Android WIFI 分析
Posted kaifyou
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Android WIFI 分析相关的知识,希望对你有一定的参考价值。
WifiService 在SystemService 进程中被创建,Wifi 相关对象定义:
/frameworks/base/services/java/com/android/server/SystemServer.java
private static final String WIFI_SERVICE_CLASS = "com.android.server.wifi.WifiService"; private static final String WIFI_NAN_SERVICE_CLASS = "com.android.server.wifi.nan.WifiNanService"; private static final String WIFI_P2P_SERVICE_CLASS = "com.android.server.wifi.p2p.WifiP2pService";
SystemService 类进程启动方法run() 调用startOtherService() 方法创建WifiService 进程:
if (context.getPackageManager().hasSystemFeature(PackageManager.FEATURE_WIFI_NAN)) { mSystemServiceManager.startService(WIFI_NAN_SERVICE_CLASS);//mSystemServiceManager 进程管理对象在run()方法中创建 } else { Slog.i(TAG, "No Wi-Fi NAN Service (NAN support Not Present)"); } mSystemServiceManager.startService(WIFI_P2P_SERVICE_CLASS); mSystemServiceManager.startService(WIFI_SERVICE_CLASS); mSystemServiceManager.startService( "com.android.server.wifi.scanner.WifiScanningService"); if (!disableRtt) { mSystemServiceManager.startService("com.android.server.wifi.RttService"); }
对SystemService的研究可参考《深入理解Android:卷II》第3章
WifiService 继承SystemService,包名com.android.service.wifi,其构造函数初始化一个WifiServiceImpl 对象:
public final class WifiService extends SystemService { private static final String TAG = "WifiService"; final WifiServiceImpl mImpl; public WifiService(Context context) { super(context); mImpl = new WifiServiceImpl(context); } }
在此,先介绍两个知识点,分别是HSM(Hierarchical State Machine,结构化状态机)和AsyncChannel。
HSM 和AsyncChannel 介绍
HSM(对应的类是StateMachine) 和AsyncChannel 是Android Framework 中两个重要的类。
HSM 中的状态层级关系与Java中父子类的派生和继承关系类似,即在父状态中实现generic 的功能,而在子状态中实现一些特定的处理;不过与Java 中类派生不同的是,HSM 中父子状态对应的是毫无派生关系的两个类,使用时需要创建两个对象。
AsyncChannel 用于两个Handler 之间的通信,具体的通信方式为源Handler 通过sendMessage 向目标Handler 发送消息,而目标Handler 通过replyToMessage 回复源Handler 处理结果;这两个Handler 可位于同一个进程,也可分属于两个不同的进程。
1、HSM 的使用
addState():添加一个状态。同时还可指定父状态
transitionTo():将状态机切换到某个状态
obtainMessage():HSM内部是围绕一个Handler来工作的,外界只能调用HSM的obtainMessage()以获取一个Message
sendMessage():发送消息给HSM。HSM 中的Handler 会处理它
deferMessage():保留某个消息,该消息将留待下一个新状态中去处理
start():启动状态机
quit()、quitNow():停止状态机
HSM 中状态和状态直接的层级关系体现在:
1) SM启动后,初始状态的EA将按派生顺序执行,即其祖先状态先执行,子状态后执行
2) 当State发送切换时,旧State的exit 先执行,新State 的enter 后执行,并且新旧State 派生树上对应的State 也需要执行exit 或 enter 函数。类似C++ 类构造/析构函数执行顺序
3) State 处理Message 时,如子状态不能处理(返回NOT_HANDLED),则交给父状态去处理
2、AsyncChannel 的使用
1) 简单的request/response 模式下,Server 端无须维护Client 的信息,它只要处理来自Client 的请求即可。
Client 调用connectSync(同步连接)或connect(异步连接,连接成功后Client 会收到CMD_CHANNEL_HALF_CONNECTED 消息)即可连接到Server。
2) 与request/response 模式相反,即Server 端维护Client 的信息。
Server 可以向Client 发送自己的状态或者其他一些有意义的信息。wpa_cli 和wpa_supplicant 就是此模式的应用,wpa_cli 可以发送命令给WPAS 去执行;同时,WPAS 也会将自己的状态及其他一些信息通知给 wpa_cli。
以异步方式为例介绍第2种应用模式中AsyncChannel 的使用步骤:
1) Client 调用AsyncChannel 的connect() 函数,Client 的Handler 会收到一个名为CMD_CHANNEL_HALF_CONNECTED 消息;
2) Client 在处理CMD_CHANNEL_HALF_CONNECTED 消息时,需通过sendMessage() 函数向Server 端发送一个名为 CMD_CHANNEL_FULL_CONNECTION 的消息;
3) Server 端的Handler 将收到此CMD_CHANNEL_FULL_CONNECTION 消息,成功处理它后,Server 端先调用AsyncChannel 的connected() 函数,然后通过sendMessage() 函数向Client 端发送CMD_CHANNEL_FULLY_CONNECTED 消息;
4) Client 端收到CMD_CHANNEL_FULLY_CONNECTED 消息。至此,Client 和Server 端成功建立连接。
5) Clinet 和Server 端的两个Handler 可借助sendMessage() 和replyToMessage() 来完成请求消息及回复消息的传递。注意,只有针对那些需要回复的情况,Server 端才需调用replyToMessage()。
6) Client 和Server 的任意一端都可以调用disconnect() 函数以结束连接。该函数将导致Client 和Server 端都会收到CMD_CHANNEL_DISCONNECTED 消息。
注此部分流程描述来自AsyncChannel.java 文件中的注释,但实际第3步,AsyncChannel 一般由客户端创建,Server无法获取到。接下来通过代码展示正确的做法。
WifiManager 类的getChannel() 函数会创建一个AsyncChannel 以和WifiService 中的ServiceHandler 建立连接关系,并返回AsyncChannel 对象:
private synchronized AsyncChannel getChannel() { if (mAsyncChannel == null) { Messenger messenger = getWifiServiceMessenger(); //是Server 端的Handler 在Client 端的代表 if (messenger == null) { throw new IllegalStateException( "getWifiServiceMessenger() returned null! This is invalid."); } mAsyncChannel = new AsyncChannel(); //AsyncChannel 一般在Client 端创建 mConnected = new CountDownLatch(1); //ServiceHandler 是WifiManager 定义的内部类Handler Handler handler = new ServiceHandler(mLooper); //Client 端的Handler mAsyncChannel.connect(mContext, handler, messenger); //mContext 是Client 端的Context 对象 try { mConnected.await(); } catch (InterruptedException e) { Log.e(TAG, "interrupted wait at init"); } } return mAsyncChannel; }
getWifiServiceMessager() 函数,获取WifiService 端的Handler 引用,用于Client 与WifiService 建立AsyncChannel 通信:
public Messenger getWifiServiceMessenger() { try { return mService.getWifiServiceMessenger(); //返回的Messenger 对象包含WifiService 的Handler } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } }
mService 是IWifiManager 类对象,其实质是一个AIDL 接口,WifiServiceImpl 类继承自IWifiManager.Stub,所以getWifiServiceMessenger() 函数的实现在WifiServiceImpl.java 中:
/** * Get a reference to handler. This is used by a client to establish * an AsyncChannel communication with WifiService */ public Messenger getWifiServiceMessenger() { enforceAccessPermission(); //权限检查 enforceChangePermission(); return new Messenger(mClientHandler); //通过Messenger 封装了目标Handler }
connect() 函数将触发Client 端Handler(即ServiceHandler) 收到一个CMD_CHANNEL_HALF_CONNECTED 消息,由WifiManager 的ServiceHandler 处理:
private void dispatchMessageToListeners(Message message) { Object listener = removeListener(message.arg2); switch (message.what) { case AsyncChannel.CMD_CHANNEL_HALF_CONNECTED: if (message.arg1 == AsyncChannel.STATUS_SUCCESSFUL) { //半连接成功 mAsyncChannel.sendMessage(AsyncChannel.CMD_CHANNEL_FULL_CONNECTION); //向Server 端发送CMD_CHANNEL_FULL_CONNECTION } else { Log.e(TAG, "Failed to set up channel connection"); // This will cause all further async API calls on the WifiManager // to fail and throw an exception mAsyncChannel = null; } mConnected.countDown(); break;
