Android中Binder类代码(android-5.0.2)

最新推荐文章于 2022-04-01 23:06:03 发布
原创 最新推荐文章于 2022-04-01 23:06:03 发布 · 1.2k 阅读 · 0 ·
CC 4.0 BY-SA版权
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
文章标签:

#android #Binder #Binder.java #IBinder.java #BinderProxy

本文详细介绍了Android系统中Binder机制的核心概念及实现原理。Binder作为轻量级远程过程调用的基础组件,支持进程间通信并提供了高效的本地实现。
以android-5.0.2为例

目录:android-5.0.2/frameworks/base/core/java/android/os/




Binder.java
/*
 * Copyright (C) 2006 The Android Open Source Project
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package android.os;

import android.util.Log;
import android.util.Slog;
import com.android.internal.util.FastPrintWriter;

import java.io.FileDescriptor;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.PrintWriter;
import java.lang.ref.WeakReference;
import java.lang.reflect.Modifier;

/**
 * Base class for a remotable object, the core part of a lightweight
 * remote procedure call mechanism defined by {@link IBinder}.
 * This class is an implementation of IBinder that provides
 * standard local implementation of such an object.
 *
 * <p>Most developers will not implement this class directly, instead using the
 * <a href="{@docRoot}guide/components/aidl.html">aidl</a> tool to describe the desired
 * interface, having it generate the appropriate Binder subclass.  You can,
 * however, derive directly from Binder to implement your own custom RPC
 * protocol or simply instantiate a raw Binder object directly to use as a
 * token that can be shared across processes.
 *
 * <p>This class is just a basic IPC primitive; it has no impact on an application's
 * lifecycle, and is valid only as long as the process that created it continues to run.
 * To use this correctly, you must be doing so within the context of a top-level
 * application component (a {@link android.app.Service}, {@link android.app.Activity},
 * or {@link android.content.ContentProvider}) that lets the system know your process
 * should remain running.</p>
 *
 * <p>You must keep in mind the situations in which your process
 * could go away, and thus require that you later re-create a new Binder and re-attach
 * it when the process starts again.  For example, if you are using this within an
 * {@link android.app.Activity}, your activity's process may be killed any time the
 * activity is not started; if the activity is later re-created you will need to
 * create a new Binder and hand it back to the correct place again; you need to be
 * aware that your process may be started for another reason (for example to receive
 * a broadcast) that will not involve re-creating the activity and thus run its code
 * to create a new Binder.</p>
 *
 * @see IBinder
 */
public class Binder implements IBinder {
    /*
     * Set this flag to true to detect anonymous, local or member classes
     * that extend this Binder class and that are not static. These kind
     * of classes can potentially create leaks.
     */
    private static final boolean FIND_POTENTIAL_LEAKS = false;
    private static final boolean CHECK_PARCEL_SIZE = false;
    static final String TAG = "Binder";

    /**
     * Control whether dump() calls are allowed.
     */
    private static String sDumpDisabled = null;

    /* mObject is used by native code, do not remove or rename */
    private long mObject;
    private IInterface mOwner;
    private String mDescriptor;
    
    /**
     * Return the ID of the process that sent you the current transaction
     * that is being processed.  This pid can be used with higher-level
     * system services to determine its identity and check permissions.
     * If the current thread is not currently executing an incoming transaction,
     * then its own pid is returned.
     */
    public static final native int getCallingPid();
    
    /**
     * Return the Linux uid assigned to the process that sent you the
     * current transaction that is being processed.  This uid can be used with
     * higher-level system services to determine its identity and check
     * permissions.  If the current thread is not currently executing an
     * incoming transaction, then its own uid is returned.
     */
    public static final native int getCallingUid();

    /**
     * Return the UserHandle assigned to the process that sent you the
     * current transaction that is being processed.  This is the user
     * of the caller.  It is distinct from {@link #getCallingUid()} in that a
     * particular user will have multiple distinct apps running under it each
     * with their own uid.  If the current thread is not currently executing an
     * incoming transaction, then its own UserHandle is returned.
     */
    public static final UserHandle getCallingUserHandle() {
        return new UserHandle(UserHandle.getUserId(getCallingUid()));
    }

    /**
     * Reset the identity of the incoming IPC on the current thread.  This can
     * be useful if, while handling an incoming call, you will be calling
     * on interfaces of other objects that may be local to your process and
     * need to do permission checks on the calls coming into them (so they
     * will check the permission of your own local process, and not whatever
     * process originally called you).
     *
     * @return Returns an opaque token that can be used to restore the
     * original calling identity by passing it to
     * {@link #restoreCallingIdentity(long)}.
     *
     * @see #getCallingPid()
     * @see #getCallingUid()
     * @see #restoreCallingIdentity(long)
     */
    public static final native long clearCallingIdentity();

    /**
     * Restore the identity of the incoming IPC on the current thread
     * back to a previously identity that was returned by {@link
     * #clearCallingIdentity}.
     *
     * @param token The opaque token that was previously returned by
     * {@link #clearCallingIdentity}.
     *
     * @see #clearCallingIdentity
     */
    public static final native void restoreCallingIdentity(long token);

    /**
     * Sets the native thread-local StrictMode policy mask.
     *
     * <p>The StrictMode settings are kept in two places: a Java-level
     * threadlocal for libcore/Dalvik, and a native threadlocal (set
     * here) for propagation via Binder calls.  This is a little
     * unfortunate, but necessary to break otherwise more unfortunate
     * dependencies either of Dalvik on Android, or Android
     * native-only code on Dalvik.
     *
     * @see StrictMode
     * @hide
     */
    public static final native void setThreadStrictModePolicy(int policyMask);

    /**
     * Gets the current native thread-local StrictMode policy mask.
     *
     * @see #setThreadStrictModePolicy
     * @hide
     */
    public static final native int getThreadStrictModePolicy();

