Android4.4 RIL软件框架

    文主要对android4.4 RIL的telephony与modem的命令交互流程进行分析,当然本文不是重点介绍telephony。
telephony涉及具体业务逻辑内容比较多,包括sim、dail、sms、network等等,以后会针对这些内容学习分析。

RIL在Android体系中的位置:

Android4.4 RIL软件框架_第1张图片

 

(A) 应用层发起访问modem的请求

(B) RILD进程

 

(A) 应用层发起访问modem的请求

       frameworks/opt/telephony/src/java/com/android/internal/telephony/RIL.java中的类RIL,提供了一系
列的接口给上层应用调用,以访问modem。当然这些接口并不是直接给APP使用,而是由framework中sim、dail、
sms、network等相关服务调用。
如: 以查询SIM卡状态getIccCardStatus()为例,该API为UiccController模块所调用:

完整的SIM卡请求log:
10-11 12:21:43.630 D/RILJ ( 1833): [3653]> GET_SIM_STATUS
10-11 12:21:43.630 D/RILC ( 1286): [0005]> GET_SIM_STATUS
10-11 12:21:43.630 D/RILC ( 1286): onRequest: GET_SIM_STATUS
10-11 12:21:43.630 D/ATC ( 1286): AT> AT+CPIN?
10-11 12:21:43.640 D/ATC ( 1286): AT< +CPIN: READY
10-11 12:21:43.640 D/ATC ( 1286): AT< OK
10-11 12:21:43.640 D/RILC ( 1286): [0005]< GET_SIM_STATUS {[app_type=1,app_state=5,perso_substate=2,aid_ptr=(null),app_label_ptr=(null),pin1_replaced=0,pin1=0,pin2=0],}
10-11 12:21:43.640 D/RILJ ( 1833): [3653]< GET_SIM_STATUS IccCardState {CARDSTATE_PRESENT,PINSTATE_UNKNOWN,num_apps=1,gsm_id=0{APPTYPE_SIM,APPSTATE_READY},cdma_id=8,ims_id=8}

发起请求:

       frameworks/opt/telephony/src/java/com/android/internal/telephony/RIL.java

@Override                                                                                                                            
    public void                                                                                                                          
    getIccCardStatus(Message result) {                                                                                                   
        //Note: This RIL request has not been renamed to ICC,                                                                            
        //       but this request is also valid for SIM and RUIM                                                                         
        RILRequest rr = RILRequest.obtain(RIL_REQUEST_GET_SIM_STATUS, result);             /* 获取一个RILRequest */                                                       
                                                                                                                                         
        if (RILJ_LOGD) riljLog(rr.serialString() + "> " + requestToString(rr.mRequest));   /* 参考log:[3653]> GET_SIM_STATUS */                                              
                                                                                                                                         
        send(rr);                                                                          /* 发送请求 */                                                                                                                     
    }

 

       RILRequest.obtain是从内存池获取一个RILRequest实例,并初始化:

       frameworks/opt/telephony/src/java/com/android/internal/telephony/RIL.java

class RILRequest {
            static final String LOG_TAG = "RilRequest";
            
            ... ...
            
            static RILRequest obtain(int request, Message result) {
                RILRequest rr = null;                                                                                                            
                                                                                                                                                 
                synchronized(sPoolSync) {   /* 从内存池中取出一个RILRequest对象*/                                                                
                    if (sPool != null) {                                                                                                         
                        rr = sPool;                                                                                                              
                        sPool = rr.mNext;                                                                                                        
                        rr.mNext = null;                                                                                                         
                        sPoolSize--;                                                                                                             
                    }                                                                                                                            
                }                                                                                                                                
                                                                                                                                                 
                if (rr == null) {           /* 如果内存池中没有,则实例化一个 */                                                                 
                    rr = new RILRequest();                                                                                                       
                }                                                                                                                                
                                                                                                                                                 
                rr.mSerial = sNextSerial.getAndIncrement();   /* 获取串号,并且+1 */                                                             
                                                                                                                                                 
                rr.mRequest = request;      /* 对应RIL_REQUEST_*请求 */                                                                          
                rr.mResult = result;                                                                                                             
                rr.mParcel = Parcel.obtain();   /* 初始化一个Parcel,用于封包以发送给底层RILD */                                                 
                                                                                                                                                 
                if (result != null && result.getTarget() == null) {                                                                              
                    throw new NullPointerException("Message target must not be null");                                                           
                }                                                                                                                                
                                                                                                                                                 
                // first elements in any RIL Parcel                                                                                              
                rr.mParcel.writeInt(request);   /* 每个RIL Parcel最开始也最基本的两个元素 */                                                     
                rr.mParcel.writeInt(rr.mSerial);

                return rr;                  /* 返回这个从内存池中获取的实例 */
            }
            
            ... ...
            
