关于Activity的getReferrer()之二:调用者的包名是如何传给mReferrer的,兼谈startActivity的详细流程
来源:互联网 发布:centos 迅雷 编辑:程序博客网 时间:2024/05/29 09:01
关于Activity的getReferrer()之二:调用者的包名是如何传给mReferrer的,兼谈startActivity的详细流程
此博文是《关于Activity的getReferrer()之一:如何在Activity中获取调用者》一文的延续。说的是下面的场景。
场景:
有2个app,一个包名为com.galian.mainapp,app名为MainApp;另一个包名为com.galian.secondapp,app名为SecondApp。
SecondApp启动MainApp的MainActivity,在MainApp的MainActivity中检查调用者是谁。
【注1:基于Android6.0.1的代码】
【注2:在本文中“Activity栈”和“Task栈”的含义是一样的,不作严格区分】
1. Android app 与 ActivityManagerService的通信原理(简化版)
Android 的app与 ActivityManagerService (以下简称AMS)的通信是这样的:
对上图的简单说明:
(1) Android app表示Android应用的进程;
(2) Activity Manager Service表示AMS所在的进程(应为system_server,这里为了图的直观,不引出更多的名词);
(3) Andoid app相关的内容用蓝色表示,AMS相关的内容用紫色表示。
(4) Android app 通过调用IActivityManager 将消息传递给AMS; IActivityManager的获取:通过ActivityManagerNative.getDefault(),该方法返回IActivityManager。
(5) AMS 通过调用IApplicationThread将消息传递给Android app; IApplicationThread是在Android app调用IActivityManager的时候传递过去的。
例如,ContextImpl中的startActivityAsUser()(代码在下面), 通过ActivityManagerNative.getDefault()获取到IActivityManager对象,通过mMainThread.getApplicationThread()获取到IApplicationThread对象。
在调用ActivityManagerNative.getDefault().startActivityAsUser时,将IApplicationThread对象传给AMS。这样双方就可以方便的通信了。
public void startActivityAsUser(Intent intent, Bundle options, UserHandle user) {// 这里去掉了try、catch,以及其他参数 ActivityManagerNative.getDefault().startActivityAsUser( mMainThread.getApplicationThread(), getBasePackageName(), intent, ......); }两个Android app间的通信也是通过AMS完成的,例如App A启动App B的Activity,则通过IActivityManager将消息传给AMS,AMS创建App B的进程和ActivityThread。然后AMS通过IApplicationThread(图中棕色的调用)将‘App A启动App B的Activity’的消息传递给App B的进程,App B来创建自己的Activity。
从调用者执行Activity的startActivity()开始,分析mReferrer的传递过程。
2. 分析mReferrer的传递过程
调用者Activity 的 startActivity()
当前进程为Second App。
public void startActivity(Intent intent) { this.startActivity(intent, null); }this.startActivity(intent, null);
public void startActivity(Intent intent, @Nullable Bundle options) { if (options != null) { startActivityForResult(intent, -1, options); } else { startActivityForResult(intent, -1);//执行这里 } }调用者Activity 的 startActivityForResult()
当前进程为Second App。
public void startActivityForResult(Intent intent, int requestCode) { startActivityForResult(intent, requestCode, null); }有一种方法来判断mParent是否为null,就是通过反射的方式获取mParent的值。把上面反射获取mReferrer的代码稍加修改即可。
public void startActivityForResult(Intent intent, int requestCode, @Nullable Bundle options) { if (mParent == null) {// mParent 为null,执行这里 Instrumentation.ActivityResult ar = mInstrumentation.execStartActivity( this, mMainThread.getApplicationThread(), mToken, this, intent, requestCode, options); // 略 } // 略 }Instrumentation 的 execStartActivity()
当前进程为Second App。
// who是调用者的Activity // contextThread为mMainThread.getApplicationThread()是为了ActivityManagerService与调用者的进程进行Binder通信的接口。 // target也是调用者的Activity public ActivityResult execStartActivity( Context who, IBinder contextThread, IBinder token, Activity target, Intent intent, int requestCode, Bundle options) { IApplicationThread whoThread = (IApplicationThread) contextThread; /* 这里的target是调用者自己,目前还在自己的进程中执行呢. 调用者可以重写onProvideReferrer()来设置referrer。这个例子中SecondApp是没有重写此方法,所以默认返回null。 */ Uri referrer = target != null ? target.onProvideReferrer() : null; if (referrer != null) { intent.putExtra(Intent.EXTRA_REFERRER, referrer); } // 略 try { intent.migrateExtraStreamToClipData(); intent.prepareToLeaveProcess(); // 执行这里,通过binder调用执行ActivityManagerService的startActivity()方法 // whoThread是AMS与调用者的进程(ActivityThread所在进程)进行通信的 // who是调用者的上下文,who.getBasePackageName()获取到的是调用者的包名 // 注意:我们要调查的被调用者中的mReferrer正是从这里获取到,并传给被调用者的,我们始终要注意此值的传递 int result = ActivityManagerNative.getDefault() .startActivity(whoThread, who.getBasePackageName(), intent, intent.resolveTypeIfNeeded(who.getContentResolver()), token, target != null ? target.mEmbeddedID : null, requestCode, 0, null, options); checkStartActivityResult(result, intent); } return null; }ActivityManagerService 的 startActivity()方法
进入到了AMS所在的进程system_server,以下简称AMS的进程。
startActivity()的第二个参数callingPackage就是调用者的包名。
public final int startActivity(IApplicationThread caller, String callingPackage, Intent intent, String resolvedType, IBinder resultTo, String resultWho, int requestCode, int startFlags, ProfilerInfo profilerInfo, Bundle options) { return startActivityAsUser(caller, callingPackage, intent, resolvedType, resultTo, resultWho, requestCode, startFlags, profilerInfo, options, UserHandle.getCallingUserId()); }startActivityAsUser(caller, callingPackage, intent, resolvedType, …