    /**
     * Flush any Binder commands pending in the current thread to the kernel
     * driver.  This can be
     * useful to call before performing an operation that may block for a long
     * time, to ensure that any pending object references have been released
     * in order to prevent the process from holding on to objects longer than
     * it needs to.
     */
    public static final native void flushPendingCommands();
    
    /**
     * Add the calling thread to the IPC thread pool.  This function does
     * not return until the current process is exiting.
     */
    public static final native void joinThreadPool();

    /**
     * Returns true if the specified interface is a proxy.
     * @hide
     */
    public static final boolean isProxy(IInterface iface) {
        return iface.asBinder() != iface;
    }

    /**
     * Default constructor initializes the object.
     */
    public Binder() {
        init();

        if (FIND_POTENTIAL_LEAKS) {
            final Class<? extends Binder> klass = getClass();
            if ((klass.isAnonymousClass() || klass.isMemberClass() || klass.isLocalClass()) &&
                    (klass.getModifiers() & Modifier.STATIC) == 0) {
                Log.w(TAG, "The following Binder class should be static or leaks might occur: " +
                    klass.getCanonicalName());
            }
        }
    }
    
    /**
     * Convenience method for associating a specific interface with the Binder.
     * After calling, queryLocalInterface() will be implemented for you
     * to return the given owner IInterface when the corresponding
     * descriptor is requested.
     */
    public void attachInterface(IInterface owner, String descriptor) {
        mOwner = owner;
        mDescriptor = descriptor;
    }
    
    /**
     * Default implementation returns an empty interface name.
     */
    public String getInterfaceDescriptor() {
        return mDescriptor;
    }

    /**
     * Default implementation always returns true -- if you got here,
     * the object is alive.
     */
    public boolean pingBinder() {
        return true;
    }

    /**
     * {@inheritDoc}
     *
     * Note that if you're calling on a local binder, this always returns true
     * because your process is alive if you're calling it.
     */
    public boolean isBinderAlive() {
        return true;
    }
    
    /**
     * Use information supplied to attachInterface() to return the
     * associated IInterface if it matches the requested
     * descriptor.
     */
    public IInterface queryLocalInterface(String descriptor) {
        if (mDescriptor.equals(descriptor)) {
            return mOwner;
        }
        return null;
    }

    /**
     * Control disabling of dump calls in this process.  This is used by the system
     * process watchdog to disable incoming dump calls while it has detecting the system
     * is hung and is reporting that back to the activity controller.  This is to
     * prevent the controller from getting hung up on bug reports at this point.
     * @hide
     *
     * @param msg The message to show instead of the dump; if null, dumps are
     * re-enabled.
     */
    public static void setDumpDisabled(String msg) {
        synchronized (Binder.class) {
            sDumpDisabled = msg;
        }
    }

    /**
     * Default implementation is a stub that returns false.  You will want
     * to override this to do the appropriate unmarshalling of transactions.
     *
     * <p>If you want to call this, call transact().
     */
    protected boolean onTransact(int code, Parcel data, Parcel reply,
            int flags) throws RemoteException {
        if (code == INTERFACE_TRANSACTION) {
            reply.writeString(getInterfaceDescriptor());
            return true;
        } else if (code == DUMP_TRANSACTION) {
            ParcelFileDescriptor fd = data.readFileDescriptor();
            String[] args = data.readStringArray();
            if (fd != null) {
                try {
                    dump(fd.getFileDescriptor(), args);
                } finally {
                    try {
                        fd.close();
                    } catch (IOException e) {
                        // swallowed, not propagated back to the caller
                    }
                }
            }
            // Write the StrictMode header.
            if (reply != null) {
                reply.writeNoException();
            } else {
                StrictMode.clearGatheredViolations();
            }
            return true;
        }
        return false;
    }

    /**
     * Implemented to call the more convenient version
     * {@link #dump(FileDescriptor, PrintWriter, String[])}.
     */
    public void dump(FileDescriptor fd, String[] args) {
        FileOutputStream fout = new FileOutputStream(fd);
        PrintWriter pw = new FastPrintWriter(fout);
        try {
            final String disabled;
            synchronized (Binder.class) {
                disabled = sDumpDisabled;
            }
            if (disabled == null) {
                try {
                    dump(fd, pw, args);
                } catch (SecurityException e) {
                    pw.println("Security exception: " + e.getMessage());
                    throw e;
                } catch (Throwable e) {
                    // Unlike usual calls, in this case if an exception gets thrown
                    // back to us we want to print it back in to the dump data, since
                    // that is where the caller expects all interesting information to
                    // go.
                    pw.println();
                    pw.println("Exception occurred while dumping:");
                    e.printStackTrace(pw);
                }
            } else {
                pw.println(sDumpDisabled);
            }
        } finally {
            pw.flush();
        }
    }
    
    /**
     * Like {@link #dump(FileDescriptor, String[])}, but ensures the target
     * executes asynchronously.
     */
    public void dumpAsync(final FileDescriptor fd, final String[] args) {
        final FileOutputStream fout = new FileOutputStream(fd);
        final PrintWriter pw = new FastPrintWriter(fout);
        Thread thr = new Thread("Binder.dumpAsync") {
            public void run() {
                try {
                    dump(fd, pw, args);
                } finally {
                    pw.flush();
                }
            }
        };
        thr.start();
    }

    /**
     * Print the object's state into the given stream.
     * 
     * @param fd The raw file descriptor that the dump is being sent to.
     * @param fout The file to which you should dump your state.  This will be
     * closed for you after you return.
     * @param args additional arguments to the dump request.
     */
    protected void dump(FileDescriptor fd, PrintWriter fout, String[] args) {
    }

