从C代码出发写系统服务
来源:互联网 发布:淘宝优质网店怎么搜 编辑:程序博客网 时间:2024/05/21 06:16
首先我们新建一个文件夹,内部放入下列文件:
Android.mkbctest.cbinder.cbinder.hservice_manager.c
然后我们复制bctest.c进行修改
需要写两个函数一个是test_server.c,一个是test_client.c
bctest.c
#include <stdio.h>#include <stdlib.h>#include <string.h>#include <errno.h>#include "binder.h"uint32_t svcmgr_lookup(struct binder_state *bs, uint32_t target, const char *name){ uint32_t handle; unsigned iodata[512/4]; struct binder_io msg, reply; bio_init(&msg, iodata, sizeof(iodata), 4); bio_put_uint32(&msg, 0); bio_put_string16_x(&msg, SVC_MGR_NAME); bio_put_string16_x(&msg, name); if (binder_call(bs, &msg, &reply, target, SVC_MGR_CHECK_SERVICE)) return 0; handle = bio_get_ref(&reply); if (handle) binder_acquire(bs, handle); binder_done(bs, &msg, &reply); return handle;}int svcmgr_publish(struct binder_state *bs, uint32_t target, const char *name, void *ptr){ int status; unsigned iodata[512/4]; struct binder_io msg, reply; bio_init(&msg, iodata, sizeof(iodata), 4); bio_put_uint32(&msg, 0); bio_put_string16_x(&msg, SVC_MGR_NAME); bio_put_string16_x(&msg, name); bio_put_obj(&msg, ptr); if (binder_call(bs, &msg, &reply, target, SVC_MGR_ADD_SERVICE)) return -1; status = bio_get_uint32(&reply); binder_done(bs, &msg, &reply); return status;}unsigned token;int main(int argc, char **argv){ int fd; struct binder_state *bs; uint32_t svcmgr = BINDER_SERVICE_MANAGER; uint32_t handle; bs = binder_open(128*1024); if (!bs) { fprintf(stderr, "failed to open binder driver\n"); return -1; } argc--; argv++; while (argc > 0) { if (!strcmp(argv[0],"alt")) { handle = svcmgr_lookup(bs, svcmgr, "alt_svc_mgr"); if (!handle) { fprintf(stderr,"cannot find alt_svc_mgr\n"); return -1; } svcmgr = handle; fprintf(stderr,"svcmgr is via %x\n", handle); } else if (!strcmp(argv[0],"lookup")) { if (argc < 2) { fprintf(stderr,"argument required\n"); return -1; } handle = svcmgr_lookup(bs, svcmgr, argv[1]); fprintf(stderr,"lookup(%s) = %x\n", argv[1], handle); argc--; argv++; } else if (!strcmp(argv[0],"publish")) { if (argc < 2) { fprintf(stderr,"argument required\n"); return -1; } svcmgr_publish(bs, svcmgr, argv[1], &token); argc--; argv++; } else { fprintf(stderr,"unknown command %s\n", argv[0]); return -1; } argc--; argv++; } return 0;}
看上面代码,我们需要抓住的核心是啥?
- 打开驱动设备
- 一个循环(至于循环中干什么事情,我们就要看是client还是server)
接下来我们看一看server的编写
具体步骤有哪些呢?
