CN103593225B - The method of many android system multiplexing Binder IPC mechanism in mobile virtual scene - Google Patents
The method of many android system multiplexing Binder IPC mechanism in mobile virtual scene Download PDFInfo
- Publication number
- CN103593225B CN103593225B CN201310526351.1A CN201310526351A CN103593225B CN 103593225 B CN103593225 B CN 103593225B CN 201310526351 A CN201310526351 A CN 201310526351A CN 103593225 B CN103593225 B CN 103593225B
- Authority
- CN
- China
- Prior art keywords
- binder
- service
- virtual
- amendment
- device drives
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 67
- 230000007246 mechanism Effects 0.000 title claims abstract description 35
- 239000011230 binding agent Substances 0.000 claims abstract description 103
- 230000006870 function Effects 0.000 claims description 64
- 230000008569 process Effects 0.000 claims description 34
- 238000001914 filtration Methods 0.000 claims description 7
- 238000012546 transfer Methods 0.000 claims description 6
- 238000012545 processing Methods 0.000 claims description 5
- 238000003860 storage Methods 0.000 claims description 4
- 239000000203 mixture Substances 0.000 claims description 3
- 238000000151 deposition Methods 0.000 claims description 2
- 230000009897 systematic effect Effects 0.000 abstract 1
- 238000004891 communication Methods 0.000 description 3
- 238000000429 assembly Methods 0.000 description 2
- 230000000712 assembly Effects 0.000 description 2
- 230000008901 benefit Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000004899 motility Effects 0.000 description 2
- 241000208340 Araliaceae Species 0.000 description 1
- 235000005035 Panax pseudoginseng ssp. pseudoginseng Nutrition 0.000 description 1
- 235000003140 Panax quinquefolius Nutrition 0.000 description 1
- 230000000903 blocking effect Effects 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000009826 distribution Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 235000008434 ginseng Nutrition 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 238000004080 punching Methods 0.000 description 1
- 230000008439 repair process Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
Landscapes
- Stored Programmes (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention discloses a kind of method of many android system multiplexing Binder IPC mechanism in mobile virtual scene, method includes: create a virtual Binder device drives in the android system in host, and use this virtual Binder device drives to register multiple virtual Binder equipment to linux kernel, device file corresponding for virtual Binder equipment is distributed to each virtual machine;When virtual machine sends the access request of Binder equipment, first call virtual Binder device drives, then by this virtual Binder device drives, use request is transmitted to true Binder device drives;During operation is transmitted to true Binder equipment by virtual Binder device drives, the Service name of conflict is intercepted accordingly, filters and revises.The present invention is realizing ensure that under many android system are run the high efficiency of systematic function.
Description
Technical field
The present invention relates to computer virtualized technical field, particularly relate to multiple systems in android system virtualization multiple
Method by Binder IPC mechanism.
Background technology
Under the background that the customer volume of Android operation system increases rapidly, its safety is also by the most widely
Pay close attention to.Owing to Android lacks closed ecological system as iOS, Malware has become as the maximum prestige of its safety
The side of body.In order to limit the range of activity of Malware, protect the personal information of user to greatest extent, it is thus proposed that Android
Virtualize this solution.Android virtualization refers to run multiple Android operation system on an equipment, these
Operating system is mutually isolated, and being arranged on the application software in some system cannot constitute impact to other system.Thus may be used
So that the personal information of user is locked in some system, even if other system being mounted with, Malware also will not be to individual
Information structure threatens.Current virtualization scheme includes: Full-virtualization, half virtualization and virtualization based on container, its
In half virtualization and virtualization based on container be referred to as lightweight virtualization.In these virtualization solutions, based on appearance
The lightweight virtualization of device has the biggest performance advantage at aspect of performance relative to other scheme.
Binder IPC mechanism is one of most important characteristic of Android operation system, almost all of process in system
Between communicate and all realized by Binder mechanism.So-called multiplexing Binder IPC mechanism, refers to the core group of Binder IPC mechanism
Part (such as Binder device drives, Service Manager) is provided by host, and virtual machine does not then have these assemblies, virtual machine
In process indirectly use host to provide Binder IPC mechanism by virtual unit.
