- 一、ActivityThread 源码分析
- 二、ActivityThread 部分代码示例
dex 解密时 , 需要将 代理 Application 替换为 真实 Application ; 替换 Application 首先要理解系统如何注册应用的 Application 的 ;
一、ActivityThread 源码分析参考源码 : /frameworks/base/core/java/android/app/ActivityThread.java
Zygote 进程孵化器 fork 出应用进程后 , 就会执行 ActivityThread 中的 main 函数 ;
在 main 函数中 , 调用了 Looper.prepareMainLooper() 方法 , 初始化了 Looper , 在 main 方法最后 , 执行了 Looper.loop() , 开启了无限循环获取 Message 并执行 ;
准备完 Looper 之后 , ActivityThread thread = new ActivityThread() 创建了 ActivityThread 对象 , 并调用了该对象的 attach 函数 , thread.attach(false) ;
public static void main(String[] args) {
Looper.prepareMainLooper();
ActivityThread thread = new ActivityThread();
thread.attach(false);
Looper.loop();
}
在 attach 函数中 , private void attach(boolean system) , 传入的参数是 false , 进入第一个分支 if (!system) { ;
在该分支中 , final IActivityManager mgr = ActivityManagerNative.getDefault() , 通过 ActivityManager 拿到了 Binder 对象 ;
通过调用该 Binder 对象的 attachApplication 方法 , mgr.attachApplication(mAppThread) , 将本 ApplicationThread 对象传送出去 ;
private void attach(boolean system) {
sCurrentActivityThread = this;
mSystemThread = system;
if (!system) {
RuntimeInit.setApplicationObject(mAppThread.asBinder());
final IActivityManager mgr = ActivityManagerNative.getDefault();
try {
mgr.attachApplication(mAppThread);
} catch (RemoteException ex) {
// Ignore
}
// Watch for getting close to heap limit.
} else {
// Don't set application object here -- if the system crashes,
// we can't display an alert, we just want to die die die.
}
}
在 main 函数中创建 ActivityThread 对象时 , 会自动创建其内部的成员属性 , 包括主线程的 Handler , final H mH = new H() 成员 , H 类型就是 Handler 的子类 , private class H extends Handler ;
利用 Binder 调用 ActivityThread 的 bindApplication 方法 , public final void bindApplication , 在 bindApplication 方法中 , 接收 ActivityManagerService 发送来的参数 , 最后发送一条 Message 给 H mH 对象 , 即 Hander 子类对象 , sendMessage(H.BIND_APPLICATION, data) ;
最终由 H 对象 , private class H extends Handler 类型 , 处理上述逻辑 , 最终调用 handleBindApplication 方法处理 , private void handleBindApplication(AppBindData data) ;
final H mH = new H();
private class H extends Handler {
public void handleMessage(Message msg) {
switch (msg.what) {
case BIND_APPLICATION:
Trace.traceBegin(Trace.TRACE_TAG_ACTIVITY_MANAGER, "bindApplication");
AppBindData data = (AppBindData)msg.obj;
handleBindApplication(data);
Trace.traceEnd(Trace.TRACE_TAG_ACTIVITY_MANAGER);
break;
}
}
在 ActivityThread 的 handleBindApplication 方法中就是进行的 Application 准备工作 , 构建 Application , 并调用 Application 中的 onCreate 等生命周期函数 ;
在 handleBindApplication 方法 中 , Application app = data.info.makeApplication(data.restrictedBackupMode, null) , 此处创建 Application ;
应用 Application 的具体创建方法 , 需要查看该 data.info.makeApplication 方法 , makeApplication 是 data.info 对象中的函数 , data.info 对象类型是 android.app.LoadedApk 类型 , data.info 是调用 getPackageInfoNoCheck 获取的 , data.info = getPackageInfoNoCheck(data.appInfo, data.compatInfo) ;
private void handleBindApplication(AppBindData data) {
try {
// If the app is being launched for full backup or restore, bring it up in
// a restricted environment with the base application class.
Application app = data.info.makeApplication(data.restrictedBackupMode, null);
mInitialApplication = app;
} finally {
StrictMode.setThreadPolicy(savedPolicy);
}
}
ActivityThread 部分代码示例 :
public final class ActivityThread {
final ApplicationThread mAppThread = new ApplicationThread();
final Looper mLooper = Looper.myLooper();
final H mH = new H();
private class H extends Handler {
public void handleMessage(Message msg) {
switch (msg.what) {
case BIND_APPLICATION:
Trace.traceBegin(Trace.TRACE_TAG_ACTIVITY_MANAGER, "bindApplication");
AppBindData data = (AppBindData)msg.obj;
handleBindApplication(data);
Trace.traceEnd(Trace.TRACE_TAG_ACTIVITY_MANAGER);
break;
}
}
private void handleBindApplication(AppBindData data) {
try {
// If the app is being launched for full backup or restore, bring it up in
// a restricted environment with the base application class.
Application app = data.info.makeApplication(data.restrictedBackupMode, null);
mInitialApplication = app;
} finally {
StrictMode.setThreadPolicy(savedPolicy);
}
}
public final void bindApplication(String processName, ApplicationInfo appInfo,
List providers, ComponentName instrumentationName,
ProfilerInfo profilerInfo, Bundle instrumentationArgs,
IInstrumentationWatcher instrumentationWatcher,
IUiAutomationConnection instrumentationUiConnection, int debugMode,
boolean enableOpenGlTrace, boolean isRestrictedBackupMode, boolean persistent,
Configuration config, CompatibilityInfo compatInfo, Map services,
Bundle coreSettings) {
sendMessage(H.BIND_APPLICATION, data);
}
private void attach(boolean system) {
sCurrentActivityThread = this;
mSystemThread = system;
if (!system) {
RuntimeInit.setApplicationObject(mAppThread.asBinder());
final IActivityManager mgr = ActivityManagerNative.getDefault();
try {
mgr.attachApplication(mAppThread);
} catch (RemoteException ex) {
// Ignore
}
// Watch for getting close to heap limit.
} else {
// Don't set application object here -- if the system crashes,
// we can't display an alert, we just want to die die die.
}
}
public static void main(String[] args) {
Looper.prepareMainLooper();
ActivityThread thread = new ActivityThread();
thread.attach(false);
Looper.loop();
}
}
