PMS指的是PackageManagerService
1:什么是PMS 即PackageManagerService
PackageManagerService 负责应用程序的安装,卸载,应用信息查询
一个应用对应一个包
PackageManagerService 类关系图
下图的左侧是Client端,其余的右侧是Servier端
从上层调用的时候,Android studio中写一个测试方法
try {
context.getPackageManager().getPackageInfo("", 0);
} catch (PackageManager.NameNotFoundException e) {
e.printStackTrace();
}
这里的context.getPackageManager返回的是PackageManager,然后我们在搜索一下PackageManager,他是一个抽象类,里面有很多抽象方法。
public abstract class PackageManager {
public abstract PackageInfo getPackageInfo(String packageName, @PackageInfoFlags int flags)
throws NameNotFoundException;
@RequiresPermission(Manifest.permission.INTERACT_ACROSS_USERS)
public abstract PackageInfo getPackageInfoAsUser(String packageName,
@PackageInfoFlags int flags, @UserIdInt int userId) throws NameNotFoundException;
public abstract String[] currentToCanonicalPackageNames(String[] names);
public abstract String[] canonicalToCurrentPackageNames(String[] names);
public abstract @Nullable Intent getLaunchIntentForPackage(@NonNull String packageName);
//省略.....
}
转存失败重新上传取消
转存失败重新上传取消
转存失败重新上传取消
转存失败重新上传取消
转存失败重新上传取消
转存失败重新上传取消
我们怎么才能知道他的实现类是什么?
接着我们再搜索ApplicationPackageManager
public class ApplicationPackageManager extends PackageManager {
//重写PackageManager中的所有抽象方法
@Override
public PackageInfo getPackageInfo(String packageName, int flags)
throws NameNotFoundException {
return getPackageInfoAsUser(packageName, flags, mContext.getUserId());
}
@Override
public PackageInfo getPackageInfo(VersionedPackage versionedPackage, int flags)
throws NameNotFoundException {
try {
PackageInfo pi = mPM.getPackageInfoVersioned(versionedPackage, flags,
mContext.getUserId());
if (pi != null) {
return pi;
}
} catch (RemoteException e) {
throw e.rethrowFromSystemServer();
}
throw new NameNotFoundException(versionedPackage.toString());
}
}//这里我们重点看一下 他是如何拿到ApplicationPackageManager ,因为只有拿到它,才能获取到Server端中定义的那些内容
我们主要看一下这个方法,我们知道PackageManager的实现类是ApplicationPackageManager,所以我们去这里找一下这个方法,
后我们找到了 mPM这个变量。
private final IPackageManager mPM;IPackageManager 无法查看源码,我们去android的源码查看一下
位置:
转存失败重新上传取消转存失败重新上传取消
转存失败重新上传取消转存失败重新上传取消
转存失败重新上传取消转存失败重新上传取消
转存失败重新上传取消转存失败重新上传取消
转存失败重新上传取消转存失败重新上传取消
转存失败重新上传取消
是一个aidl文件,我们练习AIDL的时候知道,客户端和服务端都需要实现AIDL文件,点击运行的时候都会默认生成一个Stub的实现类和Proxy代理类,
interface IPackageManager {
void checkPackageStartable(String packageName, int userId);
boolean isPackageAvailable(String packageName, int userId);
PackageInfo getPackageInfo(String packageName, int flags, int userId);
PackageInfo getPackageInfoVersioned(in VersionedPackage versionedPackage,
int flags, int userId);
//省略,。。。。。
}类似于这样,
public interface MyIPackageManager extends android.os.IInterface {
public static abstract class Stub extends android.os.Binder implements com.asyn.task.mypmsdemo.MyIPackageManager {
private static final java.lang.String DESCRIPTOR = "com.asyn.task.mypmsdemo.MyIPackageManager";
public Stub() {
this.attachInterface(this, DESCRIPTOR);
}
public static com.asyn.task.mypmsdemo.MyIPackageManager asInterface(android.os.IBinder obj) {
if ((obj == null)) {
return null;
}
android.os.IInterface iin = obj.queryLocalInterface(DESCRIPTOR);
if (((iin != null) && (iin instanceof com.asyn.task.mypmsdemo.MyIPackageManager))) {