public final int startActivityAsUser(IApplicationThread caller, String callingPackage, Intent intent, String resolvedType, IBinder resultTo, String resultWho, int requestCode, int startFlags, ProfilerInfo profilerInfo, Bundle options, int userId) { // 略 // 执行这里,注意调用者的包名callingPackage return mStackSupervisor.startActivityMayWait(caller, -1, callingPackage, intent, resolvedType, null, null, resultTo, resultWho, requestCode, startFlags, profilerInfo, null, null, options, false, userId, null, null); }ActivityStackSupervisor 的 startActivityMayWait()
目前在AMS的进程。
第三个参数callingPackage是调用者的包名
final int startActivityMayWait(IApplicationThread caller, int callingUid, String callingPackage, Intent intent, String resolvedType, IVoiceInteractionSession voiceSession, IVoiceInteractor voiceInteractor, IBinder resultTo, String resultWho, int requestCode, int startFlags, ProfilerInfo profilerInfo, WaitResult outResult, Configuration config, Bundle options, boolean ignoreTargetSecurity, int userId, IActivityContainer iContainer, TaskRecord inTask) { // 很多代码省略了,只列出关键代码 intent = new Intent(intent); // 找到被调用的Activity ActivityInfo aInfo = resolveActivity(intent, resolvedType, startFlags, profilerInfo, userId); // 注意:第12个参数 callingPackage int res = startActivityLocked(caller, intent, resolvedType, aInfo, voiceSession, voiceInteractor, resultTo, resultWho, requestCode, callingPid, callingUid, callingPackage, realCallingPid, realCallingUid, startFlags, options, ignoreTargetSecurity, componentSpecified, null, container, inTask); }startActivityLocked(caller, intent, resolvedType, aInfo, …
final int startActivityLocked(IApplicationThread caller, Intent intent, String resolvedType, ActivityInfo aInfo, IVoiceInteractionSession voiceSession, IVoiceInteractor voiceInteractor, IBinder resultTo, String resultWho, int requestCode, int callingPid, int callingUid, String callingPackage, int realCallingPid, int realCallingUid, int startFlags, Bundle options, boolean ignoreTargetSecurity, boolean componentSpecified, ActivityRecord[] outActivity, ActivityContainer container, TaskRecord inTask) { int err = ActivityManager.START_SUCCESS; // 省略了很多代码 // 这里检查权限,就像所有关键方法那样检查调用者是否有权限 final int startAnyPerm = mService.checkPermission( START_ANY_ACTIVITY, callingPid, callingUid); // 注意,这里callingPackage传到了ActivityRecord里面,是第4个参数 ActivityRecord r = new ActivityRecord(mService, callerApp, callingUid, callingPackage, intent, resolvedType, aInfo, mService.mConfiguration, resultRecord, resultWho, requestCode, componentSpecified, voiceSession != null, this, container, options); // 如果之前有pending的Activity,先把之前的启动 doPendingActivityLaunchesLocked(false); // 执行这里,倒数第3个参数是doResume,值为true,后面会用到 err = startActivityUncheckedLocked(r, sourceRecord, voiceSession, voiceInteractor, startFlags, true, options, inTask);在执行startActivityUncheckedLocked()之前,有必要说下new ActivityRecord()。
new ActivityRecord()
ActivityRecord()的第4个参数_launchedFromPackage是调用者的包名。
ActivityRecord(ActivityManagerService _service, ProcessRecord _caller, int _launchedFromUid, String _launchedFromPackage, Intent _intent, String _resolvedType, ...) {// 其他参数略 // 略 // 注意:调用者的包名赋给了ActivityRecord的成员变量launchedFromPackage launchedFromPackage = _launchedFromPackage; // 略 }接下来,继续startActivityUncheckedLocked()。
ActivityStackSupervisor 的 startActivityUncheckedLocked()
此时,调用者的包名保存在第一个参数ActivityRecord r中。
这里的doResume为true,是之前传进来的。
final int startActivityUncheckedLocked(final ActivityRecord r, ActivityRecord sourceRecord, IVoiceInteractionSession voiceSession, IVoiceInteractor voiceInteractor, int startFlags, boolean doResume, Bundle options, TaskRecord inTask) { final Intent intent = r.intent; final int callingUid = r.launchedFromUid; // 省略大量代码 ActivityStack targetStack; // 在此例子中,SecondApp启动MainApp的MainActivity,是运行在同一个ActivityStack中。可以通过"adb shell dumpsys activity activities"命令来验证。 