In order to realize the Binder IPC mechanism that virtual machine uses host to provide, the most direct scheme is directly by host
The Binder equipment of machine is distributed to virtual machine and is used.Multiple system is not accounted for yet with Binder same when of driving and realize
Time use situation, this scheme is the most infeasible.It main reason is that primary Binder only to drive and allows to have one
Service Manager, thus under this scheme the service in host and virtual machine all can only to be registered to this unique
Service Manager.But run in host and virtual machine is same set of service, identical service is with identical name
Will necessarily clash during registration, the service run after causing cannot be registered.It addition, be all registered to same if all of service
One Service Manager, then which client process in each virtual machine also cannot be distinguished by and service to one's name institute
Virtual machine, which service belongs to host or other virtual machine.
As it is shown in figure 1, Binder IPC mechanism include Binder device drives, Binder Support Library (not illustrating),
The assemblies such as Service Manager, service and client.Wherein service is to provide entering of certain specific function (such as media play)
Journey, each service has a name (such as media.player).By its name registration to Service after service startup
Manager, the latter is responsible for the corresponding relation preserving service name with service.When client process needs to use certain service to provide
Function time, it first sends, to Service Manager, service that acquisition request service name is corresponding, the most just can be to service
The request of transmission uses the function of its correspondence.Binder device drives is between Service Manager, service and client three
The bridge of communication, this three by open Binder equipment (/dev/binder) and to its carry out I/O operation (such as open,
Ioctl, mmap etc.) transmit and ask and response.
In the virtualized implementation of Android based on container, virtual machine and host are shared in same Linux
Core.And Binder device drives belongs to a part for kernel, it is therefore necessary to Binder equipment is virtualized.Binder equipment
Virtualized a kind of scheme be to register a Binder set for host and each virtual machine in linux kernel
Standby, in each system, then all start a Service Manager, the service registry in each system is to its correspondence
In Service Manager, it is independent of each other between system and system.The advantage of this scheme be between system and system completely every
From, the not problem of presence service name conflict, but there is also following deficiency:
1) owing to Binder device drives employing some global variables (such as record Service Manager process letter
The structure of breath), in order to create multiple Binder equipment, need to create corresponding copy for these global variables, and build each
Corresponding relation between individual system and these copies.This scheme or need original Binder device drives is advised greatly
The amendment of mould, this is unfavorable for the stability of system;Need to create the Binder device drives journey of multiple equity in kernel
Sequence, such design lacks again motility.
2) the Binder equipment within its own system, therefore these visitors can only be accessed due to the client in each system
Family end process also can only use the service run in this system, so cannot realize between system sharing of service, i.e. cannot subtract
The service sum run on few whole equipment, is unfavorable for being optimized the runnability of equipment.
It is thus desirable to a kind of convenient and the method that performance impact is relatively low is solved Binder device virtualization with
And the problem that service is shared, the method devising the Binder IPC mechanism of a kind of virtual machine multiplexing host for this present invention.
Summary of the invention
It is an object of the invention to provide the realization side of multiplexing Binder IPC mechanism under a kind of Android virtualization scene
Method, this method is applied in android system based on container virtualization scene, is being revised Android original generation hardly
Realize the virtualization of Binder equipment in the case of Ma, and realize the function that service is shared, empty for optimizing Android further
The performance of planization provides the foundation.
In a kind of mobile virtual scene, the method for many android system multiplexing Binder IPC mechanism, described many
Android system runs in single linux kernel environment, and in described many android system, one of them runs in host,
Remaining operates in virtual machine, and method includes:
Android system in host creates a virtual Binder device drives, and uses this virtual
Binder device drives registers multiple virtual Binder equipment to linux kernel, by these virtual corresponding setting of Binder equipment
Each virtual machine distributed to by standby file;
When in virtual machine, the application program of android system sends the access request of Binder equipment, first call virtual
Binder device drives, access request is intercepted by virtual Binder device drives accordingly, and conflicts in access request
Service name carry out filtering and amendment processes, the Binder that then will be obtained after processing by this virtual Binder device drives
The use request of IPC mechanism is transmitted to true Binder device drives, it is achieved virtual machine uses the Binder of host indirectly
IPC mechanism.
Many android system multiplexing Binder IPC(Inter-Process Communication that the present invention provides,
Interprocess communication) method of mechanism creates a virtual Binder device drives, and creates multiple virtual Binder equipment
Distribute to corresponding multiple virtual machine, be connected mutually finally by with real Binder device drives, it is possible to achieve virtual machine is multiple
By the Binder IPC mechanism of host, this method has the highest motility and extensibility.Simultaneously in repeating process
By intercepting the operation carrying out self virtualizing machine, and the request to specific use is filtered and is revised, and solves virtual machine
The problem that the Service name existed when running same service with host conflicts.The function of Binder device drives, will apply journey
The access request (such as open, ioctl, mmap etc.) of virtual Binder equipment is transmitted to truly by sequence (including service and client)
Binder device drives.