return ((com.asyn.task.mypmsdemo.MyIPackageManager) iin);
}
return new com.asyn.task.mypmsdemo.MyIPackageManager.Stub.Proxy(obj);
}
@Override
public android.os.IBinder asBinder() {
return this;
}
@Override
public boolean onTransact(int code, android.os.Parcel data, android.os.Parcel reply, int flags) throws android.os.RemoteException {
//省略
return super.onTransact(code, data, reply, flags);
}
private static class Proxy implements com.asyn.task.mypmsdemo.MyIPackageManager {
private android.os.IBinder mRemote;
Proxy(android.os.IBinder remote) {
mRemote = remote;
}
@Override
public android.os.IBinder asBinder() {
return mRemote;
}
public java.lang.String getInterfaceDescriptor() {
return DESCRIPTOR;
}
@Override
public android.content.pm.PackageInfo getPackageInfo(java.lang.String packageName, int flags, int userId) throws android.os.RemoteException {
//省略
mRemote.transact(Stub.TRANSACTION_getPackageInfo, _data, _reply, 0);
//省略
return _result;
}
}
static final int TRANSACTION_getPackageInfo = (android.os.IBinder.FIRST_CALL_TRANSACTION + 0);
}
public android.content.pm.PackageInfo getPackageInfo(java.lang.String packageName, int flags, int userId) throws android.os.RemoteException;
}
//
// 服务连接
private ServiceConnection conn = new ServiceConnection() {
@Override
public void onServiceConnected(ComponentName name, IBinder service) {
iLogin = ILoginInterface.Stub.asInterface(service);
}
@Override
public void onServiceDisconnected(ComponentName name) {
}
};开始调用mPM中的方法,而mPm又是一个aidl文件,从以前的文章中我们知道,Server向Binder声明注册成为ServerManager的时候,会现在本地创建一个Binder对象,并起名字,然后再将binder对象的引用和名字打包发送给ServerManager,插入链表结构。所以当Client端通过ServiceConnection连接服务器的时候,通过回调asInterface方法,将当前的Ibinder对象
aidl分两部分:
server端需要提供一个Interface 向外说明自己能够提供哪些方法,实现哪些功能
build后,发现编译器已经帮我们实现了IPackageManager.Stub,里面包括像client提供的
asInterface例子
public static com.netease.binder.ILoginInterface asInterface(android.os.IBinder obj) {
if ((obj == null)) {
return null;
}
android.os.IInterface iin = obj.queryLocalInterface(DESCRIPTOR);
if (((iin != null) && (iin instanceof com.netease.binder.ILoginInterface))) {
return ((com.netease.binder.ILoginInterface) iin);
}
return new com.netease.binder.ILoginInterface.Stub.Proxy(obj);
}方法,通过queryLocalInterface查询是否是本地的指向Java Binder对象的原始本机指针。如果有就返回本地指针,如果没有就返回代理对象。
然后我们再次回到上面的图:
转存失败重新上传取消转存失败重新上传取消
转存失败重新上传取消转存失败重新上传取消
转存失败重新上传取消转存失败重新上传取消
转存失败重新上传取消转存失败重新上传取消
转存失败重新上传取消转存失败重新上传取消
转存失败重新上传取消
调用到mPM这一层,就已经到了Servier端,我们看一下是如何调用到这里的。
我们从源码层拷贝一下
IPackageManager
interface MyIPackageManager {
PackageInfo getPackageInfo(String packageName, int flags, int userId);
}
然后我们运行一下,在MainActivity中写个变量,然后进入源码查看这个方法:
public interface MyIPackageManager extends android.os.IInterface {
/**
* Local-side IPC implementation stub class.
*/
public static abstract class Stub extends android.os.Binder implements com.asyn.task.mypmsdemo.MyIPackageManager {
private static final java.lang.String DESCRIPTOR = "com.asyn.task.mypmsdemo.MyIPackageManager";
/**
* Construct the stub at attach it to the interface.
*/
public Stub() {
this.attachInterface(this, DESCRIPTOR);
}
/**
* Cast an IBinder object into an com.asyn.task.mypmsdemo.MyIPackageManager interface,
* generating a proxy if needed.
