android4.3 Bluetooth(le)分析之startLeScan分析

Posted brave-sailor

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了android4.3 Bluetooth(le)分析之startLeScan分析相关的知识,希望对你有一定的参考价值。

BluetoothAdapter.java中有low enery(le)的一些方法,android提供了这些方法,但源码中并未找到这些方法的调用之处。本文档主要分析这类方法的执行流程,来了解下le到底做了些什么。

 

本文主要就是分析下startLeScan方法(两个重载方法)。

    public boolean startLeScan(LeScanCallback callback) {
        return startLeScan(null, callback);
    }

    public boolean startLeScan(UUID[] serviceUuids, LeScanCallback callback) { 
        if (DBG) Log.d(TAG, "startLeScan(): " + serviceUuids);                                                                                                           


        synchronized(mLeScanClients) {     
            if (mLeScanClients.containsKey(callback)) { 
                if (DBG) Log.e(TAG, "LE Scan has already started");                                                                                                      
                return false;
            }

            try {
                //获取BluetoothGattBinder类的实例,该类的定义在GattService.java中
                IBluetoothGatt iGatt = mManagerService.getBluetoothGatt();                                                                                               
                if (iGatt == null) {               
                    // BLE is not supported        
                    return false;              
                }

                UUID uuid = UUID.randomUUID(); 
                GattCallbackWrapper wrapper = new GattCallbackWrapper(this, callback, serviceUuids);                                                     
                //重点分析该方法。作用是为本地设备进行注册,以及启动扫描
                //wrapper是GattCallbackWrapper类的对象。该类注册了一些Gatt协议的回调方法
                iGatt.registerClient(new ParcelUuid(uuid), wrapper); 
                if (wrapper.scanStarted()) {       
                    mLeScanClients.put(callback, wrapper);
                    return true;               
                }
            } catch (RemoteException e) {      
                Log.e(TAG,"",e);           
            }
        }
        return false;
    }

下面来分析下iGatt.registerClient(new ParcelUuid(uuid), wrapper)方法,路径如下:(packages/apps/Bluetooth/src/com/android/bluetooth/gatt/GattService.java::BluetoothGattBinder)

        public void registerClient(ParcelUuid uuid, IBluetoothGattCallback callback) {
            GattService service = getService();
            if (service == null) return;   
            service.registerClient(uuid.getUuid(), callback);
        }

接着会调用GattService服务的同名方法

    void registerClient(UUID uuid, IBluetoothGattCallback callback) {
        enforceCallingOrSelfPermission(BLUETOOTH_PERM, "Need BLUETOOTH permission");

        if (DBG) Log.d(TAG, "registerClient() - UUID=" + uuid);
        mClientMap.add(uuid, callback);
        gattClientRegisterAppNative(uuid.getLeastSignificantBits(),
                                    uuid.getMostSignificantBits());
    }

接下来会调用jni层com_android_bluetooth_gatt.cpp文件中的gattClientRegisterAppNative方法。

static void gattClientRegisterAppNative(JNIEnv* env, jobject object,
                                        jlong app_uuid_lsb, jlong app_uuid_msb )
{
    bt_uuid_t uuid;

    if (!sGattIf) return;
    set_uuid(uuid.uu, app_uuid_msb, app_uuid_lsb);
    sGattIf->client->register_client(&uuid);
}

分析sGattIf->client->register_client(&uuid);语句

(1)sGattIf是一个静态变量,定义是static const btgatt_interface_t *sGattIf = NULL;

 

又是这种类型的变量。第一反应就是去找btgatt_interface_t结构体定义的头文件(一般在hardware目录),然后再搜索调用的c文件(一般在external/bluetooth/bluedroid,有时找到的c文件与头文件同名)。

btgatt_interface_t结构体的定义:hardware/libhardware/include/hardware/bt_gatt.h

/** Represents the standard Bluetooth GATT interface. */
typedef struct {
    /** Set to sizeof(btgatt_interface_t) */
    size_t          size;

