虽说阅读Binder的源代码是学习Binder机制的最好的方式,但是也绝不能打无准备之仗,因为Binder的相关源代码是比较枯燥无味而且比较难以理解的,如果能够辅予一些理论知识,那就更好了。闲话少说,网上关于Binder机制的资料还是不少的,这里就不想再详细写一遍了,强烈推荐下面两篇文章:
Android Binder设计与实现 – 设计篇
void MediaPlayerService::instantiate() {
266 defaultServiceManager()->addService(
267 String16("media.player"), new MediaPlayerService());
268}
defaultServiceManager = BpServiceManager
class MediaPlayerService : public BnMediaPlayerService
Bn Binder Native层
Bp Binder Proxy 代理
BpServiceManager BnServiceManager BnMediaPlayerService BpMediaPlayerService来和他交互呢
p<IServiceManager> defaultServiceManager()
{
sp<IBinder> ProcessState::getContextObject(const sp<IBinder>& /*caller*/)
{
return getStrongProxyForHandle(0);
}
b = new BpBinder(handle);
template<typename INTERFACE>
inline sp<INTERFACE> interface_cast(const sp<IBinder>& obj)
{
return INTERFACE::asInterface(obj);
}
DECLARE_META_INTERFACE(ServiceManager);
#define DECLARE_META_INTERFACE(INTERFACE) \
static const android::String16 descriptor; \
static android::sp<I##INTERFACE> asInterface( \
const android::sp<android::IBinder>& obj); \
virtual const android::String16& getInterfaceDescriptor() const; \
I##INTERFACE(); \
virtual ~I##INTERFACE(); \
怎么和MFC这么类似?微软的影响很大啊!知道MFC的,有DELCARE肯定有IMPLEMENT
class BpServiceManager : public BpInterface<IServiceManager>
{
public:
BpServiceManager(const sp<IBinder>& impl)
: BpInterface<IServiceManager>(impl)
{
}
addService Parcel writeInterfaceToken ADD_SERVICE_TRANSACTION
remote transact
class BpRefBase : public virtual RefBase
{
inline IBinder* remote() { return mRemote; }
BpBinder::BpBinder(int32_t handle)
class BpServiceManager : public BpInterface<IServiceManager>
{
public:
BpServiceManager(const sp<IBinder>& impl)
: BpInterface<IServiceManager>(impl)
{
}
inline BpInterface<INTERFACE>::BpInterface(const sp<IBinder>& remote)
: BpRefBase(remote)
{
}
BpRefBase::BpRefBase(const sp<IBinder>& o)
: mRemote(o.get()), mRefs(NULL), mState(0)
{
virtual status_t addService(const String16& name, const sp<IBinder>& service,
bool allowIsolated)
{
Parcel data, reply;
data.writeInterfaceToken(IServiceManager::getInterfaceDescriptor());
data.writeString16(name);
data.writeStrongBinder(service);
data.writeInt32(allowIsolated ? 1 : 0);
status_t err = remote()->transact(ADD_SERVICE_TRANSACTION, data, &reply);
return err == NO_ERROR ? reply.readExceptionCode() : err;
}
BpBinder转换为 IServiceManager :BpRefBase
status_t BpBinder::transact(
uint32_t code, const Parcel& data, Parcel* reply, uint32_t flags)
{
//又绕回去了,调用IPCThreadState的transact。
//注意啊,这里的mHandle为0,code是ADD_SERVICE_TRANSACTION,data是命令包
//reply是回复包,flags=0
status_t IPCThreadState::transact(int32_t handle,
uint32_t code, const Parcel& data,
Parcel* reply, uint32_t flags)
{
err = waitForResponse(reply);
status_t IPCThreadState::writeTransactionData(int32_t cmd, uint32_t binderFlags,
int32_t handle, uint32_t code, const Parcel& data, status_t* statusBuffer)
{
binder_transaction_data tr;
tr.data.ptr.buffer = reinterpret_cast<uintptr_t>(statusBuffer);
reinterpret_cast<uintptr_t>(statusBuffer)
上面把命令数据封装成binder_transaction_data,然后
写到mOut中,mOut是命令的缓冲区,也是一个Parcel
mOut.writeInt32(cmd);
mOut.write(&tr, sizeof(tr));
//仅仅写到了Parcel中,Parcel好像没和/dev/binder设备有什么关联啊?
恩,那只能在另外一个地方写到binder设备中去了。难道是在?
return NO_ERROR;
status_t IPCThreadState::waitForResponse(Parcel *reply, status_t *acquireResult)
{
//看见没?这里开始操作mIn了,看来talkWithDriver中
//把mOut发出去,然后从driver中读到数据放到mIn中了。
status_t IPCThreadState::talkWithDriver(bool doReceive)
{
binder_write_read bwr;
if (ioctl(mProcess->mDriverFD, BINDER_WRITE_READ, &bwr) >= 0)
好了,到这里,我们发送addService的流程就彻底走完了。
BpServiceManager发送了一个addService命令到BnServiceManager,然后收到回复。
int main(int argc __unused, char** argv) { sp<ProcessState> proc(ProcessState::self()); MediaLogService::instantiate(); ProcessState::self()->startThreadPool(); 一个调用的函数是ProcessState::self(),然后赋值给了proc变量,程序运行完,proc会自动delete内部的内容,所以就自动释放了先前分配的资源。