            String
            serialString() {
                //Cheesy way to do %04d
                StringBuilder sb = new StringBuilder(8);   /* 创建一个StringBuilder实例用于操作字符串 */
                String sn;

                long adjustedSerial = (((long)mSerial) - Integer.MIN_VALUE)%10000;

                sn = Long.toString(adjustedSerial);        /* 把数值转换成字符串 */

                //sb.append("J[");
                sb.append('[');
                for (int i = 0, s = sn.length() ; i < 4 - s; i++) {
                    sb.append('0');
                }

                sb.append(sn);
                sb.append(']');
                return sb.toString();                      /* 转换出来的字符串格式: [xxxx] */
            }
            
            ... ...
    }  

 

send(rr)发送请求到服务端:
frameworks/opt/telephony/src/java/com/android/internal/telephony/RIL.java

private void
    send(RILRequest rr) {                                                                                                                
        Message msg;                                                                                                                     
        
        ... ...                                                                                                                              
        
        msg = mSender.obtainMessage(EVENT_SEND, rr); /* 发送EVENT_SEND时间,时间参数为RILRequest */                                      
        
        acquireWakeLock();                           /* 获取wakelock,禁止进入休眠 */                                                    
        
        msg.sendToTarget();                          /* message从handler类获取,从而可以直接向该handler对象发送消息。target就是创建message的handler */
    } 

 

        实际上telephony无法直接与modem通讯,由于每个厂商的modem都不一样,modem存在于系统中的方式
也不一样,如:有的CPU芯片厂商的modem是以一个CP核的方式集成在基带上(高通、展讯等),有的CPU芯
片(Exynos 4412等)需要通过串口/USB外接modem模块,如:BC72 LTE模块等。
send(rr)向RILD发送请求,这里涉及一个进程间通信问题,而且Java侧与C++侧的进程通讯,当然这里并没
有用Android开发的朋友都熟悉的Bind,而是socket。
telephony/Java侧RIL命令交互的处理,暂且称为RILJ。
RILJ作为socket的客户端,RILD(rild进程)作为服务端,后面会分析rild进程。

socket客户端的创建:

        frameworks/opt/telephony/src/java/com/android/internal/telephony/RIL.java

public RIL(Context context, int preferredNetworkType, int cdmaSubscription) {                                                        
        ... ...
                                                                                                                                     
        mSenderThread = new HandlerThread("RILSender");               /* 创建RILSender线程 */                                                                             
        mSenderThread.start();                                                                                                           
                                                                                                                                         
        Looper looper = mSenderThread.getLooper();                                                                                       
        mSender = new RILSender(looper);                                                                                                 
                                                                                                                                         
        ConnectivityManager cm = (ConnectivityManager)context.getSystemService(                                                          
                Context.CONNECTIVITY_SERVICE);                                                                                           
        if (cm.isNetworkSupported(ConnectivityManager.TYPE_MOBILE) == false) {                                                           
            riljLog("Not starting RILReceiver: wifi-only");                                                                              
        } else {                                                                                                                         
            riljLog("Starting RILReceiver");                                                                                             
            mReceiver = new RILReceiver();                                                                                               
            mReceiverThread = new Thread(mReceiver, "RILReceiver");   /* 创建RILReceiver线程 */
            mReceiverThread.start();  
            
            ... ...   
        }
        
        ... ...
    }
    
    class RILReceiver implements Runnable {                                                                                              
        byte[] buffer;                                                                                                                   
        
        RILReceiver() {                                                     /* 构造时,分配一个数组 */                                   
            buffer = new byte[RIL_MAX_COMMAND_BYTES];                                                                                    
        }                                                                                                                                
        
