詳解Android4.4 RIL簡訊接收流程分析
阿新 • • 發佈:2020-01-07
最近有客戶反饋Android接收不到簡訊,於是一頭扎進RIL裡面找原因。最後發現不是RIL的問題,而是BC72上報
簡訊的格式不對,AT+CNMA=1無作用等幾個小問題導致的。儘管問題不在RIL,但總算把RIL簡訊接收流程搞清楚了。
接收到新資訊的log:
D/ATC ( 1269): AT< +CMT:,27
D/ATC ( 1268): AT< 0891683108705505F0040d91683117358313f500009101329154922307ea31da2c36a301
D/RILJ ( 1792): [UNSL]< UNSOL_RESPONSE_NEW_SMS
D/SmsMessage( 1792): SMS SC address: +8613800755500V/SmsMessage( 1792): SMS originating address: +8613715338315
V/SmsMessage( 1792): SMS TP-PID:0 data coding scheme: 0
D/SmsMessage( 1792): SMS SC timestamp: 1571831129000
V/SmsMessage( 1792): SMS message body (raw): 'jchfbfh'
D/GsmInboundSmsHandler( 1776): Idle state processing message type 1
D/GsmInboundSmsHandler( 1776): acquired wakelock,leaving Idle stateD/GsmInboundSmsHandler( 1776): entering Delivering state
D/GsmInboundSmsHandler( 1776): URI of new row -> content://raw/3
D/RILJ ( 1775): [3706]> SMS_ACKNOWLEDGE true 0
D/RILC ( 1254): onRequest: SMS_ACKNOWLEDGE
D/ATC ( 1254): AT> AT+CNMA=1
D/ATC ( 1254): AT< OK
D/RILJ ( 1775): [3706]< SMS_ACKNOWLEDGED/GsmInboundSmsHandler( 1775): Delivering SMS to: com.android.mms com.android.mms.transaction.PrivilegedSmsReceiver
E/GsmInboundSmsHandler( 1775): unexpected BroadcastReceiver action: android.provider.Telephony.SMS_RECEIVED
D/GsmInboundSmsHandler( 1775): successful broadcast,deleting from raw table.
D/SmsMessage( 2124): SMS SC address: +8613800755500
D/GsmInboundSmsHandler( 1775): Deleted 1 rows from raw table.
D/GsmInboundSmsHandler( 1775): ordered broadcast completed in: 276 ms
D/GsmInboundSmsHandler( 1775): leaving Delivering state
D/GsmInboundSmsHandler( 1775): entering Delivering state
D/GsmInboundSmsHandler( 1775): leaving Delivering state
D/GsmInboundSmsHandler( 1775): entering Idle state
V/SmsMessage( 2124): SMS originating address: +8613715338315
V/SmsMessage( 2124): SMS TP-PID:0 data coding scheme: 0
D/SmsMessage( 2124): SMS SC timestamp: 1572253549000
V/SmsMessage( 2124): SMS message body (raw): 'jchfbfh'
D/GsmInboundSmsHandler( 1775): Idle state processing message type 5
D/GsmInboundSmsHandler( 1775): mWakeLock released
一、簡訊接收
1. vendor ril接收到modem上報的簡訊息
hardware/ril/reference-ril/reference-ril.c
static void onUnsolicited (const char *s,const char *sms_pdu)
{
... ...
if (strStartsWith(s,"+CMT:")) {
RIL_onUnsolicitedResponse (
RIL_UNSOL_RESPONSE_NEW_SMS,/* 上報UNSOL_RESPONSE_NEW_SMS訊息 */
sms_pdu,strlen(sms_pdu));
}
... ...
}
2. RILD把簡訊息傳送到RILJ
hardware/ril/libril/ril.cpp
extern "C"
void RIL_onUnsolicitedResponse(int unsolResponse,void *data,size_t datalen)
{
... ...
unsolResponseIndex = unsolResponse - RIL_UNSOL_RESPONSE_BASE; /* 找出訊息在s_unsolResponses[]的索引 */
... ...
switch (s_unsolResponses[unsolResponseIndex].wakeType) { /* 禁止進入休眠 */
case WAKE_PARTIAL:
grabPartialWakeLock();
shouldScheduleTimeout = true;
break;
... ...