    /**
     * Initializes the interface and provides callback routines
     */
    bt_status_t (*init)( const btgatt_callbacks_t* callbacks );

    /** Closes the interface */    
    void (*cleanup)( void );

    /** Pointer to the GATT client interface methods.*/
    const btgatt_client_interface_t* client;

    /** Pointer to the GATT server interface methods.*/
    const btgatt_server_interface_t* server;
} btgatt_interface_t;

btgatt_interface_t结构体的对象:external/bluetooth/bluedroi/btif/src/btif_gatt.c

static const btgatt_interface_t btgattInterface = {
    sizeof(btgattInterface),

    btif_gatt_init,
    btif_gatt_cleanup,

    &btgattClientInterface,
    &btgattServerInterface,   
};

回到sGattIf->client->register_client(&uuid);语句,它调用了sGattIf结构体对象中的client对象的register_client函数,那么就是btgattClientInterface对象的register_client函数。

 

由结构体的定义可知client对象的类型是btgatt_client_interface_t结构体。同理分析可得以下结果,

btgatt_client_interface_t结构体的定义:hardware/libhardware/include/hardware/ bt_gatt_client.h

typedef struct {
    /** Registers a GATT client application with the stack */
    bt_status_t (*register_client)( bt_uuid_t *uuid );

    /** Unregister a client application from the stack */
  bt_status_t (*unregister_client)(int client_if );
  ......
}

btgatt_client_interface_t结构体的对象:external/bluetooth/bluedroi/btif/src/btif_gatt_client.c

const btgatt_client_interface_t btgattClientInterface = {
    btif_gattc_register_app,
    btif_gattc_unregister_app,
    btif_gattc_scan,
  ......
};

因此client->register_client就是调用了btif_gattc_register_app方法[-->btif_gatt_client.c]。

static bt_status_t btif_gattc_register_app(bt_uuid_t *uuid)
{
    CHECK_BTGATT_INIT();
    btif_gattc_cb_t btif_cb;
    memcpy(&btif_cb.uuid, uuid, sizeof(bt_uuid_t));
    return btif_transfer_context(btgattc_handle_event, BTIF_GATTC_REGISTER_APP,
                                 (char*) &btif_cb, sizeof(btif_gattc_cb_t), NULL);
}

分析btgattc_handle_event函数

static void btgattc_handle_event(uint16_t event, char* p_param)
{
    ......
    btif_gattc_cb_t* p_cb = (btif_gattc_cb_t*)p_param;
    if (!p_cb) return;

    switch (event)
    {
        case BTIF_GATTC_REGISTER_APP:
            btif_to_bta_uuid(&uuid, &p_cb->uuid);
            //为uuid注册回调函数
            BTA_GATTC_AppRegister(&uuid, bte_gattc_cback);
            break;
        .......
    }
}

分析BTA_GATTC_AppRegister函数

-------------------------------------------------------------------------------------------------------

void BTA_GATTC_AppRegister(tBT_UUID *p_app_uuid, tBTA_GATTC_CBACK *p_client_cb)                                                                                          
{
    tBTA_GATTC_API_REG  *p_buf;                                                                                                                                          

    /* register with BTA system manager */
  GKI_sched_lock();
  //注册Gatt客户端主事件处理函数bta_gattc_hdl_event,在bta_gatt_reg结构体中定义。
    bta_sys_register(BTA_ID_GATTC, &bta_gatt_reg);
    GKI_sched_unlock();

    if ((p_buf = (tBTA_GATTC_API_REG *) GKI_getbuf(sizeof(tBTA_GATTC_API_REG))) != NULL)                                                                                 
    {
        p_buf->hdr.event    = BTA_GATTC_API_REG_EVT;
        if (p_app_uuid != NULL)            
            memcpy(&p_buf->app_uuid, p_app_uuid, sizeof(tBT_UUID));
        p_buf->p_cback      = p_client_cb;                                                                                                                               

        bta_sys_sendmsg(p_buf);    
    }
    return;
}

(a)通过bta_sys_register函数注册了bta_gatt_reg结构体中定义的客户端主事件处理函数bta_gattc_hdl_event;然后设置event为BTA_GATTC_API_REG_EV,触发bta_gattc_hdl_event函数。

BOOLEAN bta_gattc_hdl_event(BT_HDR *p_msg)
{
    tBTA_GATTC_CB *p_cb = &bta_gattc_cb;
    tBTA_GATTC_CLCB *p_clcb = NULL;

#if BTA_GATT_DEBUG == TRUE
    APPL_TRACE_DEBUG1("bta_gattc_hdl_event: Event [%s]", gattc_evt_code(p_msg->event));                                                                                  
#endif
    switch (p_msg->event)
    {
        case BTA_GATTC_API_REG_EVT:        
            bta_gattc_register(p_cb, (tBTA_GATTC_DATA *) p_msg);
            break;
        ......
  }
}

(b)调用bta_gattc_register函数。该函数用来注册一个客户端Gatt应用程序。

void bta_gattc_register(tBTA_GATTC_CB *p_cb, tBTA_GATTC_DATA *p_data)
{
    ......
    /* callback with register event */
    if (p_data->api_reg.p_cback)
    {
        (*p_data->api_reg.p_cback)(BTA_GATTC_REG_EVT,  (tBTA_GATTC *)&cb_data);
    }
}

调用相关event(BTA_GATTC_REG_EVT)的回调函数。

到此,BTA_GATTC_AppRegister函数分析完毕,接下来分析BTA_GATTC_AppRegister(&uuid, bte_gattc_cback);中的参数部分。

ps:上述的回调函数就是这里的参数:bte_gattc_cback函数。那么BTA_GATTC_REG_EVT事件就调用该函数处理了。

-------------------------------------------------------------------------------------------------------

 

分析回调函数bte_gattc_cback

static void bte_gattc_cback(tBTA_GATTC_EVT event, tBTA_GATTC *p_data)
{
    bt_status_t status = btif_transfer_context(btif_gattc_upstreams_evt,
                    (uint16_t) event, (void*)p_data, sizeof(tBTA_GATTC), NULL);
    ASSERTC(status == BT_STATUS_SUCCESS, "Context transfer failed!", status);
}

分析btif_gattc_upstreams_evt函数,在该函数中会处理BTA_GATTC_REG_EVT事件。

static void btif_gattc_upstreams_evt(uint16_t event, char* p_param)
{
    tBTA_GATTC *p_data = (tBTA_GATTC*)p_param;
    switch (event)
    {  
        case BTA_GATTC_REG_EVT:        
        {
            bt_uuid_t app_uuid;            
            bta_to_btif_uuid(&app_uuid, &p_data->reg_oper.app_uuid);
            HAL_CBACK(bt_gatt_callbacks, client->register_client_cb
                , p_data->reg_oper.status      
                , p_data->reg_oper.client_if   
                , &app_uuid
            );
            break;
        }
    ......
  }
}

bt_gatt_callbacks对象的类型是btgatt_callbacks_t,其定义在hardware/libhardware/include/hardware/bt_gatt.h文件中。现在对bt_gatt_callbacks对象从头开始分析其来源。

 

在GattService.java::start()方法中,调用了initializeNative方法。继而调用JNI层initializeNative方法。贴出该方法。

static const btgatt_interface_t *sGattIf = NULL;
static const bt_interface_t* btIf;
......
static void initializeNative(JNIEnv *env, jobject object) {
    /* getBluetoothInterface 函数返回sBluetoothInterface对象,在android4.3 bt 扫描分析.docx中已说明该对象的来源*/
    if ( (btIf = getBluetoothInterface()) == NULL) {
        error("Bluetooth module is not loaded");
        return;
    }  
  ......
  //(a)
  // BT_PROFILE_GATT_ID的值是”gatt”
    if ( (sGattIf = (btgatt_interface_t *)
          btIf->get_profile_interface(BT_PROFILE_GATT_ID)) == NULL) {
        error("Failed to get Bluetooth GATT Interface");
        return;
    } 

  bt_status_t status;
  //(b)
  /* sGattCallbacks的定义
  static const btgatt_callbacks_t sGattCallbacks = {
      sizeof(btgatt_callbacks_t),
      &sGattClientCallbacks,
      &sGattServerCallbacks
  };*/
    if ( (status = sGattIf->init(&sGattCallbacks)) != BT_STATUS_SUCCESS) {
        error("Failed to initialize Bluetooth GATT, status: %d", status);
        sGattIf = NULL;
        return;
    }  

    mCallbacksObj = env->NewGlobalRef(object);
}

(a) 分析

static const void* get_profile_interface (const char *profile_id)
{
    ......
#if BTA_GATT_INCLUDED == TRUE 
    if (is_profile(profile_id, BT_PROFILE_GATT_ID))
        return btif_gatt_get_interface();
#endif
    return NULL;
}

分析btif_gatt_get_interface函数

const btgatt_interface_t *btif_gatt_get_interface()
{
    return &btgattInterface;
}

btgattInterface对象的类型是btgatt_interface_t结构体。再贴一遍该结构体的定义,如下:

typedef struct {
    /** Set to sizeof(btgatt_interface_t) */
    size_t          size;

    /**
     * Initializes the interface and provides callback routines
     */
    bt_status_t (*init)( const btgatt_callbacks_t* callbacks );

    /** Closes the interface */    
    void (*cleanup)( void );

    /** Pointer to the GATT client interface methods.*/
    const btgatt_client_interface_t* client;

    /** Pointer to the GATT server interface methods.*/
    const btgatt_server_interface_t* server;
} btgatt_interface_t;

另,btgattInterface对象定义如下:

static const btgatt_interface_t btgattInterface = {
    sizeof(btgattInterface),

    btif_gatt_init,
    btif_gatt_cleanup,

    &btgattClientInterface,
    &btgattServerInterface,
};

所以sGattIf 就是btgattInterface对象。

 

(b) 接下来调用sGattIf->init函数。由上可知,即为btif_gatt_init函数。

static bt_status_t btif_gatt_init( const btgatt_callbacks_t* callbacks )
{
  /*bt_gatt_callbacks由参数赋值,该参数是sGattCallbacks。
  sGattCallbacks的定义
  static const btgatt_callbacks_t sGattCallbacks = {
      sizeof(btgatt_callbacks_t),
      &sGattClientCallbacks,
      &sGattServerCallbacks
  };*/
    bt_gatt_callbacks = callbacks;

    BTA_GATTC_Init();
    BTA_GATTS_Init();

    return BT_STATUS_SUCCESS;
}

到此为止,调用语句中bt_gatt_callbacks对象我们已经清楚了,就是sGattCallbacks对象。现在分析client->register_client_cb

HAL_CBACK(bt_gatt_callbacks, client->register_client_cb
                , p_data->reg_oper.status      
                , p_data->reg_oper.client_if   
                , &app_uuid
            );

client对象是在btgatt_callbacks_t结构体中定义的一个变量,其初始化是在bt_gatt_callbacks对象(即sGattCallbacks对象)中。

btgatt_callbacks_t结构体如下:

typedef struct {
    /** Set to sizeof(btgatt_callbacks_t) */
    size_t size;

    /** GATT Client callbacks */   
    const btgatt_client_callbacks_t* client;

    /** GATT Server callbacks */   
    const btgatt_server_callbacks_t* server;
} btgatt_callbacks_t;

因此client对应的就是sGattCallbacks对象中的sGattClientCallbacks对象。sGattClientCallbacks对象定义如下(在JNI层的com_android_bluetooth_gatt.cpp文件中定义):

static const btgatt_client_callbacks_t sGattClientCallbacks = {
    btgattc_register_app_cb,
    btgattc_scan_result_cb,
    ......
};

而sGattClientCallbacks对象的类型是btgatt_client_callbacks_t结构体,如下

typedef struct {
    register_client_callback            register_client_cb;            
    scan_result_callback                scan_result_cb;                
    connect_callback                    open_cb;
    disconnect_callback                 close_cb;
    ......        
} btgatt_client_callbacks_t;

因此,client->register_client_cb就是调用了sGattClientCallbacks 对象中的btgattc_register_app_cb函数。

void btgattc_register_app_cb(int status, int clientIf, bt_uuid_t *app_uuid)
{
    CHECK_CALLBACK_ENV
    sCallbackEnv->CallVoidMethod(mCallbacksObj, method_onClientRegistered, status,
        clientIf, UUID_PARAMS(app_uuid));
    checkAndClearExceptionFromCallback(sCallbackEnv, __FUNCTION__);
}

JNI层的method_onClientRegistered 函数对应java层的onClientRegistered方法[-->GattService.java]。

    void onClientRegistered(int status, int clientIf, long uuidLsb, long uuidMsb)
            throws RemoteException {       
        UUID uuid = new UUID(uuidMsb, uuidLsb);
        if (DBG) Log.d(TAG, "onClientRegistered() - UUID=" + uuid + ", clientIf=" + clientIf);
        ClientMap.App app = mClientMap.getByUuid(uuid);
        if (app != null) {
            app.id = clientIf;
            app.linkToDeath(new ClientDeathRecipient(clientIf));
            app.callback.onClientRegistered(status, clientIf);
        }
    }

此callback其实是GattCallbackWrapper类的对象。

分析mClientMap对象,在registerClient方法中调用了ClientMap的父类ContextMap::add方法,将GattCallbackWrapper类对象wrapper作为callback参数添加到mClientMap对象中。

 

接下来重新分析:

onClientRegistered方法[--->BluetoothAdapter::GattCallbackWrapper类]

        public void onClientRegistered(int status, int clientIf) {
            if (DBG) Log.d(TAG, "onClientRegistered() - status=" + status +
                           " clientIf=" + clientIf);
            synchronized(this) {
                if (mLeHandle == -1) {
                    if (DBG) Log.d(TAG, "onClientRegistered LE scan canceled");
                }

                if (status == BluetoothGatt.GATT_SUCCESS) {
                    mLeHandle = clientIf;
                    IBluetoothGatt iGatt = null;
                    try {
                        BluetoothAdapter adapter = mBluetoothAdapter.get();
                        if (adapter != null) {
                            iGatt = adapter.getBluetoothManager().getBluetoothGatt();
                            //调用startLeScan方法时,传递过来的参数为null,执行此处
                            if (mScanFilter == null) {
                                iGatt.startScan(mLeHandle, false);
                            } else {
                                ParcelUuid[] uuids = new ParcelUuid[mScanFilter.length];
                                for(int i = 0; i != uuids.length; ++i) {
                                    uuids[i] = new ParcelUuid(mScanFilter[i]);
                                }
                                iGatt.startScanWithUuids(mLeHandle, false, uuids);
                            }
                        } else {
                            Log.e(TAG, "onClientRegistered, BluetoothAdapter null");
                            mLeHandle = -1;
                        }
                    } catch (RemoteException e) {
                        Log.e(TAG, "fail to start le scan: " + e);
                        mLeHandle = -1;
                    }
            ......
        }

接下来分析startScan方法,在GattService.java中。

    void startScan(int appIf, boolean isServer) {
        ......
        if (getScanClient(appIf, isServer) == null) {
            if (DBG) Log.d(TAG, "startScan() - adding client=" + appIf);
            mScanQueue.add(new ScanClient(appIf, isServer));
        }

        gattClientScanNative(appIf, true);
    }

JNI层gattClientScanNative函数

static void gattClientScanNative(JNIEnv* env, jobject object, jint clientIf, jboolean start)
{
    if (!sGattIf) return;
    sGattIf->client->scan(clientIf, start);
}