- add service
- read data
- parse data
- reply
#include <stdio.h>#include <stdlib.h>#include <errno.h>#include <linux/types.h>#include<stdbool.h>#include <string.h>#include <private/android_filesystem_config.h>#include "binder.h"#include "test_server.h"int svcmgr_publish(struct binder_state *bs, uint32_t target, const char *name, void *ptr){ int status; unsigned iodata[512/4]; struct binder_io msg, reply; bio_init(&msg, iodata, sizeof(iodata), 4); bio_put_uint32(&msg, 0); // strict mode header bio_put_string16_x(&msg, SVC_MGR_NAME); bio_put_string16_x(&msg, name); bio_put_obj(&msg, ptr); if (binder_call(bs, &msg, &reply, target, SVC_MGR_ADD_SERVICE)) return -1; status = bio_get_uint32(&reply); binder_done(bs, &msg, &reply); return status;}void sayhello(void){ static int cnt = 0; fprintf(stderr, "say hello : %d\n", ++cnt);}int sayhello_to(char *name){ static int cnt = 0; fprintf(stderr, "say hello to %s : %d\n", name, ++cnt); return cnt;}void saygoodbye(void){ static int cnt = 0; fprintf(stderr, "say goodbye : %d\n", ++cnt);}int saygoodbye_to(char *name){ static int cnt = 0; fprintf(stderr, "say goodbye to %s : %d\n", name, ++cnt); return cnt;}//根据txn->code知道要调用哪一个函数//如果需要参数, 可以从msg取出//如果要返回结果, 可以把结果放入replyint hello_service_handler(struct binder_state *bs, struct binder_transaction_data *txn, struct binder_io *msg, struct binder_io *reply){ uint16_t *s; char name[512]; size_t len; uint32_t handle; uint32_t strict_policy; int i; strict_policy = bio_get_uint32(msg); switch(txn->code) { case HELLO_SVR_CMD_SAYHELLO: sayhello(); bio_put_uint32(reply, 0); return 0; case HELLO_SVR_CMD_SAYHELLO_TO: /* 从msg里取出字符串 */ s = bio_get_string16(msg, &len); //"IHelloService" s = bio_get_string16(msg, &len); // name if (s == NULL) { return -1; } for (i = 0; i < len; i++) name[i] = s[i]; name[i] = '\0'; //处理 i = sayhello_to(name); /* 把结果放入reply */ bio_put_uint32(reply, 0); bio_put_uint32(reply, i); break; default: fprintf(stderr, "unknown code %d\n", txn->code); return -1; } return 0;}//根据txn->code知道要调用哪一个函数//如果需要参数, 可以从msg取出//如果要返回结果, 可以把结果放入replyint goodbye_service_handler(struct binder_state *bs, struct binder_transaction_data *txn, struct binder_io *msg, struct binder_io *reply){ uint16_t *s; char name[512]; size_t len; uint32_t handle; uint32_t strict_policy; int i; strict_policy = bio_get_uint32(msg); switch(txn->code) { case GOODBYE_SVR_CMD_SAYGOODBYE: saygoodbye(); bio_put_uint32(reply, 0); /* no exception */ return 0; case GOODBYE_SVR_CMD_SAYGOODBYE_TO: //从msg里取出字符串 s = bio_get_string16(msg, &len); //"IGoodbyeService" s = bio_get_string16(msg, &len); // name if (s == NULL) { return -1; } for (i = 0; i < len; i++) name[i] = s[i]; name[i] = '\0'; //处理 i = saygoodbye_to(name); //把结果放入reply bio_put_uint32(reply, 0); bio_put_uint32(reply, i); break; default: fprintf(stderr, "unknown code %d\n", txn->code); return -1; } return 0;}int test_server_handler(struct binder_state *bs, struct