        @Override
        public void                                                         
        run() {                                                             /* 循环读取从RILD返回或主动上报的数据 */                     
            int retryCount = 0;                                                                                                          
            
            try {for (;;) { 
                LocalSocket s = null;                                                                                                    
                LocalSocketAddress l;                                                                                                    
                
                try { 
                    s = new LocalSocket();                                  /* 创建一个socket客户端 */                                   
                    l = new LocalSocketAddress(SOCKET_NAME_RIL,
                            LocalSocketAddress.Namespace.RESERVED);         
                    s.connect(l);                                           /* 连接服务器 */  
                }
                
                ... ...
            }
            
            ... ... 
            
            try {
                InputStream is = mSocket.getInputStream();                    /* 循环读取socket的数据 */

                for (;;) {
                    Parcel p;

                    length = readRilMessage(is, buffer);                      /* 解析socket数据 */

                    if (length < 0) {
                        // End-of-stream reached
                        break;
                    }

                    p = Parcel.obtain();                                      /* 获取一个Parcel */
                    p.unmarshall(buffer, 0, length);                          /* 读取出来的就是之前序列化的byte数组,所以要进行一个反序列化操作 */
                    p.setDataPosition(0);                                     /* 从buffer转换到Parcel之后,需要将指针手动指向到最初的位置 */

                    //Rlog.v(RILJ_LOG_TAG, "Read packet: " + length + " bytes");

                    processResponse(p);
                    p.recycle();                                              /* 数据处理完后,需要回收Parcel的内存 */
                }
            }
            
            ... ...
    }

 

        RILReceiver线程创建socket客户端,连接服务端,然后进入等待服务端的processResponse消息处理循环,RILJ
接收到RILD回复的response返回RIL请求的发起者,以getIccCardStatus(Message result)为例,processResponse(p)
会把DRILD的response返回给UiccController

frameworks/opt/telephony/src/java/com/android/internal/telephony/RIL.java

private static int readRilMessage(InputStream is, byte[] buffer)
            throws IOException {
        int countRead;
        int offset;
        int remaining;
        int messageLength;

        // First, read in the length of the message
        offset = 0;
        remaining = 4;
        do {
            countRead = is.read(buffer, offset, remaining);                   /* 读出消息的4字节长度 */

            if (countRead < 0 ) {
                Rlog.e(RILJ_LOG_TAG, "Hit EOS reading message length");
                return -1;
            }

            offset += countRead;
            remaining -= countRead;
        } while (remaining > 0);

        messageLength = ((buffer[0] & 0xff) << 24)                            /* 获取长度 */
                | ((buffer[1] & 0xff) << 16)
                | ((buffer[2] & 0xff) << 8)
                | (buffer[3] & 0xff);

        // Then, re-use the buffer and read in the message itself
        offset = 0;
        remaining = messageLength;
        do {
            countRead = is.read(buffer, offset, remaining);                   /* 读取剩余的数据 */

            if (countRead < 0 ) {
                Rlog.e(RILJ_LOG_TAG, "Hit EOS reading message.  messageLength=" + messageLength
                        + " remaining=" + remaining);
                return -1;
            }

            offset += countRead;
            remaining -= countRead;
        } while (remaining > 0);

        return messageLength;
    }

    private void
    processResponse (Parcel p) {
        int type;

        type = p.readInt();                          /* 从RILD返回的数据第一个字节,表示请求的返回类型:RESPONSE_UNSOLICITED/RESPONSE_SOLICITED */

        if (type == RESPONSE_UNSOLICITED) {
            processUnsolicited (p);                  /* 主动上报 */
        } else if (type == RESPONSE_SOLICITED) {
            RILRequest rr = processSolicited (p);    /* 普通请求对应的同步上报 */
            if (rr != null) {
                rr.release();                        /* 释放对应的RILRequest内存和wakelock */
                decrementWakeLock();
            }
        }
    }

 

        RILD的response一般有两种,一种是RILJ普通请求,RILD对RILJ请求的response (RESPONSE_SOLICITED),另一种是RILD主动上报的
response (RESPONSE_UNSOLICITED), processResponse (Parcel p)分别对这两种情况的response进行处理。

frameworks/opt/telephony/src/java/com/android/internal/telephony/RIL.java

private RILRequest
    processSolicited (Parcel p) {
        int serial, error;
        boolean found = false;

        serial = p.readInt();                          /* 串号,也就是token */
        error = p.readInt();                           /* 错误码 */

        RILRequest rr;

        rr = findAndRemoveRequestFromList(serial);     /* 根据taken取出对应的RILRequest */

        ... ...
             */
            case RIL_REQUEST_GET_SIM_STATUS: ret =  responseIccCardStatus(p); break;