During forwarding the application program access request to virtual Binder equipment, virtual Binder device drives mistake
Leach and be sent to the registration service (being initiated by the process serviced) of Service Manager and obtain service (entering by client
Request Cheng Faqi), and used before being transmitted to true Binder equipment in transfer function f amendment both request
Service name field.
The most virtual Binder device drives uses self-defining driving function to needing the access request intercepted to block
Cut, the function in true Binder device drives is the most directly used for the access request that need not intercept.
The function directly invoked the operation that need not intercept in real Binder device drives can reduce kernel
Amendment.
Self-defining driving function includes filtering and amendment order, wherein filters and revises order analysis application program and send
Ioctl order and therefrom obtain command parameter, from command parameter, obtain Binder subcommand, and judge each Binder
Binder subcommand, the need of amendment, is processed by order according to judged result.
Wherein, ioctl order is the access request needing to filter.In self-defining driving function, need self-defined
Function only have conbinder_ioctl, the realization of this function is divided into two parts, Part I be filter and amendment order,
Part II is the binder_ioctl function that will filter and amendment order is handed in true Binder device drives, second
Divide and directly invoke binder_ioctl function.Filter and first amendment order filter out ioctl order from application program,
And it is processed, thus solve application program and send the Service name collision problem using request.
Wherein judge that each Binder subcommand is as follows the need of the method for amendment:
Step 1, it is judged that whether Binder subcommand is transaction commands: be, then obtain transaction commands parameter, and enter step
2;Otherwise, the process to this Binder subcommand is terminated;
Step 2, is judged by transaction commands parameter whether the destination service of transaction commands is Service Manager, is
Then enter step 3;Otherwise terminate the process to this Binder subcommand;
Step 3, it is judged that whether the function of transaction commands is registration service, inquiry service or obtains service: be then to obtain
Service name in transaction commands, and revise the Service name in this Binder subcommand parameter;Otherwise, terminate this Binder is ordered
The process of order.
In step 1, when the command number of Binder subcommand is BC_TRANSACTION, this Binder subcommand is thing
Business order.In step 3, the corresponding function number of each service, judge this affairs by the function number judging transaction commands
Whether order is registration service, inquiry service or obtains service.
In step 3, before the Service name of amendment Binder subcommand, also judge whether the Service name of this service exists
In shared service list: be, directly terminate the process to this Binder subcommand;Otherwise, revise Service name and terminate this
The process of Binder subcommand.
By shared for the write of the name of the special services run in host service list file is arranged this service it is
Share service.Service of sharing runs in host, is shared by all virtual machines.Then blocking in virtual Binder device drives
Cut and filtering rule use the list of the service of sharing as white list so that in virtual machine, the request to shared service can be worn
This virtual equipment driver thoroughly, it is achieved virtual machine directly uses the shared service run in host.
The method for building up wherein sharing service list is: create a shared service list literary composition in proc file system
Part, and one piece of region of distribution is used for depositing file content, and the special services will run in host in kernel memory headroom
Service name write in this shared service list file as share service.
Shared service list document creation is in proc file system, and it is corresponding to create this document in kernel code
Reading and writing call back function, when application program reads or writes Service name, kernel can call the call back function of correspondence and perform to share clothes
The storage of business name and reading.
Wherein in shared service list file, create a RBTree and be used for indexing in this shared service list file and deposit
The shared Service name of storage.
RBTree has higher efficiency and preferable statistic property, may be used for quickly searching in this shared service list
Shared Service name.
The Service name method of amendment conflict is, uses a transfer function f after Intercept Interview is asked and filtered
Revise the Service name of conflict.
Wherein, amended Service name contains the front Service name of amendment and sends the source letter of this service use request
Breath.Such as, virtual machine each with numbering N, then comprises the information of N in Service name after amendment.
Wherein transfer function f meets following all conditions:
A. after amendment, Service name is not equal to revise front Service name;
B. for Service name before identical amendment and different virtual machines numbering, after amendment, Service name is different;
C. numbering with identical virtual machine for Service name before different amendments, after amendment, Service name is different;
D. before amendment, Service name is equal with Service name length after amendment.
The transfer function f meeting conditions above ensures that the Service name carrying out self virtualizing machine is different from the Service name of host, and
The same services of different virtual machine has different Service name, and the different services of identical virtual machine also have different Service name, therefore
The problem solving Service name conflict.Owing to the data packet format of request is it has been determined that the Service name revised is also required to put back to
The originally position of Service name, and the length of this position is to send to use the application program of request to determine, therefore takes after amendment
Business name is equal with Service name length before amendment.
