本文主要是介绍Android跨进程通信,binder,native层,服务端在servicemanager注册服务,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
文章目录
- Android跨进程通信,binder,native层,服务端在servicemanager注册服务
- 1.服务端注册服务请求指令
- 2.svcmgr_publish注册服务
- 3.服务注册完毕通过服务端
Android跨进程通信,binder,native层,服务端在servicemanager注册服务
1.服务端注册服务请求指令
服务端代码主函数
int main(int argc, char **argv)
{struct binder_state *bs;//值为 0uint32_t svcmgr = BINDER_SERVICE_MANAGER;uint32_t handle;int ret;//初始化驱动驱动bs = binder_open("/dev/binder", 128*1024);if (!bs) {fprintf(stderr, "failed to open binder driver\n");return -1;}//添加服务//hellobinder_service_handler 是 hello 服务对应的回调函数,bs是binder_open的返回值//svcmgr整型值BINDER_SERVICE_MANAGER 0,表示的作用是发送给servicemanager的一个指令,"hello"注册服务的服务名字,//hellobinder_service_handler函数指针,注册服务对应的回调函数ret = svcmgr_publish(bs, svcmgr, "hello", hellobinder_service_handler);if (ret) {fprintf(stderr, "failed to publish hello service\n");return -1;}//test_server_handler 进程的 Binder 回调函数//从binder驱动里面读数据,解析数据,test_server_handler回调中处理数据binder_loop(bs, test_server_handler);return 0;
}
总结
服务端代码binder_open利用系统调用函数打开驱动,然后调用svcmgr_publish组装binder_io数据结构体,binder_call去调用驱动,在这个过程中,binder_io结构体会转换为binder_write_read给binder驱动,然后servicemanager进程也会通过binder_write_read读取服务端传递过来的数据,
2.svcmgr_publish注册服务
int svcmgr_publish(struct binder_state *bs, uint32_t target, const char *name, void *ptr)
{int status;unsigned iodata[512/4];struct binder_io msg, reply;//binder_io msg构造这个结构体数据集合bio_init(&msg, iodata, sizeof(iodata), 4);bio_put_uint32(&msg, 0); // strict mode headerbio_put_uint32(&msg, 0);bio_put_string16_x(&msg, SVC_MGR_NAME);bio_put_string16_x(&msg, name);bio_put_obj(&msg, ptr);bio_put_uint32(&msg, 0);bio_put_uint32(&msg, 0);//远程调用if (binder_call(bs, &msg, &reply, target, SVC_MGR_ADD_SERVICE)) {fprintf(stderr, "svcmgr_public 远程调用失败\n");return -1;}status = bio_get_uint32(&reply); //调用成功返回0binder_done(bs, &msg, &reply);return status;
}
binder_call远程调用
int binder_call(struct binder_state *bs,struct binder_io *msg, struct binder_io *reply,uint32_t target, uint32_t code)
{int res;//binder_io msg转化为binder_write_readstruct binder_write_read bwr;struct {uint32_t cmd;//构造这个结构体数据binder_write_read中的write_buffer结构体struct binder_transaction_data txn;} __attribute__((packed)) writebuf;unsigned readbuf[32];if (msg->flags & BIO_F_OVERFLOW) {fprintf(stderr,"binder: txn buffer overflow\n");goto fail;}writebuf.cmd = BC_TRANSACTION;writebuf.txn.target.handle = target;writebuf.txn.code = code;writebuf.txn.flags = 0;writebuf.txn.data_size = msg->data - msg->data0;writebuf.txn.offsets_size = ((char*) msg->offs) - ((char*) msg->offs0);writebuf.txn.data.ptr.buffer = (uintptr_t)msg->data0;writebuf.txn.data.ptr.offsets = (uintptr_t)msg->offs0;//写入数据,就是发送数据的意思,bwr.write_size = sizeof(writebuf);bwr.write_consumed = 0;//这一步就是转换binder_io为bwr.write_buffer = (uintptr_t) &writebuf;hexdump(msg->data0, msg->data - msg->data0);for (;;) {//读数据bwr.read_size = sizeof(readbuf);bwr.read_consumed = 0;bwr.read_buffer = (uintptr_t) readbuf;//通过系统调用函数ioctl发起写数据的操作BINDER_WRITE_READres = ioctl(bs->fd, BINDER_WRITE_READ, &bwr);if (res < 0) {fprintf(stderr,"binder: ioctl failed (%s)\n", strerror(errno));goto fail;} res = binder_parse(bs, reply, (uintptr_t) readbuf, bwr.read_consumed, 0);if (res == 0) {return 0;}if (res < 0) {goto fail;}}fail:memset(reply, 0, sizeof(*reply));reply->flags |= BIO_F_IOERROR;return -1;