binder_transaction_data *txn, struct binder_io *msg, struct binder_io *reply){ int (*handler)(struct binder_state *bs, struct binder_transaction_data *txn, struct binder_io *msg, struct binder_io *reply); handler = (int (*)(struct binder_state *bs, struct binder_transaction_data *txn, struct binder_io *msg, struct binder_io *reply))txn->target.ptr; return handler(bs, txn, msg, reply);}int main(int argc, char **argv){ int fd; struct binder_state *bs; uint32_t svcmgr = BINDER_SERVICE_MANAGER;//这个为0,代表就是servicemanager uint32_t handle; int ret; bs = binder_open(128*1024); if (!bs) { fprintf(stderr, "failed to open binder driver\n"); return -1; } //add service //参数意思为让给svcmgr(servicemanager)发送信息,服务的名称为hello,处理的函数为hello_service_handler //对于不同的服务,有不同的处理方式根据code区分,这里服务是个大概念,code区分的是一个小概念 ret = svcmgr_publish(bs, svcmgr, "hello", hello_service_handler); if (ret) { fprintf(stderr, "failed to publish hello service\n"); return -1; } ret = svcmgr_publish(bs, svcmgr, "goodbye", goodbye_service_handler); if (ret) { fprintf(stderr, "failed to publish goodbye service\n"); } binder_set_maxthreads(bs, 10); binder_loop(bs, test_server_handler);//这个是复制service_manager.c的 return 0;}
小结上面代码:
调用svcmgr_publish其中会调用
binder_call(bs, &msg, &reply, target, SVC_MGR_ADD_SERVICE))
来添加系统服务,其中target是给那个目标服务(给那个服务发送指令),msg为需要传送的数据,
reply是回复的数据用于读取和解析。
所以我们要在svcmgr_publish()
方法调用的时候指定数据,需要通过msg传输的数据有:
1.服务的名称2.服务处理函数
然后我们要调用binder_loop进行消息的处理,我们来分析这个binder_loop函数
Binder.c
void binder_loop(struct binder_state *bs, binder_handler func){ int res; struct binder_write_read bwr; uint32_t readbuf[32]; bwr.write_size = 0; bwr.write_consumed = 0; bwr.write_buffer = 0; readbuf[0] = BC_ENTER_LOOPER; binder_write(bs, readbuf, sizeof(uint32_t)); for (;;) { bwr.read_size = sizeof(readbuf); bwr.read_consumed = 0; bwr.read_buffer = (uintptr_t) readbuf; res = ioctl(bs->fd, BINDER_WRITE_READ, &bwr); if (res < 0) { ALOGE("binder_loop: ioctl failed (%s)\n", strerror(errno)); break; } res = binder_parse(bs, 0, (uintptr_t) readbuf, bwr.read_consumed, func); if (res == 0) { ALOGE("binder_loop: unexpected reply?!\n"); break; } if (res < 0) { ALOGE("binder_loop: io error %d %s\n", res, strerror(errno)); break; } }}
通过
bwr.write_size = 0;bwr.write_consumed = 0;bwr.write_buffer = 0;
可以看出来,我们不会发出写操作,我们会有读操作,和解析读到的数据。不多说看代码:
for (;;) { bwr.read_size = sizeof(readbuf); bwr.read_consumed = 0; bwr.read_buffer = (uintptr_t) readbuf; res = ioctl(bs->fd, BINDER_WRITE_READ, &bwr); res = binder_parse(bs, 0, (uintptr_t) readbuf, bwr.read_consumed, func); ...}
代码中通过ioctl读到的数据,放入readbuf中,然后通过binder_parse()解析,这个函数中的func是传递进来的处理函数,然后我们大概看一看如何解析