    /**
     * Default implementation rewinds the parcels and calls onTransact.  On
     * the remote side, transact calls into the binder to do the IPC.
     */
    public final boolean transact(int code, Parcel data, Parcel reply,
            int flags) throws RemoteException {
        if (false) Log.v("Binder", "Transact: " + code + " to " + this);
        if (data != null) {
            data.setDataPosition(0);
        }
        boolean r = onTransact(code, data, reply, flags);
        if (reply != null) {
            reply.setDataPosition(0);
        }
        return r;
    }
    
    /**
     * Local implementation is a no-op.
     */
    public void linkToDeath(DeathRecipient recipient, int flags) {
    }

    /**
     * Local implementation is a no-op.
     */
    public boolean unlinkToDeath(DeathRecipient recipient, int flags) {
        return true;
    }
    
    protected void finalize() throws Throwable {
        try {
            destroy();
        } finally {
            super.finalize();
        }
    }

    static void checkParcel(IBinder obj, int code, Parcel parcel, String msg) {
        if (CHECK_PARCEL_SIZE && parcel.dataSize() >= 800*1024) {
            // Trying to send > 800k, this is way too much
            StringBuilder sb = new StringBuilder();
            sb.append(msg);
            sb.append(": on ");
            sb.append(obj);
            sb.append(" calling ");
            sb.append(code);
            sb.append(" size ");
            sb.append(parcel.dataSize());
            sb.append(" (data: ");
            parcel.setDataPosition(0);
            sb.append(parcel.readInt());
            sb.append(", ");
            sb.append(parcel.readInt());
            sb.append(", ");
            sb.append(parcel.readInt());
            sb.append(")");
            Slog.wtfStack(TAG, sb.toString());
        }
    }

    private native final void init();
    private native final void destroy();

    // Entry point from android_util_Binder.cpp's onTransact
    private boolean execTransact(int code, long dataObj, long replyObj,
            int flags) {
        Parcel data = Parcel.obtain(dataObj);
        Parcel reply = Parcel.obtain(replyObj);
        // theoretically, we should call transact, which will call onTransact,
        // but all that does is rewind it, and we just got these from an IPC,
        // so we'll just call it directly.
        boolean res;
        // Log any exceptions as warnings, don't silently suppress them.
        // If the call was FLAG_ONEWAY then these exceptions disappear into the ether.
        try {
            res = onTransact(code, data, reply, flags);
        } catch (RemoteException e) {
            if ((flags & FLAG_ONEWAY) != 0) {
                Log.w(TAG, "Binder call failed.", e);
            } else {
                reply.setDataPosition(0);
                reply.writeException(e);
            }
            res = true;
        } catch (RuntimeException e) {
            if ((flags & FLAG_ONEWAY) != 0) {
                Log.w(TAG, "Caught a RuntimeException from the binder stub implementation.", e);
            } else {
                reply.setDataPosition(0);
                reply.writeException(e);
            }
            res = true;
        } catch (OutOfMemoryError e) {
            // Unconditionally log this, since this is generally unrecoverable.
            Log.e(TAG, "Caught an OutOfMemoryError from the binder stub implementation.", e);
            RuntimeException re = new RuntimeException("Out of memory", e);
            reply.setDataPosition(0);
            reply.writeException(re);
            res = true;
        }
        checkParcel(this, code, reply, "Unreasonably large binder reply buffer");
        reply.recycle();
        data.recycle();

        // Just in case -- we are done with the IPC, so there should be no more strict
        // mode violations that have gathered for this thread.  Either they have been
        // parceled and are now in transport off to the caller, or we are returning back
        // to the main transaction loop to wait for another incoming transaction.  Either
        // way, strict mode begone!
        StrictMode.clearGatheredViolations();

        return res;
    }
}

final class BinderProxy implements IBinder {
    public native boolean pingBinder();
    public native boolean isBinderAlive();

    public IInterface queryLocalInterface(String descriptor) {
        return null;
    }

    public boolean transact(int code, Parcel data, Parcel reply, int flags) throws RemoteException {
        Binder.checkParcel(this, code, data, "Unreasonably large binder buffer");
        return transactNative(code, data, reply, flags);
    }

    public native String getInterfaceDescriptor() throws RemoteException;
    public native boolean transactNative(int code, Parcel data, Parcel reply,
            int flags) throws RemoteException;
    public native void linkToDeath(DeathRecipient recipient, int flags)
            throws RemoteException;
    public native boolean unlinkToDeath(DeathRecipient recipient, int flags);

    public void dump(FileDescriptor fd, String[] args) throws RemoteException {
        Parcel data = Parcel.obtain();
        Parcel reply = Parcel.obtain();
        data.writeFileDescriptor(fd);
        data.writeStringArray(args);
        try {
            transact(DUMP_TRANSACTION, data, reply, 0);
            reply.readException();
        } finally {
            data.recycle();
            reply.recycle();
        }
    }
    
    public void dumpAsync(FileDescriptor fd, String[] args) throws RemoteException {
        Parcel data = Parcel.obtain();
        Parcel reply = Parcel.obtain();
        data.writeFileDescriptor(fd);
        data.writeStringArray(args);
        try {
            transact(DUMP_TRANSACTION, data, reply, FLAG_ONEWAY);
        } finally {
            data.recycle();
            reply.recycle();
        }
    }

    BinderProxy() {
        mSelf = new WeakReference(this);
    }
    
    @Override
    protected void finalize() throws Throwable {
        try {
            destroy();
        } finally {
            super.finalize();
        }
    }
    
    private native final void destroy();
    
    private static final void sendDeathNotice(DeathRecipient recipient) {
        if (false) Log.v("JavaBinder", "sendDeathNotice to " + recipient);
        try {
            recipient.binderDied();
        }
        catch (RuntimeException exc) {
            Log.w("BinderNative", "Uncaught exception from death notification",
                    exc);
        }
    }
    
    final private WeakReference mSelf;
    private long mObject;
    private long mOrgue;
}






