Android ServiceManager源码(一)-- C语言部分
16lz
2021-01-23
ServiceManager这个服务,掌管着Android中其他服务的添加等等,在开机的时候就已经启动的。
524 service servicemanager /system/bin/servicemanager525 class core526 user system527 group system528 critical529 onrestart restart healthd530 onrestart restart zygote531 onrestart restart media532 onrestart restart surfaceflinger533 onrestart restart drm接下来,看看C语言部分的源码。
涉及链表、添加服务、ioctl等等。
这一部分主要有三个文件:
service_manager.c、binder.h、binder.c
都在路径以下路径中:(以android-5.0.2为例)
android5.0/android-5.0.2/frameworks/native/cmds/servicemanager
其中,会有open和ioctl调用到Binder驱动(Linux内核)部分;
源码查看这里:点击打开链接
service_manager.c
/* Copyright 2008 The Android Open Source Project */#include #include #include #include #include #include #include #include "binder.h"#if 0#define ALOGI(x...) fprintf(stderr, "svcmgr: " x)#define ALOGE(x...) fprintf(stderr, "svcmgr: " x)#else#define LOG_TAG "ServiceManager"#include #endifuint32_t svcmgr_handle;const char *str8(const uint16_t *x, size_t x_len){ static char buf[128]; size_t max = 127; char *p = buf; if (x_len < max) { max = x_len; } if (x) { while ((max > 0) && (*x != '\0')) { *p++ = *x++; max--; } } *p++ = 0; return buf;}int str16eq(const uint16_t *a, const char *b){ while (*a && *b) if (*a++ != *b++) return 0; if (*a || *b) return 0; return 1;}static int selinux_enabled;static char *service_manager_context;static struct selabel_handle* sehandle;static bool check_mac_perms(pid_t spid, const char *tctx, const char *perm, const char *name){ char *sctx = NULL; const char *class = "service_manager"; bool allowed; if (getpidcon(spid, &sctx) < 0) { ALOGE("SELinux: getpidcon(pid=%d) failed to retrieve pid context.\n", spid); return false; } int result = selinux_check_access(sctx, tctx, class, perm, (void *) name); allowed = (result == 0); freecon(sctx); return allowed;}static bool check_mac_perms_from_getcon(pid_t spid, const char *perm){ if (selinux_enabled <= 0) { return true; } return check_mac_perms(spid, service_manager_context, perm, NULL);}static bool check_mac_perms_from_lookup(pid_t spid, const char *perm, const char *name){ bool allowed; char *tctx = NULL; if (selinux_enabled <= 0) { return true; } if (!sehandle) { ALOGE("SELinux: Failed to find sehandle. Aborting service_manager.\n"); abort(); } if (selabel_lookup(sehandle, &tctx, name, 0) != 0) { ALOGE("SELinux: No match for %s in service_contexts.\n", name); return false; } allowed = check_mac_perms(spid, tctx, perm, name); freecon(tctx); return allowed;}static int svc_can_register(const uint16_t *name, size_t name_len, pid_t spid){ const char *perm = "add"; return check_mac_perms_from_lookup(spid, perm, str8(name, name_len)) ? 1 : 0;}static int svc_can_list(pid_t spid){ const char *perm = "list"; return check_mac_perms_from_getcon(spid, perm) ? 1 : 0;}static int svc_can_find(const uint16_t *name, size_t name_len, pid_t spid){ const char *perm = "find"; return check_mac_perms_from_lookup(spid, perm, str8(name, name_len)) ? 