MTK 6737平台RILD的实现

2019独角兽企业重金招聘Python工程师标准>>> hot3.png

一、概述

      关于RILD的功能,就不多说了,对上服务于Phone进程,也可以认为是RILJ层,向下同modem层进行通信,对MTK平台来说就是使用AT命令了。

二、RILD的架构

RILD主要由三部分组成,一个是rild.c,第二个是libril这个库(对于MTK来说就是librilmtk),第三个是厂商关于实现同modem进行通信的reference-ril库,对于MTK来说就是mtk-ril。出于保护第三方厂商利益的考虑,这个库是在rild运行的时候动态加载进去的,由于运行在同一个进程中,所以rild同reference-ril之间的通信是函数调用,所以两者之间定义了用于通信的包含函数指针的结构体。

typedef struct {
    int version;        /* set to RIL_VERSION */
    RIL_RequestFunc onRequest;
    RIL_RadioStateRequest onStateRequest;
    RIL_Supports supports;
    RIL_Cancel onCancel;
    RIL_GetVersion getVersion;
    RIL_ReportUsbDisconn reportUsbDisconn;
    RIL_ReportSocketConn reportRILDConn;
} RIL_RadioFunctions;
static struct RIL_Env s_rilEnv = {
    RIL_onRequestComplete,
    RIL_onUnsolicitedResponse,
    RIL_requestTimedCallback
    // For multi channel support
    ,RIL_requestProxyTimedCallback
    ,RIL_queryMyChannelId
    ,RIL_queryMyProxyIdByThread
};

首先介绍下如何RILJ层下来的请求消息是如何调用到第三方库的,流程如下,对于回调很明显第三方库提供具体实现,而libril提供函数指针,这有点类似于面向对象的多态。

rild.c

RIL_register(funcs);//funnc 指向具体的实现,通过注册使得libril中的指针指向实现

ril.cpp

RIL_register (const RIL_RadioFunctions *callbacks) {
 
...

    memcpy(&s_callbacks, callbacks, sizeof (RIL_RadioFunctions));//将callbacks赋值给全局变量s_callbacks
#define CALL_ONREQUEST(a, b, c, d, e) s_callbacks.onRequest((a), (b), (c), (d), (e))
#define CALL_ONSTATEREQUEST(a) s_callbacks.onStateRequest(a)
static void
dispatchSIM_IO (Parcel &p, RequestInfo *pRI) {
    union RIL_SIM_IO {
        RIL_SIM_IO_v6 v6;
        RIL_SIM_IO_v5 v5;
    } simIO;

    int32_t t;
    int size;
    status_t status;

#if VDBG
    RLOGD("dispatchSIM_IO");
#endif
    memset (&simIO, 0, sizeof(simIO));

    // note we only check status at the end

    status = p.readInt32(&t);
    simIO.v6.command = (int)t;

    status = p.readInt32(&t);
    simIO.v6.fileid = (int)t;

    simIO.v6.path = strdupReadString(p);

    status = p.readInt32(&t);
    simIO.v6.p1 = (int)t;

    status = p.readInt32(&t);
    simIO.v6.p2 = (int)t;

    status = p.readInt32(&t);
    simIO.v6.p3 = (int)t;

    simIO.v6.data = strdupReadString(p);
    simIO.v6.pin2 = strdupReadString(p);
    simIO.v6.aidPtr = strdupReadString(p);

    startRequest;
    appendPrintBuf("%scmd=0x%X,efid=0x%X,path=%s,%d,%d,%d,%s,pin2=%s,aid=%s", printBuf,
        simIO.v6.command, simIO.v6.fileid, (char*)simIO.v6.path,
        simIO.v6.p1, simIO.v6.p2, simIO.v6.p3,
        (char*)simIO.v6.data,  (char*)simIO.v6.pin2, simIO.v6.aidPtr);
    closeRequest;
    printRequest(pRI->token, pRI->pCI->requestNumber);

    if (status != NO_ERROR) {
        goto invalid;
    }

    size = (s_callbacks.version < 6) ? sizeof(simIO.v5) : sizeof(simIO.v6);
    CALL_ONREQUEST(pRI->pCI->requestNumber, &simIO, size, pRI, pRI->socket_id);//关于sim卡相关的上层消息分配

 

 

三、关于RILD的启动

n之前的平台就不说了,网上一搜一大堆,都是在init.rc中启动的,但是Android N之后由于init.rc启动脚本的改动很多deamon程序一下找不到了,以下都是基于mtk 6737n平台的源码为基准的

寻找n平台rild启动入口

init.rc中有一行
import /init.${ro.hardware}.rc
查看属性值:
[ro.hardware]: [mt6735]

/device/mediatek/mt6735/init.mt6735.rc

其中有一行:
import init.modem.rc

在下面这个rc文件中找到了rild的启动入口

/device/mediatek/mt6735/init.modem.rc
/device/mediatek/common/init.rilproxy.rc

四、RILD的初始化过程

只说最关键的部分,具体怎么衔接起来的,自己阅读代码,因为每个厂家还是不一样的

    dlHandle = dlopen(rilLibPath, RTLD_NOW);//根据路径打开第三方库

    if (dlHandle == NULL) {
        RLOGE("dlopen failed: %s", dlerror());
        exit(EXIT_FAILURE);
    }

    RIL_startEventLoop();//最重要的就是启动子线程循环监听ril_event
    ret = pipe(filedes);

    if (ret < 0) {
        RLOGE("Error in pipe() errno:%d", errno);
        return NULL;
    }

    s_fdWakeupRead = filedes[0];
    s_fdWakeupWrite = filedes[1];

    fcntl(s_fdWakeupRead, F_SETFL, O_NONBLOCK);

    ril_event_set (&s_wakeupfd_event, s_fdWakeupRead, true,
                processWakeupCallback, NULL);

    rilEventAddWakeup (&s_wakeupfd_event);

    // Only returns on error
    ril_event_loop();
    RLOGE ("error in event_loop_base errno:%d", errno);
    // kill self to restart on error

看到eventLoop这个函数中这些封装的函数主要是来自于Ril_event.cpp,所以搞清这个循环的关键是看懂这个类的原理,其实就是个事件链表,监听到发生的event消息,对应调用这个结构体中的回调函数

struct ril_event {
    struct ril_event *next;
    struct ril_event *prev;

    int fd;
    int index;
    bool persist;
    struct timeval timeout;
    ril_event_cb func;
    void *param;
};

添加事件

// Add event to watch list
void ril_event_add(struct ril_event * ev)
{
    dlog("~~~~ +ril_event_add ~~~~");
    MUTEX_ACQUIRE();
    for (int i = 0; i < MAX_FD_EVENTS; i++) {
        if (watch_table[i] == NULL) {
            watch_table[i] = ev;//ril_event结构全局链表
            ev->index = i;
            dlog("~~~~ added at %d ~~~~", i);
            dump_event(ev);
            FD_SET(ev->fd, &readFds);//将ril_event结构体中的成员变量fd添加到全局变量readFds,下面会看到使用select监听这个fd_set类型的变量
            if (ev->fd >= nfds) nfds = ev->fd+1;
            dlog("~~~~ nfds = %d ~~~~", nfds);
            break;
        }
    }
    MUTEX_RELEASE();
    dlog("~~~~ -ril_event_add ~~~~");
}

监听事件

void ril_event_loop()
{
    int n;
    fd_set rfds;
    struct timeval tv;
    struct timeval * ptv;


    for (;;) {

        // make local copy of read fd_set
        memcpy(&rfds, &readFds, sizeof(fd_set));
        if (-1 == calcNextTimeout(&tv)) {
            // no pending timers; block indefinitely
            dlog("~~~~ no timers; blocking indefinitely ~~~~");
            ptv = NULL;
        } else {
            dlog("~~~~ blocking for %ds + %dus ~~~~", (int)tv.tv_sec, (int)tv.tv_usec);
            ptv = &tv;
        }
        printReadies(&rfds);
        n = select(nfds, &rfds, NULL, NULL, ptv);//监听对应的文件描述符是否发生变化
        printReadies(&rfds);

第二个关键的函数就是RIL_register

关于怎么把第三方库的具体实现填充到本地指针上的前面已经说过,下面看如何监听socker,获取rilj发过来的消息

 // start listen socket1
    for (i = 0; i < SIM_COUNT; i++) {
        startListen((RIL_SOCKET_ID)(RIL_SOCKET_1+i), &s_ril_param_socket[i]);//RIL_SOCKET_ID是个枚举结构,如下,这种用法学习了,主要看startListen的实现
    }
typedef enum {
    RIL_SOCKET_1,
#if (SIM_COUNT >= 2)
    RIL_SOCKET_2,
#if (SIM_COUNT >= 3)
    RIL_SOCKET_3,
#endif
#if (SIM_COUNT >= 4)
    RIL_SOCKET_4,
#endif
#endif
    RIL_SOCKET_NUM
} RIL_SOCKET_ID;
static void startListen(RIL_SOCKET_ID socket_id, SocketListenParam* socket_listen_p) {
    int fdListen = -1;
    int ret;
    char socket_name[10];

    memset(socket_name, 0, sizeof(char)*10);

    switch(socket_id) {
        case RIL_SOCKET_1:
            strncpy(socket_name, RIL_getRilSocketName(), 9);
            break;
        case RIL_SOCKET_2:
            strncpy(socket_name, SOCKET2_NAME_RIL, 9);
            break;
        case RIL_SOCKET_3:
            strncpy(socket_name, SOCKET3_NAME_RIL, 9);
            break;
        case RIL_SOCKET_4:
            strncpy(socket_name, SOCKET4_NAME_RIL, 9);
            break;
        default:
            RLOGE("Socket id is wrong!!");
            return;
    }

    RLOGI("Start to listen socket_name: %s, socketId: %s",
            socket_name, rilSocketIdToString(socket_id));

    fdListen = android_get_control_socket(socket_name);//这个是根据socket的名字获得对应的文件描述符,那么这些socket在哪里创建的呢,答案是在init进程中创建的,init在启动rild服务执行fork以后在子进程的返回中会创建socket
    if (fdListen < 0) {
        RLOGE("Failed to get socket %s", socket_name);
        exit(-1);
    }

    ret = listen(fdListen, 4);

    if (ret < 0) {
        RLOGE("Failed to listen on control socket '%d': %s",
             fdListen, strerror(errno));
        exit(-1);
    }
    socket_listen_p->fdListen = fdListen;

    /* note: non-persistent so we can accept only one connection at a time */
    ril_event_set (socket_listen_p->listen_event, fdListen, false,
                listenCallback, socket_listen_p);//从这里可以看到当fd发生变化后,也就是收到rilj的消息后调用的是listenCallback

    rilEventAddWakeup (socket_listen_p->listen_event);
}
#define SOCKET_NAME_RIL "rild" //这些都可以和.rc文件中定义的socket对应上,对mtk 6737n可以去我上面说的那个rc文件中去找
#define SOCKET2_NAME_RIL "rild2"
#define SOCKET3_NAME_RIL "rild3"
#define SOCKET4_NAME_RIL "rild4"
  p_info->fdCommand = fdCommand;

    p_rs = record_stream_new(p_info->fdCommand, MAX_COMMAND_BYTES);

    p_info->p_rs = p_rs;

    ril_event_set (p_info->commands_event, p_info->fdCommand, 1,
        p_info->processCommandsCallback, p_info);//本以为找到了最终处理ril消息的地方,没想到它只是添加了另一个ril_event结构体,由这个结构体的回调函数processCommandsCallback处理,而这个函数又会调用到processClientCommandBuffer

    rilEventAddWakeup (p_info->commands_event);

#ifdef MTK_RIL
    {
        enqueue(pRI, buffer, buflen, NULL, socket_id);
    }
#else
    pRI->pCI->dispatchFunction(p, pRI);//这个应该是寻找对应dispatch函数,分析完这个应该就可以和上面的那个sim卡消息接住了
#endif

而看到每个ril消息会对应一个处理函数的入口,就应该明白必然是有一张以这种结构体存在的表,而上面提到的函数便是负责为每一个ril消息寻找入口

 

  {RIL_REQUEST_SEND_SMS, dispatchStrings, responseSMS},
    {RIL_REQUEST_SEND_SMS_EXPECT_MORE, dispatchStrings, responseSMS},
    {RIL_REQUEST_SETUP_DATA_CALL, dispatchDataCall, responseSetupDataCall},
    {RIL_REQUEST_SIM_IO, dispatchSIM_IO, responseSIM_IO},
    {RIL_REQUEST_SEND_USSD, dispatchString, responseVoid},

关于rilj层监听rild socket中建立socket如何通过jni调用本地代码可参考:

http://blog.csdn.net/yangzhihuiguming/article/details/51697801

转载于:https://my.oschina.net/u/2829875/blog/853680

你可能感兴趣的:(c/c++,移动开发,数据结构与算法)