Why should Android use binder as the IPC mechanism?

Gityuan
Links: https://www.zhihu.com/question/39440766/answer/89210950
Source: Know
Copyright belongs to the author. Commercial reprint please contact the author for authorization, non-commercial reprint please specify the source.

at the beginning of the answer , let's start with a brief overview of all the existing inter-process IPC methods for Linux:

1. Pipeline: Allocate a page-size memory at creation time, the buffer size is relatively limited;
2. Message Queuing : Information replication two times, additional CPU consumption, inappropriate frequent or information-intensive communication;
3. Shared memory : No need to copy, the shared buffer directly attached to the process virtual address space, fast, but the synchronization between the processes of the operating system can not be implemented, the process must be solved by the synchronization tool;
4. socket : As a more general interface, transmission efficiency is low, mainly for non-connected machines or cross-network communication;
5. semaphore : Often used as a locking mechanism to prevent a process from accessing the shared resource, other processes also access the resource. Therefore, it is primarily used as a means of synchronization between processes and between different threads within the same process.
6. signal : Not for information exchange, more suitable for process interrupt control, such as illegal memory access, kill a process, etc.;

The kernel of Android is also based on the Linux kernel, why not directly adopt the Linux existing process IPC program, is not the Linux community so many outstanding people do not consider the binder such a better solution, is Google too bull B? The truth is not so, please look down, you will understand.

--------------------------------------------------------------------------------------------------------------- ----------------------------

Next answer this question positively, analyze the binder from 5 angles:

(1) From the point of view of performance
number of copies of data: Binder data copies require only one time, while pipelines, message queues, sockets require 2 of times, but shared memory is not required for a single memory copy, and from a performance point of view, Binder performance is second only to shared memory.

(2) from the point of view of stability
Binder is based on the C/S architecture, a simple explanation under the C/S architecture, refers to the client (clients) and service (Server) composed of the architecture, what the client needs, directly sent to the Server side to complete, the structure is clear, Server side and client side is relatively independent, the stability is good, and the shared memory implementation is complex, there is no customer and service side, need to fully consider the access critical resources of the concurrent synchronization problem, or there may be deadlock and other problems; From this stability perspective, the binder architecture is superior to shared memory.

Only from the above two points, each has the pros and cons, is not enough to support Google to use binder IPC mechanism, then the more important reason is:

(3) from a security standpoint
Traditional Linux IPC receivers can not obtain the other party's process reliable uid/pid, so as to not identify the identity of the other, and Android as an open source system, has a very large development platform, the app is very wide, so the security of the mobile phone is extra important; for ordinary users, Do not want to download from the App Store peeping insinuate data, the background caused by mobile phone power and so on, the traditional Linux IPC does not have any protection measures, completely by the upper layer protocol to ensure.

Android for each installed application assigned its own UID, so the process UID is an important identification process identity, the previous reference C/S architecture, theAndroid system only exposed client side, the client side will send the task to the server side, Server side will be based on the rights control policy to determine whether uid/pid to meet access rights, the current rights control is often through the popup permission to ask the dialog box, let the user choose whether to run . Android 6.0, also known as Android M, Before 6.0 the system is the first time the app is installed, will be all the permissions involved in the entire app once asked, as long as the attention will find a lot of apps do not use communications and text messages, but in this one-time permissions will be included, so that users can not be refused, because the app will not be able to use, once authorized, the application For.

In response to this problem, Google has made an adjustment in Android M, is no longer installed when asked all the permissions, but in the app running process, the need for which permissions to ask the user whether to give the appropriate permissions, the permissions have been more granular control, so that users have more controllability, but At the same time also brought another user criticized the place, that is, the permission to ask the number of bullets increased significantly. for Android M platforms, some app developers may write the app that sells the mobile phone's unusual pop-up box, trying to wait until the user authorizes it, which is not tolerated by the user, but not just the app, but the Android system and handset maker. Some users may be jumping fruit powder, which also requires the vast number of Android developers and mobile phone manufacturers to work together to create a safe and experienced Android phone.