}
... ...
ret = s_unsolResponses[unsolResponseIndex] /* 呼叫訊息處理函式responseString() */
.responseFunction(p,data,datalen);
... ...
ret = sendResponse(p); /* 傳送Parcel中的資訊內容到服務端RILJ */
}
static UnsolResponseInfo s_unsolResponses[] = {
... ...
/* 訊息對應的訊息處理函式,新資訊到來會喚醒系統 */
{RIL_UNSOL_RESPONSE_NEW_SMS,responseString,WAKE_PARTIAL},... ...
};
static int responseString(Parcel &p,void *response,size_t responselen) {
/* one string only */
startResponse;
appendPrintBuf("%s%s",printBuf,(char*)response);
closeResponse;
writeStringToParcel(p,(const char *)response); /* 把字串格式的資訊存到Parcel容器中 */
return 0;
}
二、解析簡訊息
1. RILJ獲取簡訊息
frameworks/opt/telephony/src/java/com/android/internal/telephony/RIL.java
private void
processUnsolicited (Parcel p) {
... ...
case RIL_UNSOL_RESPONSE_NEW_SMS: ret = responseString(p); break;
... ...
switch(response) {
... ...
case RIL_UNSOL_RESPONSE_NEW_SMS: {
if (RILJ_LOGD) unsljLog(response); /* 參考log:[UNSL]< UNSOL_RESPONSE_NEW_SMS */
// FIXME this should move up a layer
String a[] = new String[2];
a[1] = (String)ret;
SmsMessage sms;
sms = SmsMessage.newFromCMT(a); /* 解析PDU格式的簡訊息 */
if (mGsmSmsRegistrant != null) {
mGsmSmsRegistrant
.notifyRegistrant(new AsyncResult(null,sms,null));
}
break;
}
... ...
}
... ...
}
private Object
responseString(Parcel p) {
String response;
response = p.readString(); /* 資訊內容轉換成Object */
return response;
}
2. 解析簡訊息
SmsMessage.newFromCMT(a);根據import android.telephony.SmsMessage,得知程式碼路徑:
frameworks/opt/telephony/src/java/android/telephony/SmsMessage.java
public static SmsMessage newFromCMT(String[] lines) {
// received SMS in 3GPP format
SmsMessageBase wrappedMessage =
com.android.internal.telephony.gsm.SmsMessage.newFromCMT(lines); /* 是對另一個newFromCMT的封裝,因為有gsm和cdma兩種簡訊,
* 即cdma中也有newFromCMT,根據情況按需選擇
*/
return new SmsMessage(wrappedMessage);
}
com.android.internal.telephony.gsm.SmsMessage.newFromCMT(lines)的實現在
frameworks/opt/telephony/src/java/com/android/internal/telephony/gsm/SmsMessage.java
public class SmsMessage extends SmsMessageBase {
... ...
public static SmsMessage newFromCMT(String[] lines) {
try {
SmsMessage msg = new SmsMessage();
msg.parsePdu(IccUtils.hexStringToBytes(lines[1])); /* 解析PDU簡訊 */
return msg;
} catch (RuntimeException ex) {
Rlog.e(LOG_TAG,"SMS PDU parsing failed: ",ex);
return null;
}
}
... ...
}
IccUtils.hexStringToBytes(lines[1])把十六進位制的字串轉換成位元組陣列msg.parsePdu()解析這個陣列的內容,最後獲得簡訊內容
frameworks/opt/telephony/src/java/com/android/internal/telephony/gsm/SmsMessage.java
private void parsePdu(byte[] pdu) {
... ...
mScAddress = p.getSCAddress();
if (mScAddress != null) {
if (VDBG) Rlog.d(LOG_TAG,"SMS SC address: " + mScAddress); /* 參考log:SMS SC address: +8613800755500 */
}
... ...
mMti = firstByte & 0x3;
switch (mMti) {
... ...
case 3: //GSM 03.40 9.2.3.1: MTI == 3 is Reserved.
//This should be processed in the same way as MTI == 0 (Deliver)
parseSmsDeliver(p,firstByte); /* 對簡訊型別為Deliver的簡訊進行解析 */
break;
... ...
}
... ...