1 : 0;}struct svcinfo{ struct svcinfo *next; uint32_t handle; struct binder_death death; int allow_isolated; size_t len; uint16_t name[0];};struct svcinfo *svclist = NULL;struct svcinfo *find_svc(const uint16_t *s16, size_t len){ struct svcinfo *si; for (si = svclist; si; si = si->next) { if ((len == si->len) && !memcmp(s16, si->name, len * sizeof(uint16_t))) { return si; } } return NULL;}void svcinfo_death(struct binder_state *bs, void *ptr){ struct svcinfo *si = (struct svcinfo* ) ptr; ALOGI("service '%s' died\n", str8(si->name, si->len)); if (si->handle) { binder_release(bs, si->handle); si->handle = 0; }}uint16_t svcmgr_id[] = { 'a','n','d','r','o','i','d','.','o','s','.', 'I','S','e','r','v','i','c','e','M','a','n','a','g','e','r'};uint32_t do_find_service(struct binder_state *bs, const uint16_t *s, size_t len, uid_t uid, pid_t spid){ struct svcinfo *si; if (!svc_can_find(s, len, spid)) { ALOGE("find_service('%s') uid=%d - PERMISSION DENIED\n", str8(s, len), uid); return 0; } si = find_svc(s, len); //ALOGI("check_service('%s') handle = %x\n", str8(s, len), si ? si->handle : 0); if (si && si->handle) { if (!si->allow_isolated) { // If this service doesn't allow access from isolated processes, // then check the uid to see if it is isolated. uid_t appid = uid % AID_USER; if (appid >= AID_ISOLATED_START && appid <= AID_ISOLATED_END) { return 0; } } return si->handle; } else { return 0; }}int do_add_service(struct binder_state *bs, const uint16_t *s, size_t len, uint32_t handle, uid_t uid, int allow_isolated, pid_t spid){ struct svcinfo *si; //ALOGI("add_service('%s',%x,%s) uid=%d\n", str8(s, len), handle, // allow_isolated ? "allow_isolated" : "!allow_isolated", uid); if (!handle || (len == 0) || (len > 127)) return -1; if (!svc_can_register(s, len, spid)) { ALOGE("add_service('%s',%x) uid=%d - PERMISSION DENIED\n", str8(s, len), handle, uid); return -1; } si = find_svc(s, len); if (si) { if (si->handle) { ALOGE("add_service('%s',%x) uid=%d - ALREADY REGISTERED, OVERRIDE\n", str8(s, len), handle, uid); svcinfo_death(bs, si); } si->handle = handle; } else { si = malloc(sizeof(*si) + (len + 1) * sizeof(uint16_t)); if (!si) { ALOGE("add_service('%s',%x) uid=%d - OUT OF MEMORY\n", str8(s, len), handle, uid); return -1; } si->handle = handle; si->len = len; memcpy(si->name, s, (len + 1) * sizeof(uint16_t)); si->name[len] = '\0'; si->death.func = (void*) svcinfo_death; si->death.ptr = si; si->allow_isolated = allow_isolated; si->next = svclist; svclist = si; } binder_acquire(bs, handle); binder_link_to_death(bs, handle, &si->death); return 0;}int svcmgr_handler(struct binder_state *bs, struct binder_transaction_data *txn, struct binder_io *msg, struct binder_io *reply){ struct svcinfo *si; uint16_t *s; size_t len; uint32_t handle; uint32_t strict_policy; int allow_isolated; //ALOGI("target=%x code=%d pid=%d uid=%d\n", // txn->target.handle, txn->code, txn->sender_pid, txn->sender_euid); if (txn->target.handle != svcmgr_handle) return -1; if (txn->code == PING_TRANSACTION) return 0; // Equivalent to Parcel::enforceInterface(), reading the RPC // header with the strict mode policy mask and the interface name. // Note that we ignore the strict_policy and don't propagate it // further (since we do no outbound RPCs anyway). strict_policy = bio_get_uint32(msg); s = bio_get_string16(msg, &len); if (s == NULL) { return -1; } if ((len != (sizeof(svcmgr_id) / 2)) || memcmp(svcmgr_id, s, sizeof(svcmgr_id))) { fprintf(stderr,"invalid id %s\n", str8(s, len)); return -1; } if (sehandle && selinux_status_updated() > 0) { struct selabel_handle *tmp_sehandle = selinux_android_service_context_handle(); if (tmp_sehandle) { selabel_close(sehandle); sehandle = tmp_sehandle; } } switch(txn->code) { case SVC_MGR_GET_SERVICE: case SVC_MGR_CHECK_SERVICE: s = bio_get_string16(msg, &len); if (s == NULL) { return -1; } handle = do_find_service(bs, s, len, txn->sender_euid, txn->sender_pid); if (!handle) break; bio_put_ref(reply, handle); return 0; case SVC_MGR_ADD_SERVICE: s = bio_get_string16(msg, &len); if (s == NULL) { return -1; } handle = bio_get_ref(msg); allow_isolated = bio_get_uint32(msg) ? 1 : 0; if (do_add_service(bs, s, len, handle, txn->sender_euid, allow_isolated, txn->sender_pid)) return -1; break; case SVC_MGR_LIST_SERVICES: { uint32_t n = bio_get_uint32(msg); if (!svc_can_list(txn->sender_pid)) { ALOGE("list_service() uid=%d - PERMISSION DENIED\n", txn->sender_euid); return -1; } si = svclist; while ((n-- > 0) && si) si = si->next; if (si) { bio_put_string16(reply, si->name); return 0; } return -1; } default: ALOGE("unknown code %d\n", txn->code); return -1; } bio_put_uint32(reply, 0); return 0;}static int audit_callback(void *data, security_class_t cls, char *buf, size_t len){ snprintf(buf, len, "service=%s", !data ? "NULL" : (char *)data); return 0;}int main(int argc, char **argv){ struct binder_state *bs; bs = binder_open(128*1024); if (!bs) { ALOGE("failed to open binder driver\n"); return -1; } if (binder_become_context_manager(bs)) { ALOGE("cannot become context manager (%s)\n", strerror(errno)); return -1; } selinux_enabled = is_selinux_enabled(); sehandle = selinux_android_service_context_handle(); if (selinux_enabled > 0) { if (sehandle == NULL) { ALOGE("SELinux: Failed to acquire sehandle. Aborting.\n"); abort(); } if (getcon(&service_manager_context) != 0) { ALOGE("SELinux: Failed to acquire service_manager context. Aborting.\n"); abort(); } } union selinux_callback cb; cb.func_audit = audit_callback; selinux_set_callback(SELINUX_CB_AUDIT, cb); cb.func_log = selinux_log_callback; selinux_set_callback(SELINUX_CB_LOG, cb); svcmgr_handle = BINDER_SERVICE_MANAGER; binder_loop(bs, svcmgr_handler); return 0;} binder.h
/* Copyright 2008 The Android Open Source Project */#ifndef _BINDER_H_#define _BINDER_H_#include #include struct binder_state;struct binder_io{ char *data; /* pointer to read/write from */ binder_size_t *offs; /* array of offsets */ size_t data_avail; /* bytes available in data buffer */ size_t offs_avail; /* entries available in offsets array */ char *data0; /* start of data buffer */ binder_size_t *offs0; /* start of offsets buffer */ uint32_t flags; uint32_t unused;};struct binder_death { void (*func)(struct binder_state *bs, void *ptr); void *ptr;};/* the one magic handle */#define BINDER_SERVICE_MANAGER 0U#define SVC_MGR_NAME "android.os.IServiceManager"enum { /* Must match