        ... ...
        
            if (rr.mResult != null) {
                AsyncResult.forMessage(rr.mResult, ret, null);        /* 把rr.mResult存到AsyncResult.userObj,并把rr.mResult.obj转换为AsyncResult */
                rr.mResult.sendToTarget();                            /* msg发送到对应的target(Handler) */
            }
            
        ... ...    
    }   
    
    private Object
    responseIccCardStatus(Parcel p) {
        IccCardApplicationStatus appStatus;
        
        ... ...
        
        appStatus = new IccCardApplicationStatus();
        
        ... ...

        return cardStatus;
    }

 

        回到刚才send(rr),send(rr)并不是直接发送到socket服务端RILD,而是通过一个Message发送到RILSender线程,
在handleMessage中,把请求发到socket服务端RILD。

frameworks/opt/telephony/src/java/com/android/internal/telephony/RIL.java

class RILSender extends Handler implements Runnable {            /* 继承Handler,实现Runnable */                                                         
        public RILSender(Looper looper) {                                                                                                                    
            super(looper);                                                                                                                                   
        }                                                                                                                                                    
        
        ... ...                                                                                                                                                                                                                                                                                                        
        
        //***** Handler implementation                                                                                                                       
        @Override public void 
        handleMessage(Message msg) {                                 /* 继承Handler的handleMessage */
            RILRequest rr = (RILRequest)(msg.obj);                   /* Maessage中携带的RILRequest对象 */                                                    
            RILRequest req = null;                                                                                                                           
            
            switch (msg.what) {
                case EVENT_SEND:                                     /* 发送RIL请求事件 */                                                                   
                    try {
                        LocalSocket s;                                                                                                                       
                        
                        s = mSocket;                                 /* RILReceiver中创建的用于与RILD通讯的socket */                                         
                        
                        ... ...                                                                                                                                  
                        
                        synchronized (mRequestList) {                /* 多线程保护操作mRequestList */
                            mRequestList.append(rr.mSerial, rr);     /* 把接受到的RILRequest和对应的串号,存到mRequestList数据 */                            
                        }                                                                                                                                    

                        byte[] data;
                        data = rr.mParcel.marshall();                /* 把Parcel中的数据转换为byte数据 */
                        rr.mParcel.recycle();                        /* Parcel的内存回收 */
                        rr.mParcel = null;

                        ... ...

                        // parcel length in big endian
                        dataLength[0] = dataLength[1] = 0;           /* RIL请求包的大小为4个字节 */
                        dataLength[2] = (byte)((data.length >> 8) & 0xff);
                        dataLength[3] = (byte)((data.length) & 0xff);

                        //Rlog.v(RILJ_LOG_TAG, "writing packet: " + data.length + " bytes");

                        s.getOutputStream().write(dataLength);       /* 把包大小和包数据发送出去 */
                        s.getOutputStream().write(data);
                    } catch (IOException ex) {
                        Rlog.e(RILJ_LOG_TAG, "IOException", ex);
                        req = findAndRemoveRequestFromList(rr.mSerial);    /* 如果出现异常,则把串号对应的RILRequest从mRequestList中删除 */
                        // make sure this request has not already been handled,
                        // eg, if RILReceiver cleared the list.
                        if (req != null) {
                            rr.onError(RADIO_NOT_AVAILABLE, null);
                            rr.release();
                            decrementWakeLock();
                        }
                    } 
                    
                    ... ...
            }
        }
    } 

 

 

(B) RILD进程

        RILD作为一个独立的进程,telephony与modem之间的通讯通道。抽象出一些接口以适配不同的modem厂商,无需关心具体的
硬件操作,或者以哪种形式存存在于系统(modem作为CP集成于CPU或CPU通过串口/USB连接,如: BC72 LTE模块)。因为这些接口
由厂商去实现具体的硬件操作细节,这些接口都在libreference-ril中,在Android中使用BC72 LTE模块,只要移植
libreference-ril就行。

1. RILD的启动
RILD有init进程直接启动,启动后就监听RILJ客户端,等待RILJ连接请求。
device/samsung/smdk4x12/conf/init.smdk4x12.rc

service ril-daemon /system/bin/rild -l /system/lib/libreference-ril.so
    class main
    socket rild stream 660 root radio
    socket rild-debug stream 660 radio system
    user root

