debug:am、cmd命令源码分析
debug:am、cmd命令源码分析
目录- debug:am、cmd命令源码分析
- am命令的实现
- 手机里的am
- am.jar
- cmd命令的实现
- 手机里的cmd
- cmd activity
- cmd.cpp#cmdMain
- Binder.cpp#shellCommand
- Binder.java#onTransact
- ActivityManagerService.java#onShellCommand
- ActivityManagerShellCommand#onCommand
- 总结
- am命令的实现
am命令的实现
手机里的am
:/ # which am
/system/bin/am
:/ # file /system/bin/am
/system/bin/am: /system/bin/sh script
:/ # cat am
#!/system/bin/sh
if [ "$1" != "instrument" ] ; then
cmd activity "$@"
else
base=/system
export CLASSPATH=$base/framework/am.jar
exec app_process $base/bin com.android.commands.am.Am "$@"
fi
aosp里的am代码位置
frameworks/base/cmds/am$
am命令是个shell脚本,非instrument时调用cmd命令。am.jar也在手机里,/system/framework/am.jar
am.jar
只有俩文件
frameworks/base/cmds/am/src/com/android/commands/am$ ls
Am.java Instrument.java
frameworks/base/cmds/am/src/com/android/commands/am/Am.java
39 public class Am extends BaseCommand {
49 public static void main(String[] args) {
50 (new Am()).run(args);
51 }
------------------------------------------------------------------
62 @Override
63 public void onRun() throws Exception {
64
65 mAm = ActivityManager.getService();
71 mPm = IPackageManager.Stub.asInterface(ServiceManager.getService("package"));
77 String op = nextArgRequired();
78
79 if (op.equals("instrument")) {
80 runInstrument();
81 } else {
82 runAmCmd(getRawArgs());
------------------------------------------------------------------
138 void runAmCmd(String[] args) throws AndroidException {
139 final MyShellCallback cb = new MyShellCallback();
140 try {
141 mAm.asBinder().shellCommand(FileDescriptor.in, FileDescriptor.out, FileDescriptor.err,
142 args, cb, new ResultReceiver(null) { });
143 } catch (RemoteException e) {
50行的run是在父类BaseCommand里,然后又分发到子类onRun方法
如果是通过am命令来启动的话,这里只会走到80行,但是,am.jar也是可以完全支持cmd activity相同的效果。
直接运行am.jar时就走到82行了,在141行binder沟通ams。
cmd命令的实现
手机里的cmd
:/ # which cmd
/system/bin/cmd
:/ # file /system/bin/cmd
/system/bin/cmd: ELF shared object, 64-bit LSB arm64, dynamic (/system/bin/linker64), for Android 30, BuildID=ab0acb6f2e4ab587eb5166cd5c29e254, stripped
cmd是个二进制可执行程序
aosp里的cmd代码位置
frameworks/native/cmds/cmd
cmd activity
cmd activity发生了什么
frameworks/native/cmds/cmd/main.cpp
21 int main(int argc, char* const argv[]) {
22 signal(SIGPIPE, SIG_IGN);
23
24 std::vector arguments;
25 arguments.reserve(argc - 1);
26 // 0th argument is a program name, skipping.