IBinder.java
/*
 * Copyright (C) 2006 The Android Open Source Project
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package android.os;

import java.io.FileDescriptor;

/**
 * Base interface for a remotable object, the core part of a lightweight
 * remote procedure call mechanism designed for high performance when
 * performing in-process and cross-process calls.  This
 * interface describes the abstract protocol for interacting with a
 * remotable object.  Do not implement this interface directly, instead
 * extend from {@link Binder}.
 * 
 * <p>The key IBinder API is {@link #transact transact()} matched by
 * {@link Binder#onTransact Binder.onTransact()}.  These
 * methods allow you to send a call to an IBinder object and receive a
 * call coming in to a Binder object, respectively.  This transaction API
 * is synchronous, such that a call to {@link #transact transact()} does not
 * return until the target has returned from
 * {@link Binder#onTransact Binder.onTransact()}; this is the
 * expected behavior when calling an object that exists in the local
 * process, and the underlying inter-process communication (IPC) mechanism
 * ensures that these same semantics apply when going across processes.
 * 
 * <p>The data sent through transact() is a {@link Parcel}, a generic buffer
 * of data that also maintains some meta-data about its contents.  The meta
 * data is used to manage IBinder object references in the buffer, so that those
 * references can be maintained as the buffer moves across processes.  This
 * mechanism ensures that when an IBinder is written into a Parcel and sent to
 * another process, if that other process sends a reference to that same IBinder
 * back to the original process, then the original process will receive the
 * same IBinder object back.  These semantics allow IBinder/Binder objects to
 * be used as a unique identity (to serve as a token or for other purposes)
 * that can be managed across processes.
 * 
 * <p>The system maintains a pool of transaction threads in each process that
 * it runs in.  These threads are used to dispatch all
 * IPCs coming in from other processes.  For example, when an IPC is made from
 * process A to process B, the calling thread in A blocks in transact() as
 * it sends the transaction to process B.  The next available pool thread in
 * B receives the incoming transaction, calls Binder.onTransact() on the target
 * object, and replies with the result Parcel.  Upon receiving its result, the
 * thread in process A returns to allow its execution to continue.  In effect,
 * other processes appear to use as additional threads that you did not create
 * executing in your own process.
 * 
 * <p>The Binder system also supports recursion across processes.  For example
 * if process A performs a transaction to process B, and process B while
 * handling that transaction calls transact() on an IBinder that is implemented
 * in A, then the thread in A that is currently waiting for the original
 * transaction to finish will take care of calling Binder.onTransact() on the
 * object being called by B.  This ensures that the recursion semantics when
 * calling remote binder object are the same as when calling local objects.
 * 
 * <p>When working with remote objects, you often want to find out when they
 * are no longer valid.  There are three ways this can be determined:
 * <ul>
 * <li> The {@link #transact transact()} method will throw a
 * {@link RemoteException} exception if you try to call it on an IBinder
 * whose process no longer exists.
 * <li> The {@link #pingBinder()} method can be called, and will return false
 * if the remote process no longer exists.
 * <li> The {@link #linkToDeath linkToDeath()} method can be used to register
 * a {@link DeathRecipient} with the IBinder, which will be called when its
 * containing process goes away.
 * </ul>
 * 
 * @see Binder
 */
public interface IBinder {
    /**
     * The first transaction code available for user commands.
     */
    int FIRST_CALL_TRANSACTION  = 0x00000001;
    /**
     * The last transaction code available for user commands.
     */
    int LAST_CALL_TRANSACTION   = 0x00ffffff;
    
    /**
     * IBinder protocol transaction code: pingBinder().
     */
    int PING_TRANSACTION        = ('_'<<24)|('P'<<16)|('N'<<8)|'G';
    
    /**
     * IBinder protocol transaction code: dump internal state.
     */
    int DUMP_TRANSACTION        = ('_'<<24)|('D'<<16)|('M'<<8)|'P';
    
    /**
     * IBinder protocol transaction code: interrogate the recipient side
     * of the transaction for its canonical interface descriptor.
     */
    int INTERFACE_TRANSACTION   = ('_'<<24)|('N'<<16)|('T'<<8)|'F';

    /**
     * IBinder protocol transaction code: send a tweet to the target
     * object.  The data in the parcel is intended to be delivered to
     * a shared messaging service associated with the object; it can be
     * anything, as long as it is not more than 130 UTF-8 characters to
     * conservatively fit within common messaging services.  As part of
     * {@link Build.VERSION_CODES#HONEYCOMB_MR2}, all Binder objects are
     * expected to support this protocol for fully integrated tweeting
     * across the platform.  To support older code, the default implementation
     * logs the tweet to the main log as a simple emulation of broadcasting
     * it publicly over the Internet.
     * 
     * <p>Also, upon completing the dispatch, the object must make a cup
     * of tea, return it to the caller, and exclaim "jolly good message
     * old boy!".
     */
    int TWEET_TRANSACTION   = ('_'<<24)|('T'<<16)|('W'<<8)|'T';

    /**
     * IBinder protocol transaction code: tell an app asynchronously that the
     * caller likes it.  The app is responsible for incrementing and maintaining
     * its own like counter, and may display this value to the user to indicate the
     * quality of the app.  This is an optional command that applications do not
     * need to handle, so the default implementation is to do nothing.
     * 
     * <p>There is no response returned and nothing about the
     * system will be functionally affected by it, but it will improve the
     * app's self-esteem.
     */
    int LIKE_TRANSACTION   = ('_'<<24)|('L'<<16)|('I'<<8)|'K';