The rights control strategy in Android has many methods, such as SELinux, which are listed below from an angle of binder control:
How is the binder permission for Android source control? -gityuan's answer

Traditional IPC can only be filled in by the user in the packet uid/pid; In addition, a reliable identity token is only added by the IPC mechanism itself in the kernel. Second, the traditional IPC access point is open and cannot establish a private channel. From a security standpoint, binder security is even higher.

Speaking of this, there may be someone to refute , Android even with the binder structure, and now Android phone of various rogue software, is not doing this kind of peeping insinuate, backstage secretly run traffic? Yes, it does, but that doesn't mean the security of binders is bad, because Android is still mastering control, controlling rogue behavior of such apps, just what strategy to take control, and there's a lot of room for progress in Android. This is one of the areas where Google and the major handset makers have been trying to improve. In Android 6.0,google for app permissions issue as a lot of effort, greatly tighten the app permissions, and Google also in the android bootcamp , Google said in the Android 7.0 (also called Android N) privacy aspects will be further strengthened, such as selinux,memory safe language (still in the new) and so on, in this year's May 18 to May 20, Google will launch Android N.

The topic is far away, continue to say binder.

(4) from the perspective of language level
Everyone knows that Linux is based on the C language (process-oriented language), while Android is based on the Java language (object-oriented statements), and for binder is exactly the object-oriented idea, the process of interprocess communication to the object through a reference to call the method, What makes it unique is that the binder object is an object that can be referenced across processes, its entities are in a process, and its references are all over the system's processes. You can pass from one process to another so that everyone can access the same server, just as you would assign an object or reference to another reference. Binder blurs the process boundary, fades the process of interprocess communication, and the whole system seems to run in the same object-oriented program. From the language level, binder is more suitable for the object-oriented language-based Android system, the Linux system may be a little "acclimatized".

In addition, Binder is for Android such systems, rather than the Linux community did not think of the binder IPC mechanism exists, for the vast number of developers of the Linux community, I still express deep admiration, so that the world has such a superb and wonderful open source system. It is not that the existing IPC mechanism of Linux is not good enough, on the contrary, after so many excellent engineers continue to polish, still very good, each of the Linux IPC mechanism has the value of existence, but also in the Android system still use a large number of Linux existing IPC mechanism, According to each kind of IPC principle characteristic, timely, the different scene characteristic often uses its under most suitable. For example, the IPC in the zygote process in Android OS uses the socket (socket) mechanism , the signal (signaling) mechanism used in the Kill process in Android, and so on. Binder is more used in the system_server process to interact with the IPC in the upper layer of the app .

(5) from the perspective of corporate strategy

As is known to all, the Linux kernel is an open source system, and the GPL is protected by the Open Sources License agreement, which has the ability of "viral infection", how to understand this sentence? The GPL-protected Linux kernel is run in the kernel space, and for any class libraries, services, applications, etc. in the upper layer run in user space, once the Syscall (System call) is called to the underlying kernel, then the GPL protocol must be followed.

And Android's father Andy Rubin for the GPL is obviously unacceptable, for this reason, Google cleverly control the GPL in the kernel space, Using the APACHE-2.0 protocol (which allows Android-based developers to not give feedback to the community), and the use of the BSD licensing method in the Lib library between the GPL and Apache-2.0, effectively cut off the GPL's contagion, but at least now eases Android, Keeping the GPL in the kernel space is a successful example of Google's open source and commercial coexistence under GPL Linux.

With these mats, let's talk about Binder's present frontier.

Binder is based on open source Openbinder, Openbinder is an open source system IPC, originally developed by Be Inc., followed by Palm, Inc. is responsible for developing, and now Openbinder's authors work at Google, since the author at Google, using binder as the core IPC mechanism in user space, With Apache-2.0 protocol protection, it is natural that there is no problem, less legal risk, and a great benefit for development costs, and binder is a good choice from a corporate strategy perspective.