}
private void parseSmsDeliver(PduParser p,int firstByte) {
... ...
mOriginatingAddress = p.getAddress();
if (mOriginatingAddress != null) {
if (VDBG) Rlog.v(LOG_TAG,"SMS originating address: " /* 參考log: SMS originating address: +861371533xxxx */
+ mOriginatingAddress.address);
}
... ...
mProtocolIdentifier = p.getByte();
// TP-Data-Coding-Scheme
// see TS 23.038
mDataCodingScheme = p.getByte();
if (VDBG) {
Rlog.v(LOG_TAG,"SMS TP-PID:" + mProtocolIdentifier
+ " data coding scheme: " + mDataCodingScheme); /* 參考log: SMS TP-PID:0 data coding scheme: 0 */
}
mScTimeMillis = p.getSCTimestampMillis();
if (VDBG) Rlog.d(LOG_TAG,"SMS SC timestamp: " + mScTimeMillis); /* 參考log:SMS SC timestamp: 1571831129000 */
boolean hasUserDataHeader = (firstByte & 0x40) == 0x40;
parseUserData(p,hasUserDataHeader); /* 解析資訊有效內容 */
... ...
}
private void parseUserData(PduParser p,boolean hasUserDataHeader) {
... ...
if (VDBG) Rlog.v(LOG_TAG,"SMS message body (raw): '" + mMessageBody + "'"); /* 簡訊內容,參考log: SMS message body (raw): 'jchfbfh' */
... ...
}
三、處理簡訊息
對使用者有效的簡訊內容,最終儲存在型別為String的mMessageBody變數中,該變數屬於SmsMessageBase抽象類,而
SmsMessage繼承於SmsMessageBase。
回到前面frameworks/opt/telephony/src/java/com/android/internal/telephony/RIL.java中processUnsolicited(),
sms = SmsMessage.newFromCMT(a);解析完簡訊息後,返回一個SmsMessage並通知上層應用。
frameworks/opt/telephony/src/java/com/android/internal/telephony/RIL.java
mGsmSmsRegistrant
.notifyRegistrant(new AsyncResult(null,null)); /* 把sms轉成Object型別 */
frameworks/base/core/java/android/os/AsyncResult.java
public class AsyncResult
{
... ...
/** please note,this sets m.obj to be this */
public
AsyncResult (Object uo,Object r,Throwable ex)
{
userObj = uo;
result = r;
exception = ex;
}
... ...
}
根據mGsmSmsRegistrant.notifyRegistrant(new AsyncResult(null,null));找到mGsmSmsRegistrant註冊的程式碼:
frameworks/opt/telephony/src/java/com/android/internal/telephony/BaseCommands.java
public abstract class BaseCommands implements CommandsInterface {
... ...
@Override
public void setOnNewGsmSms(Handler h,int what,Object obj) { /* mGsmSmsRegistrant.notifyRegistrant(new AsyncResult(null,null))中的mGsmSmsRegistrant是在這裡建立的 */
mGsmSmsRegistrant = new Registrant (h,what,obj);
}
... ...
}
封裝訊息EVENT_NEW_SMS訊息
frameworks/base/core/java/android/os/Registrant.java
public class Registrant
{
public
Registrant(Handler h,Object obj) /* 傳入需要處理訊息為what的事件處理Handler h,obj為事件內容,參考phone.mCi.setOnNewGsmSms(getHandler(),EVENT_NEW_SMS,null); */
{
refH = new WeakReference(h);
this.what = what;
userObj = obj;
}
... ...
/**
* This makes a copy of @param ar
*/
public void
notifyRegistrant(AsyncResult ar) /* 參考mGsmSmsRegistrant.notifyRegistrant(new AsyncResult(null,null)) */
{
internalNotifyRegistrant (ar.result,ar.exception); /* ar.result為sms */
}
/*package*/ void
internalNotifyRegistrant (Object result,Throwable exception) /* internalNotifyRegistrant (sms,Throwable exception) */
{
Handler h = getHandler();
if (h == null) {
clear();
} else {
Message msg = Message.obtain(); /* 建立一個訊息 */
msg.what = what; /* 訊息型別EVENT_NEW_SMS */
msg.obj = new AsyncResult(userObj,result,exception); /* 訊息內容sms */
h.sendMessage(msg); /* 傳送訊息到註冊了這個訊息的Handler,參考phone.mCi.setOnNewGsmSms(getHandler(),null);的getHandler() */
}
}
... ...