 

        hardware/ril/rild/rild.c为RILD进程入口:

        hardware/ril/rild/rild.c

int main(int argc, char **argv)
        {
            ... ...
            
            dlHandle = dlopen(rilLibPath, RTLD_NOW);    /* 打开/system/lib/libreference-ril.so */

            if (dlHandle == NULL) {
                RLOGE("dlopen failed: %s", dlerror());
                exit(-1);
            }

            RIL_startEventLoop();                       /* 创建eventLoop线程, 在ril_event_loop()中监听多路IO的事件,如主动唤醒事件(pipe)、RILJ的请求等 */

            /* 获取/system/lib/libreference-ril.so中RIL_Init函数指针 */
            rilInit = (const RIL_RadioFunctions *(*)(const struct RIL_Env *, int, char **))dlsym(dlHandle, "RIL_Init");
            if (rilInit == NULL) {
                RLOGE("RIL_Init not defined or exported in %s\n", rilLibPath);
                exit(-1);
            }

            if (hasLibArgs) {
                rilArgv = argv + i - 1;
                argc = argc -i + 1;
            } else {
                static char * newArgv[MAX_LIB_ARGS];
                static char args[PROPERTY_VALUE_MAX];
                rilArgv = newArgv;
                property_get(LIB_ARGS_PROPERTY, args, "");
                argc = make_argv(args, rilArgv);
            }

            // Make sure there's a reasonable argv[0]
            rilArgv[0] = argv[0];

            funcs = rilInit(&s_rilEnv, argc, rilArgv);          /* 初始化Vender RIL */

            RIL_register(funcs);                                /* 注册RIL */
            
            ... ...
        }

 

hardware/ril/libril/ril.cpp

extern "C" void
        RIL_startEventLoop(void) {
            
            ... ...
            
            ret = pthread_create(&s_tid_dispatch, &attr, eventLoop, NULL);        /* 创建eventLoop线程 */

            ... ...
        }
        
        static void *
        eventLoop(void *param) {
            int ret;
            int filedes[2];

            ril_event_init();                                 /* 初始化事件链表,timer_list,pending_list, watch_table */

            pthread_mutex_lock(&s_startupMutex);

            s_started = 1;
            pthread_cond_broadcast(&s_startupCond);

            pthread_mutex_unlock(&s_startupMutex);

            ret = pipe(filedes);                              /* 创建一个pipe,用于每次添加一个新事件时,唤醒selet()返回,更新fd_set使select监听新的事件 */

            if (ret < 0) {
                RLOGE("Error in pipe() errno:%d", errno);
                return NULL;
            }

            s_fdWakeupRead = filedes[0];                      /* filedes[0]用于读pipe, filedes[1]用于写pipe */
            s_fdWakeupWrite = filedes[1];

            fcntl(s_fdWakeupRead, F_SETFL, O_NONBLOCK);       /* 以非阻塞的方式读pipe */

            ril_event_set (&s_wakeupfd_event, s_fdWakeupRead, true,    /* 读pipe描述符绑定到s_wakeupfd_event事件,指定回调processWakeupCallback */
                        processWakeupCallback, NULL);

            rilEventAddWakeup (&s_wakeupfd_event);            /* 添加s_wakeupfd_event事件到watch_table,更新readFds集合,使select监听该事件,并触发该事件 */

            // Only returns on error
            ril_event_loop();                                 /* 进入多路IO事件监听循环 */
            RLOGE ("error in event_loop_base errno:%d", errno);
            // kill self to restart on error
            kill(0, SIGKILL);

            return NULL;
        }            

 

        main函数主要启动eventLoop线程,在ril_event_loop()中监听多路IO的事件,如主动唤醒事件(pipe)、RILJ的请求等,
注册vendor RIL接口(libreference-ril)
        注意这里pipe的主要作用是唤醒select返回,因为每次动态的添加一个事件,都要更新readFds集合,方便select监听
集合中新的IO。
        rilEventAddWakeup()添加新事件后,都会触发select返回

hardware/ril/libril/ril.cpp

static void rilEventAddWakeup(struct ril_event *ev) {
            ril_event_add(ev);       /* 添加事件 */
            triggerEvLoop();         /* 触发事件, 每添加一个事件,都通过写pipe唤醒select,以更新多路IO集合,使能够监听该事件 */
        }