if (r.packageName != null) { ActivityStack topStack = mFocusedStack; ActivityRecord top = topStack.topRunningNonDelayedActivityLocked(notTop); if (top != null && r.resultTo == null) { if (top.realActivity.equals(r.realActivity) && top.userId == r.userId) { // 要执行的Activity没有在最上面,所以这里不执行 } } } if (r.resultTo == null && inTask == null && !addingToTask && (launchFlags & Intent.FLAG_ACTIVITY_NEW_TASK) != 0) { // 不执行 } else if (sourceRecord != null) { // 执行这里,sourceRecord为SecondApp的Activity的相关信息 final TaskRecord sourceTask = sourceRecord.task; // 目标Task栈就是SecondApp当前的Task栈 targetStack = sourceTask.stack; targetStack.moveToFront("sourceStackToFront"); r.setTask(sourceTask, null); } // Uri Permission相关的。 mService.grantUriPermissionFromIntentLocked(callingUid, r.packageName, intent, r.getUriPermissionsLocked(), r.userId); // 执行这里,doResume为true,newTask为false targetStack.startActivityLocked(r, newTask, doResume, keepCurTransition, options); if (!launchTaskBehind) { mService.setFocusedActivityLocked(r, "startedActivity"); } return ActivityManager.START_SUCCESS; }ActivityStack 的 startActivityLocked()
参数doResume为true,newTask为false。
final void startActivityLocked(ActivityRecord r, boolean newTask, boolean doResume, boolean keepCurTransition, Bundle options) { TaskRecord rTask = r.task; final int taskId = rTask.taskId; TaskRecord task = null; task = r.task; task.addActivityToTop(r); task.setFrontOfTask(); // 略 if (doResume) { // doResume为true,执行这里 mStackSupervisor.resumeTopActivitiesLocked(this, r, options); } }ActivityStatckSupervisor 的 resumeTopActivitiesLocked()
调用者的包名在ActivityRecord target中。
boolean resumeTopActivitiesLocked(ActivityStack targetStack, ActivityRecord target, Bundle targetOptions) { boolean result = false; if (isFrontStack(targetStack)) {//执行这里 result = targetStack.resumeTopActivityLocked(target, targetOptions); } // 略 return result; }ActivityStack 的 resumeTopActivityLocked()
调用者的包名在ActivityRecord prev中。
final boolean resumeTopActivityLocked(ActivityRecord prev, Bundle options) { boolean result = false; try { // 执行这里 result = resumeTopActivityInnerLocked(prev, options); } finally { mStackSupervisor.inResumeTopActivity = false; } return result; }ActivityStack 的 resumeTopActivityInnerLocked()
调用者的包名在ActivityRecord prev中。
private boolean resumeTopActivityInnerLocked(ActivityRecord prev, Bundle options) { // 当前Activity栈的栈顶,即SecondApp的SecondMainActivity final ActivityRecord next = topRunningActivityLocked(null); final TaskRecord nextTask = next.task; mStackSupervisor.mStoppingActivities.remove(next); mStackSupervisor.mGoingToSleepActivities.remove(next); next.sleeping = false; mStackSupervisor.mWaitingVisibleActivities.remove(next); mStackSupervisor.setLaunchSource(next.info.applicationInfo.uid); // next.info为目标Activity(MainApp的MainActivity),没有设置FLAG_RESUME_WHILE_PAUSING,所以dontWaitForPause为false boolean dontWaitForPause = (next.info.flags&ActivityInfo.FLAG_RESUME_WHILE_PAUSING) != 0; // pause之前的Activity boolean pausing = mStackSupervisor.pauseBackStacks(userLeaving, true, dontWaitForPause); if (mResumedActivity != null) {// mResumedActivity为SecondApp的SecondMainActivity,先将其pause pausing |= startPausingLocked(userLeaving, false, true, dontWaitForPause); } if (pausing) {//正在pausing,等当前栈顶的SecondMainActivity完全paused之后,才执行后面,所以这里先返回了。 return true; }ActivityStack 的 startPausingLocked()
uiSleeping 为false,resuming为true,dontWait为false。
final boolean startPausingLocked(boolean userLeaving, boolean uiSleeping, boolean resuming, boolean dontWait) { ActivityRecord prev = mResumedActivity; mResumedActivity = null; mPausingActivity = prev; mLastPausedActivity = prev; prev.state = ActivityState.PAUSING; final ActivityRecord next = mStackSupervisor.topRunningActivityLocked(); if (prev.app != null && prev.app.thread != null) { try { // 执行这里 prev.app.thread.schedulePauseActivity(prev.appToken, prev.finishing, userLeaving, prev.configChangeFlags, dontWait); } } if (mPausingActivity != null) { if (dontWait) { // dontWait为false,不执行这里。如果dontWait为true,则立即进入paused状态,并返回false,之后将继续执行resume的操作。 completePauseLocked(false); return false; } else { // 执行这里 // PAUSE_TIMEOUT为500毫秒,Pause操作要在500毫秒内完成 // 在这个例子中,不会超时,所以不执行这个消息PAUSE_TIMEOUT_MSG,因为在Activity paused之后,执行activityPausedLocked(),那时PAUSE_TIMEOUT_MSG将会被取消:mHandler.removeMessages(PAUSE_TIMEOUT_MSG, r); Message msg = mHandler.obtainMessage(PAUSE_TIMEOUT_MSG); msg.obj = prev; prev.pauseTime = SystemClock.uptimeMillis(); mHandler.sendMessageDelayed(msg, PAUSE_TIMEOUT); return true; } } }下面继续prev.app.thread.schedulePauseActivity()。
prev.app是SecondApp的进程信息;
prev.app.thread是SecondApp的进程中ActivityThread的IApplicationThread接口,这个接口是让AMS与SecondApp通信。