*/
public static com.asyn.task.mypmsdemo.MyIPackageManager asInterface(android.os.IBinder obj) {
if ((obj == null)) {
return null;
}
android.os.IInterface iin = obj.queryLocalInterface(DESCRIPTOR);
if (((iin != null) && (iin instanceof com.asyn.task.mypmsdemo.MyIPackageManager))) {
return ((com.asyn.task.mypmsdemo.MyIPackageManager) iin);
}
return new com.asyn.task.mypmsdemo.MyIPackageManager.Stub.Proxy(obj);
}
@Override
public android.os.IBinder asBinder() {
return this;
}
@Override
public boolean onTransact(int code, android.os.Parcel data, android.os.Parcel reply, int flags) throws android.os.RemoteException {
switch (code) {
case INTERFACE_TRANSACTION: {
reply.writeString(DESCRIPTOR);
return true;
}
case TRANSACTION_getPackageInfo: {
data.enforceInterface(DESCRIPTOR);
java.lang.String _arg0;
_arg0 = data.readString();
int _arg1;
_arg1 = data.readInt();
int _arg2;
_arg2 = data.readInt();
android.content.pm.PackageInfo _result = this.getPackageInfo(_arg0, _arg1, _arg2);
reply.writeNoException();
if ((_result != null)) {
reply.writeInt(1);
_result.writeToParcel(reply, android.os.Parcelable.PARCELABLE_WRITE_RETURN_VALUE);
} else {
reply.writeInt(0);
}
return true;
}
}
return super.onTransact(code, data, reply, flags);
}
private static class Proxy implements com.asyn.task.mypmsdemo.MyIPackageManager {
private android.os.IBinder mRemote;
Proxy(android.os.IBinder remote) {
mRemote = remote;
}
@Override
public android.os.IBinder asBinder() {
return mRemote;
}
public java.lang.String getInterfaceDescriptor() {
return DESCRIPTOR;
}
@Override
public android.content.pm.PackageInfo getPackageInfo(java.lang.String packageName, int flags, int userId) throws android.os.RemoteException {
android.os.Parcel _data = android.os.Parcel.obtain();
android.os.Parcel _reply = android.os.Parcel.obtain();
android.content.pm.PackageInfo _result;
try {
_data.writeInterfaceToken(DESCRIPTOR);
_data.writeString(packageName);
_data.writeInt(flags);
_data.writeInt(userId);
mRemote.transact(Stub.TRANSACTION_getPackageInfo, _data, _reply, 0);
_reply.readException();
if ((0 != _reply.readInt())) {
_result = android.content.pm.PackageInfo.CREATOR.createFromParcel(_reply);
} else {
_result = null;
}
} finally {
_reply.recycle();
_data.recycle();
}
return _result;
}
}
static final int TRANSACTION_getPackageInfo = (android.os.IBinder.FIRST_CALL_TRANSACTION + 0);
}
public android.content.pm.PackageInfo getPackageInfo(java.lang.String packageName, int flags, int userId) throws android.os.RemoteException;
}我们分析一下这个类,MyIPackageManager 里面我们找到了getPackageInfo方法,我们知道MyIPackageManager是一个接口方法,那么它的实现方法是谁,是Proxy,我们看到Proxy实现了getPackageInfo这个方法,而这个方法最后调用了
这个是客户端通过Binder发送远程请求,我们接着看它法发送到了哪里我们从上面找到了Stub,这个里面实现了
onTransact
方法,我们再次看上图
转存失败重新上传取消转存失败重新上传取消
转存失败重新上传取消转存失败重新上传取消
转存失败重新上传取消转存失败重新上传取消
转存失败重新上传取消转存失败重新上传取消
转存失败重新上传取消转存失败重新上传取消
转存失败重新上传取消
通过代理方法发送远程请求发送出去以后,我们开始找接收方, 找到源码
转存失败重新上传取消转存失败重新上传取消
转存失败重新上传取消转存失败重新上传取消
转存失败重新上传取消转存失败重新上传取消
转存失败重新上传取消转存失败重新上传取消
转存失败重新上传取消转存失败重新上传取消
转存失败重新上传取消
我们发现PackageManagerService的类属性:
public class PackageManagerService extends IPackageManager.Stub implements PackageSender {
这里面有getPackageInfo方法
@Override
public PackageInfo getPackageInfo(String packageName, int flags, int userId) {
return getPackageInfoInternal(packageName, PackageManager.VERSION_CODE_HIGHEST,
flags, Binder.getCallingUid(), userId);
}
@Override
public PackageInfo getPackageInfoVersioned(VersionedPackage versionedPackage,
int flags, int userId) {
return getPackageInfoInternal(versionedPackage.getPackageName(),
versionedPackage.getLongVersionCode(), flags, Binder.getCallingUid(), userId);
}
/**
* Important: The provided filterCallingUid is used exclusively to filter out packages
* that can be seen based on user state. It's typically the original caller uid prior
* to clearing. Because it can only be provided by trusted code, it's value can be
* trusted and will be used as-is; unlike userId which will be validated by this method.