 

hardware/ril/libril/ril_event.cpp

void ril_event_add(struct ril_event * ev)
        {   
            dlog("~~~~ +ril_event_add ~~~~");
            MUTEX_ACQUIRE();
            for (int i = 0; i < MAX_FD_EVENTS; i++) {
                if (watch_table[i] == NULL) {
                    watch_table[i] = ev;                  /* 将新事件添加到watch_table */
                    ev->index = i;
                    dlog("~~~~ added at %d ~~~~", i);
                    dump_event(ev);
                    FD_SET(ev->fd, &readFds);             /* 更新readFds集合 */
                    if (ev->fd >= nfds) nfds = ev->fd+1;  /* 更新nfds */
                    dlog("~~~~ nfds = %d ~~~~", nfds);
                    break;
                }                                 
            }       
            MUTEX_RELEASE();
            dlog("~~~~ -ril_event_add ~~~~");
        }

 

 hardware/ril/libril/ril.cpp

static void triggerEvLoop() {
            int ret;
            if (!pthread_equal(pthread_self(), s_tid_dispatch)) {
                /* trigger event loop to wakeup. No reason to do this,
                 * if we're in the event loop thread */
                 do {
                    ret = write (s_fdWakeupWrite, " ", 1);        /* 向pipe写入一个" ",以唤醒select */
                 } while (ret < 0 && errno == EINTR);
            }
        } 

 

在ril_event_loop()接收到事件或socket客户端RILJ发过来的请求后,firePending()根据事件请求,调用相应的处理函数
hardware/ril/libril/ril_event.cpp

void ril_event_loop()
        {
            int n;
            fd_set rfds;
            struct timeval tv;
            struct timeval * ptv;


            for (;;) {

                // make local copy of read fd_set
                memcpy(&rfds, &readFds, sizeof(fd_set));
                if (-1 == calcNextTimeout(&tv)) {                        /* 计算timer_list链表中每个事件对应的超时时间 */
                    // no pending timers; block indefinitely
                    dlog("~~~~ no timers; blocking indefinitely ~~~~");
                    ptv = NULL;
                } else {
                    dlog("~~~~ blocking for %ds + %dus ~~~~", (int)tv.tv_sec, (int)tv.tv_usec);
                    ptv = &tv;
                }
                printReadies(&rfds);
                n = select(nfds, &rfds, NULL, NULL, ptv);                /* 等待readFds集合中的事件唤醒 */
                printReadies(&rfds);
                dlog("~~~~ %d events fired ~~~~", n);
                if (n < 0) {
                    if (errno == EINTR) continue;

                    RLOGE("ril_event: select error (%d)", errno);
                    // bail?
                    return;
                }

                // Check for timeouts
                processTimeouts();                                       /* 检查timer_list链表中是否有事件已经超时 */
                // Check for read-ready
                processReadReadies(&rfds, n);                            /* 从watch_table中取出监听到的事件, 并添加到pending_list链表 */
                // Fire away
                firePending();                                           /* 从pending_list依次取出事件,并执行该事件的回调 */
            }
        }
        
        static void processTimeouts()
        {
            dlog("~~~~ +processTimeouts ~~~~");
            MUTEX_ACQUIRE();
            struct timeval now;
            struct ril_event * tev = timer_list.next;
            struct ril_event * next;

            getNow(&now);
            // walk list, see if now >= ev->timeout for any events
            /* 检查timer_list链表中是否有事件已经超时 */
            dlog("~~~~ Looking for timers <= %ds + %dus ~~~~", (int)now.tv_sec, (int)now.tv_usec);
            while ((tev != &timer_list) && (timercmp(&now, &tev->timeout, >))) {
                // Timer expired
                dlog("~~~~ firing timer ~~~~");
                next = tev->next;
                removeFromList(tev);               /* 将该超时移出链表 */
                addToList(tev, &pending_list);     /* 并且将该超时添加到pending链表 */
                tev = next;                        /* 指针指向下一个超时 */
            }
            MUTEX_RELEASE();
            dlog("~~~~ -processTimeouts ~~~~");
        }
        
        static void processReadReadies(fd_set * rfds, int n)
        {
            dlog("~~~~ +processReadReadies (%d) ~~~~", n);
            MUTEX_ACQUIRE();

            for (int i = 0; (i < MAX_FD_EVENTS) && (n > 0); i++) {
                struct ril_event * rev = watch_table[i];
                if (rev != NULL && FD_ISSET(rev->fd, rfds)) {        /* 从watch_table中取出监听到的事件 */
                    addToList(rev, &pending_list);                   /* 并把该事件加入pending_list链表 */
                    if (rev->persist == false) {                     /* 如果该事件不需要处理,则移出removeWatch */
                        removeWatch(rev, i);
                    }
                    n--;
                }
            }

