【Binder 机制】Native 层 Binder 机制分析 ( 注册 Binder 服务 | svcmgr_handler | do_add_service | find_svc )

int svcmgr_handler(struct binder_state *bs,
                   struct binder_transaction_data *txn,
                   struct binder_io *msg,
                   struct binder_io *reply)
{
	// 链表 
    struct svcinfo *si;

	// 根据不同的 txn->code 执行不同的方法 
    switch(txn->code) {
    case SVC_MGR_ADD_SERVICE:// 收到消息 , 添加一个 Binder 服务
        s = bio_get_string16(msg, &len);
        if (s == NULL) {
            return -1;
        }
        handle = bio_get_ref(msg);
        allow_isolated = bio_get_uint32(msg) ? 1 : 0;
        dumpsys_priority = bio_get_uint32(msg);
        if (do_add_service(bs, s, len, handle, txn->sender_euid, allow_isolated, dumpsys_priority,
                           txn->sender_pid))
            return -1;
        break;
    }
    return 0;
}

int do_add_service(struct binder_state *bs, const uint16_t *s, size_t len, uint32_t handle,
                   uid_t uid, int allow_isolated, uint32_t dumpsys_priority, pid_t spid) {
    struct svcinfo *si;
    
    if (!handle || (len == 0) || (len > 127))
        return -1;

	// 权限检测 : 检测是否有权限注册 Service 
    if (!svc_can_register(s, len, spid, uid)) {
        ALOGE("add_service('%s',%x) uid=%d - PERMISSION DENIED\n",
             str8(s, len), handle, uid);
        // 权限检测失败直接返回 
        return -1;
    }// 权限检测通过 

	// 查找 Service 
    si = find_svc(s, len);
    if (si) { // 查找到服务 , 服务不为空 
    	
        if (si->handle) {
            ALOGE("add_service('%s',%x) uid=%d - ALREADY REGISTERED, OVERRIDE\n",
                 str8(s, len), handle, uid);

			// 服务不为空时的处理 
			// 如果之前注册过该服务 , 则先释放服务 
            svcinfo_death(bs, si);
        }
        si->handle = handle;
    } else { // 没有查找到服务 , 服务为空 
		// 为服务分配内存空间 
        si = malloc(sizeof(*si) + (len + 1) * sizeof(uint16_t));
        if (!si) {
        	// 内存不足 , 注册失败 
            ALOGE("add_service('%s',%x) uid=%d - OUT OF MEMORY\n",
                 str8(s, len), handle, uid);
            return -1;
        }
        si->handle = handle;
        si->len = len;
        memcpy(si->name, s, (len + 1) * sizeof(uint16_t));
        si->name[len] = '\0';
        si->death.func = (void*) svcinfo_death;
        si->death.ptr = si;
        si->allow_isolated = allow_isolated;
        si->dumpsys_priority = dumpsys_priority;
        // 设置成功后 , 将分配的 si 挂载到 svclist 链表中 
        si->next = svclist;
        svclist = si;
    }

    binder_acquire(bs, handle);
    binder_link_to_death(bs, handle, &si->death);
    return 0;
}

static int svc_can_register(const uint16_t *name, size_t name_len, pid_t spid, uid_t uid)
{
    const char *perm = "add";

    if (multiuser_get_app_id(uid) >= AID_APP) {
        return 0; /* Don't allow apps to register services */
    }

    return check_mac_perms_from_lookup(spid, uid, perm, str8(name, name_len)) ? 1 : 0;
}

struct svcinfo *svclist = NULL;

struct svcinfo *find_svc(const uint16_t *s16, size_t len)
{
    struct svcinfo *si;

    for (si = svclist; si; si = si->next) {
    	// 先匹配长度是否一样
        if ((len == si->len) &&
        	// 然后匹配名字是否一样
            !memcmp(s16, si->name, len * sizeof(uint16_t))) {
            // 如果查找到对应服务 , 返回该服务 
            return si;
        }
    }
    // 如果没有找到服务 , 则返回空 
    return NULL;
}

void svcinfo_death(struct binder_state *bs, void *ptr)
{
    struct svcinfo *si = (struct svcinfo* ) ptr;

    ALOGI("service '%s' died\n", str8(si->name, si->len));
    if (si->handle) {
    	// 如果之前注册过 Binder , 先释放 Binder 
        binder_release(bs, si->handle);
        si->handle = 0;
    }
}