    /** @hide */
    int SYSPROPS_TRANSACTION = ('_'<<24)|('S'<<16)|('P'<<8)|'R';

    /**
     * Flag to {@link #transact}: this is a one-way call, meaning that the
     * caller returns immediately, without waiting for a result from the
     * callee. Applies only if the caller and callee are in different
     * processes.
     */
    int FLAG_ONEWAY             = 0x00000001;
    
    /**
     * Get the canonical name of the interface supported by this binder.
     */
    public String getInterfaceDescriptor() throws RemoteException;

    /**
     * Check to see if the object still exists.
     * 
     * @return Returns false if the
     * hosting process is gone, otherwise the result (always by default
     * true) returned by the pingBinder() implementation on the other
     * side.
     */
    public boolean pingBinder();

    /**
     * Check to see if the process that the binder is in is still alive.
     *
     * @return false if the process is not alive.  Note that if it returns
     * true, the process may have died while the call is returning.
     */
    public boolean isBinderAlive();
    
    /**
     * Attempt to retrieve a local implementation of an interface
     * for this Binder object.  If null is returned, you will need
     * to instantiate a proxy class to marshall calls through
     * the transact() method.
     */
    public IInterface queryLocalInterface(String descriptor);
    
    /**
     * Print the object's state into the given stream.
     * 
     * @param fd The raw file descriptor that the dump is being sent to.
     * @param args additional arguments to the dump request.
     */
    public void dump(FileDescriptor fd, String[] args) throws RemoteException;
    
    /**
     * Like {@link #dump(FileDescriptor, String[])} but always executes
     * asynchronously.  If the object is local, a new thread is created
     * to perform the dump.
     *
     * @param fd The raw file descriptor that the dump is being sent to.
     * @param args additional arguments to the dump request.
     */
    public void dumpAsync(FileDescriptor fd, String[] args) throws RemoteException;

    /**
     * Perform a generic operation with the object.
     * 
     * @param code The action to perform.  This should
     * be a number between {@link #FIRST_CALL_TRANSACTION} and
     * {@link #LAST_CALL_TRANSACTION}.
     * @param data Marshalled data to send to the target.  Must not be null.
     * If you are not sending any data, you must create an empty Parcel
     * that is given here.
     * @param reply Marshalled data to be received from the target.  May be
     * null if you are not interested in the return value.
     * @param flags Additional operation flags.  Either 0 for a normal
     * RPC, or {@link #FLAG_ONEWAY} for a one-way RPC.
     */
    public boolean transact(int code, Parcel data, Parcel reply, int flags)
        throws RemoteException;

    /**
     * Interface for receiving a callback when the process hosting an IBinder
     * has gone away.
     * 
     * @see #linkToDeath
     */
    public interface DeathRecipient {
        public void binderDied();
    }

    /**
     * Register the recipient for a notification if this binder
     * goes away.  If this binder object unexpectedly goes away
     * (typically because its hosting process has been killed),
     * then the given {@link DeathRecipient}'s
     * {@link DeathRecipient#binderDied DeathRecipient.binderDied()} method
     * will be called.
     * 
     * <p>You will only receive death notifications for remote binders,
     * as local binders by definition can't die without you dying as well.
     * 
     * @throws RemoteException if the target IBinder's
     * process has already died.
     * 
     * @see #unlinkToDeath
     */
    public void linkToDeath(DeathRecipient recipient, int flags)
            throws RemoteException;

    /**
     * Remove a previously registered death notification.
     * The recipient will no longer be called if this object
     * dies.
     * 
     * @return {@code true} if the <var>recipient</var> is successfully
     * unlinked, assuring you that its
     * {@link DeathRecipient#binderDied DeathRecipient.binderDied()} method
     * will not be called;  {@code false} if the target IBinder has already
     * died, meaning the method has been (or soon will be) called.
     * 
     * @throws java.util.NoSuchElementException if the given
     * <var>recipient</var> has not been registered with the IBinder, and
     * the IBinder is still alive.  Note that if the <var>recipient</var>
     * was never registered, but the IBinder has already died, then this
     * exception will <em>not</em> be thrown, and you will receive a false
     * return value instead.
     */
    public boolean unlinkToDeath(DeathRecipient recipient, int flags);
}