case AsyncChannel.CMD_CHANNEL_FULLY_CONNECTED: //连接成功 // Ignore break; case AsyncChannel.CMD_CHANNEL_DISCONNECTED: //连接关闭 Log.e(TAG, "Channel connection lost"); // This will cause all further async API calls on the WifiManager // to fail and throw an exception mAsyncChannel = null; getLooper().quit(); //连接关闭,退出线程 break;
WifiServiceImpl.java 中定义ClientHandler,处理Client 端发送过来的消息:
/** * Handles client connections 处理Client 连接 */ private class ClientHandler extends Handler { @Override public void handleMessage(Message msg) { switch (msg.what) { case AsyncChannel.CMD_CHANNEL_HALF_CONNECTED: {
//处理因ac.connect调用而收到的CMD_CHANNEL_HALF_CONNECTED消息
//该消息携带了一个AsyncChannel 对象,即ac if (msg.arg1 == AsyncChannel.STATUS_SUCCESSFUL) { if (DBG) Slog.d(TAG, "New client listening to asynchronous messages"); // We track the clients by the Messenger // since it is expected to be always available mTrafficPoller.addClient(msg.replyTo); //WifiTrafficPoller 类
} break; } case AsyncChannel.CMD_CHANNEL_DISCONNECTED: { if (msg.arg1 == AsyncChannel.STATUS_SEND_UNSUCCESSFUL) { if (DBG) Slog.d(TAG, "Send failed, client connection lost"); } else { if (DBG) Slog.d(TAG, "Client connection lost with reason: " + msg.arg1); } mTrafficPoller.removeClient(msg.replyTo); break; } case AsyncChannel.CMD_CHANNEL_FULL_CONNECTION: { //Server 端先收到此消息 AsyncChannel ac = new AsyncChannel(); //新建一个AsyncChannel对象,调用它的connect()函数 ac.connect(mContext, this, msg.replyTo); //msg.replyTo 代表Client 端的Handler,即WifiManager 中ServiceHandler
//connect()函数将触发CMD_CHANNEL_HALF_CONNECTED消息被发送,而且该消息会携带对应的AsyncChannel 对象,即此次的ac break; }
WifiTrafficPoller 类的addClient() 方法:
void addClient(Messenger client) { Message.obtain(mTrafficHandler, ADD_CLIENT, client).sendToTarget(); }
ADD_CLIENT 消息由该类的内部类TrafficHandler 处理:
case ADD_CLIENT: mClients.add((Messenger) msg.obj); //保存上面的AsyncChannel 对象,用于向Client发送消息
break;
由于Server 端无法得到Client 端的AsyncChannel 对象,所以就新创建了一个AsyncChannel,并connect 到Client 端。
WifiService 构造函数分析
在上文看到WifiService 的构造函数主要创建一个WifiServiceImpl 对象,所以重点查看WifiServiceImpl 的构造函数:
public WifiServiceImpl(Context context) { HandlerThread wifiThread = new HandlerThread("WifiService"); wifiThread.start(); HandlerThread wifiStateMachineThread = new HandlerThread("WifiStateMachine"); wifiStateMachineThread.start(); mWifiStateMachine = new WifiStateMachine(mContext, mFacade, wifiStateMachineThread.getLooper(), mUserManager, mWifiInjector, new BackupManagerProxy(), mCountryCode); //创建一个WifiStateMachine对象 mWifiStateMachine.enableRssiPolling(true); //RSSI(信号接收强度)轮询机制