}
binder_loop,servicemanager启动后,收到服务注册的通知,
void binder_loop(struct binder_state *bs, binder_handler func)
{int res;struct binder_write_read bwr;uint32_t readbuf[32];bwr.write_size = 0;bwr.write_consumed = 0;bwr.write_buffer = 0;readbuf[0] = BC_ENTER_LOOPER;binder_write(bs, readbuf, sizeof(uint32_t));for (;;) {bwr.read_size = sizeof(readbuf);bwr.read_consumed = 0;bwr.read_buffer = (uintptr_t) readbuf;//收到的数据保存在bwr中,没有数据就阻塞住,res = ioctl(bs->fd, BINDER_WRITE_READ, &bwr);if (res < 0) {ALOGE("binder_loop: ioctl failed (%s)\n", strerror(errno));break;}//解析数据,传入回调函数,有两个结构体数据,binder_transation_data,binder_io,解析出这两个结构体后就会传递给回调函数,res = binder_parse(bs, 0, (uintptr_t) readbuf, bwr.read_consumed, func);if (res == 0) {ALOGE("binder_loop: unexpected reply?!\n");break;}if (res < 0) {ALOGE("binder_loop: io error %d %s\n", res, strerror(errno));break;}}
}
回调函数svcmgr_handler
//binder_transaction_data_secctx,binder_io解析出的两个结构体就传到这
int svcmgr_handler(struct binder_state *bs,struct binder_transaction_data_secctx *txn_secctx,struct binder_io *msg,struct binder_io *reply)
{struct svcinfo *si;uint16_t *s;size_t len;uint32_t handle;uint32_t strict_policy;int allow_isolated;uint32_t dumpsys_priority;struct binder_transaction_data *txn = &txn_secctx->transaction_data;//ALOGI("target=%p code=%d pid=%d uid=%d\n",// (void*) txn->target.ptr, txn->code, txn->sender_pid, txn->sender_euid);if (txn->target.ptr != BINDER_SERVICE_MANAGER)return -1;if (txn->code == PING_TRANSACTION)return 0;// Equivalent to Parcel::enforceInterface(), reading the RPC// header with the strict mode policy mask and the interface name.// Note that we ignore the strict_policy and don't propagate it// further (since we do no outbound RPCs anyway).strict_policy = bio_get_uint32(msg);bio_get_uint32(msg); // Ignore worksource header.s = bio_get_string16(msg, &len);if (s == NULL) {return -1;}if ((len != (sizeof(svcmgr_id) / 2)) ||memcmp(svcmgr_id, s, sizeof(svcmgr_id))) {fprintf(stderr,"invalid id %s\n", str8(s, len));return -1;}if (sehandle && selinux_status_updated() > 0) {
#ifdef VENDORSERVICEMANAGERstruct selabel_handle *tmp_sehandle = selinux_android_vendor_service_context_handle();
#elsestruct selabel_handle *tmp_sehandle = selinux_android_service_context_handle();
#endifif (tmp_sehandle) {selabel_close(sehandle);sehandle = tmp_sehandle;}}//要访问的函数switch(txn->code) {case SVC_MGR_GET_SERVICE:case SVC_MGR_CHECK_SERVICE:s = bio_get_string16(msg, &len);if (s == NULL) {return -1;}handle = do_find_service(s, len, txn->sender_euid, txn->sender_pid,(const char*) txn_secctx->secctx);if (!handle)break;bio_put_ref(reply, handle);return 0;//添加注册服务case SVC_MGR_ADD_SERVICE://服务的名字s = bio_get_string16(msg, &len);if (s == NULL) {return -1;}//binder服务在应用层的句柄索引,handle = bio_get_ref(msg);allow_isolated = bio_get_uint32(msg) ? 