}
然而BaseCommands是一個抽象類,實現了CommandsInterface中的setOnNewGsmSms介面,這個介面由GsmInboundSmsHandler呼叫
(phone.mCi.setOnNewGsmSms(getHandler(),null)),也就是說GsmInboundSmsHandler的getHandler()是EVENT_NEW_SMS
的監聽者,也就是說frameworks/opt/telephony/src/java/com/android/internal/telephony/RIL.java中mGsmSmsRegistrant.notifyRegistrant(new AsyncResult(null,null))
呼叫之後,會觸發GsmInboundSmsHandler中getHandler()的Handler對EVENT_NEW_SMS訊息進行解析。這個Handler肯定是GsmInboundSmsHandler
例項化的物件中的,這個物件在什麼時候,在哪裡建立的,暫且不管。我們只管EVENT_NEW_SMS這個訊息從哪裡來,然後到哪裡去
就行了。
./frameworks/opt/telephony/src/java/com/android/internal/telephony/ImsSMSDispatcher.java
public final class ImsSMSDispatcher extends SMSDispatcher {
... ...
mGsmInboundSmsHandler = GsmInboundSmsHandler.makeInboundSmsHandler(phone.getContext(),/* 獲取mGsmInboundSmsHandler,並啟動狀態機 */
storageMonitor,phone);
... ...
}
./frameworks/opt/telephony/src/java/com/android/internal/telephony/gsm/GsmInboundSmsHandler.java
public class GsmInboundSmsHandler extends InboundSmsHandler {
... ...
/**
* Create a new GSM inbound SMS handler.
*/
private GsmInboundSmsHandler(Context context,SmsStorageMonitor storageMonitor,PhoneBase phone) {
super("GsmInboundSmsHandler",context,storageMonitor,phone,/* 構造GsmInboundSmsHandler時,通過super()呼叫InboundSmsHandler的建構函式 */
GsmCellBroadcastHandler.makeGsmCellBroadcastHandler(context,phone));
phone.mCi.setOnNewGsmSms(getHandler(),null); /* 註冊EVENT_NEW_SMS訊息 */
mDataDownloadHandler = new UsimDataDownloadHandler(phone.mCi);
}
... ...
/**
* Wait for state machine to enter startup state. We can't send any messages until then.
*/
public static GsmInboundSmsHandler makeInboundSmsHandler(Context context,PhoneBase phone) {
GsmInboundSmsHandler handler = new GsmInboundSmsHandler(context,phone); /* 例項化GsmInboundSmsHandler */
handler.start(); /* 抽象類InboundSmsHandler繼承與StateMachine,而GsmInboundSmsHandler繼承於InboundSmsHandler,
* GsmInboundSmsHandler呼叫啟動狀態機方法start()
*/
return handler;
}
... ...
}
./frameworks/opt/telephony/src/java/com/android/internal/telephony/InboundSmsHandler.java
public abstract class InboundSmsHandler extends StateMachine {
... ...
protected InboundSmsHandler(String name,Context context,PhoneBase phone,CellBroadcastHandler cellBroadcastHandler) {
... ...
addState(mDefaultState); /* 構造InboundSmsHandler時,新增狀態機的狀態 */
addState(mStartupState,mDefaultState);
addState(mIdleState,mDefaultState);
addState(mDeliveringState,mDefaultState);
addState(mWaitingState,mDeliveringState);
setInitialState(mStartupState); /* 初始化狀態機 */
if (DBG) log("created InboundSmsHandler");
}
... ...
class IdleState extends State {
@Override
public void enter() {
if (DBG) log("entering Idle state");
sendMessageDelayed(EVENT_RELEASE_WAKELOCK,WAKELOCK_TIMEOUT);
}
@Override
public void exit() {
mWakeLock.acquire();
if (DBG) log("acquired wakelock,leaving Idle state");
}
@Override
public boolean processMessage(Message msg) {
if (DBG) log("Idle state processing message type " + msg.what);
switch (msg.what) {
case EVENT_NEW_SMS: /* 空閒時,接收到簡訊 */
case EVENT_BROADCAST_SMS:
deferMessage(msg);
transitionTo(mDeliveringState); /* 轉到mDeliveringState */
return HANDLED;
... ...