//WPAS支持的RSSI信息包括:接收信号强度、连接速度(link speed)、噪声强度(noise)和频率 mClientHandler = new ClientHandler(wifiThread.getLooper()); //用于AsyncChannel,其交互对象来自WifiManager mWifiStateMachineHandler = new WifiStateMachineHandler(wifiThread.getLooper()); //用于AsyncChannel,其交互对象来自WifiStateMachine }
接下来重点分析WifiStateMachine 类。
WifiStateMachine 构造函数分析之一
WifiStateMachine 类继承自StateMachine,其构造函数:
public WifiStateMachine(Context context, FrameworkFacade facade, Looper looper, UserManager userManager, WifiInjector wifiInjector, BackupManagerProxy backupManagerProxy, WifiCountryCode countryCode) { super("WifiStateMachine", looper); //WifiNative 用于和wpa_supplicant 交互 mWifiNative = WifiNative.getWlanNativeInterface(); //创建一个NetworkInfo,实际上代表一个网络设备的状态信息 mNetworkInfo = new NetworkInfo(ConnectivityManager.TYPE_WIFI, 0, NETWORKTYPE, ""); //和BatteryStateService 交互,BSS 注册的服务名叫“batteryinfo” mBatteryStats = IBatteryStats.Stub.asInterface(mFacade.getService( BatteryStats.SERVICE_NAME)); //创建和NetworkManagmentService 交互的Binder 客户端 IBinder b = mFacade.getService(Context.NETWORKMANAGEMENT_SERVICE); mNwService = INetworkManagementService.Stub.asInterface(b); //判断系统是否支持Wifi Display功能(WFD) mP2pSupported = mContext.getPackageManager().hasSystemFeature( PackageManager.FEATURE_WIFI_DIRECT); //内部将创建一个线程,并借助WifiNative 去接收处理来自WPAS的信息 mWifiMonitor = WifiMonitor.getInstance(); //WifiInfo 用于存储手机当前连接上的无线网络信息,包括IP地址、ssid 等内容 mWifiInfo = new WifiInfo(); //SupplicantStateTracker 用于跟踪WPAS 的状态,它是一个StateMachine mSupplicantStateTracker = mFacade.makeSupplicantStateTracker( context, mWifiConfigManager, getHandler()); //LinkProperties 用于描述网络连接(network link)的一些属性,如IP地址、DNS地址和路由设置 mLinkProperties = new LinkProperties(); }
将重点介绍WifiNative、WifiMonitor 以及SupplicantStateTracker
1) WifiNative 用于和WPAS 通信,其内部定义了较多的native 方法(对应的JNI 模块是com_android_server_wifi_WifiNative.cpp),本文将介绍最重要的两个方法:
第一个方法是startSupplicant(),用于启动WPAS。startSupplicant() 方法:
private native static boolean startSupplicantNative(boolean p2pSupported); public boolean startSupplicant(boolean p2pSupported) { synchronized (sLock) { return startSupplicantNative(p2pSupported); } }
其JNI 模块中的定义:
/frameworks/opt/net/wifi/service/jni/com_android_server_wifi_WifiNative.cpp
static jboolean android_net_wifi_startSupplicant(JNIEnv* env, jclass, jboolean p2pSupported) { return (::wifi_start_supplicant(p2pSupported) == 0); }
底层wifi_start_supplicant() native方法的定义:
/hardware/libhardware_legacy/wifi/wifi.c
int wifi_start_supplicant(int p2p_supported) { char supp_status[PROPERTY_VALUE_MAX] = {\'\\0\'}; int count = 200; /* wait at most 20 seconds for completion */ //和 P2P有关 if (p2p_supported) { strcpy(supplicant_name, P2P_SUPPLICANT_NAME); strcpy(supplicant_prop_name, P2P_PROP_NAME);//"init.svc.p2p_supplicant"赋值 /* Ensure p2p config file is created */ if (ensure_config_file_exists(P2P_CONFIG_FILE) < 0) { ALOGE("Failed to create a p2p config file"); return -1; } } else { strcpy(supplicant_name, SUPPLICANT_NAME); strcpy(supplicant_prop_name, SUPP_PROP_NAME);//"init.svc.wpa_suppplicant"赋值 } /* Check whether already running */ if (property_get(supplicant_prop_name, supp_status, NULL) && strcmp(supp_status, "running") == 0) { return 0; //如果WPAS已经启动,则直接返回 } //配置文件对应“/data/misc/wifi/wpa_supplicant.conf” /* Before starting the daemon, make sure its config file exists */ if (ensure_config_file_exists(SUPP_CONFIG_FILE) < 0) { ALOGE("Wi-Fi will not be enabled"); return -1; } //entropy 文件,用于增加随机数生成的随机性 if (ensure_entropy_file_exists() < 0) { ALOGE("Wi-Fi entropy file was not created"); } /* Clear out any stale socket files that might be left over. */ wpa_ctrl_cleanup(); //关闭之前创建的wpa_ctrl 对象 /* * Get a reference to the status property, so we can distinguish * the case where it goes stopped => running => stopped (i.e., * it start up, but fails right away) from the case in which * it starts in the stopped state and never manages to start * running at all. */ pi = __system_property_find(supplicant_prop_name); if (pi != NULL) { serial = __system_property_serial(pi); } property_get("wifi.interface", primary_iface, WIFI_TEST_INTERFACE); //通过设置"ctl_start”属性来启动wpa_supplicant 服务,该属性将触发init fork 一个子进程用于运行wpa_supplicant。同时,init 还会添加一个新的属性“init.svc.wpa_supplicant”用于跟踪wpa_supplicant 的状态 property_set("ctl.start", supplicant_name); sched_yield(); //此循环用于查询supplicant_prop_name 的属性值,如果其值变为“running”,表示wpa_supplicant 成功运行 while (count-- > 0) { //最多等待20s if (pi == NULL) { pi = __system_property_find(supplicant_prop_name); } if (pi != NULL) { /* * property serial updated means that init process is scheduled * after we sched_yield, further property status checking is based on this */ if (__system_property_serial(pi) != serial) { __system_property_read(pi, NULL, supp_status); if (strcmp(supp_status, "running") == 0) { return 0; } else if (strcmp(supp_status, "stopped") == 0) { return -1; //如果WPAS 停止运行,则直接返回 -1 } } } usleep(100000); } return -1; }
第二个方法是connectToSupplicant(),它将通过WPAS 控制API 和 WPAS 建立交互关系:
private native static boolean connectToSupplicantNative(); public boolean connectToSupplicant() { synchronized (sLock) { localLog(mInterfacePrefix + "connectToSupplicant"); return connectToSupplicantNative(); } }
其对应JNI 模块方法:
static jboolean android_net_wifi_connectToSupplicant(JNIEnv* env, jclass) { return (::wifi_connect_to_supplicant() == 0); }
其native 方法:
/* Establishes the control and monitor socket connections on the interface */ int wifi_connect_to_supplicant() { static char path[PATH_MAX]; //IFACE_DIR="/data/system/wpa_supplicant" if (access(IFACE_DIR, F_OK) == 0) { snprintf(path, sizeof(path), "%s/%s", IFACE_DIR, primary_iface);//primary_iface 为0表示STA,为1表示P2P } else { snprintf(path, sizeof(path), "@android:wpa_%s", primary_iface); } return wifi_connect_on_socket_path(path); }
查看wifi_connect_on_socket_path() :
