Android Activity组件的启动过程

1、总图中的第一步

Android Activity组件的启动过程


       如图:第一步    

       ~/Android/frameworks/base/core/java/android/app

       ----ActivityManagerNative.java

class ActivityManagerProxy implements IActivityManager
{
    
    public int startActivity(IApplicationThread caller, Intent intent,
            String resolvedType, Uri[] grantedUriPermissions, int grantedMode,
            IBinder resultTo, String resultWho,
            int requestCode, boolean onlyIfNeeded,
            boolean debug) throws RemoteException {
        Parcel data = Parcel.obtain();
        Parcel reply = Parcel.obtain();
        data.writeInterfaceToken(IActivityManager.descriptor);
        data.writeStrongBinder(caller != null ? caller.asBinder() : null);
        intent.writeToParcel(data, 0);
        .........
        data.writeStrongBinder(resultTo);
        mRemote.transact(START_ACTIVITY_TRANSACTION, data, reply, 0);
    }
      其中caller为:

final ApplicationThread mAppThread = new ApplicationThread();
      继承于ApplicationThreadNative,ApplicationThreadNative继承于Binder实现了IApplicationThread。

      resultTo如下图所示:

 Android Activity组件的启动过程

        java层的Parcel,writeStrongBinder方法,最后映射到C++层,执行如下:

        ~/Android/frameworks/base/core/jni

        ----android_util_Binder.cpp

static void android_os_Parcel_writeStrongBinder(JNIEnv* env, jobject clazz, jobject object)//clazz为Parcel,object指向了在Java层中创建的硬件访问服务FregService
{
    Parcel* parcel = parcelForJavaObject(env, clazz);//获取java层Parcel对象data的引用
    if (parcel != NULL) {
        const status_t err = parcel->writeStrongBinder(ibinderForJavaObject(env, object));
        if (err != NO_ERROR) {
            jniThrowException(env, "java/lang/OutOfMemoryError", NULL);
        }
    }
}

       ibinderForjavaObject实现如下:

       ~/Android/frameworks/base/core/jni

       ----android_util_Binder.cpp

sp<IBinder> ibinderForJavaObject(JNIEnv* env, jobject obj)
{
    if (obj == NULL) return NULL;

    if (env->IsInstanceOf(obj, gBinderOffsets.mClass)) {
        JavaBBinderHolder* jbh = (JavaBBinderHolder*)
            env->GetIntField(obj, gBinderOffsets.mObject);//这里把obj对象的mObject成员变量强制转为JavaBBinderHolder对象
        return jbh != NULL ? jbh->get(env) : NULL;
    }

    if (env->IsInstanceOf(obj, gBinderProxyOffsets.mClass)) {
        return (IBinder*)
            env->GetIntField(obj, gBinderProxyOffsets.mObject);
    }

    LOGW("ibinderForJavaObject: %p is not a Binder object", obj);
    return NULL;
}

     (1)如果传入的是caller.asBinder(),那么首先生成一个JavaBBinder本地对象。

     (2)如果传入的是resultTo,那么生成一个代理对象。

     

       writeStrongBinder实现如下:

       ~/Android/frameworks/base/libs/binder

       ----Parcel.cpp

status_t Parcel::writeStrongBinder(const sp<IBinder>& val)
{
    return flatten_binder(ProcessState::self(), val, this);
}

status_t flatten_binder(const sp<ProcessState>& proc,
    const sp<IBinder>& binder, Parcel* out)
{
    flat_binder_object obj;
    
    obj.flags = 0x7f | FLAT_BINDER_FLAG_ACCEPTS_FDS;
    if (binder != NULL) {
        IBinder *local = binder->localBinder();
        if (!local) {
            BpBinder *proxy = binder->remoteBinder();
            if (proxy == NULL) {
                LOGE("null proxy");
            }
            const int32_t handle = proxy ? proxy->handle() : 0;
            obj.type = BINDER_TYPE_HANDLE;
            obj.handle = handle;
            obj.cookie = NULL;
        } else {
            obj.type = BINDER_TYPE_BINDER;
            obj.binder = local->getWeakRefs();
            obj.cookie = local;
        }
    } else {
        obj.type = BINDER_TYPE_BINDER;
        obj.binder = NULL;
        obj.cookie = NULL;
    }
    
    return finish_flatten_binder(binder, obj, out);
}

     (1)如果是本地对象,obj.cookie为本地对象IBinder地址。

     (2)如果是代理对象,obj.handle为代理对象的句柄值。

       如图:第二步      

       Binder Driver:调用binder_transaction:

       ~/Android//kernel/goldfish/drivers/staging/android

       ----binder.c

                case BINDER_TYPE_BINDER:
		case BINDER_TYPE_WEAK_BINDER: {
			struct binder_ref *ref;
			struct binder_node *node = binder_get_node(proc, fp->binder);
			if (node == NULL) {
				node = binder_new_node(proc, fp->binder, fp->cookie);
				......
			}
			.......
			ref = binder_get_ref_for_node(target_proc, node);
			if (ref == NULL) {
				return_error = BR_FAILED_REPLY;
				goto err_binder_get_ref_for_node_failed;
			}
			if (fp->type == BINDER_TYPE_BINDER)
				fp->type = BINDER_TYPE_HANDLE;
			else
				fp->type = BINDER_TYPE_WEAK_HANDLE;
			fp->handle = ref->desc;
			......
		} break;
		case BINDER_TYPE_HANDLE:
		case BINDER_TYPE_WEAK_HANDLE: {
			struct binder_ref *ref = binder_get_ref(proc, fp->handle);
			......
			if (ref->node->proc == target_proc) {
				if (fp->type == BINDER_TYPE_HANDLE)
					fp->type = BINDER_TYPE_BINDER;
				else
					fp->type = BINDER_TYPE_WEAK_BINDER;
				fp->binder = ref->node->ptr;
				fp->cookie = ref->node->cookie;
				binder_inc_node(ref->node, fp->type == BINDER_TYPE_BINDER, 0, NULL);
				if (binder_debug_mask & BINDER_DEBUG_TRANSACTION)
					printk(KERN_INFO "        ref %d desc %d -> node %d u%p\n",
					       ref->debug_id, ref->desc, ref->node->debug_id, ref->node->ptr);
			} else {
				.......
			}
		} break;
     
      (1)如果是BINDER_TYPE_BINDER,首先创建实体对象,再创建引用对象。handle为引用句柄值。

      (2)如果是BINDER_TYPE_HANDLE,首先获取引用对象,再获取实体对象,cookie为本地对象IBinder的地址。


        如图:第三步      

       ~/Android/frameworks/base/core/java/android/app

       ----ActivityManagerNative.java

public abstract class ActivityManagerNative extends Binder implements IActivityManager
{
    ......
    public boolean onTransact(int code, Parcel data, Parcel reply, int flags)
            throws RemoteException {
        switch (code) {
        case START_ACTIVITY_TRANSACTION:
        {
            data.enforceInterface(IActivityManager.descriptor);
            IBinder b = data.readStrongBinder();
            <span style="font-size:14px;">IApplicationThread app = ApplicationThreadNative.asInterface(b);</span>
            Intent intent = Intent.CREATOR.createFromParcel(data);
            String resolvedType = data.readString();
            ......
            IBinder resultTo = data.readStrongBinder();
            ......
            return true;
        }


       Parcel类readStrongBinder映射到C++层,执行如下:

      ~/Android/frameworks/base/core/jni

      ----android_util_Binder.cpp

static jobject android_os_Parcel_readStrongBinder(JNIEnv* env, jobject clazz)
{
    Parcel* parcel = parcelForJavaObject(env, clazz);//获得Java层reply的引用
    if (parcel != NULL) {
        return javaObjectForIBinder(env, parcel->readStrongBinder());
    }
    return NULL;
}

      ~/Android/frameworks/base/libs/binder

      ----Parcel.cpp

sp<IBinder> Parcel::readStrongBinder() const
{
    sp<IBinder> val;
    unflatten_binder(ProcessState::self(), *this, &val);
    return val;
}

status_t unflatten_binder(const sp<ProcessState>& proc,
    const Parcel& in, sp<IBinder>* out)
{
    const flat_binder_object* flat = in.readObject(false);
    
    if (flat) {
        switch (flat->type) {
            case BINDER_TYPE_BINDER:
                *out = static_cast<IBinder*>(flat->cookie);
                return finish_unflatten_binder(NULL, *flat, in);
            case BINDER_TYPE_HANDLE:
                *out = proc->getStrongProxyForHandle(flat->handle);
                return finish_unflatten_binder(
                    static_cast<BpBinder*>(out->get()), *flat, in);
        }        
    }
    return BAD_TYPE;
}


