The----of Android system explains the service invocation mechanism of AMS remote and the activation process of activity

Source: Internet
Author: User
Tags processing instruction

First, why this article does not introduce the hook system AMS service

In a previous article that has been explained in the Android Hook system service, as well as the ability to intercept specific methods, according to the process this article should describe how to hook the system's AMS service to intercept the application's startup process operation, but this article does not, because before the introduction of this knowledge point, there is a big thing to do, It is necessary to analyze the Android application start-up process, if the process is not clear, there is no way to hook, because you can not find the hook point, of course, hook Agent is very easy to obtain, if there is no hook point, there is no way to follow the operation, So we have to analyze the process clearly, of course, now about the application of the start-up process of knowledge is rotten street, but everyone has a different way of analysis and summary, I always believe that my analysis process is the clearest and most useful.


Second, Android application of the start-up process Analysis

The following first look at the activity of the START process, analysis of the START process is actually very simple, we directly look at the source code, we generally start the activity is a method of using the system startactivity operation, about this method by follow-up code is in In Contextimpl.java :


Here we use the Mmainthread variable to perform the operation, and then look at this variable:


Really is the Activitythread class, this class we in the previous analysis of the source of the time to mention it, he is a very important application of a class, first of all, he is an application of the main thread, followed by a program is also the entrance of the place:


This entry will be followed by the main method when it will be executed, and the following continue to see the Getinstrumentation method in Activitythread:


In fact, to get to the instrumentation type, in fact, this class equivalent to start the activity of the middle, start the activity in the middle of it is operated by it:


See and call the Activitymanagernative.getdefault method to start the activity. Take a look at the activitymanagernative class:


See here is a little understand, in fact, Activitymanagernative class is the middle of the remote service stub class, in fact, the name is not called stubs, in fact, as long as the see is inherited from the binder class and the implementation of the Aidl interface type is the stub class, Don't care about the class name. Seeing his asinterface method is similar to other system services, where the local agent is the Activitymanagerproxy class.

The following continues to see his Getdefault method implementation, which is obtained by variable Gdefault:


As can be seen here, in fact, gdefalut with the use of singleton implementation of the Singleton mode, and in the internal can be seen from the ServiceManager to get to the AMS remote Service Binder object, and then use the Asinterface method to convert to a localized object, is actually the Activitymanagerproxy object. Then we look at the above called the Startactivityasuser method, which is actually called the Activitymanagerproxy object of this method:


In fact, the methods in the Activitymanagerproxy object will eventually invoke the Transact method of the remote service binder object. It will then be transferred to the Ontransact method of the remote service intermediary activitymanagernative:


See here will callback Iactivitymanager interface in the Startactivityasuser method, and this specific implementation is generally in the remote service, here we can guess is called activitymanagerservice Medium:


There is a layer called, here is the Activitystacksupervisor class, here is not subdivided, and eventually in his internal will be called into the Activitytask class, and another layer, It then invokes the Startprocesslocked method in Activitymanagerservice, where a command is executed:


See, in fact, before this process there is an action is to notify the zygote process needs to start a new application process, and then execute the command to execute Activitythread's entry method main, so this main method is actually an application process of the entry method, The following is a continuation of the analysis of what is done in the Main method:


In the main method, it calls its own attach method:


This is going to go back to Activitymanagerservice, and then call the Realstartactivitylocked method in activitystacksupervisor :


In this method, the Schedulelaunchactivity method of the thread variable of type Processrecord is called, and this thread variable is of type Iapplicationthread:


Hey, here's what iapplicationthread can think of, this could be another remote communication:


Well, that's true, but here's a glimpse of how these methods can be accidentally discovered, mostly related to the life cycle of the activity, so you can guess that this communication should be the life cycle of the activity, To look at the middle of the remote service to achieve the applicationthreadnative:


Indeed, the implementation mechanism here is similar, then we understand the entire AMS communication mechanism, we should know that the specific server implementation should be Applicationthread, global search, this class altogether is defined in Activitythread:


Indeed, here is the concrete way to achieve the far end, then we find the Schedulelaunchactivity method:


The method of sending the message in Activitythread will eventually be called:


The global handler type in Activitythread is then called MH to send the message


So, let's go straight to the message processing logic:


Keep looking at the implementation of this method:


Use performlaunchactivity to construct an activity:


A application is also constructed in the Performlaunchactivity method, which continues to look:


Finally, the Newactivity method of instrumentation is called:


Well, actually in here to construct an activity instance came out, before using activity, always curious when this activity was created, so find the place.

The activity's life cycle method is then still invoked in Activitymanagerservice:


Of course, the other callback methods are not listed, such as the application in a few callback methods, such as low memory, the program when the exception of the callback is also here.


Iii. Summary of the process

Here we have a rough analysis of the activity in the Android activation process, from the process, or very complex, in fact, after the analysis will find that they are a little confused, but must be their own side of the analysis of the record, the following is my painstaking arrangement of a flowchart ( The picture is large and can be downloaded to view the high-definition artwork ):


Against this picture, the following is a concise summary from beginning to end heartless knowledge points:

First, the AMS communication mechanism analysis

The first choice is to enter the Execstartactivity method in the instrumentation class through the StartActivity method in the Contextimpl class. And then into the activitymanagernative of the method StartActivity, here will appear the first turning point and focus, that is the AMS Remote service architecture:


In this process, we in the previous analysis system in the Clipboard service, here analysis is not difficult, there are four main objects:

1, Iactivitymanager: This is the remote Service Aidl protocol interface type, defines a lot of methods

2, Activitymanagerproxy: This is the local side intermediary object, that is, we apply the actual operation of the localization object, he is generally obtained by the activitymanagernative Asinterface method. In this method, all methods of the Iactivitymanager interface are implemented, and the Binder object method of the remote service is used in the specific method to send the command to the remote intermediary transact.