int wifi_connect_on_socket_path(const char *path) { char supp_status[PROPERTY_VALUE_MAX] = {\'\\0\'}; //判断wpa_supplicant 进程是否已经启动 /* Make sure supplicant is running */ if (!property_get(supplicant_prop_name, supp_status, NULL) || strcmp(supp_status, "running") != 0) { ALOGE("Supplicant not running, cannot connect"); return -1; } //创建第一个wpa_ctrl 对象,用于发送命令 ctrl_conn = wpa_ctrl_open(path); .......... //创建第二个wpa_ctrl 对象,用于接收unsolicited event monitor_conn = wpa_ctrl_open(path); .......... //必须调用wpa_ctrl_attach 函数以启用unsolicited event 接收功能 if (wpa_ctrl_attach(monitor_conn) != 0) { ......... } //创建一个socketpair,用于触发wifiNative 关闭和WPAS 的连接 if (socketpair(AF_UNIX, SOCK_STREAM, 0, exit_sockets) == -1) { wpa_ctrl_close(monitor_conn); wpa_ctrl_close(ctrl_conn); ctrl_conn = monitor_conn = NULL; return -1; } return 0; }
由于支持两个并发设备,所以每个并发设置各有两个wpa_ctrl 对象。
ctrl_conn[PRIMARY]、monitor_conn[PRIMARY]:用于STA 设备;
ctrl_conn 用于向WPAS 发送命令并接收对应命令的回复,而monitor_conn 用于接收来自WPAS 的unsolicited event。
ctrl_conn[SECONDARY]、monitor_conn[SECONDARY]:用于P2P 设备;
另外,exit_sockets 保存了socketpair 创建的socket 句柄,这些句柄用于WifiService 通知WifiNative 去关闭它和WPAS 的连接。
wifi_send_command() 使用ctrl_conn 中的wpa_ctrl 对象向WPAS 发送命令并接收回复:
int wifi_send_command(const char *cmd, char *reply, size_t *reply_len) { int ret; ret = wpa_ctrl_request(ctrl_conn, cmd, strlen(cmd), reply, reply_len, NULL); if (ret == -2) { ......... } else if (ret < 0 || strncmp(reply, "FAIL", 4) == 0) { return -1; } if (strncmp(cmd, "PING", 4) == 0) { reply[*reply_len] = \'\\0\'; } return 0; }
wifi_ctrl_recv() 使用monitor_conn 中的wpa_ctrl 对象接收来自WPAS 的消息:
int wifi_ctrl_recv(char *reply, size_t *reply_len) { int res; int ctrlfd = wpa_ctrl_get_fd(monitor_conn); struct pollfd rfds[2]; memset(rfds, 0, 2 * sizeof(struct pollfd)); rfds[0].fd = ctrlfd; rfds[0].events |= POLLIN; rfds[1].fd = exit_sockets[1]; rfds[1].events |= POLLIN; do { res = TEMP_FAILURE_RETRY(poll(rfds, 2, 30000)); if (res < 0) { ALOGE("Error poll = %d", res); return res; } else if (res == 0) { /* timed out, check if supplicant is active * or not .. */ res = wifi_supplicant_connection_active(); if (res < 0) return -2; } } while (res == 0); if (rfds[0].revents & POLLIN) { return wpa_ctrl_recv(monitor_conn, reply, reply_len); } /* it is not rfds[0], then it must be rfts[1] (i.e. the exit socket) * or we timed out. In either case, this call has failed .. */ return -2; }
2) WifiMonitor 最重要的内容是其内部的WifiMonitor 线程,该线程专门用于接收来自WPAS 的消息
private class MonitorThread extends Thread { ........ public void run() { //noinspection InfiniteLoopStatement for (;;) { if (!mConnected) { //判断与WPAS 是否连接成功 if (DBG) Log.d(TAG, "MonitorThread exit because mConnected is false"); break; } //waitForEvent() 内部调用WifiNative 的waitForEventNative() String eventStr = mWifiNative.waitForEvent(); // Skip logging the common but mostly uninteresting events if (!eventStr.contains(BSS_ADDED_STR) && !eventStr.contains(BSS_REMOVED_STR)) { if (DBG) Log.d(TAG, "Event [" + eventStr + "]"); mLocalLog.log("Event [" + eventStr + "]"); } //解析WPAS 消息 if (dispatchEvent(eventStr)) { if (DBG) Log.d(TAG, "Disconnecting from the supplicant, no more events"); break; } } } }