definitions in IBinder.h and IServiceManager.h */ PING_TRANSACTION = B_PACK_CHARS('_','P','N','G'), SVC_MGR_GET_SERVICE = 1, SVC_MGR_CHECK_SERVICE, SVC_MGR_ADD_SERVICE, SVC_MGR_LIST_SERVICES,};typedef int (*binder_handler)(struct binder_state *bs, struct binder_transaction_data *txn, struct binder_io *msg, struct binder_io *reply);struct binder_state *binder_open(size_t mapsize);void binder_close(struct binder_state *bs);/* initiate a blocking binder call * - returns zero on success */int binder_call(struct binder_state *bs, struct binder_io *msg, struct binder_io *reply, uint32_t target, uint32_t code);/* release any state associate with the binder_io * - call once any necessary data has been extracted from the * binder_io after binder_call() returns * - can safely be called even if binder_call() fails */void binder_done(struct binder_state *bs, struct binder_io *msg, struct binder_io *reply);/* manipulate strong references */void binder_acquire(struct binder_state *bs, uint32_t target);void binder_release(struct binder_state *bs, uint32_t target);void binder_link_to_death(struct binder_state *bs, uint32_t target, struct binder_death *death);void binder_loop(struct binder_state *bs, binder_handler func);int binder_become_context_manager(struct binder_state *bs);/* allocate a binder_io, providing a stack-allocated working * buffer, size of the working buffer, and how many object * offset entries to reserve from the buffer */void bio_init(struct binder_io *bio, void *data, size_t maxdata, size_t maxobjects);void bio_put_obj(struct binder_io *bio, void *ptr);void bio_put_ref(struct binder_io *bio, uint32_t handle);void bio_put_uint32(struct binder_io *bio, uint32_t n);void bio_put_string16(struct binder_io *bio, const uint16_t *str);void bio_put_string16_x(struct binder_io *bio, const char *_str);uint32_t bio_get_uint32(struct binder_io *bio);uint16_t *bio_get_string16(struct binder_io *bio, size_t *sz);uint32_t bio_get_ref(struct binder_io *bio);#endif binder.c
/* Copyright 2008 The Android Open Source Project */#include #include #include #include #include #include #include #include "binder.h"#define MAX_BIO_SIZE (1 << 30)#define TRACE 0#define LOG_TAG "Binder"#include void bio_init_from_txn(struct binder_io *io, struct binder_transaction_data *txn);#if TRACEvoid hexdump(void *_data, size_t len){ unsigned char *data = _data; size_t count; for (count = 0; count < len; count++) { if ((count & 15) == 0) fprintf(stderr,"%04zu:", count); fprintf(stderr," %02x %c", *data, (*data < 32) || (*data > 126) ? '.' : *data); data++; if ((count & 15) == 15) fprintf(stderr,"\n"); } if ((count & 15) != 0) fprintf(stderr,"\n");}void binder_dump_txn(struct binder_transaction_data *txn){ struct flat_binder_object *obj; binder_size_t *offs = (binder_size_t *)(uintptr_t)txn->data.ptr.offsets; size_t count = txn->offsets_size / sizeof(binder_size_t); fprintf(stderr," target %016"PRIx64" cookie %016"PRIx64" code %08x flags %08x\n", (uint64_t)txn->target.ptr, (uint64_t)txn->cookie, txn->code, txn->flags); fprintf(stderr," pid %8d uid %8d data %"PRIu64" offs %"PRIu64"\n", txn->sender_pid, txn->sender_euid, (uint64_t)txn->data_size, (uint64_t)txn->offsets_size); hexdump((void *)(uintptr_t)txn->data.ptr.buffer, txn->data_size); while (count--) { obj = (struct flat_binder_object *) (((char*)(uintptr_t)txn->data.ptr.buffer) + *offs++); fprintf(stderr," - type %08x flags %08x ptr %016"PRIx64" cookie %016"PRIx64"\n", obj->type, obj->flags, (uint64_t)obj->binder, (uint64_t)obj->cookie); }}#define NAME(n) case n: return #nconst char *cmd_name(uint32_t cmd){ switch(cmd) { NAME(BR_NOOP); NAME(BR_TRANSACTION_COMPLETE); NAME(BR_INCREFS); NAME(BR_ACQUIRE); NAME(BR_RELEASE); NAME(BR_DECREFS); NAME(BR_TRANSACTION); NAME(BR_REPLY); NAME(BR_FAILED_REPLY); NAME(BR_DEAD_REPLY); NAME(BR_DEAD_BINDER); default: return "???"; }}#else#define hexdump(a,b) do{} while (0)#define binder_dump_txn(txn) do{} while (0)#endif#define BIO_F_SHARED 0x01 /* needs to be buffer freed */#define BIO_F_OVERFLOW 0x02 /* ran out of space */#define BIO_F_IOERROR 0x04#define BIO_F_MALLOCED 0x08 /* needs to be free()'d */struct binder_state{ int fd; void *mapped; size_t mapsize;};struct binder_state *binder_open(size_t mapsize){ struct binder_state *bs; struct binder_version vers; bs = malloc(sizeof(*bs)); if (!bs) { errno = ENOMEM; return NULL; } bs->fd = open("/dev/binder", O_RDWR); if (bs->fd < 0) { fprintf(stderr,"binder: cannot open device (%s)\n", strerror(errno)); goto fail_open; } if ((ioctl(bs->fd, BINDER_VERSION, &vers) == -1) || (vers.protocol_version != BINDER_CURRENT_PROTOCOL_VERSION)) { fprintf(stderr, "binder: driver version differs from user space\n"); goto fail_open; } bs->mapsize = mapsize; bs->mapped = mmap(NULL, mapsize, PROT_READ, MAP_PRIVATE, bs->fd, 0); if (bs->mapped == MAP_FAILED) { fprintf(stderr,"binder: cannot map device (%s)\n", strerror(errno)); goto fail_map; } return bs;fail_map: close(bs->fd);fail_open: free(bs); return NULL;}void binder_close(struct binder_state *bs){ munmap(bs->mapped, bs->mapsize); close(bs->fd); free(bs);}int binder_become_context_manager(struct binder_state *bs){ return ioctl(bs->fd, BINDER_SET_CONTEXT_MGR, 0);}int binder_write(struct binder_state *bs, void *data, size_t len){ struct binder_write_read bwr; int res; bwr.write_size = len; bwr.write_consumed = 0; bwr.write_buffer = (uintptr_t) data; bwr.read_size = 0; bwr.read_consumed = 0; bwr.read_buffer = 0; res = ioctl(bs->fd, BINDER_WRITE_READ, &bwr); if (res < 0) { fprintf(stderr,"binder_write: ioctl failed (%s)\n", strerror(errno)); } return res;}void binder_send_reply(struct binder_state *bs, struct binder_io *reply, binder_uintptr_t buffer_to_free, int status){ struct { uint32_t cmd_free; binder_uintptr_t buffer; uint32_t cmd_reply; struct binder_transaction_data txn; } __attribute__((packed)) data; data.cmd_free = BC_FREE_BUFFER; data.buffer = buffer_to_free; data.cmd_reply = BC_REPLY; data.txn.target.ptr = 0; data.txn.cookie = 0; data.txn.code = 0; if (status) { data.txn.flags = TF_STATUS_CODE; data.txn.data_size = sizeof(int); data.txn.offsets_size = 0; data.txn.data.ptr.buffer = (uintptr_t)&status; data.txn.data.ptr.offsets = 0; } else { data.txn.flags = 0; data.txn.data_size = reply->data - reply->data0; data.txn.offsets_size = ((char*) reply->offs) - ((char*) reply->offs0); data.txn.data.ptr.buffer = (uintptr_t)reply->data0; data.txn.data.ptr.offsets = (uintptr_t)reply->offs0; } binder_write(bs, &data, sizeof(data));}int binder_parse(struct binder_state *bs, struct binder_io *bio, uintptr_t ptr, size_t size, binder_handler func){ int r = 1; uintptr_t end = ptr + (uintptr_t) size; while (ptr < end) { uint32_t cmd = *(uint32_t *) ptr; ptr += sizeof(uint32_t);#if TRACE fprintf(stderr,"%s:\n", cmd_name(cmd));#endif switch(cmd) { case BR_NOOP: break; case BR_TRANSACTION_COMPLETE: break; case BR_INCREFS: case BR_ACQUIRE: case BR_RELEASE: case BR_DECREFS:#if TRACE fprintf(stderr," %p, %p\n", (void *)ptr, (void *)(ptr + sizeof(void *)));#endif ptr += sizeof(struct binder_ptr_cookie); break; case BR_TRANSACTION: { struct binder_transaction_data *txn = (struct binder_transaction_data *) ptr; if ((end - ptr) < sizeof(*txn)) { ALOGE("parse: txn too small!\n"); return -1; } binder_dump_txn(txn); if (func) { unsigned rdata[256/4]; struct binder_io msg; struct binder_io reply; int res; bio_init(&reply, rdata, sizeof(rdata), 4); bio_init_from_txn(&msg, txn); res = func(bs, txn, &msg, &reply); binder_send_reply(bs, &reply, txn->data.ptr.buffer, res); } ptr += sizeof(*txn); break; } case BR_REPLY: { struct binder_transaction_data *txn = (struct binder_transaction_data *) ptr; if ((end - ptr) < sizeof(*txn)) { ALOGE("parse: reply too small!\n"); return -1; } binder_dump_txn(txn); if (bio) { bio_init_from_txn(bio, txn); bio = 0; } else { /* todo FREE BUFFER */ } ptr += sizeof(*txn); r = 0; break; } case BR_DEAD_BINDER: { struct binder_death *death = (struct binder_death *)(uintptr_t) *(binder_uintptr_t *)ptr; ptr += sizeof(binder_uintptr_t); death->func(bs, death->ptr); break; } case BR_FAILED_REPLY: r = -1; break; case BR_DEAD_REPLY: r = -1; break; default: ALOGE("parse: OOPS %d\n", cmd); return -1; } } return r;}void binder_acquire(struct binder_state *bs, uint32_t target){ uint32_t cmd[2]; cmd[0] = BC_ACQUIRE; cmd[1] = target; binder_write(bs, cmd, sizeof(cmd));}void binder_release(struct binder_state *bs, uint32_t target){ uint32_t cmd[2]; cmd[0] = BC_RELEASE; cmd[1] = target; binder_write(bs, cmd, sizeof(cmd));}void binder_link_to_death(struct binder_state *bs, uint32_t target, struct binder_death *death){ struct { uint32_t cmd; struct binder_handle_cookie payload; } __attribute__((packed)) data; data.cmd = BC_REQUEST_DEATH_NOTIFICATION; data.payload.handle = target; data.payload.cookie = (uintptr_t) death; binder_write(bs, &data, sizeof(data));}int binder_call(struct binder_state *bs, struct binder_io *msg, struct binder_io *reply, uint32_t target, uint32_t code){ int res; struct binder_write_read bwr; struct { uint32_t cmd; struct binder_transaction_data txn; } __attribute__((packed)) writebuf; unsigned readbuf[32]; if (msg->flags & BIO_F_OVERFLOW) { fprintf(stderr,"binder: txn buffer overflow\n"); goto fail; } writebuf.cmd = BC_TRANSACTION; writebuf.txn.target.handle = target; writebuf.txn.code = code; writebuf.txn.flags = 0; writebuf.txn.data_size = msg->data - msg->data0; writebuf.txn.offsets_size = ((char*) msg->offs) - ((char*) msg->offs0); writebuf.txn.data.ptr.buffer = (uintptr_t)msg->data0; writebuf.txn.data.ptr.offsets = (uintptr_t)msg->offs0; bwr.write_size = sizeof(writebuf); bwr.write_consumed = 0; bwr.write_buffer = (uintptr_t) &writebuf; hexdump(msg->data0, msg->data - msg->data0); for (;;) { bwr.read_size = sizeof(readbuf); bwr.read_consumed = 0; bwr.read_buffer = (uintptr_t) readbuf; res = ioctl(bs->fd, BINDER_WRITE_READ, &bwr); if (res < 0) { fprintf(stderr,"binder: ioctl failed (%s)\n", strerror(errno)); goto fail; } res = binder_parse(bs, reply, (uintptr_t) readbuf, bwr.read_consumed, 0); if (res == 0) return 0; if (res < 0) goto fail; }fail: memset(reply, 0, sizeof(*reply)); reply->flags |= BIO_F_IOERROR; return -1;}void binder_loop(struct binder_state *bs, binder_handler func){ int res; struct binder_write_read bwr; uint32_t readbuf[32]; bwr.write_size = 0; bwr.write_consumed = 0; bwr.write_buffer = 0; readbuf[0] = BC_ENTER_LOOPER; binder_write(bs, readbuf, sizeof(uint32_t)); for (;;) { bwr.read_size = sizeof(readbuf); bwr.read_consumed = 0; bwr.read_buffer = (uintptr_t) readbuf; res = ioctl(bs->fd, BINDER_WRITE_READ, &bwr); if (res < 0) { ALOGE("binder_loop: ioctl failed (%s)\n", strerror(errno)); break; } res = binder_parse(bs, 0, (uintptr_t) readbuf, bwr.read_consumed, func); if (res == 0) { ALOGE("binder_loop: unexpected reply?!\n"); break; } if (res < 0) { ALOGE("binder_loop: io error %d %s\n", res, strerror(errno)); break; } }}void bio_init_from_txn(struct binder_io *bio, struct binder_transaction_data *txn){ bio->data = bio->data0 = (char *)(intptr_t)txn->data.ptr.buffer; bio->offs = bio->offs0 = (binder_size_t *)(intptr_t)txn->data.ptr.offsets; bio->data_avail = txn->data_size; bio->offs_avail = txn->offsets_size / sizeof(size_t); bio->flags = BIO_F_SHARED;}void bio_init(struct binder_io *bio, void *data, size_t maxdata, size_t maxoffs){ size_t n = maxoffs * sizeof(size_t); if (n > maxdata) { bio->flags = BIO_F_OVERFLOW; bio->data_avail = 0; bio->offs_avail = 0; return; } bio->data = bio->data0 = (char *) data + n; bio->offs = bio->offs0 = data; bio->data_avail = maxdata - n; bio->offs_avail = maxoffs; bio->flags = 0;}static void *bio_alloc(struct binder_io *bio, size_t size){ size = (size + 3) & (~3); if (size > bio->data_avail) { bio->flags |= BIO_F_OVERFLOW; return NULL; } else { void *ptr = bio->data; bio->data += size; bio->data_avail -= size; return ptr; }}void binder_done(struct binder_state *bs, struct binder_io *msg, struct binder_io *reply){ struct { uint32_t cmd; uintptr_t buffer; } __attribute__((packed)) data; if (reply->flags & BIO_F_SHARED) { data.cmd = BC_FREE_BUFFER; data.buffer = (uintptr_t) reply->data0; binder_write(bs, &data, sizeof(data)); reply->flags = 0; }}static struct flat_binder_object *bio_alloc_obj(struct binder_io *bio){ struct flat_binder_object *obj; obj = bio_alloc(bio, sizeof(*obj)); if (obj && bio->offs_avail) { bio->offs_avail--; *bio->offs++ = ((char*) obj) - ((char*) bio->data0); return obj; } bio->flags |= BIO_F_OVERFLOW; return NULL;}void