BindService ---扩展Binder
Cricket_7的博客
12-10 429
1,BindServcie --扩展Binder开启服务 前面描述过,如果我们的服务仅供本地应用使用,不需要跨进程工作,则可以实现自有 Binder ,让客户端通过该直接访问服务中的公共方法。其使用开发步骤如下 【1】创建BindService服务端,继承自Service并在中,创建一个实现IBinder 接口的实例对象并提供公共方法给客户端调用 【2】从 onBin...
Android 5.0内核和源代码学习(2)——源码下载和系统启动过程分析
山中小僧的进阶之路
07-31 2341
一、Android源码下载 上一次简单介绍了Android系统的层次结构,这次开始动真格了——下载源码和分析源码! 那么,Android的源码从哪下?当然是谷歌官网,下载方法官网也讲得很详细,但是奈何中国的墙比较厚,所以上面的办法是没用的,当然,有些是有用的,地址:http://source.android.com/source/downloading.html 谷歌官网没办
基于Android自带的Binder库,用C++来实现Binder应用程序的Demo.pdf
07-30
学习韦东山老师的4412开发板视频,做了点笔记,发出来跟大家分享一下这个学习的过程,如发现说的有误的地方,还请指出,谢谢!
Android bound service 详解二:派生Binder
蓝色妖姬
03-19 212
  如果你的service仅被自己的应用使用并且不需跨进程工作,那么你可以实现你自己的Binder使得你的客户端能直接使用service的公开接口方法. 注:这只在客户端和service位于同一应用和同一进程中时才能工作,其实大多数都是这种情况.例如,在一个音乐应用需要把它的activity绑定到它自己的播放音乐的后台service时,这种方式就会很好地工作. 下面是如何建立它: ...
红茶一杯话Binder(初始篇)
weixin_34261415的博客
08-02 438
2019独角兽企业重金招聘Python工程师标准>>> ...
android.os.binder,Binder Class
weixin_35682082的博客
05-27 275
Binder ClassDefinitionNamespace:Assembly:Mono.Android.dllBase class for a remotable object, the core part of a lightweightremote procedure call mechanism defined by BinderConsts.In this article[Androi...
基于tiny4412android内核
04-24
在这个案例中,使用的内核版本为3.0.86,这是一个相对早期的版本,但对于Android 5.0.2系统来说,它可以提供必要的硬件驱动和功能支持。在Android系统中,内核不仅管理硬件资源,还负责设备驱动、内存管理、进程调度...
Matching Modules ================ # Name Disclosure Date Rank Check Description - ---- --------------- ---- ----- ----------- 0 exploit/android/fileformat/adobe_reader_pdf_js_interface 2014-04-13 good No Adobe Reader for Android addJavascriptInterface Exploit 1 \_ target: Android ARM . . . . 2 \_ target: Android MIPSLE . . . . 3 \_ target: Android X86 . . . . 4 exploit/multi/local/allwinner_backdoor 2016-04-30 excellent Yes Allwinner 3.4 Legacy Kernel Local Privilege Escalation 5 exploit/android/local/futex_requeue 2014-05-03 excellent Yes Android 'Towelroot' Futex Requeue Kernel Exploit 6 \_ target: Automatic Targeting . . . . 7 \_ target: Default . . . . 8 \_ target: New Samsung . . . . 9 \_ target: Old Samsung . . . . 10 \_ target: Samsung Grand . . . . 11 exploit/android/local/su_exec 2017-08-31 manual No Android 'su' Privilege Escalation 12 \_ target: aarch64 . . . . 13 \_ target: armle . . . . 14 \_ target: x86 . . . . 15 \_ target: x64 . . . . 16 \_ target: mipsle . . . . 17 exploit/android/adb/adb_server_exec 2016-01-01 excellent Yes Android ADB Debug Server Remote Payload Execution 18 \_ target: armle . . . . 19 \_ target: x86 . . . . 20 \_ target: x64 . . . . 21 \_ target: mipsle . . . . 22 exploit/android/local/binder_uaf 2019-09-26 excellent No Android Binder Use-After-Free Exploit 23 auxiliary/gather/android_browser_new_tab_cookie_theft . normal No Android Browser "Open in New Tab" Cookie Theft 24 auxiliary/gather/android_browser_file_theft . normal No Android Browser File Theft 25 auxiliary/admin/android/google_play_store_uxss_xframe_rce . normal No Android Browser RCE Through Google Play Store XFO 26 exploit/android/browser/webview_addjavascriptinterface 2012-12-21 excellent No Android Browser and WebView addJavascriptInterface Code Execution 27 auxiliary/gather/android_htmlfileprovider . normal No Android Content Provider File Disclosure 28 post/android/gather/hashdump . normal No Android Gather Dump Password Hashes for Android Systems 29 exploit/android/local/janus 2017-07-31 manual Yes Android Janus APK Signature bypass 30 auxiliary/server/android_mercury_parseuri . normal No Android Mercury Browser Intent URI Scheme and Directory Traversal Vulnerability 31 auxiliary/server/android_browsable_msf_launch . normal No Android Meterpreter Browsable Launcher 32 payload/android/meterpreter_reverse_http . normal No Android Meterpreter Shell, Reverse HTTP Inline 33 payload/android/meterpreter_reverse_https . normal No Android Meterpreter Shell, Reverse HTTPS Inline 34 payload/android/meterpreter_reverse_tcp . normal No Android Meterpreter Shell, Reverse TCP Inline 35 payload/android/meterpreter/reverse_http . normal No Android Meterpreter, Android Reverse HTTP Stager 36 payload/android/meterpreter/reverse_https . normal No Android Meterpreter, Android Reverse HTTPS Stager 37 payload/android/meterpreter/reverse_tcp . normal No Android Meterpreter, Android Reverse TCP Stager 38 auxiliary/gather/android_object_tag_webview_uxss 2014-10-04 normal No Android Open Source Platform (AOSP) Browser UXSS 39 auxiliary/gather/android_stock_browser_uxss . normal No Android Open Source Platform (AOSP) Browser UXSS 40 post/android/manage/remove_lock_root . normal No Android Root Remove Device Locks (root) 41 post/android/capture/screen . normal No Android Screen Capture 42 post/android/manage/remove_lock 2013-10-11 normal No Android Settings Remove Device Locks (4.0-4.3) 43 exploit/android/browser/stagefright_mp4_tx3g_64bit 2015-08-13 normal No Android Stagefright MP4 tx3g Integer Overflow 44 \_ target: Automatic . . . . 