*/
private PackageInfo getPackageInfoInternal(String packageName, long versionCode,
int flags, int filterCallingUid, int userId) {
if (!sUserManager.exists(userId)) return null;
flags = updateFlagsForPackage(flags, userId, packageName);
mPermissionManager.enforceCrossUserPermission(Binder.getCallingUid(), userId,
false /* requireFullPermission */, false /* checkShell */, "get package info");
// reader
synchronized (mPackages) {
// Normalize package name to handle renamed packages and static libs
packageName = resolveInternalPackageNameLPr(packageName, versionCode);
final boolean matchFactoryOnly = (flags & MATCH_FACTORY_ONLY) != 0;
if (matchFactoryOnly) {
final PackageSetting ps = mSettings.getDisabledSystemPkgLPr(packageName);
if (ps != null) {
if (filterSharedLibPackageLPr(ps, filterCallingUid, userId, flags)) {
return null;
}
if (filterAppAccessLPr(ps, filterCallingUid, userId)) {
return null;
}
return generatePackageInfo(ps, flags, userId);
}
}
PackageParser.Package p = mPackages.get(packageName);
if (matchFactoryOnly && p != null && !isSystemApp(p)) {
return null;
}
if (DEBUG_PACKAGE_INFO)
Log.v(TAG, "getPackageInfo " + packageName + ": " + p);
if (p != null) {
final PackageSetting ps = (PackageSetting) p.mExtras;
if (filterSharedLibPackageLPr(ps, filterCallingUid, userId, flags)) {
return null;
}
if (ps != null && filterAppAccessLPr(ps, filterCallingUid, userId)) {
return null;
}
return generatePackageInfo((PackageSetting)p.mExtras, flags, userId);
}
if (!matchFactoryOnly && (flags & MATCH_KNOWN_PACKAGES) != 0) {
final PackageSetting ps = mSettings.mPackages.get(packageName);
if (ps == null) return null;
if (filterSharedLibPackageLPr(ps, filterCallingUid, userId, flags)) {
return null;
}
if (filterAppAccessLPr(ps, filterCallingUid, userId)) {
return null;
}
return generatePackageInfo(ps, flags, userId);
}
}
return null;
}到这为止,就已经将数据和请求发送到了服务端。
我们复习一下:
5:Binder的四个重要的对象
1:IBinder:是一个接口,代表跨进程通讯的能力或者功能,只要实现这个接口就可以跨进程传输了
2:IInterface:代表Server进程对象代表能够提供什么样的功能,什么样的方法,对应的就是AIDL定义的接口。
3:Binder:java层的Binder类,代表的就是Binder的本地对象,这里需要;了解这个BinderProxy,我们需要一个本地的代理来操 作Binder,通过BinderProxy来操作Binder。
4:Stub:就是Aidl的时候,编译工具会自动生成一个stub的静态内部类,他是继承了Binder,实现了IInterface的接口,表明具备了服务端对Clinet承诺接口的能力。他是一个抽象类,具体的实现需要我们自己去做