bio_put_uint32(struct binder_io *bio, uint32_t n){ uint32_t *ptr = bio_alloc(bio, sizeof(n)); if (ptr) *ptr = n;}void bio_put_obj(struct binder_io *bio, void *ptr){ struct flat_binder_object *obj; obj = bio_alloc_obj(bio); if (!obj) return; obj->flags = 0x7f | FLAT_BINDER_FLAG_ACCEPTS_FDS; obj->type = BINDER_TYPE_BINDER; obj->binder = (uintptr_t)ptr; obj->cookie = 0;}void bio_put_ref(struct binder_io *bio, uint32_t handle){ struct flat_binder_object *obj; if (handle) obj = bio_alloc_obj(bio); else obj = bio_alloc(bio, sizeof(*obj)); if (!obj) return; obj->flags = 0x7f | FLAT_BINDER_FLAG_ACCEPTS_FDS; obj->type = BINDER_TYPE_HANDLE; obj->handle = handle; obj->cookie = 0;}void bio_put_string16(struct binder_io *bio, const uint16_t *str){ size_t len; uint16_t *ptr; if (!str) { bio_put_uint32(bio, 0xffffffff); return; } len = 0; while (str[len]) len++; if (len >= (MAX_BIO_SIZE / sizeof(uint16_t))) { bio_put_uint32(bio, 0xffffffff); return; } /* Note: The payload will carry 32bit size instead of size_t */ bio_put_uint32(bio, (uint32_t) len); len = (len + 1) * sizeof(uint16_t); ptr = bio_alloc(bio, len); if (ptr) memcpy(ptr, str, len);}void bio_put_string16_x(struct binder_io *bio, const char *_str){ unsigned char *str = (unsigned char*) _str; size_t len; uint16_t *ptr; if (!str) { bio_put_uint32(bio, 0xffffffff); return; } len = strlen(_str); if (len >= (MAX_BIO_SIZE / sizeof(uint16_t))) { bio_put_uint32(bio, 0xffffffff); return; } /* Note: The payload will carry 32bit size instead of size_t */ bio_put_uint32(bio, len); ptr = bio_alloc(bio, (len + 1) * sizeof(uint16_t)); if (!ptr) return; while (*str) *ptr++ = *str++; *ptr++ = 0;}static void *bio_get(struct binder_io *bio, size_t size){ size = (size + 3) & (~3); if (bio->data_avail < size){ bio->data_avail = 0; bio->flags |= BIO_F_OVERFLOW; return NULL; } else { void *ptr = bio->data; bio->data += size; bio->data_avail -= size; return ptr; }}uint32_t bio_get_uint32(struct binder_io *bio){ uint32_t *ptr = bio_get(bio, sizeof(*ptr)); return ptr ? *ptr : 0;}uint16_t *bio_get_string16(struct binder_io *bio, size_t *sz){ size_t len; /* Note: The payload will carry 32bit size instead of size_t */ len = (size_t) bio_get_uint32(bio); if (sz) *sz = len; return bio_get(bio, (len + 1) * sizeof(uint16_t));}static struct flat_binder_object *_bio_get_obj(struct binder_io *bio){ size_t n; size_t off = bio->data - bio->data0; /* TODO: be smarter about this? */ for (n = 0; n < bio->offs_avail; n++) { if (bio->offs[n] == off) return bio_get(bio, sizeof(struct flat_binder_object)); } bio->data_avail = 0; bio->flags |= BIO_F_OVERFLOW; return NULL;}uint32_t bio_get_ref(struct binder_io *bio){ struct flat_binder_object *obj; obj = _bio_get_obj(bio); if (!obj) return 0; if (obj->type == BINDER_TYPE_HANDLE) return obj->handle; return 0;} 先好好看源码吧,以后有能力再分析。
更多相关文章
- Android测试之Monkey原理及源码分析(二)
- Android全部源码导入Eclipse
- WINDOWS下ECLIPSE ANDROID源码SETTINGS模块调试
- Android短彩信源码解析-短信发送流程(二)
- android 传统蓝牙开发 (附示例源码)
- Android SDK源码提取Python脚本(4.0SDK源码下载地址)
- android 抽屉类slidingdrawer源码解析及运行调试
- android播放器(music player)源码分析1-Service,Binder,ServiceConne