所以prev.app.thread.schedulePauseActivity()通过Binder调用,将会执行到SecondApp进程中,执行 ActivityThread 中的 ApplicationThread 的 schedulePauseActivity()。
ActivityThread 中的 ApplicationThread 的 schedulePauseActivity()
当前进程为SecondApp。
最后一个参数dontReport是之前传入的dontWait,值为false。
public final void schedulePauseActivity(IBinder token, boolean finished, boolean userLeaving, int configChanges, boolean dontReport) { // 发送消息H.PAUSE_ACTIVITY给ActivityThread内部的消息处理Handler H sendMessage( finished ? H.PAUSE_ACTIVITY_FINISHING : H.PAUSE_ACTIVITY, token, (userLeaving ? 1 : 0) | (dontReport ? 2 : 0), configChanges); }ActivityThread 中的 H
当前进程为SecondApp。
private class H extends Handler { public void handleMessage(Message msg) { switch (msg.what) { case PAUSE_ACTIVITY: // (msg.arg1&2)为dontReport,为false。 // (msg.arg1&1)为userLeaving handlePauseActivity((IBinder)msg.obj, false, (msg.arg1&1) != 0, msg.arg2, (msg.arg1&2) != 0); break; } } } }ActivityThread 的 handlePauseActivity()
dontReport为false。
private void handlePauseActivity(IBinder token, boolean finished, boolean userLeaving, int configChanges, boolean dontReport) { ActivityClientRecord r = mActivities.get(token); if (r != null) { r.activity.mConfigChangeFlags |= configChanges; performPauseActivity(token, finished, r.isPreHoneycomb()); if (!dontReport) {// dontReport为false,即通知AMS try { ActivityManagerNative.getDefault().activityPaused(token); } catch (RemoteException ex) { } } mSomeActivitiesChanged = true; } }接着分析performPauseActivity(token, finished, r.isPreHoneycomb())和ActivityManagerNative.getDefault().activityPaused(token)
ActivityThread 的 performPauseActivity()
final Bundle performPauseActivity(IBinder token, boolean finished, boolean saveState) { ActivityClientRecord r = mActivities.get(token); return r != null ? performPauseActivity(r, finished, saveState) : null; }performPauseActivity(r, finished, saveState)
final Bundle performPauseActivity(ActivityClientRecord r, boolean finished, boolean saveState) { try { if (!r.activity.mFinished && saveState) { // 调用SecondMainActivity的onSaveInstanceState callCallActivityOnSaveInstanceState(r); } r.activity.mCalled = false; // 调用SecondMainActivity的onPause() mInstrumentation.callActivityOnPause(r.activity); } r.paused = true; // Notify any outstanding on paused listeners ArrayList<OnActivityPausedListener> listeners; synchronized (mOnPauseListeners) { listeners = mOnPauseListeners.remove(r.activity); } int size = (listeners != null ? listeners.size() : 0); for (int i = 0; i < size; i++) { listeners.get(i).onPaused(r.activity); } return !r.activity.mFinished && saveState ? r.state : null; }AMS 的 activityPaused()
这里是对ActivityManagerNative.getDefault().activityPaused(token)的说明。
从SecondApp转到AMS所在的进程(当前进程)。
public final void activityPaused(IBinder token) { final long origId = Binder.clearCallingIdentity(); synchronized(this) { ActivityStack stack = ActivityRecord.getStackLocked(token); if (stack != null) { stack.activityPausedLocked(token, false); } } Binder.restoreCallingIdentity(origId); }ActivityStack 的 activityPausedLocked()
final void activityPausedLocked(IBinder token, boolean timeout) { final ActivityRecord r = isInStackLocked(token); if (r != null) { // 先把PAUSE_TIMEOUT_MSG消息去除 mHandler.removeMessages(PAUSE_TIMEOUT_MSG, r); if (mPausingActivity == r) { // 从pausing状态转到paused状态 completePauseLocked(true); } else { // 略 } } }ActivityStack 的 completePauseLocked()
resumeNext的值为true。
private void completePauseLocked(boolean resumeNext) { ActivityRecord prev = mPausingActivity; if (prev != null) { prev.state = ActivityState.PAUSED; if (prev.finishing) { // 不执行这里 } else if (prev.app != null) { // 执行这里 // 之前的Activity已经不是WaitingVisible的状态 if (mStackSupervisor.mWaitingVisibleActivities.remove(prev)) { } if (prev.configDestroy) { ... } else if (!hasVisibleBehindActivity() || mService.isSleepingOrShuttingDown()) { ... } } // It is possible the activity was freezing the screen before it was paused. // In that case go ahead and remove the freeze this activity has on the screen // since it is no longer visible. prev.stopFreezingScreenLocked(true /*force*/); mPausingActivity = null; } if (resumeNext) {// resumeNext值为true,执行这里 final ActivityStack topStack = mStackSupervisor.getFocusedStack(); if (!mService.isSleepingOrShuttingDown()) { // 执行这里 mStackSupervisor.resumeTopActivitiesLocked(topStack, prev, null); } else { ... } } // Notfiy when the task stack has changed mService.notifyTaskStackChangedLocked(); }ActivityStackSupervisor 的 resumeTopActivitiesLocked()