By by the Binder equipment in the root file system of virtual machine and the virtual Binder apparatus bound in host
Distribute virtual Binder equipment.
By use in mount order bind option by these equipment and virtual machine root file system /dev/
Binder file is bound, thus each Binder equipment is distributed to each virtual machine.Application program in virtual machine sends
When Binder equipment uses request, the function that kernel will perform in virtual Binder device drives, use request is intercepted,
Filter and amendment.
Accompanying drawing explanation
Fig. 1 is prior art Binder IPC mechanism fundamental diagram;
Fig. 2 is the system framework figure of one embodiment of the invention;
Fig. 3 is the structure chart of present example of the present invention virtual Binder device driver;
Fig. 4 is the schematic diagram of the function of present example of the present invention virtual Binder equipment, does not include sharing service row in figure
Table;
Fig. 5 is the flow chart that present example of the present invention processes a Binder subcommand;
Fig. 6 is that present example of the present invention filters and amendment uses the main flow chart asked.
Detailed description of the invention
Many android system in mobile virtual scene of the present invention are realized by linux kernel code is modified
The method of multiplexing Binder IPC mechanism.In the present example, the linux kernel version of amendment is Linux3.9.4.
As in figure 2 it is shown, have real Binder device drives in linux kernel, the present invention builds the most on this basis
Virtual Binder device drives, when the application program in virtual machine needs to access Binder equipment, application program is to virtual
Binder equipment in machine sends access request, and Binder is set by the most virtual Binder device drives sink virtual machine application program
Standby access request, and carry out these access request intercepting, filtering and amendment process, obtain after processing the most at last
The use request of Binder IPC mechanism is transmitted to true Binder device drives, it is achieved virtual machine application uses indirectly
Binder IPC mechanism in host.Virtual Binder device drives, during processing request, can filter out and be sent to
Service Manager and the Binder subcommand relevant to Service name, and to the service in these Binder subcommands
Name is modified, with the problem solving the name conflict existed when virtual machine directly uses true Binder equipment.
Virtual Binder device drives is write according to the model of misc device drives, and code leaves in conbinder.c.
Concrete operation step is as follows:
First, the variable conbinder_fops of a struct file_operations type, this structure are created
Function pointer in body and the various operation one_to_one corresponding of virtual Binder equipment.For needing the operation intercepted to write self-defined
Driving function, for need not intercept operation the most directly use the function in true Binder device drives.Driving function
In the implementation of each function as shown in the table:
Wherein it is desired to self-defining function only has conbinder_ioctl, the realization of this function is divided into two parts, and Part I is
Filtering and amendment order, Part II is the binder_ that will filter and amendment order is handed in true Binder device drives
Ioctl function.Part II directly invokes binder_ioctl function.
As shown in Figure 6, the implementation of conbinder_ioctl function is as follows:
For the ioctl order from application program, first determine whether whether the command number of this ioctl order is BINDER_
WRITE_READ: be, then obtain command parameter from ioctl order and be for further processing;Otherwise, directly invoke
Binder_ioctl function also terminates.
After obtaining command parameter, from command parameter, parse each Binder subcommand, then judge each subcommand
The need of amendment, process, until completing the process to all Binder subcommands according to judgement.
As it is shown in figure 5, the process to each Binder subcommand is as follows:
Step 1, it is judged that whether Binder subcommand number is BC_TRANSACTION: be, then obtain Transaction ginseng
Number, will enter step 2;Otherwise, the process to this Binder subcommand is terminated;
Step 2, judges by Transaction parameter whether the destination service of subcommand Transaction is Service
Manager, is then to enter step 3;Otherwise terminate the process to this Binder subcommand;
Step 3, it is judged that whether the function number of Transaction is 1(registration service), 2(inquire about service) or 3(obtain
Service): it is then to obtain the Service name in Transaction, enter step 4;Otherwise, the place to this Binder subcommand is terminated
Reason;
Step 4, it is judged that whether the Service name of acquisition is present in shared service list: be, directly terminates this Binder
The process of subcommand;Otherwise, revise Service name and terminate the process to this Binder subcommand.