我们从上层调用了getPackageManager()方法,调用了PackageManager的子类的ApplicationPackageManager的getPackageInfo()方法,getPackageInfo通过代理对象来操控Binder,即将数据发送给服务端,而getPackageInfo就调用了Proxy代理类中的
mRemote.transact(Stub.TRANSACTION_getPackageInfo, _data, _reply, 0);方法,
mRemote又是 private android.os.IBinder mRemote; 实现了跨进程传输的能力。
之后我们找到PackageManagerService,发现它是继承IPackageManager.Stub,即我们自定义的MyIPackageManager,这样通信就被建立起来了。
2:Apk安装原理
界面安装分为有界面安装和无界面安装
有界面安装
转存失败重新上传取消转存失败重新上传取消
转存失败重新上传取消转存失败重新上传取消
转存失败重新上传取消转存失败重新上传取消
转存失败重新上传取消转存失败重新上传取消
转存失败重新上传取消转存失败重新上传取消
转存失败重新上传取消
有界面安装,调用的是PackageInstallerActivity
转存失败重新上传取消转存失败重新上传取消
转存失败重新上传取消转存失败重新上传取消
转存失败重新上传取消转存失败重新上传取消
转存失败重新上传取消转存失败重新上传取消
转存失败重新上传取消转存失败重新上传取消
转存失败重新上传取消
我们从源码分析一下
转存失败重新上传取消转存失败重新上传取消
转存失败重新上传取消转存失败重新上传取消
转存失败重新上传取消转存失败重新上传取消
转存失败重新上传取消转存失败重新上传取消
转存失败重新上传取消转存失败重新上传取消
转存失败重新上传取消
private void startInstall() {
// Start subactivity to actually install the application
Intent newIntent = new Intent();
newIntent.putExtra(PackageUtil.INTENT_ATTR_APPLICATION_INFO,
mPkgInfo.applicationInfo);
newIntent.setData(mPackageURI);
newIntent.setClass(this, InstallInstalling.class);
String installerPackageName = getIntent().getStringExtra(
Intent.EXTRA_INSTALLER_PACKAGE_NAME);
if (mOriginatingURI != null) {
newIntent.putExtra(Intent.EXTRA_ORIGINATING_URI, mOriginatingURI);
}
if (mReferrerURI != null) {
newIntent.putExtra(Intent.EXTRA_REFERRER, mReferrerURI);
}
if (mOriginatingUid != PackageInstaller.SessionParams.UID_UNKNOWN) {
newIntent.putExtra(Intent.EXTRA_ORIGINATING_UID, mOriginatingUid);
}
if (installerPackageName != null) {
newIntent.putExtra(Intent.EXTRA_INSTALLER_PACKAGE_NAME,
installerPackageName);
}
if (getIntent().getBooleanExtra(Intent.EXTRA_RETURN_RESULT, false)) {
newIntent.putExtra(Intent.EXTRA_RETURN_RESULT, true);
}
newIntent.addFlags(Intent.FLAG_ACTIVITY_FORWARD_RESULT);
if(localLOGV) Log.i(TAG, "downloaded app uri="+mPackageURI);
startActivity(newIntent);
finish();
}
2:无界面安装,就是通过adb push
转存失败重新上传取消转存失败重新上传取消
转存失败重新上传取消转存失败重新上传取消
转存失败重新上传取消转存失败重新上传取消
转存失败重新上传取消转存失败重新上传取消
转存失败重新上传取消转存失败重新上传取消
转存失败重新上传取消
调用的是C的代码,
转存失败重新上传取消转存失败重新上传取消
转存失败重新上传取消转存失败重新上传取消
转存失败重新上传取消转存失败重新上传取消
转存失败重新上传取消转存失败重新上传取消
转存失败重新上传取消转存失败重新上传取消
转存失败重新上传取消
int adb_commandline(int argc, const char** argv) {
int no_daemon = 0;
//省略..
