-
-
[原创]三行代码获取特定广播的所有接收者
-
发表于: 2012-9-26 15:20
-
Android中收到短信等事件都是通过广播发送给应用程序的,360手机卫士等程序都是通过注
册高优先级的BroadcastReceiver来实现短信防火墙等功能。对于我们来说很想知道系统中都有
哪些程序注册了BroadcastReceiver,但是通过什么方法能获取系统BroadcastReceiver的列
表呢?
我在群里问了一下,他们告诉我的答案居然是分析所有apk的AndroidManifest.xml,再加上
解析dex里面的动态注册!而这根本不是我想达到的目的,我要知道的是目前系统中实时的
BroadcastReceiver,而不是通过静态分析得到。于是我开始看Android Framework代码,想
搞清楚广播的实现机制到底是怎样的。
注册BroadcastReceiver的过程是这样的:Activity调用registerReceiver,然后经过几层
内部类接口的调用之后,通过Binder机制与ActivityManagerService通信,而
ActivityManagerService里有一个ReceiverList保存着系统所有的BroadcastReceiver。
发送广播的过程是:Activity向ActivityManagerService发送广播,
ActivityManagerService查找ReceiverList,通过比对IntentFilter找到所有对应的
BroadcastReceiver,根据BroadcastReceiver的优先级进行排序后,扔进广播发送队列里。
而后由专门的线程负责投递广播消息。
大致的过程就是这样的,那么目标就是获取ActivityManagerService中的ReceiverList。
一开始我想的办法是:因为ActivityManagerService是一个单独的进程(system_server),
我们可以通过注入system_server进程来获得ReceiverList。但是由于
ActivityManagerService是java实现的,无法直接获得ReceiverList,要解析java的数据结构
难度就太大了。
于是又再次查看
frameworks/base/services/java/com/android/server/am/ActivityManagerService.java:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 | public final class ActivityManagerService extends ActivityManagerNative implements Watchdog.Monitor, BatteryStatsImpl.BatteryCallback { ...... private final int broadcastIntentLocked(ProcessRecord callerApp, String callerPackage, Intent intent, String resolvedType, IIntentReceiver resultTo, int resultCode, String resultData, Bundle map, String requiredPermission, boolean ordered, boolean sticky, int callingPid, int callingUid) { intent = new Intent(intent); ...... // Figure out who all will receive this broadcast. List receivers = null; List<BroadcastFilter> registeredReceivers = null; try { if (intent.getComponent() != null) { ...... } else { ...... registeredReceivers = mReceiverResolver.queryIntent(intent, resolvedType, false); } } catch (RemoteException ex) { ...... } final boolean replacePending = (intent.getFlags()&Intent.FLAG_RECEIVER_REPLACE_PENDING) != 0; int NR = registeredReceivers != null ? registeredReceivers.size() : 0; if (!ordered && NR > 0) { // If we are not serializing this broadcast, then send the // registered receivers separately so they don't wait for the // components to be launched. BroadcastRecord r = new BroadcastRecord(intent, callerApp, callerPackage, callingPid, callingUid, requiredPermission, registeredReceivers, resultTo, resultCode, resultData, map, ordered, sticky, false); ...... boolean replaced = false; if (replacePending) { for (int i=mParallelBroadcasts.size()-1; i>=0; i--) { if (intent.filterEquals(mParallelBroadcasts.get(i).intent)) { ...... mParallelBroadcasts.set(i, r); replaced = true; break; } } } if (!replaced) { mParallelBroadcasts.add(r); scheduleBroadcastsLocked(); } registeredReceivers = null; NR = 0; } ...... } ......} |
1 | registeredReceivers = mReceiverResolver.queryIntent(intent, resolvedType, false); |
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
|
|
|---|---|
|
|
 顶一个!!!
|
|
|
没抢到沙发~
|
|
|
|
|
|
好帖,必须支持
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
牛人,找了很长时间如何获取动态注册的Receiver,原来几行代码就可以搞定了!
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
膜拜~
|
|
|
|
|
|
|
|
|
|