3, Activitymanagernative: This is the remote intermediary object, that is, we analyzed the stub class, just do not know why AMS does not call this name, so here after the analysis system service source code, It should be seen that if you inherit the binder class to implement the Ixxx interface, then this class is the middle of the remote service, he has two functions, one can be the remote service binder object into a local real object, Another is that you can accept the local side of the intermediate is the proxy object sent by the command, in the Ontransact method to do processing, and in this method will actually callback the Iactivitymanager interface specified method, and the specific interface method implementation is in the Activitymanagerservice

4, Activitymanagerservice: This is the remote service implementation of the specific method of the class, here is the real logic processing, and this class is running in the system service process, that is, System_server.

As you can see from the above process, most of the services in Android conform to this rule:

IXXX is the Aidl interface type definition logical method

Xxxproxy is the local proxy object and the actual object to which the application operates

Xxxnative/xxx$stub is the intermediary object of the remote service and is primarily used to handle the command processing that the application sends over

Xxxservice is where the final service logic is implemented, running in the remote process


Second, the activity stack mechanism analysis

After the first turning point, we can go directly to the activitymanagerservice to see the concrete method implementation logic, where there will be multiple calls, mainly Activitystacksupervisor class and Activitystack class, These two classes are mainly used to deal with the activity stack information, because when the activity is started involved in the startup mode, then it is important to deal with the application of activity stack information, here is the four kinds of classic startup mode to implement the logic of the place, Interested students can carefully analyze the source code. At the same time there are several important types in this process:

1 Activitystack This is the stack structure that manages all the activity in this application.
2 Activityrecord This is the recording of the current activity information, such as in which process processstate, the current state curentstate, and activity is one by one corresponding.
3 "Task This records the information of all the activity, here does not distinguish which application activity." And this task is what we often talk about. The Singletask mode in the activity startup mode initiates a task when an activity is started.

4 Processrecord This class records information in a process, because one application may contain multiple processes.


Third, create and start the application process

After the activity stack information processing, will return to Activitymanagerservice in the Startprocesslocked method, in this method to do one of the most important thing, that is to start the application process, Of course, before this one step is to send a request to the zygote process to create the application process, the launch of the application process is actually called the process class to execute the Activitythread class, this will execute the main function of this class entrance, here our application process even up, And then look at what's going on in the main function in Activitythread?


Analysis of communication mechanism of activity life cycle process

Analysis to the main function of Activitythread, found is also one of the most important thing is attach operation, this operation is mainly binding some information, first bound application operation bar, and then follow up the method to achieve, Finally, the Schedulelaunchactivity method of Applicationthread is called in the Realstartactivitylocked method of the Activitystacksupervisor class, OK, There is going to be a turning point, and there is a aidl communication mechanism:


This process is actually similar to the above AMS communication mechanism, but here the object has changed, is the Applicationthread class, and this communication mechanism is mainly for the life cycle of activity Services, the above AMS communication mechanism is for the activity to start the service, The separation of the two operations is quite clear, but here we can see that the server and client communication roles will change:

In AMS communication, the application as a client sends instructions to the server for processing

In Applicationthread communication, the application will introduce instructions from the server as a service side

So the object that is called in Activitymanagerservice this server class is actually the Applicationthreadproxy object.

The far end of the specific processing instruction is in the application process, that is, the Applicationthread class, which is implemented in Activitythread.


Analysis of activity structure and life cycle method

After understanding the Applicationthread communication mechanism, we can go to the class to see the specific life cycle method invocation logic, the inside processing or relatively simple, is the use of Activitythread in the handler variable as the message sent and processed, and then call the specified method can be , it will eventually be found to construct an activity instance object through the Newactivity method in the instrumentation class, and then initiate the processing of the activity. The activity's life cycle method is then invoked later.


Here we have a very clear description of the activity of the activation process, the most important point here is to understand the system services in Android Remote call mechanism and the binder mechanism can be understood in the communication of the several classes of objects and specific relationships. There are two process communication operations that are more complex here:


At the same time, we find the processing of the stack in the process of activity initiation, and the specific logic processing of the activation mode of several activity. At the beginning of this analysis you will think that the system is so complex, but when you really understand it, you will find that the design is really clear. The AMS process communicates in order to handle activity initiation, and the applicationthread process communicates to handle the activity's life cycle work.


Iv. Summary

After learning about the activity initiation process in Android, we can start to hook off the system's AMS service, intercept the activity's start-up method, and various life cycle methods to achieve what we want. As an Android developer to the end will not be able to avoid the activity to start the process of carding work, although the knowledge points on the internet has been rotten street, but the real self-practice analysis of the effect is very different, so must be quiet to analyze the process of their own, the harvest is very large.


Click here for more information:

Focus on the public, the latest technology dry real-time push



The----of the Android system explains the AMS remote service invocation mechanism and activity initiation process

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.