}
static int install_app(int argc, const char** argv);
static int install_multiple_app(int argc, const char** argv);
static int uninstall_app(int argc, const char** argv);
static int install_app_legacy(int argc, const char** argv);
static int uninstall_app_legacy(int argc, const char** argv);
这里有安装和卸载的方法
因为我们知道上层调用到了PackageManagerService,我们来看一下
@Override
public void installPackageAsUser(String originPath, IPackageInstallObserver2 observer,
int installFlags, String installerPackageName, int userId) {
mContext.enforceCallingOrSelfPermission(android.Manifest.permission.INSTALL_PACKAGES, null);
final int callingUid = Binder.getCallingUid();
enforceCrossUserPermission(callingUid, userId,
true /* requireFullPermission */, true /* checkShell */, "installPackageAsUser");
if (isUserRestricted(userId, UserManager.DISALLOW_INSTALL_APPS)) {
try {
if (observer != null) {
observer.onPackageInstalled("", INSTALL_FAILED_USER_RESTRICTED, null, null);
}
} catch (RemoteException re) {
}
return;
}
if ((callingUid == Process.SHELL_UID) || (callingUid == Process.ROOT_UID)) {
installFlags |= PackageManager.INSTALL_FROM_ADB;
} else {
// Caller holds INSTALL_PACKAGES permission, so we're less strict
// about installerPackageName.
installFlags &= ~PackageManager.INSTALL_FROM_ADB;
installFlags &= ~PackageManager.INSTALL_ALL_USERS;
}
UserHandle user;
if ((installFlags & PackageManager.INSTALL_ALL_USERS) != 0) {
user = UserHandle.ALL;
} else {
user = new UserHandle(userId);
}
// Only system components can circumvent runtime permissions when installing.
if ((installFlags & PackageManager.INSTALL_GRANT_RUNTIME_PERMISSIONS) != 0
&& mContext.checkCallingOrSelfPermission(Manifest.permission
.INSTALL_GRANT_RUNTIME_PERMISSIONS) == PackageManager.PERMISSION_DENIED) {
throw new SecurityException("You need the "
+ "android.permission.INSTALL_GRANT_RUNTIME_PERMISSIONS permission "
+ "to use the PackageManager.INSTALL_GRANT_RUNTIME_PERMISSIONS flag");
}
if ((installFlags & PackageManager.INSTALL_FORWARD_LOCK) != 0
|| (installFlags & PackageManager.INSTALL_EXTERNAL) != 0) {
throw new IllegalArgumentException(
"New installs into ASEC containers no longer supported");
}
final File originFile = new File(originPath);
final OriginInfo origin = OriginInfo.fromUntrustedFile(originFile);
final Message msg = mHandler.obtainMessage(INIT_COPY);
final VerificationInfo verificationInfo = new VerificationInfo(
null /*originatingUri*/, null /*referrer*/, -1 /*originatingUid*/, callingUid);
final InstallParams params = new InstallParams(origin, null /*moveInfo*/, observer,
installFlags, installerPackageName, null /*volumeUuid*/, verificationInfo, user,
null /*packageAbiOverride*/, null /*grantedPermissions*/,
null /*certificates*/, PackageManager.INSTALL_REASON_UNKNOWN);
params.setTraceMethod("installAsUser").setTraceCookie(System.identityHashCode(params));
msg.obj = params;
Trace.asyncTraceBegin(TRACE_TAG_PACKAGE_MANAGER, "installAsUser",
System.identityHashCode(msg.obj));
Trace.asyncTraceBegin(TRACE_TAG_PACKAGE_MANAGER, "queueInstall",
System.identityHashCode(msg.obj));
mHandler.sendMessage(msg);
}总结:
转存失败重新上传取消转存失败重新上传取消
转存失败重新上传取消转存失败重新上传取消
转存失败重新上传取消转存失败重新上传取消
转存失败重新上传取消转存失败重新上传取消
转存失败重新上传取消转存失败重新上传取消
转存失败重新上传取消
Apk的安装原理
安装其实就是把apk文件copy到了对应的目录:
1:data/app/包名-------安装时apk文件复制到此目录,---可以将文件取出并安装,和我们本身的apk一样。
data/data/packagename/(test.apk)
2 :data/data/包名----开辟存放应用程序的文件数据的文件夹,包括i哦应用的so库,缓存文件等等
data/data/packagename/(db,cache)
3:将apk中的dex文件安装到data/dalvik-cache目录下(dex文件是dalvik虚拟机的可执行文件,其大小为原始apk文件大小的1/4
data/dalvik-cache/(profiles.x86)
2949
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