Wherein it is desired to the Binder subcommand of amendment Service name has a Service name field, need registration for appointment
Or the title of the service obtained, the present invention uses a function f to modify this Service name field, concrete modification rule
As follows:
namenew=f(nameold,N)
Service name after wherein namenew represents replacement, nameold represents former Service name, and N represents virtual Binder equipment
Numbering (being obtained by the title of virtual Binder equipment).Function f meets claimed below:
1. f (nameold, N) is not equal to nameold;
2. for identical nameold and different N, f (nameold, N) is different;
3. for different nameold and identical N, f (nameold, N) is different;
4. the length of f (nameold, N) and nameold is equal.
As a example by service foo and bar, the service of host and each virtual machine registration in Service Manager
Name is as shown in the table:
According to the character of function f, in Service Manager, all of Service name all differs, and solves Service name punching
Prominent problem.As it is shown on figure 3, the service in host sends the request of registration service to Service Manager, in host
Real Binder device drives is directly transferred to Service Manager, Service Manager request and service is added
To web services registry;And simultaneously, the service in virtual machine also sends the request of registration service to Service Manager, then empty
Intend Binder device drives, by f function, the Service name of foo service in virtual machine is revised as f (foo, 1), by amended clothes
Business name is registered to Service Manager, then in Service Manager, in web services registry, the Service name of registration comprises service
Progress information, such as, the service servicing entitled foo is the service foo in host;Service entitled f(foo, 1) service is empty
Service foo in plan machine 1, wherein 1 represents virtual machine numbering (only depicting a virtual machine in Fig. 3).It addition, in virtual machine
Client process (in Figure of description, title should be corresponding with title in literary composition) sends asking of the service of acquisition to Service Manager
When asking, the Service name that Service Manager receives is also converted through function f, and therefore Service Manager returns
Return is to operate in the service processes in same virtual machine with this client process.
After creating virtual Binder device drives, create the virtual Binder equipment in virtual machine and to Linux
Kernel registers these virtual Binder equipment:
Create one group of virtual Binder equipment to make kernel start afterwards, utilize conbinder_init function
The information of initialization of virtual Binder equipment also registers these virtual Binder equipment, and each virtual Binder equipment is with one
Individual numbering, numbers and uses when revising Service name field.Specifically comprise the following steps that
First, the structure of one group of struct misc_device type is defined, then at conbinder_init function
In call init_devs function initialize this group structure, initialization procedure includes setting its minor(secondary device number), name
(device name) equipment each with fops(function pointer corresponding to operation) three fields, the name field difference of different structure body
(because the numbering comprising each virtual Binder equipment is different), other field is identical.Fops field is set as that virtual Binder sets
The address of the conbinder_fops structure in standby driving.
After initialization completes, conbinder_init function continues to call register_devs, register_devs and follows
Ring calls misc_register function, by the virtual Binder facility registration that initializes before to linux kernel.So,
Linux kernel has started to create under/dev catalogue afterwards and has set with the virtual Binder of virtual Binder device name name
Standby.
After having registered virtual Binder equipment, distribute virtual Binder equipment:
By using bind option by these virtual Binder equipment and virtual machine root file system in mount order
/ binding of dev/binder file, thus assign them to virtual machine.As in figure 2 it is shown, when registration in linux kernel, interior
In core the file of virtual Binder equipment corresponding to the virtual machine 1 of registration entitled/dev/conbinder1, corresponding to virtual machine 2
The file of virtual Binder equipment is entitled/dev/conbinder2, by that analogy.Application program in virtual machine sends Binder
During equipment access request, kernel will perform the function in virtual Binder device drives, intercept use request, filter and
Amendment.
As shown in Figure 4, when the service foo in host sends registration service foo request by accessing Binder equipment
(i.e. sending the access request of Binder equipment), the real Binder device drives directly Service in host
Manager registration service name;Meanwhile, the service foo during virtual machine 1 is logical sends registration service foo by accessing Binder equipment
Request time, the most virtual Binder device drives intercept and revise service foo, Service name is changed into f (foo, 1) and relays to very
Real Binder device drives, after the Service Manager registration amendment in host of the real Binder device drives
Service name.When the client in host sends, to Binder equipment, the access request obtaining service foo, really
The Binder device drives directly Service Manager in host sends and obtains the access request of service foo the most directly
Service Manager from host obtains the client that service foo is transmitted in host;Simultaneously in virtual machine 1
Client sends the access request obtaining service foo to Binder equipment, and the most virtual Binder device drives intercepts and revises clothes
The Service name field of business foo, changes by Service name as f (foo, 1) into and relays to real Binder device drives, really
Making of the Binder IPC mechanism of Service name was revised in the Service Manager transmission in host of the Binder device drives
With request, and the Service Manager from host obtains and revised the service foo of Service name and be transmitted in virtual machine
Client.