//传递的参数是:bs,readbuf,0,size,funcint binder_parse(struct binder_state *bs, struct binder_io *bio, uintptr_t ptr, size_t size, binder_handler func){ int r = 1; uintptr_t end = ptr + (uintptr_t) size; while (ptr < end) { uint32_t cmd = *(uint32_t *) ptr; ptr += sizeof(uint32_t); switch(cmd) { ... case BR_TRANSACTION: { struct binder_transaction_data *txn = (struct binder_transaction_data *) ptr; binder_dump_txn(txn); if (func) { unsigned rdata[256/4]; struct binder_io msg; struct binder_io reply; int res; bio_init(&reply, rdata, sizeof(rdata), 4); bio_init_from_txn(&msg, txn); res = func(bs, txn, &msg, &reply);//调用处理函数 binder_send_reply(bs, &reply, txn->data.ptr.buffer, res); } ptr += sizeof(*txn); break; } ... default: ALOGE("parse: OOPS %d\n", cmd); return -1; } } return r;}
上面接收到的cmd是BR_TRANSACTION,然后通过调用func函数将解析出来的数据构造出一个binder_io结构体返回给回调函数
然后我们继续看上面的处理函数:
//根据txn->code知道要调用哪一个函数//如果需要参数, 可以从msg取出//如果要返回结果, 可以把结果放入replyint hello_service_handler(struct binder_state *bs, struct binder_transaction_data *txn, struct binder_io *msg, struct binder_io *reply){ uint16_t *s; char name[512]; size_t len; uint32_t handle; uint32_t strict_policy; int i; strict_policy = bio_get_uint32(msg); switch(txn->code) { case HELLO_SVR_CMD_SAYHELLO: sayhello(); bio_put_uint32(reply, 0); return 0; case HELLO_SVR_CMD_SAYHELLO_TO: /* 从msg里取出字符串 */ s = bio_get_string16(msg, &len); //"IHelloService" s = bio_get_string16(msg, &len); // name if (s == NULL) { return -1; } for (i = 0; i < len; i++) name[i] = s[i]; name[i] = '\0'; //处理 i = sayhello_to(name); /* 把结果放入reply */ bio_put_uint32(reply, 0); bio_put_uint32(reply, i); break; default: fprintf(stderr, "unknown code %d\n", txn->code); return -1; } return 0;}
基本逻辑是:
- 通过传递回来的txn->code知道调用那个函数
- 通过msg来获取传递的数据
- 如果需要返回数据,那数据写入reply中。(由于binder_parse函数中binder_send_reply()可以返回数据)
然后我们继续写client的代码
/* Copyright 2008 The Android Open Source Project */#include <stdio.h>#include <stdlib.h>#include <errno.h>#include <linux/types.h>#include<stdbool.h>#include <string.h>#include <private/android_filesystem_config.h>#include "binder.h"#include "test_server.h"uint32_t svcmgr_lookup(struct binder_state *bs, uint32_t target, const char *name){ uint32_t handle; unsigned iodata[512/4]; struct binder_io msg, reply; bio_init(&msg, iodata, sizeof(iodata), 4); bio_put_uint32(&msg, 0); // strict mode header bio_put_string16_x(&msg, SVC_MGR_NAME); bio_put_string16_x(&msg, name); if (binder_call(bs, &msg, &reply, target, SVC_MGR_CHECK_SERVICE)) return 0; handle = bio_get_ref(&reply); if (handle) binder_acquire(bs, handle); binder_done(bs, &msg, &reply); return handle;}struct binder_state *g_bs;uint32_t g_hello_handle;uint32_t g_goodbye_handle;void sayhello(void){ unsigned iodata[512/4]; struct binder_io msg, reply; /* 构造binder_io */ bio_init(&msg, iodata, sizeof(iodata), 4); bio_put_uint32(&msg, 0); // strict mode header bio_put_string16_x(&msg, "IHelloService"); /* 放入参数 */ /* 调用binder_call */ if (binder_call(g_bs, &msg, &reply, g_hello_handle, HELLO_SVR_CMD_SAYHELLO)) return ; /* 从reply中解析出返回值 */ binder_done(g_bs, &msg, &reply);}int sayhello_to(char *name){ unsigned iodata[512/4]; struct binder_io msg, reply; int ret; int exception; /* 构造binder_io */ bio_init(&msg, iodata, sizeof(iodata), 4); bio_put_uint32(&msg, 0); // strict mode header bio_put_string16_x(&msg, "IHelloService"); /* 放入参数 */ bio_put_string16_x(&msg, name); /* 调用binder_call */ if (binder_call(g_bs, &msg, &reply, g_hello_handle, HELLO_SVR_CMD_SAYHELLO_TO)) return 0; /* 从reply中解析出返回值 */ exception = bio_get_uint32(&reply); if (exception) ret = -1; else ret = bio_get_uint32(&reply); binder_done(g_bs, &msg, &reply); return ret;}void saygoodbye(void){ unsigned iodata[512/4]; struct binder_io msg, reply; /* 构造binder_io */ bio_init(&msg, iodata, sizeof(iodata), 4); bio_put_uint32(&msg, 0); // strict mode header bio_put_string16_x(&msg, "IGoodbyeService"); /* 放入参数 */ /* 调用binder_call */ if (binder_call(g_bs, &msg, &reply, g_goodbye_handle, GOODBYE_SVR_CMD_SAYGOODBYE)) return ; /* 从reply中解析出返回值 */ binder_done(g_bs, &msg, &reply);}int saygoodbye_to(char *name){ unsigned iodata[512/4]; struct binder_io msg, reply; int ret; int exception; /* 构造binder_io */ bio_init(&msg, iodata, sizeof(iodata), 4); bio_put_uint32(&msg, 0); // strict mode header bio_put_string16_x(&msg, "IGoodbyeService"); /* 放入参数 */ bio_put_string16_x(&msg, name); /* 调用binder_call */ if (binder_call(g_bs, &msg, &reply, g_goodbye_handle, GOODBYE_SVR_CMD_SAYGOODBYE_TO)) return 0; /* 从reply中解析出返回值 */ exception = bio_get_uint32(&reply); if (exception) ret = -1; else ret = bio_get_uint32(&reply); binder_done(g_bs, &msg, &reply); return ret;}/* ./test_client hello * ./test_client hello <name> */int main(int argc, char **argv){ int fd; struct binder_state *bs; uint32_t svcmgr = BINDER_SERVICE_MANAGER; uint32_t handle; int ret; if (argc < 2){ fprintf(stderr, "Usage:\n"); fprintf(stderr, "%s <hello|goodbye>\n", argv[0]); fprintf(stderr, "%s <hello|goodbye> <name>\n", argv[0]); return -1; } bs = binder_open(128*1024); if (!bs) { fprintf(stderr, "failed to open binder driver\n"); return -1; } g_bs = bs; /* get service */ handle = svcmgr_lookup(bs, svcmgr, "goodbye"); if (!handle) { fprintf(stderr, "failed to get goodbye service\n"); return -1; } g_goodbye_handle = handle; fprintf(stderr, "Handle for goodbye service = %d\n", g_goodbye_handle); handle = svcmgr_lookup(bs, svcmgr, "hello"); if (!handle) { fprintf(stderr, "failed to get hello service\n"); return -1; } g_hello_handle = handle; fprintf(stderr, "Handle for hello service = %d\n", g_hello_handle); /* send data to server */ if (!strcmp(argv[1], "hello")) { if (argc == 2) { sayhello(); } else if (argc == 3) { ret = sayhello_to(argv[2]); fprintf(stderr, "get ret of sayhello_to = %d\n", ret); } } else if (!strcmp(argv[1], "goodbye")) { if (argc == 2) { saygoodbye(); } else if (argc == 3) { ret = saygoodbye_to(argv[2]); fprintf(stderr, "get ret of sayhello_to = %d\n", ret); } } binder_release(bs, handle); return 0;}
然后我们分解上面代码
handle = svcmgr_lookup(bs, svcmgr, "goodbye");
查找注册的服务,给servicemanager发送
然后我们继续查看svcmgr_lookup
