-
-
[原创]三行代码获取特定广播的所有接收者
-
发表于: 2012-9-26 15:20
-
Android中收到短信等事件都是通过广播发送给应用程序的,360手机卫士等程序都是通过注
册高优先级的BroadcastReceiver来实现短信防火墙等功能。对于我们来说很想知道系统中都有
哪些程序注册了BroadcastReceiver,但是通过什么方法能获取系统BroadcastReceiver的列
表呢?
我在群里问了一下,他们告诉我的答案居然是分析所有apk的AndroidManifest.xml,再加上
解析dex里面的动态注册!而这根本不是我想达到的目的,我要知道的是目前系统中实时的
BroadcastReceiver,而不是通过静态分析得到。于是我开始看Android Framework代码,想
搞清楚广播的实现机制到底是怎样的。
注册BroadcastReceiver的过程是这样的:Activity调用registerReceiver,然后经过几层
内部类接口的调用之后,通过Binder机制与ActivityManagerService通信,而
ActivityManagerService里有一个ReceiverList保存着系统所有的BroadcastReceiver。
发送广播的过程是:Activity向ActivityManagerService发送广播,
ActivityManagerService查找ReceiverList,通过比对IntentFilter找到所有对应的
BroadcastReceiver,根据BroadcastReceiver的优先级进行排序后,扔进广播发送队列里。
而后由专门的线程负责投递广播消息。
大致的过程就是这样的,那么目标就是获取ActivityManagerService中的ReceiverList。
一开始我想的办法是:因为ActivityManagerService是一个单独的进程(system_server),
我们可以通过注入system_server进程来获得ReceiverList。但是由于
ActivityManagerService是java实现的,无法直接获得ReceiverList,要解析java的数据结构
难度就太大了。
于是又再次查看
frameworks/base/services/java/com/android/server/am/ActivityManagerService.java:
public final class ActivityManagerService extends ActivityManagerNative
implements Watchdog.Monitor, BatteryStatsImpl.BatteryCallback {
......
private final int broadcastIntentLocked(ProcessRecord callerApp,
String callerPackage, Intent intent, String resolvedType,
IIntentReceiver resultTo, int resultCode, String resultData,
Bundle map, String requiredPermission,
boolean ordered, boolean sticky, int callingPid, int callingUid) {
intent = new Intent(intent);
......
// Figure out who all will receive this broadcast.
List receivers = null;
List<BroadcastFilter> registeredReceivers = null;
try {
if (intent.getComponent() != null) {
......
} else {
......
registeredReceivers = mReceiverResolver.queryIntent(intent, resolvedType, false);
}
} catch (RemoteException ex) {
......
}
final boolean replacePending =
(intent.getFlags()&Intent.FLAG_RECEIVER_REPLACE_PENDING) != 0;
int NR = registeredReceivers != null ? registeredReceivers.size() : 0;
if (!ordered && NR > 0) {
// If we are not serializing this broadcast, then send the
// registered receivers separately so they don't wait for the
// components to be launched.
BroadcastRecord r = new BroadcastRecord(intent, callerApp,
callerPackage, callingPid, callingUid, requiredPermission,
registeredReceivers, resultTo, resultCode, resultData, map,
ordered, sticky, false);
......
boolean replaced = false;
if (replacePending) {
for (int i=mParallelBroadcasts.size()-1; i>=0; i--) {
if (intent.filterEquals(mParallelBroadcasts.get(i).intent)) {
......
mParallelBroadcasts.set(i, r);
replaced = true;
break;
}
}
}
if (!replaced) {
mParallelBroadcasts.add(r);
scheduleBroadcastsLocked();
}
registeredReceivers = null;
NR = 0;
}
......
}
......
}
registeredReceivers = mReceiverResolver.queryIntent(intent, resolvedType, false);
[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!
|
|
|---|---|
|
|
 顶一个!!!
|
|
|
没抢到沙发~
|
|
|
|
|
|
好帖,必须支持
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
牛人,找了很长时间如何获取动态注册的Receiver,原来几行代码就可以搞定了!
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
膜拜~
|
|
|
|
|
|
|
|
|
|