45 \_ target: Nexus 7 (Wi-Fi) (razor) with Android 5.0 (LRX21P) . . . . 46 \_ target: Nexus 7 (Wi-Fi) (razor) with Android 5.0.1 (LRX22C) . . . . 47 \_ target: Nexus 7 (Wi-Fi) (razor) with Android 5.0.2 (LRX22G) . . . . 48 \_ target: Nexus 7 (Wi-Fi) (razor) with Android 5.1 (LMY47O) . . . . 49 \_ target: Nexus 7 (Wi-Fi) (razor) with Android 5.1.1 (LMY47V) . . . . 50 \_ target: Nexus 7 (Wi-Fi) (razor) with Android 5.1.1 (LMY48G) . . . . 51 \_ target: Nexus 7 (Wi-Fi) (razor) with Android 5.1.1 (LMY48I) . . . . 52 \_ target: Nexus 7 (Mobile) (razorg) with Android 5.0.2 (LRX22G) . . . . 53 \_ target: Nexus 7 (Mobile) (razorg) with Android 5.1 (LMY47O) . . . . 54 \_ target: Nexus 7 (Mobile) (razorg) with Android 5.1.1 (LMY47V) . . . . 55 \_ target: Nexus 5 (hammerhead) with Android 5.0 (LRX21O) . . . . 56 \_ target: Nexus 5 (hammerhead) with Android 5.0.1 (LRX22C) . . . . 57 \_ target: Nexus 5 (hammerhead) with Android 5.1 (LMY47D) . . . . 58 \_ target: Nexus 5 (hammerhead) with Android 5.1 (LMY47I) . . . . 59 \_ target: Nexus 5 (hammerhead) with Android 5.1.1 (LMY48B) . . . . 60 \_ target: Nexus 5 (hammerhead) with Android 5.1.1 (LMY48I) . . . . 61 \_ target: Nexus 6 (shamu) with Android 5.0 (LRX21O) . . . . 62 \_ target: Nexus 6 (shamu) with Android 5.0.1 (LRX22C) . . . . 63 \_ target: Nexus 6 (shamu) with Android 5.1 (LMY47D) . . . . 64 \_ target: Nexus 6 (shamu) with Android 5.1 (LMY47E) . . . . 65 \_ target: Nexus 6 (shamu) with Android 5.1 (LMY47I) . . . . 66 \_ target: Nexus 6 (shamu) with Android 5.1.1 (LYZ28E) . . . . 67 \_ target: Nexus 6 (shamu) with Android 5.1 (LMY47M) . . . . 68 \_ target: Nexus 6 (shamu) with Android 5.1.1 (LMY47Z) . . . . 69 \_ target: Nexus 6 (shamu) with Android 5.1.1 (LVY48C) . . . . 70 \_ target: Nexus 6 (shamu) with Android 5.1.1 (LMY48I) . . . . 71 \_ target: Nexus 6 (shamu) with Android 5.1.1 (LYZ28J) . . . . 72 \_ target: Nexus 6 (shamu) with Android 5.1.1 (LVY48E) . . . . 73 \_ target: Samsung Galaxy S5 (VZW SM-G900V) with Android 5.0 (LRX21T) . . . . 74 auxiliary/dos/android/android_stock_browser_iframe 2012-12-01 normal No Android Stock Browser Iframe DOS 75 exploit/android/local/put_user_vroot 2013-09-06 excellent No Android get_user/put_user Exploit 76 payload/android/shell/reverse_http . normal No Command Shell, Android Reverse HTTP Stager 77 payload/android/shell/reverse_https . normal No Command Shell, Android Reverse HTTPS Stager 78 payload/android/shell/reverse_tcp . normal No Command Shell, Android Reverse TCP Stager 79 post/android/gather/sub_info . normal No Extract Subscriber Info 80 auxiliary/gather/firefox_pdfjs_file_theft . normal No Firefox PDF.js Browser File Theft 81 post/android/gather/wireless_ap . normal No Gather Wireless SSIDs and PSKs 82 post/android/local/koffee 2020-12-02 normal No KOFFEE - Kia OFFensivE Exploit 83 \_ action: CAMERA_REVERSE_OFF . . . It hides the parking camera video stream 84 \_ action: CAMERA_REVERSE_ON . . . It shows the parking camera video stream 85 \_ action: CLUSTER_CHANGE_LANGUAGE . . . It changes the cluster language 86 \_ action: CLUSTER_RADIO_INFO . . . It shows radio info in the instrument cluster 87 \_ action: CLUSTER_RANDOM_NAVIGATION . . . It shows navigation signals in the instrument cluster 88 \_ action: CLUSTER_ROUNDABOUT_FARAWAY . . . It shows a round about signal with variable distance in the instrument cluster 89 \_ action: CLUSTER_SPEED_LIMIT . . . It changes the speed limit shown in the instrument cluster 90 \_ action: HIGH_SCREEN_BRIGHTNESS . . . It increases the head unit screen brightness 91 \_ action: INJECT_CUSTOM . . . It injects custom micom payloads 92 \_ action: LOW_FUEL_WARNING . . . It pops up a low fuel message on the head unit 93 \_ action: LOW_SCREEN_BRIGHTNESS . . . It decreases the head unit screen brightness 94 \_ action: MAX_RADIO_VOLUME . . . It sets the radio volume to the max 95 \_ action: NAVIGATION_FULL_SCREEN . . . It pops up the navigation app window 96 \_ action: REDUCE_RADIO_VOLUME . . . It