            MUTEX_RELEASE();
            dlog("~~~~ -processReadReadies (%d) ~~~~", n);
        }
        
        static void firePending()
        {
            dlog("~~~~ +firePending ~~~~");
            struct ril_event * ev = pending_list.next;
            while (ev != &pending_list) {                            /* 从pending_list依次取出事件 */
                struct ril_event * next = ev->next;
                removeFromList(ev);
                ev->func(ev->fd, 0, ev->param);                      /* 并执行该事件的回调 */
                ev = next;
            }
            dlog("~~~~ -firePending ~~~~");
        }

 

        上面分析了RIL_startEventLoop()的事件流程,简单总结就是根据事件调用该事件的处理函数。
到这里还没说到怎样创建socket服务端的,回到mian(),funcs = rilInit(&s_rilEnv, argc, rilArgv);
初始化了libreference-ril,RIL_register(funcs);注册了厂商须实现的相关接口,创建socket服务端的,
并监听客户端连接,一旦连接,则开始等待读取客户端发过来的请求。

hardware/ril/libril/ril.cpp

extern "C" void
    RIL_register (const RIL_RadioFunctions *callbacks) {
    
        ... ...
        
        s_fdListen = android_get_control_socket(SOCKET_NAME_RIL);               /* 创建socket服务端,用于与RILJ通信 */
            if (s_fdListen < 0) {
                RLOGE("Failed to get socket '" SOCKET_NAME_RIL "'");
                exit(-1);
            }

            ret = listen(s_fdListen, 4);                                            /* 监听RILJ */

            if (ret < 0) {
                RLOGE("Failed to listen on control socket '%d': %s",
                     s_fdListen, strerror(errno));
                exit(-1);
            }

            /* note: non-persistent so we can accept only one connection at a time */
            ril_event_set (&s_listen_event, s_fdListen, false,                      /* 设置一个监听事件s_listen_event,一旦与RILJ建立连 */
                        listenCallback, NULL);                                      /* 则进入listenCallback,等待读取RILJ发送数据 */

            rilEventAddWakeup (&s_listen_event);                                    /* 添加s_listen_event到watch_table, 唤醒select */
            
            ... ...
        }
        
        static void listenCallback (int fd, short flags, void *param) {

            ... ...
            
            s_fdCommand = accept(s_fdListen, (sockaddr *) &peeraddr, &socklen);          /* 接受RILJ客户端的连接 */

            ... ...
            
            err = getsockopt(s_fdCommand, SOL_SOCKET, SO_PEERCRED, &creds, &szCreds);
            
            ret = fcntl(s_fdCommand, F_SETFL, O_NONBLOCK);                                /* 非阻塞方式读写socket */

            if (ret < 0) {
                RLOGE ("Error setting O_NONBLOCK errno:%d", errno);
            }

            RLOGI("libril: new connection");

            p_rs = record_stream_new(s_fdCommand, MAX_COMMAND_BYTES);                     /* 创建一个stream用于缓存读socket的数据 */

            ril_event_set (&s_commands_event, s_fdCommand, 1,                             /* 设置s_commands_event,processCommandsCallback循环读取socket的数据 */
                processCommandsCallback, p_rs);

            rilEventAddWakeup (&s_commands_event);                                        /* 添加s_commands_event事件,唤醒select */

            onNewCommandConnect();                                                        /* 通知RILJ已建立连接 */
      }

    static void processCommandsCallback(int fd, short flags, void *param) {
            
            ... ...
            
            for (;;) {
                /* loop until EAGAIN/EINTR, end of stream, or other error */
                ret = record_stream_get_next(p_rs, &p_record, &recordlen);        /* 循环从数据流中读取socket数据 */

                if (ret == 0 && p_record == NULL) {
                    /* end-of-stream */
                    break;
                } else if (ret < 0) {
                    break;
                } else if (ret == 0) { /* && p_record != NULL */
                    processCommandBuffer(p_record, recordlen);                    /* 对接受到的数据进行组包,下发给vender ril,即libreference-ril.so */
                }
            }
        }