     (1)如果是BINDER_TYPE_BINDER,返回本地对象。

     (2)如果是BINDER_TYPE_HANDLE,根据句柄值,返回代理对象。


       然后执行javaObjectForIBinder。

       ~/Android/frameworks/base/core/jni

       ----android_util_Binder.cpp

jobject javaObjectForIBinder(JNIEnv* env, const sp<IBinder>& val)
{
    if (val == NULL) return NULL;

    if (val->checkSubclass(&gBinderOffsets)) {
        // One of our own!
        jobject object = static_cast<JavaBBinder*>(val.get())->object();
        ........
        return object;
    }

    // For the rest of the function we will hold this lock, to serialize
    // looking/creation of Java proxies for native Binder proxies.
    AutoMutex _l(mProxyLock);

    // Someone else's...  do we know about it?
    jobject object = (jobject)val->findObject(&gBinderProxyOffsets);//检查当前进程之前是否已经为它创建过一个BinderProxy对象
    if (object != NULL) {//如果有返回来的就是一个指向该BinderProxy对象的WeakReference对象object,即一个弱引用对象
        jobject res = env->CallObjectMethod(object, gWeakReferenceOffsets.mGet);//由于弱引用对象object所指向的BinderProxy对象可能已经失效,因此,需要检查它的有效性,方法是调用它的成员函数get来获得一个强引用对象。
        if (res != NULL) {//如果不为NULL
            ......
            return res;//直接返回
        }
        .....
        android_atomic_dec(&gNumProxyRefs);//如果为NULL
        val->detachObject(&gBinderProxyOffsets);//解除它与一个无效的BinderProxy对象的对应关系
        env->DeleteGlobalRef(object);//删除弱引用对象的全局引用
    }

    object = env->NewObject(gBinderProxyOffsets.mClass, gBinderProxyOffsets.mConstructor);//创建一个BinderProxy对象
    if (object != NULL) {
        .......
        env->SetIntField(object, gBinderProxyOffsets.mObject, (int)val.get());//BinderProxy.mObject成员变量记录了这个BpBinder对象的地址
        val->incStrong(object);

        // The native object needs to hold a weak reference back to the
        // proxy, so we can retrieve the same proxy if it is still active.
        jobject refObject = env->NewGlobalRef(
                env->GetObjectField(object, gBinderProxyOffsets.mSelf));//获取BinderProxy内部的成员变量mSelf(BinderProxy的弱引用对象),接着再创建一个全局引用对象来引用它
        val->attachObject(&gBinderProxyOffsets, refObject,
                jnienv_to_javavm(env), proxy_cleanup);//把它放到BpBinder里面去,下次就要使用时,就可以在上一步调用BpBinder::findObj把它找回来了

        // Note that a new object reference has been created.
        android_atomic_inc(&gNumProxyRefs);
        incRefsCreated(env);
    }

    return object;
}

     (1)如果是本地对象,首先向下转型为JavaBBinder,然后取得ActivityRecord对象,它继承了IApplicationToken.Stub。而IApplicationToken.Stub继承Binder,实现了IApplicationToken。所以可以向上转型为IBinder。

IBinder resultTo = data.readStrongBinder();

     (2)如果是代理对象,首先生成BinderProxy对象,里面的mObject指向代理对象,向上转型为IBinder。

            IBinder b = data.readStrongBinder();
            IApplicationThread app = ApplicationThreadNative.asInterface(b);
        然后生成ActivityManagerProxy对象,里面mRemote指向BinderProxy对象。

       

        如图:第四步      
        ~/Android/frameworks/base/services/java/com/android/server/am

        ----ActivityManagerService.java

    public final int startActivity(IApplicationThread caller,
            Intent intent, String resolvedType, Uri[] grantedUriPermissions,
            int grantedMode, IBinder resultTo,
            String resultWho, int requestCode, boolean onlyIfNeeded,
            boolean debug) {
        return mMainStack.startActivityMayWait(caller, intent, resolvedType,
                grantedUriPermissions, grantedMode, resultTo, resultWho,
                requestCode, onlyIfNeeded, debug, null, null);
    }

      待续






Android Activity组件的启动过程,布布扣,bubuko.com

Android Activity组件的启动过程

上一篇:jquery实现弹出可移动层代码


下一篇:Android Monkey自动化测试