这是第2次进入resumeTopActivitiesLocked()。
boolean resumeTopActivitiesLocked(ActivityStack targetStack, ActivityRecord target, Bundle targetOptions) { boolean result = false; if (isFrontStack(targetStack)) { result = targetStack.resumeTopActivityLocked(target, targetOptions); } return result; }ActivityStack 的 resumeTopActivityLocked()
final boolean resumeTopActivityLocked(ActivityRecord prev, Bundle options) { boolean result = false; result = resumeTopActivityInnerLocked(prev, options); return result;ActivityStack 的 resumeTopActivityInnerLocked()
private boolean resumeTopActivityInnerLocked(ActivityRecord prev, Bundle options) { final ActivityRecord next = topRunningActivityLocked(null); boolean pausing = mStackSupervisor.pauseBackStacks(userLeaving, true, dontWaitForPause); // 之前调用startPausingLocked时已经将mResumedActivity置为null了 // 再次执行resumeTopActivityInnerLocked()不会再执行startPausingLocked() if (mResumedActivity != null) { // 不执行 pausing |= startPausingLocked(userLeaving, false, true, dontWaitForPause); } if (pausing) { // 不执行这里,因为将SecondMainActivity pause之后,不需要再pause其他Activity,所以pausing为false。 return true; } ActivityStack lastStack = mStackSupervisor.getLastStack(); if (next.app != null && next.app.thread != null) { // next是MainApp的MainActivity,它对应的进程还没有创建,所以不执行这里 } else { // 执行这里 mStackSupervisor.startSpecificActivityLocked(next, true, true); } return true; }ActivityStackSupervisor 的 startSpecificActivityLocked()
void startSpecificActivityLocked(ActivityRecord r, boolean andResume, boolean checkConfig) { // 第一次启动MainApp的MainActivity时,还没有创建进程,所以app为null ProcessRecord app = mService.getProcessRecordLocked(r.processName, r.info.applicationInfo.uid, true); r.task.stack.setLaunchTime(r); if (app != null && app.thread != null) { // 不执行这里 try { ... realStartActivityLocked(r, app, andResume, checkConfig); return; } } // 执行这里,mService为AMS的实例 mService.startProcessLocked(r.processName, r.info.applicationInfo, true, 0, "activity", r.intent.getComponent(), false, false, true); }AMS 的 startProcessLocked()
hostingType 为”activity”,allowWhileBooting为false,isolated为false,keepIfLarge为true。
final ProcessRecord startProcessLocked(String processName, ApplicationInfo info, boolean knownToBeDead, int intentFlags, String hostingType, ComponentName hostingName, boolean allowWhileBooting, boolean isolated, boolean keepIfLarge) { return startProcessLocked(processName, info, knownToBeDead, intentFlags, hostingType, hostingName, allowWhileBooting, isolated, 0 /* isolatedUid */, keepIfLarge, null /* ABI override */, null /* entryPoint */, null /* entryPointArgs */, null /* crashHandler */); }startProcessLocked(processName, info, knownToBeDead, intentFlags, …
final ProcessRecord startProcessLocked(String processName, ApplicationInfo info, boolean knownToBeDead, int intentFlags, String hostingType, ComponentName hostingName, boolean allowWhileBooting, boolean isolated, int isolatedUid, boolean keepIfLarge, String abiOverride, String entryPoint, String[] entryPointArgs, Runnable crashHandler) { ProcessRecord app; if (!isolated) {// isolated为false,执行这里 // app为null,因为之前没创建进程 app = getProcessRecordLocked(processName, info.uid, keepIfLarge); } else { // If this is an isolated process, it can't re-use an existing process. app = null; } // We don't have to do anything more if: // (1) There is an existing application record; and // (2) The caller doesn't think it is dead, OR there is no thread // object attached to it so we know it couldn't have crashed; and // (3) There is a pid assigned to it, so it is either starting or // already running. if (app != null && app.pid > 0) { // 略,这里不执行 } String hostingNameStr = hostingName != null ? hostingName.flattenToShortString() : null; if (app == null) { // 执行这里,创建新的ProcessRecord app = newProcessRecordLocked(info, processName, isolated, isolatedUid); app.crashHandler = crashHandler; } else { ... } // 执行这里,entryPoint 为null startProcessLocked( app, hostingType, hostingNameStr, abiOverride, entryPoint, entryPointArgs); return (app.pid != 0) ? app : null; }AMS 的 startProcessLocked()