decreases the radio volume 97 \_ action: SEEK_DOWN_SEARCH . . . It triggers the seek down radio frequency search 98 \_ action: SEEK_UP_SEARCH . . . It triggers the seek up radio frequency search 99 \_ action: SET_NAVIGATION_ADDRESS . . . It pops up the navigation address window 100 \_ action: SWITCH_OFF_HU . . . It switches off the head unit 101 \_ action: SWITCH_ON_HU . . . It switches on the head unit 102 \_ action: TOGGLE_RADIO_MUTE . . . It mutes/umutes the radio 103 auxiliary/analyze/crack_mobile . normal No Password Cracker: Mobile 104 exploit/unix/fileformat/metasploit_msfvenom_apk_template_cmd_injection 2020-10-29 excellent No Rapid7 Metasploit Framework msfvenom APK Template Command Injection 105 auxiliary/scanner/sip/sipdroid_ext_enum . normal No SIPDroid Extension Grabber 106 exploit/android/browser/samsung_knox_smdm_url 2014-11-12 excellent No Samsung Galaxy KNOX Android Browser RCE 107 auxiliary/gather/samsung_browser_sop_bypass 2017-11-08 normal No Samsung Internet Browser SOP Bypass Interact with a module by name or index. For example info 107, use 107 or use auxiliary/gather/samsung_browser_sop_bypass msf >
最新发布
11-09
在 `msfconsole` 中使用 Android 相关模块,可按以下步骤操作: ### 查找 Android 相关模块 在 `msfconsole` 中使用 `search` 命令查找 Android 相关模块,例如: ```plaintext msf6 > search android ``` 该命令会...
binder和socketpair结合实现任意进程间的双向通讯
TECH_PRO的博客
05-06 1735
binder机制是Android系统中特有的实现进程间远程通信的机制,它是基于C/S模式来实现的,一般一个是client端,一个是server端;而socketpair机制可以实现双向通讯,但是通讯范围限制在同一个进程的线程之间或者是具有亲缘关系的进程之间。本文通过将这两种机制结合起来,实现任意两个进程间的双向通讯。 作者本人能力有限,文中有说的不对或者不合理的地方还请多多指教。
Android灯光系统(电池灯/通知灯)
qq_34888036的博客
04-01 3282
首先别人的APP要能直接访问到你写的硬件或者不经过任何修改的APP能直接使用你的驱动,就需要使用系统自带的JNI,所以我们需要写出符合系统自带JNI文件的HAL文件和驱动程序,下面具体分析一个这个HAL和驱动程序需要实现什么。 灯光系统由以下四个部分组成 APP:电池灯APP,通知灯APP,背光灯APP JNI :com_android_server_lights_LightsService.cpp HAL:我们自己实现,实现一个lights.c 驱动:leds_nanopi3.c(JNI需要什么这里就给
Android系统之Binder代码解析
litao55555的博客
08-15 1554
1. ServiceManager的启动流程 system\core\roodir\init.rc: service servicemanager /system/bin/servicemanager //可知孵化器的目录为servicemanager class core user system group system critical onrestart restart healthd onrestart restart zygote onre
Binder源码目录
ITbigger的博客
05-30 1042
基于Linux 4.4源码, 从上之下, 整个Binder架构所涉及的总共有以下5个目录: /framework/base/core/java/ (Java) /framework/base/core/jni/ (JNI) /framework/native/libs/binder (Native) /framework/native/cmds/servicemanager/ (Native) /kernel/drive
binder- 代码路径(kernel)
whjk20的专栏
08-29 382
Binder的驱动: kernel\drivers\staging\android\ --> kernel\drivers\android\ 源码下载:https://github.com/aosp-mirror/kernel_common Binder的Jni: ./base/core/jni/android_util_Binder.cpp Binder的include文件 frameworks/native/include/binder/ Binder的核心库: Service..
掌握 binder 机制?先搞懂这几个关键
鸿蒙开发知识记录
09-01 459
作者: Android 面试官 本文将深入源码详细介绍 binder 机制中的以下关键: ProcessState IPCThreadState BpBinder BinderProxy binder 架构 介绍之前,先简单回顾下 binder 的整体架构,大致了解这些的角色。 对于一个比较典型的、两个应用之间的 IPC 通信流程而言: Client 通过 ServiceManager 或 AMS 获取到的远程 binder 实体,一般会用 Proxy 做一层封装,比如 ServiceMana.
Android Binder之基本介绍
CAESAR的专栏
08-14 3607
// IBinder.h // IBinderBinder通信协议的接口,为client和server端通信的基础。 // BBinderBpBinder均为IBinder的子:BBinder用于server端,BpBinder用于client端。 /** * Base class and low-level protocol for a remotable object.
Binder的应用层的核心
weixin_36234344的博客
05-06 393
Binder应用层的核心 C++层 1.libbinder库中的IInterface,BpInterface,BnInterface,BBinder,BpBinderIBinder共同构成了Binder应用层的核心。 (1)IInterface :主要的功能是用“纯虚函数“定义服务的接口函数 内部有一个比较陌生的宏 DECLARE_META_INTERFACE”使用这个
Binder系列2 Binder概念及相关接口和
liuwg1226的专栏
08-14 1288
Binder系列1 Binder总体设计思想 在Binder系列1 Binder总体设计思想中,主要从宏观上讲了Binder的总体设计思想和一些关键实现部分的设计技巧,在系列2中会进一步细化Binder的概念和介绍实现Binder通信架构所用到的相关接口和. 一 什么是Binder 简单地说,BinderAndroid平台上的一种跨进程通信技术。该技术最早并不是由Google公司提出的,它的前身是Be Inc公司开发的OpenBinder,而且在Palm中也有应用。后来OpenBinder的作者D
Android binder架构解析
你不爱欧文的专栏
06-17 913
Android binder架构解析 标签: binder架构解析service managerjava bindernative binder 2016-06-10 11:21 13人阅读 评论(0) 收藏 举报  分:   Android Frameworks(5)  版权声明:本文为博主原创文章,未经博主允许不得转载。
Binder Class relation ship
hjshen1970的专栏
11-02 373
public interface ICat extends android.os.IInterface { public java.lang.String getColor() throws android.os.RemoteException; public double getWeight() throws android.os.RemoteException; /* 对于服务端
Android代码交流平台与资源分享-zheng
根据给定文件信息,标题为"Android代码-zheng",描述中包含了一些交流QQ群号,以及标签"Android代码",以及压缩包子文件的文件名称列表"zheng-master"。这些信息指向的是一个以"zheng"命名的Android代码项目,该项目...
评论
成就一亿技术人!
拼手气红包6.0元
还能输入1000个字符
 
红包 添加红包
表情包 插入表情
表情包 代码片
 条评论被折叠 查看
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值