dispatchEvent() 方法解析以及处理WPAS 的状态,重点分析其中的方法:
handleSupplicantStateChange() 用于处理WPAS 的状态变化,它把这些信息交给WifiStateMachine 去处理;而WifiStateMachine 将根据处理情况是否需要由SupplicantStateTracker 来处理。
handleDirverEvent() 用于处理来自Driver 的信息。
handleEvent() 用于处理其他消息事件,此函数定义如下:
WPAS 的状态指的是wpa_sm 状态机中的状态,包括WPA_DISCONNECTED、WPA_SCANNING等;WifiService 定义了SupplicantState 类来描述WPAS 的状态,包括DISCONNECTED、SCANNING等。
private void handleEvent(int event, String remainder, String iface) { switch (event) { case DISCONNECTED: handleNetworkStateChange(NetworkInfo.DetailedState.DISCONNECTED, remainder, iface); break; case CONNECTED: //该事件表示WPAS 成功加入一个无线网络 handleNetworkStateChange(NetworkInfo.DetailedState.CONNECTED, remainder, iface); break; case SCAN_RESULTS: //表示WPAS 已经完成扫描,客户端可以来查询扫描结果 sendMessage(iface, SCAN_RESULTS_EVENT); //处理扫描结果消息 break; case UNKNOWN: ........... default: break; } }
3) SupplicantStateTracker 用于跟踪和处理WPAS 的状态变化。
在WifiService 中,WPAS 的状态有SupplicantState 来表示,而管理状态模块就是SupplicantStateTracker。
SupplicantStateTracker 继承StateMachine,还定义了8个状态对象,其构造方法:
public SupplicantStateTracker(Context c, WifiConfigManager wcs, Handler t) { super(TAG, t.getLooper()); mContext = c; mWifiConfigManager = wcs; mBatteryStats = (IBatteryStats)ServiceManager.getService(BatteryStats.SERVICE_NAME); addState(mDefaultState); addState(mUninitializedState, mDefaultState); addState(mInactiveState, mDefaultState); addState(mDisconnectState, mDefaultState); addState(mScanState, mDefaultState); addState(mHandshakeState, mDefaultState); addState(mCompletedState, mDefaultState); addState(mDormantState, mDefaultState); setInitialState(mUninitializedState);//设置初始状态 //start the state machine start(); //启动状态机 }
SupplicantState 中的AUTHENTICATING、ASSOCIATING、ASSOCIATED、FOUR_WAY_HANDSHAKE 和GROUP_HANDSHAKE 均对应此处的mHandshakeState;
SupplicantState 中的UNINITIALZED 和NVALID 对应此处的mUninitializedState;
WifiStateMachine 构造函数分析之二
// CHECKSTYLE:OFF IndentationCheck addState(mDefaultState); //wifi 状态很多 addState(mInitialState, mDefaultState); ......... addState(mSupplicantStoppingState, mDefaultState); addState(mSoftApState, mDefaultState); // CHECKSTYLE:ON IndentationCheck setInitialState(mInitialState); //设置初始化状态
WifiStateMachine 的初始状态是mInitialState,其类型是InitialState。对HSN的介绍,其enter() 方法将被调用(由于InitialState 的父状态DefaultState 并未实现enter() 方法,故此处略去)。
以上是关于Android WIFI 分析的主要内容,如果未能解决你的问题,请参考以下文章
Android 逆向整体加固脱壳 ( DEX 优化流程分析 | DexPrepare.cpp 中 dvmOptimizeDexFile() 方法分析 | /bin/dexopt 源码分析 )(代码片段
Android 事件分发事件分发源码分析 ( Activity 中各层级的事件传递 | Activity -> PhoneWindow -> DecorView -> ViewGroup )(代码片段