private final void startProcessLocked(ProcessRecord app, String hostingType, String hostingNameStr, String abiOverride, String entryPoint, String[] entryPointArgs) { mProcessesOnHold.remove(app); try { int uid = app.uid; int[] gids = null; if (!app.isolated) { int[] permGids = null; try { final IPackageManager pm = AppGlobals.getPackageManager(); permGids = pm.getPackageGids(app.info.packageName, app.userId); MountServiceInternal mountServiceInternal = LocalServices.getService( MountServiceInternal.class); mountExternal = mountServiceInternal.getExternalStorageMountMode(uid, app.info.packageName); } /* * Add shared application and profile GIDs so applications can share some * resources like shared libraries and access user-wide resources */ if (ArrayUtils.isEmpty(permGids)) { gids = new int[2]; } else { gids = new int[permGids.length + 2]; System.arraycopy(permGids, 0, gids, 2, permGids.length); } gids[0] = UserHandle.getSharedAppGid(UserHandle.getAppId(uid)); gids[1] = UserHandle.getUserGid(UserHandle.getUserId(uid)); } // entryPoint 为null,所以isActivityProcess为true boolean isActivityProcess = (entryPoint == null); if (entryPoint == null) entryPoint = "android.app.ActivityThread"; // 启动MainApp进程 Process.ProcessStartResult startResult = Process.start(entryPoint, app.processName, uid, uid, gids, debugFlags, mountExternal, app.info.targetSdkVersion, app.info.seinfo, requiredAbi, instructionSet, app.info.dataDir, entryPointArgs); app.setPid(startResult.pid); } }Process 的 start()
public static final ProcessStartResult start(final String processClass, final String niceName, int uid, int gid, int[] gids, int debugFlags, int mountExternal, int targetSdkVersion, String seInfo, String abi, String instructionSet, String appDataDir, String[] zygoteArgs) { try { // startViaZygote()通过Socket通信,让Zygote进程创建一个新进程出来,也就是MainApp进程 // 并且在新进程中执行ActivityThread的main方法,这里不再详述。 return startViaZygote(processClass, niceName, uid, gid, gids, debugFlags, mountExternal, targetSdkVersion, seInfo, abi, instructionSet, appDataDir, zygoteArgs); } }ActivityThread 的 main()
这时已经进入新的进程:MainApp进程。
public static void main(String[] args) { Looper.prepareMainLooper(); ActivityThread thread = new ActivityThread(); thread.attach(false);// 执行这里 if (sMainThreadHandler == null) { // ActivtyThread的Handler H sMainThreadHandler = thread.getHandler(); } Looper.loop(); }ActivityThread 的 attach()
参数system为false。
private void attach(boolean system) { sCurrentActivityThread = this; mSystemThread = system; if (!system) { RuntimeInit.setApplicationObject(mAppThread.asBinder()); final IActivityManager mgr = ActivityManagerNative.getDefault(); try { // 执行这里,调用到AMS 的 attachApplication() mgr.attachApplication(mAppThread); } catch (RemoteException ex) { // Ignore } } }AMS 的 attachApplication()
从MainApp进程进入到了AMS所在的进程。
public final void attachApplication(IApplicationThread thread) { synchronized (this) { int callingPid = Binder.getCallingPid(); final long origId = Binder.clearCallingIdentity(); attachApplicationLocked(thread, callingPid);// 执行这里 Binder.restoreCallingIdentity(origId); } }AMS 的 attachApplicationLocked()
private final boolean attachApplicationLocked(IApplicationThread thread, int pid) { ProcessRecord app; if (pid != MY_PID && pid >= 0) { synchronized (mPidsSelfLocked) { app = mPidsSelfLocked.get(pid);// 执行这里,获取到app } } final String processName = app.processName; try { AppDeathRecipient adr = new AppDeathRecipient( app, pid, thread); thread.asBinder().linkToDeath(adr, 0); app.deathRecipient = adr; } mHandler.removeMessages(PROC_START_TIMEOUT_MSG, app); boolean normalMode = mProcessesReady || isAllowedWhileBooting(app.info); // 如果进程创建了,normalMode为true,加载Content Provider List<ProviderInfo> providers = normalMode ? generateApplicationProvidersLocked(app) : null; try { // 略 ensurePackageDexOpt(app.instrumentationInfo != null ? app.instrumentationInfo.packageName : app.info.packageName); if (app.instrumentationClass != null) { ensurePackageDexOpt(app.instrumentationClass.getPackageName()); } ApplicationInfo appInfo = app.instrumentationInfo != null ? app.instrumentationInfo : app.info; thread.bindApplication(processName, appInfo, providers, app.instrumentationClass, profilerInfo, app.instrumentationArguments, app.instrumentationWatcher, app.instrumentationUiAutomationConnection, testMode, enableOpenGlTrace, isRestrictedBackupMode || !normalMode, app.persistent, new Configuration(mConfiguration), app.compat, getCommonServicesLocked(app.isolated), mCoreSettingsObserver.getCoreSettingsLocked()); } if (normalMode) { try { // 执行这里 if (mStackSupervisor.attachApplicationLocked(app)) { didSomething = true; } } } return true; }这里有两个关键方法: thread.bindApplication()和mStackSupervisor.attachApplicationLocked(app)。