}
}
}
... ...
class DeliveringState extends State { /* 轉到mDeliveringState狀態 */
@Override
public void enter() {
if (DBG) log("entering Delivering state");
}
@Override
public void exit() {
if (DBG) log("leaving Delivering state");
}
@Override
public boolean processMessage(Message msg) {
switch (msg.what) {
case EVENT_NEW_SMS:
// handle new SMS from RIL
handleNewSms((AsyncResult) msg.obj); /* 處理新SMS */
sendMessage(EVENT_RETURN_TO_IDLE); /* 處理完回到空閒狀態 */
return HANDLED;
... ...
}
}
... ...
}
}
void handleNewSms(AsyncResult ar) {
... ...
SmsMessage sms = (SmsMessage) ar.result;
result = dispatchMessage(sms.mWrappedSmsMessage);
... ...
}
public int dispatchMessage(SmsMessageBase smsb) {
... ...
return dispatchMessageRadioSpecific(smsb);
... ...
}
通過以上流程可以瞭解到,當狀態機接收到SMS後,對訊息進行分發,針對type zero,SMS-PP data download,
和3GPP/CPHS MWI type SMS判斷,如果是Normal SMS messages,則呼叫dispatchNormalMessage(smsb),然後建立
一個InboundSmsTracker物件,把資訊儲存到raw table,然後在通過sendMessage(EVENT_BROADCAST_SMS,tracker)把訊息廣播出去。
./frameworks/opt/telephony/src/java/com/android/internal/telephony/InboundSmsHandler.java
class DeliveringState extends State {
... ...
public boolean processMessage(Message msg) {
switch (msg.what) {
... ...
case EVENT_BROADCAST_SMS: /* 接收到EVENT_BROADCAST_SMS訊息並處理 */
// if any broadcasts were sent,transition to waiting state
if (processMessagePart((InboundSmsTracker) msg.obj)) {
transitionTo(mWaitingState);
}
return HANDLED;
... ...
}
}
... ...
}
boolean processMessagePart(InboundSmsTracker tracker) {
... ...
BroadcastReceiver resultReceiver = new SmsBroadcastReceiver(tracker); /* 建立一個廣播接收者,用來處理簡訊廣播的結果 */
... ...
intent = new Intent(Intents.SMS_DELIVER_ACTION); /* 設定當前intent的action為SMS_DELIVER_ACTION */
// Direct the intent to only the default SMS app. If we can't find a default SMS app
// then sent it to all broadcast receivers.
ComponentName componentName = SmsApplication.getDefaultSmsApplication(mContext,true); /* 這個action只會傳送給carrier app,而且carrier app可以通過set result為RESULT_CANCELED來終止這個廣播 */
if (componentName != null) {
// Deliver SMS message only to this receiver
intent.setComponent(componentName);
log("Delivering SMS to: " + componentName.getPackageName() +
" " + componentName.getClassName());
}
... ...
dispatchIntent(intent,android.Manifest.permission.RECEIVE_SMS,/* 廣播intent */
AppOpsManager.OP_RECEIVE_SMS,resultReceiver);
... ...
}
private final class SmsBroadcastReceiver extends BroadcastReceiver {
... ...
public void onReceive(Context context,Intent intent) {
... ...
// Now that the intents have been deleted we can clean up the PDU data.
if (!Intents.DATA_SMS_RECEIVED_ACTION.equals(action)
&& !Intents.DATA_SMS_RECEIVED_ACTION.equals(action)
&& !Intents.WAP_PUSH_RECEIVED_ACTION.equals(action)) {
loge("unexpected BroadcastReceiver action: " + action);
}
int rc = getResultCode();
if ((rc != Activity.RESULT_OK) && (rc != Intents.RESULT_SMS_HANDLED)) {
loge("a broadcast receiver set the result code to " + rc
+ ",deleting from raw table anyway!");
} else if (DBG) {
log("successful broadcast,deleting from raw table.");
}
deleteFromRawTable(mDeleteWhere,mDeleteWhereArgs);
sendMessage(EVENT_BROADCAST_COMPLETE); /* 成功廣播 */
... ...
}
... ...
}
到這裡,在應用層註冊具有Intents.SMS_RECEIVED_ACTION這樣action的廣播,就可以獲取到簡訊了。
總結
以上所述是小編給大家介紹的Android4.4 RIL簡訊接收流程分析,希望對大家有所幫助,如果大家有任何疑問請給我留言,小編會及時回覆大家的。在此也非常感謝大家對我們網站的支援!
如果你覺得本文對你有幫助,歡迎轉載,煩請註明出處,謝謝!