It addition, as in figure 2 it is shown, by creating user-defined shared service row in Proc file system directories
List file, also achieves institute's operation service in host when use request is intercepted, filters and revised and shares, pass through
Build and share service list configuration interface, shared service list is shared as white list, wherein shares service list
Build as follows:
1. establishment file in proc file system:
In the present invention, the shared service list configuration interface of present example realizes by the proc file system in kernel.
In conbinder_init function, add code, first call proc_mkdir function under/proc catalogue, create a mesh
Record, then calls create_proc_entry and creates the file of an entitled sharedservices in this catalogue, then exist
In kernel, (present example of the present invention is in virtual binder device drives) creates two function conbinder_proc_ss_
Read and conbinder_proc_ss_write and they are respectively set as sharedservices file reading and writing readjustment
Function.
2. the data structure of the shared service list of definition:
In kernel, one piece of internal memory is distributed, for storing write sharedservices file after document creation success
Data, then create a RBTree services_tree for indexing the shared Service name of storage in this document.
3. the read-write of the shared service list of realization:
When user is by shared Service name write sharedservices file, kernel will call conbinder_proc_
Ss_write function.First the data received are stored in the memory block distributed before by this function, then will wrap in data
The service name contained is inserted in services_tree.When user reads sharedservices file, kernel will call
Conbinder_proc_ss_read function, this function reads the data in memory block and returns to upper strata.
4. the service that realizes is shared:
In order to realize the function that service is shared, the driver of virtual Binder equipment is provided with a white list.
If the service name in certain request intercepted belongs to this white list, then this request will not be modified.So, empty
Need not in plan machine run the service in white list, the client process in virtual machine asks white name to Service Manager
When certain in list services, what Service Manager returned will be the service run in host.Therefore, in white list
Service only need to run in host, is shared by the client process in host and all virtual machines.The present invention is current
In embodiment, this white list is i.e. set to this RBTree of services_tree.The driver of virtual Binder equipment exists
This service name being searched in services_tree before service name in amendment request, if do not found, continuing to repair
Changing, if found, abandoning amendment.
Claims (10)
1. a method for many android system multiplexing Binder IPC mechanism, described many Android in mobile virtual scene
System runs in single linux kernel environment, and in described many android system, one of them runs in host, remaining fortune
Row is in virtual machine, it is characterised in that method includes:
Android system in host creates a virtual Binder device drives, and uses this virtual Binder
Device drives registers multiple virtual Binder equipment to linux kernel, by device file corresponding for these virtual Binder equipment
Distribute to each virtual machine;
When in virtual machine, the application program of android system sends the access request of Binder equipment, first call virtual
Binder device drives, access request is intercepted by virtual Binder device drives accordingly, and conflicts in access request
Service name carry out filtering and amendment processes, the Binder that then will be obtained after processing by this virtual Binder device drives
The use request of IPC mechanism is transmitted to true Binder device drives, it is achieved virtual machine uses the Binder of host indirectly
IPC mechanism.
2. the method for many android system multiplexing Binder IPC mechanism in mobile virtual scene as claimed in claim 1, its
Being characterised by, the most virtual Binder device drives uses self-defining driving function to needing the access request intercepted to block
Cut, the function in true Binder device drives is the most directly used for the access request that need not intercept.
3. the method for many android system multiplexing Binder IPC mechanism in mobile virtual scene as claimed in claim 2, its
Being characterised by, self-defining driving function includes filtering and amendment order, wherein filters and revises order analysis application program and send out
The ioctl order sent also therefrom obtains command parameter, obtains Binder subcommand, and judge each Binder from command parameter
Binder subcommand, the need of amendment, is processed by subcommand according to judged result.
4. the method for many android system multiplexing Binder IPC mechanism in mobile virtual scene as claimed in claim 3, its
It is characterised by, wherein judges that each Binder subcommand is as follows the need of the method for amendment:
Step 1, it is judged that whether Binder subcommand is transaction commands: be, then obtain transaction commands parameter, and enter step 2;No
Then, the process to this Binder subcommand is terminated;
Step 2, is judged by transaction commands parameter whether the destination service of transaction commands is Service Manager, is to enter
Enter step 3;Otherwise terminate the process to this Binder subcommand;
Step 3, it is judged that whether the function of transaction commands is registration service, inquiry service or obtains service: be then to obtain affairs
Service name in order, and revise the Service name in this Binder subcommand parameter;Otherwise, terminate this Binder subcommand
Process.