thread为MainApp进程中的IApplicationThread接口,是要更新MainApp中的信息。
thread.bindApplication()的流程,这里先略过,之后再补上。
ActivityStatckSupervisor 的 attachApplicationLocked()
boolean attachApplicationLocked(ProcessRecord app) throws RemoteException { final String processName = app.processName; boolean didSomething = false; for (int displayNdx = mActivityDisplays.size() - 1; displayNdx >= 0; --displayNdx) { ArrayList<ActivityStack> stacks = mActivityDisplays.valueAt(displayNdx).mStacks; for (int stackNdx = stacks.size() - 1; stackNdx >= 0; --stackNdx) { final ActivityStack stack = stacks.get(stackNdx); if (!isFrontStack(stack)) { continue; } ActivityRecord hr = stack.topRunningActivityLocked(null); if (hr != null) { if (hr.app == null && app.uid == hr.info.applicationInfo.uid && processName.equals(hr.processName)) { try { // 执行这里,注意hr是ActivityRecord,是之前创建的MainActivity对应的ActivityRecord,这里面记录着调用者SecondApp的包名 if (realStartActivityLocked(hr, app, true, true)) { didSomething = true; } } // catch 略 } } } } return didSomething; }ActivityStatckSupervisor 的 realStartActivityLocked()
目前在AMS的进程中。
调用者的包名保存在参数ActivityRecord r中
final boolean realStartActivityLocked(ActivityRecord r, ProcessRecord app, boolean andResume, boolean checkConfig) throws RemoteException {// 部分代码略 r.app = app; final TaskRecord task = r.task; final ActivityStack stack = task.stack; try { List<ResultInfo> results = null; List<ReferrerIntent> newIntents = null; // 确保dex已经优化过了 mService.ensurePackageDexOpt(r.intent.getComponent().getPackageName()); app.forceProcessStateUpTo(mService.mTopProcessState); // 执行这里 app.thread.scheduleLaunchActivity(new Intent(r.intent), r.appToken, System.identityHashCode(r), r.info, new Configuration(mService.mConfiguration), new Configuration(stack.mOverrideConfig), r.compat, r.launchedFromPackage /*调用者的包名*/, task.voiceInteractor, app.repProcState, r.icicle, r.persistentState, results, newIntents, !andResume, mService.isNextTransitionForward(), profilerInfo); } }ActivityThread 中的 ApplicationThread 中的 scheduleLaunchActivity()
通常ApplicationThread收到的消息(调用)都是AMS发过来的。
执行这里说明走到被调用的Activity的进程中了,在这个例子中就是MainApp的进程。
调用者的包名在参数referrer中。
public final void scheduleLaunchActivity(Intent intent, IBinder token, int ident, ActivityInfo info, Configuration curConfig, Configuration overrideConfig, CompatibilityInfo compatInfo, String referrer/*调用者的包名*/, IVoiceInteractor voiceInteractor, int procState, Bundle state, PersistableBundle persistentState, List<ResultInfo> pendingResults, List<ReferrerIntent> pendingNewIntents, boolean notResumed, boolean isForward, ProfilerInfo profilerInfo) { updateProcessState(procState, false); ActivityClientRecord r = new ActivityClientRecord(); r.referrer = referrer;// 将调用者的包名赋给ActivityClientRecord中的referrer r.activityInfo = info; // 略 sendMessage(H.LAUNCH_ACTIVITY, r);// 发给Handler H }ActivityThread 的 handleMessage()
调用者的包名在ActivityClientRecord中的referrer。
public void handleMessage(Message msg) { switch (msg.what) { case LAUNCH_ACTIVITY: { final ActivityClientRecord r = (ActivityClientRecord) msg.obj; // 创建LoadedApk:r.packageInfo r.packageInfo = getPackageInfoNoCheck( r.activityInfo.applicationInfo, r.compatInfo); handleLaunchActivity(r, null); } break; } }ActivityThread 的 handleLaunchActivity()
调用者的包名在ActivityClientRecord的referrer中。
private void handleLaunchActivity(ActivityClientRecord r, Intent customIntent) { // 根据情况执行onConfigurationChanged(),此种情况不执行 handleConfigurationChanged(null, null); WindowManagerGlobal.initialize(); // 执行这里 Activity a = performLaunchActivity(r, customIntent); if (a != null) { // 执行Activity的onResume handleResumeActivity(r.token, false, r.isForward, !r.activity.mFinished && !r.startsNotResumed); // 略 } else { // 略 } }ActivityThread 的 performLaunchActivity()
调用者的包名在ActivityClientRecord中的referrer。
private Activity performLaunchActivity(ActivityClientRecord r, Intent customIntent) { // 获取目标Activity ComponentName component = r.intent.getComponent(); // 略 if (r.activityInfo.targetActivity != null) { component = new ComponentName(r.activityInfo.packageName, r.activityInfo.targetActivity); } Activity activity = null; try { java.lang.ClassLoader cl = r.packageInfo.getClassLoader(); // 通过ClassLoader加载目标Activity activity = mInstrumentation.newActivity( cl, component.getClassName(), r.intent); } // catch 略 try { // Application的上下文ContextImpl和Application在这里创建 Application app = r.packageInfo.makeApplication(false, mInstrumentation); if (activity != null) { // Activity的上下文ContextImpl在这里创建,从createBaseContextForActivity()可以得知ContextImpl的mOuterContext就是activity Context appContext = createBaseContextForActivity(r, activity); // Activity的attach()将Application、Activity的上下文、ActivityThread、Instrumentation、ActivityInfo等信息联系到一起 // 注意:r.referrer为调用者的包名 activity.attach(appContext, this, getInstrumentation(), r.token, r.ident, app, r.intent, r.activityInfo, title, r.parent, r.embeddedID, r.lastNonConfigurationInstances, config, r.referrer/*调用者的包名*/, r.voiceInteractor); // 略 // 调用Activity的onCreate() // 省略了r.isPersistable()为true的情况,后面也一样省略了 mInstrumentation.callActivityOnCreate(activity, r.state); r.activity = activity; if (!r.activity.mFinished) { activity.performStart();// Activity的onStart() } if (!r.activity.mFinished) { // 恢复之前存储的数据,如果之前调用了onSaveInstanceState() if (r.state != null) { mInstrumentation.callActivityOnRestoreInstanceState(activity, r.state); } } if (!r.activity.mFinished) { // 执行Activity的onPostCreate() mInstrumentation.callActivityOnPostCreate(activity, r.state); } } } r.paused = true; mActivities.put(r.token, r); } // catch 略 return activity; }目标Activity(MainActivity)的 attach()
倒数第2个参数referrer是调用者的包名。
final void attach(Context context, ActivityThread aThread, Instrumentation instr, IBinder token, int ident, Application application, Intent intent, ActivityInfo info, CharSequence title, Activity parent, String id, NonConfigurationInstances lastNonConfigurationInstances, Configuration config, String referrer/*调用者的包名*/, IVoiceInteractor voiceInteractor) { attachBaseContext(context); mWindow = new PhoneWindow(this); mWindow.setCallback(this); // 略 mUiThread = Thread.currentThread(); mMainThread = aThread; mReferrer = referrer; // referrer是调用者的包名,赋给mReferrer }至此,被调用的Activity中的mReferrer被设置成了调用者的包名。
概述之前的流程
SecondApp 的 SecondMainActivity 启动 MainApp 的 MainActivity,只讨论了MainApp之前没有启动过的流程,即第一次启动MainApp。
在 SecondMainActivity 调用 startActivity的时候,就将调用者的包名传给了AMS;
AMS中将调用者包名保存到MainActivity对应的ActivityRecord中。
在启动MainApp的MainActivity的过程中,创建了MainApp的进程,并将MainActivity对应的ActivityRecord中的 调用者的包名 传给了新建的MainActivity。
3. 参考
(1) Android应用程序启动过程源代码分析
调用方Activity和被调用方Activity在不同Task栈中的时候,Activity的启动流程。
(2) Android应用程序内部启动Activity过程(startActivity)的源代码分析
调用方Activity和被调用方Activity在同一个Task栈中的时候,Activity的启动流程。
本例子中的情景是在同一个Task中的,即SecondApp的SecondMainActivity与MainApp的MainActivity是在同一个Task栈中。
Task栈的情况为:(adb shell dumpsys activity activities的执行结果)
TaskRecord{6984bc2 #11418 A=com.galian.secondapp U=0 sz=2} Hist #1: ActivityRecord{60fc36a u0 com.galian.mainapp/.MainActivity t11418} ProcessRecord{90a4209 14654:com.galian.mainapp/u0a189} Hist #0: ActivityRecord{ee3fb29 u0 com.galian.secondapp/.SecondMainActivity t11418} ProcessRecord{392879d 14555:com.galian.secondapp/u0a190} 1 0
- 关于Activity的getReferrer()之二:调用者的包名是如何传给mReferrer的,兼谈startActivity的详细流程
- 关于Activity的getReferrer()之一:如何在Activity中获取调用者?
- 关于Activity的getReferrer()之一:如何在Activity中获取调用者
- StartActivity的流程
- startActivity()的流程
- StartActivity的流程 Activity组件之一Service--- BindService & unBindService
- 关于finish的startActivity
- 关于finish的startActivity
- 关于finish的startActivity
- Activity的启动过程--startActivity()
- 在非activity的类中调用startActivity(intent)
- 跨进程使用startActivity来调用Activity的一些注意事项
- activity的startActivity和context的startActivity区别
- startActivity构成的Activity链中间断掉会如何?
- Activity的启动过程之startActivity源码解析
- activity的启动模式,startactivity的过程
- 关于startActivity的一些知识
- 非Activity中使用startActivity的问题
- eclipse中使用jstl
- opnet之Queue Package
- 用html5 js实现浏览器全屏
- 网络信息安全攻防学习平台——基础关
- contiguous/flush/informed
- 关于Activity的getReferrer()之二:调用者的包名是如何传给mReferrer的,兼谈startActivity的详细流程
- 解决Xshell无法运行问题
- (死亡历险)Delphi7 IdTCPClient1,IdTCPServer1客户端向服务端传送大型文件
- lxml模块安装失败
- 十二月状态总结
- qt 出现 error: 'setCodecForTr' is not a member of 'QTextCodec'等错误的请进..
- javascript中的闭包概念
- Leetcode 437. Path Sum III (Easy) (cpp)
- 微星GS73VR 6RF + Linux Mint 18 + GTX1060 + CUDA8.0 + OpenCV3.0.0 + Caffe安装笔记