Also, a little bit more about Openbinder, the 2015 Openbinder and the Linux kernel mainline 3.19 version, which is a bit of Google's feedback on Linux.

Combined with the 5 points above, Binder is the perfect choice for the upper-process communication between Android systems.

--------------------------------------------------------------------------------------------------------------- ---------------------------
Then, answer the landlord mentioned D-bus

Also adopt the C/S architecture of the IPC mechanism,D-bus is implemented in user space, inefficient, the number of copies of the message and the number of context switches are significantly more than binder. For D-bus These defects, then produced the Kdbus, which is d-bus in the kernel implementation version, the efficiency is improved, like binder in the kernel as a character design, open () the device, mmap () mapping memory.

(1) Kdbus in interprocess communication process, client side will message in memory message queue, can store a large number of messages, server side constantly from the message team to take messages, size only limited memory;
(2) The mechanism of binder is that each communication, the process or thread will be communicating in the TODO team to increase the binder transaction, and the number of binder threads per process allowed, Google provides the default maximum number of threads is 16, limited by the CPU, due to the number of threads too much, increase the system load, And each process defaults to the allocated (1m-8k) size of memory.

Kdbus is also suitable for systems that transmit large amounts of data and a large number of messages for memory consumption. Binder to the CPU and memory requirements are relatively low, high efficiency, so that the binder is suitable for mobile Android, but there are some shortcomings, is different from the use of binder output big data, such as the use of binders to transfer a few m-size pictures, there will be anomalies, Although there is a vendor that increases binder memory, it is not likely to be much larger than the system's default memory, or the entire system will have a significant decrease in available memory.

Finally, simply talk about the Android binder architecture

Binder plays a very high role in the Android system. After zygote hatched the system_server process, it was initialized in the System_server process to support a wide variety of service for the entire Android framework, which was divided in large directions, The service, which is divided into the Java Layer framework and the native framework layer (c + +), is almost always based on the binder IPC mechanism.

1. Java Framework: As server-side inheritance (or indirectly inheritance) to the Binder class, the client side inherits (or indirectly inherits) from the Binderproxy class. For example, Activitymanagerservice (for controlling activity, service, process, etc.) as the server side, indirectly inherit the binder class, and the corresponding Activitymanager as the client side, Indirectly inherit from the Binderproxy class. Of course, there are packagemanagerservice, Windowmanagerservice and so many system services are using C/s architecture;
2. Native Framework layer: This is the C + + layer, which inherits (or indirectly inherits) from the Bbinder class as a server side, the client side inherits (or indirectly inherits) from the BP Binder. For example Mediaplayservice (for multimedia correlation) as the server side, inheriting from the Bbinder class, and the corresponding Mediaplay as the client side, indirectly inherit from the Bpbinder class.

in short, a word "No Binder not Android ".

Originally wanted to from the binder source technology angle, analysis binder How to do, found unknowingly wrote so much, for the realization of the principle of interest, view my personal blog. Pass google search keyword "Binder series", the first one to appear is my blog, yuanhh.com, on a Google search result:

in order to facilitate the dissemination and memory, just applied for a new domain name Gityuan (with my Weibo, the name of the ID), the personal blog from http./ yuanhh.com moved to the new domain HTTP // gityuan.com, because not good at SEO, the site of Google weight reduction, update time 2016.03.27.

Some netizens suggested, put on the binder series of connections: Binder Series-opening. Updated 2016.04.09

The last of the last:

Friends recommend to know this side to answer the question, rose popularity, I also spell, the first time so long answer the question, feel not to say clearly, revised over and over again, if everyone think I answer is also OK, also please everyone casually praise, attention, collection, if feel bad, Also to comment. If you can get everyone's affirmation, that also does not waste time to beat so many words, here Gityuan first thank you.

Why should Android use binder as the IPC mechanism?