27 for (int i = 1; i < argc; ++i) {
28 arguments.emplace_back(argv[i]);
29 }
30
31 return cmdMain(arguments, android::aout, android::aerr, STDIN_FILENO, STDOUT_FILENO,
32 STDERR_FILENO, RunMode::kStandalone);
33 }
cmd.cpp#cmdMain
啥都没干,跳到cmd.cpp#cmdMain
frameworks/native/cmds/cmd/cmd.cpp
167 int cmdMain(const std::vector& argv, TextOutput& outputLog, TextOutput& errorLog,
168 int in, int out, int err, RunMode runMode) {
169 sp proc = ProcessState::self();
170 proc->startThreadPool();
175 sp sm = defaultServiceManager();
215 sp service;
216 if(waitForService) {
217 service = sm->waitForService(serviceName);
218 } else {
219 service = sm->checkService(serviceName);
220 }
239 status_t error = IBinder::shellCommand(service, in, out, err, args, cb, result);
169、170、171行老三样,沟通binder驱动,拿到ServiceManager的代理
217、219行拿到传入参数的binder代理。我们传的是activity,所以这就是ams的代理。
239行,通过代理发起ipc调用。
Binder.cpp#shellCommand
frameworks/native/libs/binder/Binder.cpp
66 status_t IBinder::shellCommand(const sp& target, int in, int out, int err,
67 Vector& args, const sp& callback,
68 const sp& resultReceiver)
69 {
70 Parcel send;
71 Parcel reply;
72 send.writeFileDescriptor(in);
73 send.writeFileDescriptor(out);
74 send.writeFileDescriptor(err);
75 const size_t numArgs = args.size();
76 send.writeInt32(numArgs);
77 for (size_t i = 0; i < numArgs; i++) {
78 send.writeString16(args[i]);
79 }
80 send.writeStrongBinder(callback != nullptr ? IInterface::asBinder(callback) : nullptr);
81 send.writeStrongBinder(resultReceiver != nullptr ? IInterface::asBinder(resultReceiver) : nullptr);
82 return target->transact(SHELL_COMMAND_TRANSACTION, send, &reply);
83 }
binder的流转细节就不说了,直接跳到服务端,看针对这个命令的处理SHELL_COMMAND_TRANSACTION。
Binder.java#onTransact
frameworks/base/core/java/android/os/Binder.java
782 protected boolean onTransact(int code, @NonNull Parcel data, @Nullable Parcel reply,
783 int flags) throws RemoteException {
804 } else if (code == SHELL_COMMAND_TRANSACTION) {
805 ParcelFileDescriptor in = data.readFileDescriptor();
806 ParcelFileDescriptor out = data.readFileDescriptor();
807 ParcelFileDescriptor err = data.readFileDescriptor();
808 String[] args = data.readStringArray();
812 if (out != null) {
813 shellCommand(in != null ? in.getFileDescriptor() : null,
814 out.getFileDescriptor(),
815 err != null ? err.getFileDescriptor() : out.getFileDescriptor(),
816 args, shellCallback, resultReceiver);
------------------------------------------------------------
925 public void shellCommand(@Nullable FileDescriptor in, @Nullable FileDescriptor out,
926 @Nullable FileDescriptor err,
927 @NonNull String[] args, @Nullable ShellCallback callback,
928 @NonNull ResultReceiver resultReceiver) throws RemoteException {
929 onShellCommand(in, out, err, args, callback, resultReceiver);
929行的实现在AMS里
ActivityManagerService.java#onShellCommand
frameworks/base/services/core/java/com/android/server/am/ActivityManagerService.java
10501 @Override
10502 public void onShellCommand(FileDescriptor in, FileDescriptor out,
10503 FileDescriptor err, String[] args, ShellCallback callback,
10504 ResultReceiver resultReceiver) {
10505 (new ActivityManagerShellCommand(this, false)).exec(
10506 this, in, out, err, args, callback, resultReceiver);
10507 }
继续跟10505
public abstract class ShellCommand extends BasicShellCommandHandler {
final class ActivityManagerShellCommand extends ShellCommand {
看一下继承关系,这里需要注意的是,10505的exec是调用到父类的父类,然后又返回返回到ActivityManagerShellCommand的onCommand
ActivityManagerShellCommand#onCommand
frameworks/base/services/core/java/com/android/server/am/ActivityManagerShellCommand
176 @Override
177 public int onCommand(String cmd) {
183 switch (cmd) {
184 case "start":
185 case "start-activity":
186 return runStartActivity(pw);
......
203 case "trace-ipc":
204 return runTraceIpc(pw);
......
总结
总体流程比较简单,需要关注的点有
-
am和cmd的binder客户端实现,也就是怎么写一个binder客户端(java、native)。
-
binder的流转,对端在哪
-
最后是shellcommand的命令分发。
以此做参考,可以添加一些自己的命令与实现,做一些调试小工具。