@TOC

How is ANR generated in a Service?

There are two kinds of services. At the front desk Service timeout for SERVICE_TIMEOUT = 20 s background services timeout for SERVICE_BACKGROUD_TIMEOUT = 200 s according to the variable ProcessRecord. ExecServicesFg Service Service is to determine at the front desk Service or the background TimeOut is triggered when the ams. MainHandler in the “ActivityManager” thread receives the SERVICE_TIMEOUT_MSG message.

The client (App process) sends a request to the central control system (System_server process) to start the service. The central control system sends an idle communicator (binder_1 thread) to receive the request, and then sends a message to the component manager (ActivityManager thread). Time bomb planted Communicator 1 (binder_1) tells the site communicator to get ready to start work. Communicator 3 (binder_3) receives the task and passes it on to the contractor. After completing the service startup lifecycle, the contractor waits for SharedPreferences(SP) to persist. The contractor shall immediately report the work to the central control system after the completion of the SP execution. The communicator no. 2 (Binder_2) of the central control system shall immediately dismantle the bomb after receiving the contractor’s completion report. If the bomb is defused before the bomb countdown is over it will be fine, otherwise it will trigger an explosion (trigger ANR)

Service Startup Process

1. When startService is called in the Activity, the startService method of the ContextWrappper is called, where mBase is ContextImpl

2. The startServiceCommon method is called

3. Create AMP by calling getDefult of AMN and startService of AMP

You can see that the getDefult() function of ActivityManagerNative is called

The create method returns an AMP object,

Through Binder communication, an IActitityManager service interface is created, which is implemented by both AMP and AMS. AMP as the client of Binder communication, AMS as the server of Binder communication, AMP’s startService will eventually call AMS’s startService method in AMP’s startService. AMN onTransact (AMP is an internal class of AMN and implements the IActivityManager interface)

Conclusion: ==AMP calls getDefult() to create the ActivityManager interface with a singleton (AvtivityManagerProxy and AMS implement this interface), and then calls the startService function with getDefult. This is the AMP startService function. Binder drives back to AMN’s onTransact function, which calls AMS’s startService (AMS inherits from AMN) == 4. In AMN’s onTransact method, the PROXY object of ATN, namely ATP (ApplicationThreadProxy), is generated, followed by the call to AMS’s startService method. ApplicationThreadNative (ATN) is the server of Binder communication, and ATP is the client of Binder communication. (The process that initiates and starts the service is A, and the ServiceManagerService is B. Process A uses the IActivityManager interface with Binder to initiate requests from process B, and process B uses the IApplicationThread interface with Binder to initiate requests from process A.

Class diagram for IApplicationThread:

MServices = new ActiveServices(this); Answering questions point 3: Binder. ClearCallingIdentity () and Binder. The restoreCallingIdentity represent what mean? What does it do?

6.ActivityServices startServicesLocked

7. You can see that the startServieInnerLocked method is called:

8. The bringupServiceLocked method is next called:

RealStartServiceLocked (); realStartServiceLocked(); = = if the query is less than that process does not exist, needs to call startProcessLocked creation process, in this method will be called AMS. AttachApplicationLocked, and then execute realStartServiceLocked () function. AMS attachApplicationLocked

AttachApplicationLocked (mServices) is called:

You can see that the readlStartServiceLocked method is still called. ReadlStartServiceLocked (); readlStartServiceLocked (); readlStartServiceLocked ();

11. You can see call bumpServiceExecutingLocked time delay method. The delay message is cancelled in the later scheduleCreateService and ANR is sent if the timeout is not cancelled.

12. You can see that the last line sends a delayed message. Analysis the bumpServiceExecutingLocked method, the following analysis service enters the OnCreate process namely ApplicationThreadProxy scheduleCreateService method:

13. OnTransact in ATN receives and prepares the data needed to create in AT without sending the message to ActivityThread for processing

Conclusion: = = by using ATP/ATN the Binder object is complete from system_server’s process to the Service’s process invocation process = = 14. In ActivityThread the handlerMessage callback will filter through and call handleCreateServices

15. You can see that the OnCreate method of the Service is called, entering the Service lifecycle, and removing the delayed message at the end

Conclusion: 1. = = ContextImpl invokes the AMN for AMT, AMT by Binder and AMS in communication (AMS) after access to the ATP in AMN calls, the AMS will determine whether there is any Service of process. (AMT is in app process corresponding to Binder client, AMS is in System_server process corresponding to Binder server) ==

2.== Create ActivityServices (AS) in AMS and call startServiceInnerLocked of AS. RealStartServicLocked calls realStartServicLocked, which sends delayed messages to app processes via ATP (Binder clients). If the process is not already created, the new process will be called to AMS attachApplicatiionLocked with Binder, and realStartServiceLocked== will be called from inside

Remaining issues:

1. Interprocess communication is driven by Binder. The SystemServer process notifies the Zygote fork process by sokect. What are the two pairs of binders involved in services? How is the correspondence done?

The app process notifies AMS’s SystemServer process that communication is done with the Binder pairs AMP (client) and AMS (server). = =

The SystemServer process on which AMS is based notifies the APP process to start the service through the Binder pairs ATP (client) and ATN (server).

AMP is an internal class of AMN and AMS inherits from AMN.

2. Why is ATP created in AMN?

This approach was abandoned after API26.

Android API 26 ActivityManagerNative class deprecated. The proxy class ActivityManagerProxy has been removed. Use AIDL instead. = =

3: Binder. ClearCallingIdentity () and the Binder. RestoreCallingIdentity represent what mean? What does it do?

= = Binder. ClearCallingIdentity () function is to clear the remote call the pid and uid with the current process of pid and uid = = instead

. = = and Binder restoreCallingIdentity is to restore the function of remote calls the pid and uid = =.

When other components in the same thread are called, the PID and UID on the remote calling side need to be cleared first and restored when the call is complete.

4. What is the difference between api26 and API25 when starting a Service?

The above analysis is the Service startup process of API25.

Let’s take a look at the changes in the communication mode between APP process and AMS:

In the third step above is the IActivityManager generated by AMN’s static method asInterface.

And is used in 26: IActivityManager Stub. AsInterface (b); Stub. AsInterface calls queryLocalInterface. Api25 and API26 are essentially the same.

Let’s look at the communication between AMS and app process:

Api25 uses ATP and ATN implementations corresponding to Binder clients and servers. = =

Api26 uses app.thread, which is an inner class of ActivityThread. = =