5. the method for many android system multiplexing Binder IPC mechanism in mobile virtual scene as claimed in claim 4, its
It is characterised by, in step 3, before the Service name of amendment Binder subcommand, also judges whether the Service name of this service is deposited
It is to share in service list: be directly to terminate the process to this Binder subcommand;Otherwise, amendment Service name and terminate right
The process of this Binder subcommand.
6. the method for many android system multiplexing Binder IPC mechanism in mobile virtual scene as claimed in claim 5, its
Being characterised by, the method for building up wherein sharing service list is: create a shared service list literary composition in proc file system
Part, and distribute one piece of region in kernel memory headroom and be used for depositing file content, and the clothes of service that will run in host
Business name writes in this shared service list file as sharing service.
7. the method for many android system multiplexing Binder IPC mechanism in mobile virtual scene as claimed in claim 6, its
It is characterised by, wherein in shared service list file, creates a RBTree and be used for indexing in this shared service list file
The shared Service name of storage.
8. the method for many android system multiplexing Binder IPC mechanism in mobile virtual scene as claimed in claim 1, its
Being characterised by, the Service name method of amendment conflict is, uses a transfer function f after Intercept Interview is asked and filtered
Revise the Service name of conflict.
9. the method for many android system multiplexing Binder IPC mechanism in mobile virtual scene as claimed in claim 8, its
Being characterised by, wherein transfer function f meets following all conditions:
A. after amendment, Service name is not equal to revise front Service name;
B. for Service name before identical amendment and different virtual machines numbering, after amendment, Service name is different;
C. numbering with identical virtual machine for Service name before different amendments, after amendment, Service name is different;
D. before amendment, Service name is equal with Service name length after amendment.
10. the method for many android system multiplexing Binder IPC mechanism in mobile virtual scene as claimed in claim 1,
It is characterized in that, by the Binder device file in the root file system of virtual machine is set with the virtual Binder in host
Standby file binding distributes virtual Binder equipment.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310526351.1A CN103593225B (en) | 2013-10-30 | 2013-10-30 | The method of many android system multiplexing Binder IPC mechanism in mobile virtual scene |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310526351.1A CN103593225B (en) | 2013-10-30 | 2013-10-30 | The method of many android system multiplexing Binder IPC mechanism in mobile virtual scene |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103593225A CN103593225A (en) | 2014-02-19 |
| CN103593225B true CN103593225B (en) | 2016-10-05 |
Family
ID=50083381
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310526351.1A Active CN103593225B (en) | 2013-10-30 | 2013-10-30 | The method of many android system multiplexing Binder IPC mechanism in mobile virtual scene |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103593225B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| GB2558879A (en) * | 2017-01-04 | 2018-07-25 | Cisco Tech Inc | Method and apparatus for container-based virtualisation |
Families Citing this family (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103902390B (en) * | 2014-03-12 | 2017-04-19 | 深圳创维-Rgb电子有限公司 | Inter-process communication method based on Android application layer and basis application communication system |
| CN105138389B (en) * | 2015-07-30 | 2019-01-11 | 北京京东尚科信息技术有限公司 | The management method and system of virtual unit in a kind of cluster |
| CN105516089B (en) * | 2015-11-27 | 2019-04-12 | 北京指掌易科技有限公司 | A kind of stable Security distillation method and apparatus |
| CN105808320B (en) * | 2016-03-11 | 2018-12-04 | 四川安嵌科技有限公司 | Equipment virtualization system and method based on L inux container |
| US9733992B1 (en) * | 2016-05-27 | 2017-08-15 | Huawei Technologies Co., Ltd. | Inter-process communication between containers |
| CN106375371B (en) * | 2016-08-22 | 2019-11-22 | 四川安嵌科技有限公司 | A kind of method and system of cross-domain access service |
| CN108388506B (en) * | 2018-01-05 | 2021-10-12 | 郑州信大捷安信息技术股份有限公司 | ADB multiplexing system and ADB multiplexing method based on single Linux kernel and multiple Android systems |
| CN108762884A (en) * | 2018-04-23 | 2018-11-06 | 西安电子科技大学 | A kind of flight control assemblies based on mobile phone |
| CN109324873A (en) * | 2018-09-21 | 2019-02-12 | 郑州云海信息技术有限公司 | The equipment and storage medium for virtualizing method for managing security, running kernel-driven |