1 : 0;dumpsys_priority = bio_get_uint32(msg);if (do_add_service(bs, s, len, handle, txn->sender_euid, allow_isolated, dumpsys_priority,txn->sender_pid, (const char*) txn_secctx->secctx))return -1;break;case SVC_MGR_LIST_SERVICES: {uint32_t n = bio_get_uint32(msg);uint32_t req_dumpsys_priority = bio_get_uint32(msg);if (!svc_can_list(txn->sender_pid, (const char*) txn_secctx->secctx, txn->sender_euid)) {ALOGE("list_service() uid=%d - PERMISSION DENIED\n",txn->sender_euid);return -1;}si = svclist;// walk through the list of services n times skipping services that// do not support the requested prioritywhile (si) {if (si->dumpsys_priority & req_dumpsys_priority) {if (n == 0) break;n--;}si = si->next;}if (si) {bio_put_string16(reply, si->name);return 0;}return -1;}default:ALOGE("unknown code %d\n", txn->code);return -1;}bio_put_uint32(reply, 0);return 0;
}
do_add_service
int do_add_service(struct binder_state *bs, const uint16_t *s, size_t len, uint32_t handle,uid_t uid, int allow_isolated, uint32_t dumpsys_priority, pid_t spid, const char* sid) {//单向链表,struct svcinfo *si;//ALOGI("add_service('%s',%x,%s) uid=%d\n", str8(s, len), handle,// allow_isolated ? "allow_isolated" : "!allow_isolated", uid);if (!handle || (len == 0) || (len > 127))return -1;if (!svc_can_register(s, len, spid, sid, uid)) {ALOGE("add_service('%s',%x) uid=%d - PERMISSION DENIED\n",str8(s, len), handle, uid);return -1;}si = find_svc(s, len);if (si) {if (si->handle) {ALOGE("add_service('%s',%x) uid=%d - ALREADY REGISTERED, OVERRIDE\n",str8(s, len), handle, uid);svcinfo_death(bs, si);}si->handle = handle;} else {//分配内存si = malloc(sizeof(*si) + (len + 1) * sizeof(uint16_t));if (!si) {ALOGE("add_service('%s',%x) uid=%d - OUT OF MEMORY\n",str8(s, len), handle, uid);return -1;}//给这个链表节点结构体复制si->handle = handle;si->len = len;memcpy(si->name, s, (len + 1) * sizeof(uint16_t));si->name[len] = '\0';si->death.func = (void*) svcinfo_death;si->death.ptr = si;si->allow_isolated = allow_isolated;si->dumpsys_priority = dumpsys_priority;//插入到链表的头部si->next = svclist;svclist = si;}binder_acquire(bs, handle);binder_link_to_death(bs, handle, &si->death);return 0;
}
3.服务注册完毕通过服务端
svcmgr_handler
返回给服务端的数据
bio_put_uint32(reply, 0);
binder_parse
int binder_parse(struct binder_state *bs, struct binder_io *bio,uintptr_t ptr, size_t size, binder_handler func)
{int r = 1;uintptr_t end = ptr + (uintptr_t) size;while (ptr < end) {uint32_t cmd = *(uint32_t *) ptr;ptr += sizeof(uint32_t);
#if TRACEfprintf(stderr,"%s:\n", cmd_name(cmd));
#endifswitch(cmd) {case BR_NOOP:break;case BR_TRANSACTION_COMPLETE:break;case BR_INCREFS:case BR_ACQUIRE:case BR_RELEASE:case BR_DECREFS:
#if TRACEfprintf(stderr," %p, %p\n", (void *)ptr, (void *)(ptr + sizeof(void *)));
#endifptr += sizeof(struct binder_ptr_cookie);break;case BR_TRANSACTION_SEC_CTX:case BR_TRANSACTION: {struct binder_transaction_data_secctx txn;if (cmd == BR_TRANSACTION_SEC_CTX) {if ((end - ptr) < sizeof(struct binder_transaction_data_secctx)) {ALOGE("parse: txn too small (binder_transaction_data_secctx)!\n");return -1;}memcpy(&txn, (void*) ptr, sizeof(struct binder_transaction_data_secctx));ptr += sizeof(struct binder_transaction_data_secctx);} else /* BR_TRANSACTION */ {if ((end - ptr) < sizeof(struct binder_transaction_data)) {ALOGE("parse: txn too small (binder_transaction_data)!\n");return -1;}memcpy(&txn.transaction_data, (void*) ptr, sizeof(struct binder_transaction_data));ptr += sizeof(struct binder_transaction_data);txn.secctx = 0;}binder_dump_txn(&txn.transaction_data);if (func) {unsigned rdata[256/4];struct binder_io msg;struct binder_io reply;int res;bio_init(&reply, rdata, sizeof(rdata), 4);bio_init_from_txn(&msg, &txn.transaction_data);res = func(bs, &txn, &msg, &reply);if (txn.transaction_data.flags & TF_ONE_WAY) {binder_free_buffer(bs, txn.transaction_data.data.ptr.buffer);} else {//把结果发给服务端进程binder_send_reply(bs, &reply, txn.transaction_data.data.ptr.buffer, res);}}break;}case BR_REPLY: {struct binder_transaction_data *txn = (struct binder_transaction_data *) ptr;if ((end - ptr) < sizeof(*txn)) {ALOGE("parse: reply too small!\n");return -1;}binder_dump_txn(txn);if (bio) {bio_init_from_txn(bio, txn);bio = 0;} else {/* todo FREE BUFFER */}ptr += sizeof(*txn);r = 0;break;}case BR_DEAD_BINDER: {struct binder_death *death = (struct binder_death *)(uintptr_t) *(binder_uintptr_t *)ptr;ptr += sizeof(binder_uintptr_t);death->func(bs, death->ptr);break;}case BR_FAILED_REPLY:r = -1;break;case BR_DEAD_REPLY:r = -1;break;default:ALOGE("parse: OOPS %d\n", cmd);return -1;}}return r;
}
binder_send_reply
void binder_send_reply(struct binder_state *bs,struct binder_io *reply,binder_uintptr_t buffer_to_free,int status)
{//构造一个数据,struct {//发送给内核的数据uint32_t cmd_free;binder_uintptr_t buffer;//发送给服务端uint32_t cmd_reply;struct binder_transaction_data txn;} __attribute__((packed)) data;data.cmd_free = BC_FREE_BUFFER;data.buffer = buffer_to_free;data.cmd_reply = BC_REPLY;data.txn.target.ptr = 0;data.txn.cookie = 0;data.txn.code = 0;if (status) {data.txn.flags = TF_STATUS_CODE;data.txn.data_size = sizeof(int);data.txn.offsets_size = 0;data.txn.data.ptr.buffer = (uintptr_t)&status;data.txn.data.ptr.offsets = 0;} else {//给上面的结构体赋值数据data.txn.flags = 0;data.txn.data_size = reply->data - reply->data0;data.txn.offsets_size = ((char*) reply->offs) - ((char*) reply->offs0);data.txn.data.ptr.buffer = (uintptr_t)reply->data0;data.txn.data.ptr.offsets = (uintptr_t)reply->offs0;}binder_write(bs, &data, sizeof(data));
}
;
data.txn.offsets_size = 0;
data.txn.data.ptr.buffer = (uintptr_t)&status;
data.txn.data.ptr.offsets = 0;
} else {
//给上面的结构体赋值数据
data.txn.flags = 0;
data.txn.data_size = reply->data - reply->data0;
data.txn.offsets_size = ((char*) reply->offs) - ((char*) reply->offs0);
data.txn.data.ptr.buffer = (uintptr_t)reply->data0;
data.txn.data.ptr.offsets = (uintptr_t)reply->offs0;
}
binder_write(bs, &data, sizeof(data));
}
这篇关于Android跨进程通信,binder,native层,服务端在servicemanager注册服务的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!