 

        processCommandBuffer(p_record, recordlen)对接收到的数据进行组包,下发给vender ril,即libreference-ril.so,
然后就脱离了RILD的控制了,libreference-ril.so主要是厂商对RILD控制modem接口的实现。

hardware/ril/libril/ril.cpp

static int
        processCommandBuffer(void *buffer, size_t buflen) {

            ... ...

            p.setData((uint8_t *) buffer, buflen);                    /* 把接受到的数据填装到parcel */

            // status checked at end
            status = p.readInt32(&request);                           /* 解析request */
            status = p.readInt32 (&token);                            /* 解析token,RILJ中的serial */

            ... ...
            
                pRI = (RequestInfo *)calloc(1, sizeof(RequestInfo));      /* 分配一个RequestInfo,用于发送请求给vendor ril */

            pRI->token = token;                                       /* 设置token */
            pRI->pCI = &(s_commands[request]);                        /* 设置请求 */

            ret = pthread_mutex_lock(&s_pendingRequestsMutex);
            assert (ret == 0);

            pRI->p_next = s_pendingRequests;                          /* 添加到s_pendingRequests请求链表中 */
            s_pendingRequests = pRI;

            ret = pthread_mutex_unlock(&s_pendingRequestsMutex);
            assert (ret == 0);

        /*    sLastDispatchedToken = token; */

            pRI->pCI->dispatchFunction(p, pRI);                       /* 执行事件回调,到这里开始进入vender ril了 */

            return 0;
        }

 

我们仍然以获取SIM卡状态为例,pRI->pCI->dispatchFunction(p, pRI)对应调用了dispatchVoid()
hardware/ril/libril/ril.cpp

static void                                                                                                                                                  
        dispatchVoid (Parcel& p, RequestInfo *pRI) {                                                                                                                 
            clearPrintBuf;                                                                                                                                           
            printRequest(pRI->token, pRI->pCI->requestNumber);                                                                                                       
            s_callbacks.onRequest(pRI->pCI->requestNumber, NULL, 0, pRI);                                                                                            
        } 

 

        s_callbacks.onRequest(pRI->pCI->requestNumber, NULL, 0, pRI); 调用的就是libreference-ril.c中的onRequest()函数。

        以上分析了RILD对RILJ下发的请求处理流程,下面接着分析RILD返回response给RILJ的流程。分两种情况,一种对请求的响应,
另一种是主动上报。
        libreference-ril对请求处理完毕后,调用RIL_onRequestComplete回复RILJ该请求的处理结果。

hardware/ril/libril/ril.cpp

RIL_onRequestComplete(RIL_Token t, RIL_Errno e, void *response, size_t responselen) {  
          
          ... ...
                  p.writeInt32 (RESPONSE_SOLICITED);                                                                                                                   
        p.writeInt32 (pRI->token);
        errorOffset = p.dataPosition();                                                                                                                      
        
        p.writeInt32 (e);                                                                                                                                    
        
        if (response != NULL) {
            // there is a response payload, no matter success or not.
            ret = pRI->pCI->responseFunction(p, response, responselen); 
            
            ... ...
        }
        
        ... ...
      
          sendResponse(p);
          
          ... ...
      }
      
      static int
        sendResponse (Parcel &p) {
            printResponse;
            return sendResponseRaw(p.data(), p.dataSize());
        }

    static int
        sendResponseRaw (const void *data, size_t dataSize) {
            ... ...

            ret = blockingWrite(fd, (void *)&header, sizeof(header));     /* 先写4字节数据长度 */

            if (ret < 0) {
                pthread_mutex_unlock(&s_writeMutex);
                return ret;
            }

            ret = blockingWrite(fd, data, dataSize);                      /* 再写数据 */

            ... ...
        }

 

        最终是通过sendResponseRaw()直接通过写socket回复RILJ。对于主动上报的处理是类似的,也是通过sendResponseRaw()
上报给RILJ。可以参考RIL_onUnsolicitedResponse()函数。

        到此,RILJ与RILD之间的通信流程已经分析完,后续分析libreference-ril。libreference-ril中先关接口的实现方式,每个modem厂商都不一样。
BC72是通过串口/USB发送AT的方式控制,实现通话、短信、上网等功能。

 

谢谢!

 

你可能感兴趣的:(Android4.4 RIL软件框架)