| CN112073448B (en) * | 2019-06-11 | 2022-10-11 | 成都鼎桥通信技术有限公司 | Service isolation method and device for dual-system terminal |
| CN110347475B (en) * | 2019-06-19 | 2022-03-04 | 东软集团股份有限公司 | Service calling method, service calling device and service calling system |
| CN110457140B (en) * | 2019-07-02 | 2022-11-11 | 福建新大陆通信科技股份有限公司 | Fastener mechanism-based client server quick calling method and system |
| CN111339541B (en) * | 2020-02-20 | 2022-08-02 | Oppo广东移动通信有限公司 | Multiplex method and device for inter-process communication IPC mechanism based on binder drive |
| CN111796909B (en) * | 2020-06-24 | 2024-04-02 | 浙江大学 | Lightweight mobile application virtualization system |
| CN114416292B (en) * | 2021-12-31 | 2024-05-28 | 北京字节跳动网络技术有限公司 | Virtualization method, equipment, device, medium and product for serial port of positioning equipment |
| CN114995955B (en) * | 2022-06-16 | 2023-03-21 | 广州千悦科技有限公司 | Android plug-in virtualization Binder Hook method |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101976200A (en) * | 2010-10-15 | 2011-02-16 | 浙江大学 | Virtual machine system for input/output equipment virtualization outside virtual machine monitor |
| CN102662910A (en) * | 2012-03-23 | 2012-09-12 | 浙江大学 | Network interaction system based on embedded system and network interaction method |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8745237B2 (en) * | 2011-10-21 | 2014-06-03 | Red Hat Israel, Ltd. | Mapping of queues for virtual machines |
-
2013
- 2013-10-30 CN CN201310526351.1A patent/CN103593225B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101976200A (en) * | 2010-10-15 | 2011-02-16 | 浙江大学 | Virtual machine system for input/output equipment virtualization outside virtual machine monitor |
| CN102662910A (en) * | 2012-03-23 | 2012-09-12 | 浙江大学 | Network interaction system based on embedded system and network interaction method |
Non-Patent Citations (2)
| Title |
|---|
| Android下Binder进程间通信机制的分析与研究;王汝言 等;《计算机技术与发展》;20120930;第22卷(第9期);全文 * |
| Android进程间通信Binder扩展模型的设计与实现;陈莉君 等;《西安邮电大学学报》;20130531;第18卷(第3期);全文 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| GB2558879A (en) * | 2017-01-04 | 2018-07-25 | Cisco Tech Inc | Method and apparatus for container-based virtualisation |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103593225A (en) | 2014-02-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103593225B (en) | The method of many android system multiplexing Binder IPC mechanism in mobile virtual scene | |
| CN107480237B (en) | Data fusion method and system for heterogeneous desktop cloud platform | |
| CN107515776A (en) | The uninterrupted upgrade method of business, node to be upgraded and readable storage medium storing program for executing | |
| US20090287906A1 (en) | Allocating resources to partitions in a partitionable computer | |
| CN105824688B (en) | A method of it solving docker container and starts concurrent bottleneck | |
| DE102019108266A1 (en) | TECHNOLOGIES FOR PROVIDING INSULATION ON A FUNCTIONAL LEVEL WITH ABILITY-BASED SECURITY | |
| CN103049334A (en) | Task processing method and virtual machine | |
| CN101382953A (en) | Interface system for accessing file system in user space and file reading and writing method | |
| CN105872129B (en) | A kind of more network interface card outbound communication implementation methods of Linux virtual machine | |
| CN102754077A (en) | A secure virtualization environment bootable from an external media device | |
| CN101216814A (en) | Communication method and system of multi-nuclear multi-operating system | |
| CN101645020A (en) | Virtual operating system creation method | |
| CN102413183B (en) | Cloud intelligence switch and processing method and system thereof | |
| CN116800616B (en) | Management method and related device of virtualized network equipment | |
| CN115408108A (en) | I/O unloading method, device, system and storage medium in cloud environment | |
| US7996627B2 (en) | Replication of object graphs | |
| CN104714792B (en) | Multi-process shared data treating method and apparatus | |
| US7581069B2 (en) | Multiple computer system with enhanced memory clean up | |
| CN115629882A (en) | Method for managing memory in multiple processes | |
| US8844827B2 (en) | Chip card, and method for the software-based modification of a chip card | |
| CN112698912A (en) | Java Card virtual machine operating environment and memory management method | |
| CN103761118A (en) | Intelligent card and method for deploying applications in same | |
| CN113986858B (en) | Linux compatible android system shared file operation method and device | |
| US11429412B2 (en) | Guest protection from application code execution in kernel mode | |
| CN108762883B (en) | Configuration structure and configuration method for realizing virtualization management scheduling of physical platform |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |