binder分析

1. servicemanager:service的管理者，作为单独进程存在
相关代码在
root@romulus-laptop:/work/android/froyo# ls frameworks/base/cmds/servicemanager/
Android.mk  bctest.c  binder.c  binder.h  service_manager.c
 
2. 通过ioctl将servicemanager在binder驱动中等记为handle 0
frameworks/base/cmds/servicemanager/binder.c
int binder_become_context_manager(struct binder_state *bs)
{
    return ioctl(bs->fd, BINDER_SET_CONTEXT_MGR, 0);
}

因此，取得servicemanger时，使用的handle也为0
frameworks/base/libs/binder/
sp<IBinder> ProcessState::getContextObject(const sp<IBinder>& caller)
{
    if (supportsProcesses()) {
        return getStrongProxyForHandle(0 );
    } else {
        return getContextObject(String16("default"), caller);
    }
}

3. 共享库libbinder.so
相关代码在:
@romulus-laptop:/work/android/froyo# ls frameworks/base/libs/binder/
Android.mk  BpBinder.cpp    IMemory.cpp         IPermissionController.cpp  MemoryBase.cpp    MemoryHeapBase.cpp  Parcel.cpp      ProcessState.cpp
Binder.cpp  IInterface.cpp  IPCThreadState.cpp  IServiceManager.cpp        MemoryDealer.cpp  MemoryHeapPmem.cpp  Permission.cpp  Static.cpp
共享库中文件 Static .cpp中的：
// ------------ ServiceManager.cpp

Mutex gDefaultServiceManagerLock;
sp<IServiceManager> gDefaultServiceManager;
sp<IPermissionController> gPermissionController;
保证了使用该共享库的进程可以共享一个gDefaultServiceManager对象？

4. addService的过程：
handle的用处在哪里呢：
在 IPCThreadState::writeTransactionData中将tr.target.handle = handle;mOut.write(&tr, sizeof(tr));写入了 Parcel mOut;mOut在下面IPCThreadState::talkWithDriver中使用到: bwr.write_buffer = (long unsigned int)mOut.data();

a. b = new BpBinder(handle); // handle为0，代表servicemanager
b. 调用BpBinder::transact->IPCThreadState::transact->IPCThreadState::waitForResponse->
IPCThreadState::talkWithDriver->
ioctl(mProcess->mDriverFD, BINDER_WRITE_READ, &bwr) >= 0