//给svcmgr发送调用名称为goodbye的服务uint32_t svcmgr_lookup(struct binder_state *bs, uint32_t target, const char *name){ uint32_t handle; unsigned iodata[512/4]; struct binder_io msg, reply; bio_init(&msg, iodata, sizeof(iodata), 4); bio_put_uint32(&msg, 0); bio_put_string16_x(&msg, SVC_MGR_NAME); bio_put_string16_x(&msg, name); if (binder_call(bs, &msg, &reply, target, SVC_MGR_CHECK_SERVICE)) return 0; handle = bio_get_ref(&reply); if (handle) binder_acquire(bs, handle); binder_done(bs, &msg, &reply); return handle;}
通过上面的数据封装,binder_io中存储的是name
然后继续调用binder_call()函数
只不过binder_call这次指令是SVC_MGR_CHECK_SERVICE
Binder.c
int binder_call(struct binder_state *bs, struct binder_io *msg, struct binder_io *reply, uint32_t target, uint32_t code){ int res; struct binder_write_read bwr; struct { uint32_t cmd; struct binder_transaction_data txn; } __attribute__((packed)) writebuf; unsigned readbuf[32]; if (msg->flags & BIO_F_OVERFLOW) { fprintf(stderr,"binder: txn buffer overflow\n"); goto fail; } writebuf.cmd = BC_TRANSACTION; writebuf.txn.target.handle = target;//service_manager writebuf.txn.code = code;// SVC_MGR_CHECK_SERVICE writebuf.txn.flags = 0; writebuf.txn.data_size = msg->data - msg->data0; writebuf.txn.offsets_size = ((char*) msg->offs) - ((char*) msg->offs0); writebuf.txn.data.ptr.buffer = (uintptr_t)msg->data0; writebuf.txn.data.ptr.offsets = (uintptr_t)msg->offs0; bwr.write_size = sizeof(writebuf); bwr.write_consumed = 0; bwr.write_buffer = (uintptr_t) &writebuf; hexdump(msg->data0, msg->data - msg->data0); for (;;) { bwr.read_size = sizeof(readbuf); bwr.read_consumed = 0; bwr.read_buffer = (uintptr_t) readbuf; res = ioctl(bs->fd, BINDER_WRITE_READ, &bwr); if (res < 0) { fprintf(stderr,"binder: ioctl failed (%s)\n", strerror(errno)); goto fail; } res = binder_parse(bs, reply, (uintptr_t) readbuf, bwr.read_consumed, 0); if (res == 0) return 0; if (res < 0) goto fail; }fail: memset(reply, 0, sizeof(*reply)); reply->flags |= BIO_F_IOERROR; return -1;}
再往下调用就是我们之前分析过的,给servicemanager发送数据,然后又调用binder_parse函数然后调用对应的SVC_MGR_CHECK_SERVICE进行查询服务,然后调用do_find_service(bs, s, len, txn->sender_euid, txn->sender_pid);
通过上面代码我们总结出,就是通过binder_call指定服务指定方法。
加入系统中:
include $(CLEAR_VARS)LOCAL_CFLAGS += -DBINDER_IPC_32BIT=1LOCAL_SRC_FILES:= test_client.c binder.cLOCAL_C_INCLUDES += system/core/include/cutilsLOCAL_MODULE:= test_clientinclude $(BUILD_EXECUTABLE)
- 从C代码出发写系统服务
- 从getSystemService()出发获取系统服务
- 从C出发
- 法乎其上,得乎其中——从基础出发,写更优化的代码
- 从MediaPlayerServic出发查看服务注册交互流程
- IBM认知系统:从应用出发,让人工智能全面落地
- c#--写windows 服务
- SDT从这里出发
- WF从O出发
- 五、从PyIntObject出发
- 从这里出发
- 就从这里出发
- 从这里出发
- 从内核出发
- 从这里出发
- 从这里出发
- 持之以恒,从心出发
- 从Token出发
- JavaScript中的预解析顺序(优先级)
- 通用缓存框架,JAD-CACHE用srping集成Memcache
- ECSHOP中实现ajax弹窗登录
- JQuery 的简单介绍
- 淘宝TDDL——Matrix层的分库分表配置与实现
- 从C代码出发写系统服务
- iOS回顾笔记(05) -- 手把手教你封装一个广告轮播图框架
- 主备角色switch
- [BZOJ2688]Green Hackenbush(概率dp)
- Next Greater Element II
- 004
- C# UDP穿越NAT,UDP打洞,UDP Hole Punching
- Maven+Spring实现邮件发送
- jsp页面中jstl标签详解