open //打开驱动
b. svcmgr_lookup //构造数据
c. binder_call(bs, &msg, &reply, 0, SVC_MGR_CHECK_SERVICE) // 含有服务的名字 // 它会含有servicemanager回复的数据, 表示提供服务的进程 // 0表示servicemanager // code: 表示要调用servicemanager中的"getservice函数
③android_5.0.2_32frameworks ativecmdsservicemanagerinder.c //封装好的C函数
(1)构造参数:放在一个buffer用binder_io来描述;
unsigned iodata[512/4]; //用binder_io来管理这个缓冲区 struct binder_io msg, reply; ... bio_init(&msg, iodata, sizeof(iodata), 4); //初始化binder_io对象 /*可以放入各类型参数,反之通过get方法获取*/ bio_put_uint32(&msg, 0); // strict mode header bio_put_string16_x(&msg, SVC_MGR_NAME); bio_put_string16_x(&msg, name); bio_put_obj(&msg, ptr); ... /*调用binder_call(struct binder_state *bs, struct binder_io *msg/*提供参数*/, struct binder_io *reply/*获得回复*/, uint32_t target/*发送对象*/, uint32_t code/*调用函数*/)*/ if (binder_call(bs, &msg, &reply, target, SVC_MGR_ADD_SERVICE)) return -1;
(2)根据 binder_io、target、code 构造writebuf:
struct binder_write_read bwr; struct { uint32_t cmd; struct binder_transaction_data txn; } __attribute__((packed)) writebuf; unsigned readbuf[32]; .... writebuf.cmd = BC_TRANSACTION; writebuf.txn.target.handle = target; writebuf.txn.code = code; writebuf.txn.flags = 0; writebuf.txn.data_size = msg->data - msg->data0; writebuf.txn.offsets_size = ((char*) msg->offs) - ((char*) msg->offs0); writebuf.txn.data.ptr.buffer = (uintptr_t)msg->data0; writebuf.txn.data.ptr.offsets = (uintptr_t)msg->offs0; bwr.write_size = sizeof(writebuf); bwr.write_consumed = 0; bwr.write_buffer = (uintptr_t) &writebuf;
其中binder_write_read 结构体在内核代码中的定义:
struct binder_write_read {
signed long write_size; /* bytes to write */
signed long write_consumed; /* bytes consumed by driver */
unsigned long write_buffer;
signed long read_size; /* bytes to read */
signed long read_consumed; /* bytes consumed by driver */
unsigned long read_buffer;
};
其中binder_transaction_data结构体在内核代码中的定义:
struct binder_transaction_data { /* The first two are only used for bcTRANSACTION and brTRANSACTION, * identifying the target and contents of the transaction. */ union { size_t handle; /* target descriptor of command transaction */ void *ptr; /* target descriptor of return transaction */ } target; void *cookie; /* target object cookie */ unsigned int code; /* transaction command */ /* General information about the transaction. */ unsigned int flags; pid_t sender_pid; uid_t sender_euid; size_t data_size; /* number of bytes of data */ size_t offsets_size; /* number of bytes of offsets */ /* If this transaction is inline, the data immediately * follows here; otherwise, it ends with a pointer to * the data buffer. */ union { struct { /* transaction data */ const void *buffer; /* offsets from buffer to flat_binder_object structs */ const void *offsets; } ptr; uint8_t buf[8]; } data; };
(3)通过ioctl发送数据:
for (;;) { bwr.read_size = sizeof(readbuf); bwr.read_consumed = 0; bwr.read_buffer = (uintptr_t) readbuf; res = ioctl(bs->fd, BINDER_WRITE_READ, &bwr); if (res < 0) { fprintf(stderr,"binder: ioctl failed (%s) ", strerror(errno)); goto fail; } res = binder_parse(bs, reply, (uintptr_t) readbuf, bwr.read_consumed, 0); //解析返回的数据 if (res == 0) return 0; if (res < 0) goto fail; }
框架流程总结:
client端: binder_open ---> 获得服务handle ---> 构造参数binder_io ---> 调用binder_call ---> 解析返回的binder_io;
server端:binder_open ---> 注册服务 ---> ioctl读取数据(binder_write_read )---> 解析数据(binder_transaction_data ) ---> 获得binder_io并根据code调用对应函数 ---> 把返回值发送给client;
二、编写程序
1.参考service_manager.c编写test_server.c添加服务:
/* Copyright 2008 The Android Open Source Project */ #include <stdio.h> #include <stdlib.h> #include <errno.h> #include <linux/types.h> #include<stdbool.h> #include <string.h> #include <private/android_filesystem_config.h> #include "binder.h" #include "test_server.h" int svcmgr_publish(struct binder_state *bs, uint32_t target, const char *name, void *ptr) { int status; unsigned iodata[512/4]; struct binder_io msg, reply; bio_init(&msg, iodata, sizeof(iodata), 4); bio_put_uint32(&msg, 0); // strict mode header bio_put_string16_x(&msg, SVC_MGR_NAME); bio_put_string16_x(&msg, name); bio_put_obj(&msg, ptr); if (binder_call(bs, &msg, &reply, target, SVC_MGR_ADD_SERVICE)) return -1; status = bio_get_uint32(&reply); binder_done(bs, &msg, &reply); return status; } void sayhello(void) { static int cnt = 0; fprintf(stderr, "say hello : %d ", ++cnt); } int sayhello_to(char *name) { static int cnt = 0; fprintf(stderr, "say hello to %s : %d ", name, ++cnt); return cnt; } void saygoodbye(void) { static int cnt = 0; fprintf(stderr, "say goodbye : %d ", ++cnt); } int saygoodbye_to(char *name) { static int cnt = 0; fprintf(stderr, "say goodbye to %s : %d ", name, ++cnt); return cnt; } int hello_service_handler(struct binder_state *bs, struct binder_transaction_data *txn, struct binder_io *msg, struct binder_io *reply) { /* 根据txn->code知道要调用哪一个函数 * 如果需要参数, 可以从msg取出 * 如果要返回结果, 可以把结果放入reply */ /* sayhello * sayhello_to */ uint16_t *s; char name[512]; size_t len; uint32_t handle; uint32_t strict_policy; int i; // Equivalent to Parcel::enforceInterface(), reading the RPC // header with the strict mode policy mask and the interface name. // Note that we ignore the strict_policy and don't propagate it // further (since we do no outbound RPCs anyway). strict_policy = bio_get_uint32(msg); // 取出0,后面才是传过来的所需数据 switch(txn->code) { case HELLO_SVR_CMD_SAYHELLO: sayhello(); bio_put_uint32(reply, 0); /* no exception */ return 0; case HELLO_SVR_CMD_SAYHELLO_TO: /* 从msg里取出字符串(16位转8位) */ s = bio_get_string16(msg, &len); //"IHelloService" s = bio_get_string16(msg, &len); // name if (s == NULL) { return -1; } for (i = 0; i < len; i++) name[i] = s[i]; name[i] = '