同之前分析register_client的步骤,分析的scan函数对应btif_gattc_scan函数。

static bt_status_t btif_gattc_scan( int client_if, bool start )
{
    CHECK_BTGATT_INIT();
    btif_gattc_cb_t btif_cb;
    btif_cb.client_if = (uint8_t) client_if;
    return btif_transfer_context(btgattc_handle_event, start ? BTIF_GATTC_SCAN_START : BTIF_GATTC_SCAN_STOP,
                                 (char*) &btif_cb, sizeof(btif_gattc_cb_t), NULL);
}

在btgattc_handle_event函数中处理BTIF_GATTC_SCAN_START事件

        case BTIF_GATTC_SCAN_START:
            btif_gattc_init_dev_cb();
            // BTA_DmBleObserve发出消息,包含BTA_DM_API_BLE_OBSERVE_EVT事件
            BTA_DmBleObserve(TRUE, 0, bte_scan_results_cb);
            break;

调用bte_scan_results_cb函数,

static void bte_scan_results_cb (tBTA_DM_SEARCH_EVT event, tBTA_DM_SEARCH *p_data)
{
    btif_gattc_cb_t btif_cb;
    uint8_t len;

    switch (event)
    {
        case BTA_DM_INQ_RES_EVT:
            ......

        case BTA_DM_INQ_CMPL_EVT:
            ......
    btif_transfer_context(btif_gattc_upstreams_evt, BTIF_GATT_OBSERVE_EVT,
                                 (char*) &btif_cb, sizeof(btif_gattc_cb_t), NULL);
}

在btif_gattc_upstreams_evt函数中处理BTIF_GATT_OBSERVE_EVT事件。

        case BTIF_GATT_OBSERVE_EVT:
        {
            btif_gattc_cb_t *p_btif_cb = (btif_gattc_cb_t*)p_param;
            if (!btif_gattc_find_bdaddr(p_btif_cb->bd_addr.address))
            {
                btif_gattc_add_remote_bdaddr(p_btif_cb->bd_addr.address, p_btif_cb->addr_type);
                btif_gattc_update_properties(p_btif_cb);
            }
            HAL_CBACK(bt_gatt_callbacks, client->scan_result_cb,
                      &p_btif_cb->bd_addr, p_btif_cb->rssi, p_btif_cb->value);
            break;
        }

同分析register_client_cb函数,在JNI层com_android_bluetooth_gatt.cpp文件中定义,分析得scan_result_cb对应函数btgattc_scan_result_cb。

void btgattc_scan_result_cb(bt_bdaddr_t* bda, int rssi, uint8_t* adv_data)
{
    ......
    sCallbackEnv->CallVoidMethod(mCallbacksObj, method_onScanResult
        , address, rssi, jb);
    ......
}

对应java层文件GattService类onScanResult方法。

    void onScanResult(String address, int rssi, byte[] adv_data) {
        for (ScanClient client : mScanQueue) {
            ......
            if (!client.isServer) {
                ClientMap.App app = mClientMap.getById(client.appIf);
                if (app != null) {
                    try {
                        app.callback.onScanResult(address, rssi, adv_data);
                    } catch (RemoteException e) {
                        Log.e(TAG, "Exception: " + e);
                        mClientMap.remove(client.appIf);
                        mScanQueue.remove(client);
                    }
                }
            }
        ......
        }
  }

callback为GattCallbackWrapper类的对象,因此调用GattCallbackWrapper类中的onScanResult方法。

        public void onScanResult(String address, int rssi, byte[] advData) {
            ......
            try {
                BluetoothAdapter adapter = mBluetoothAdapter.get();
                if (adapter == null) {
                    Log.d(TAG, "onScanResult, BluetoothAdapter null");
                    return;
                }
                mLeScanCb.onLeScan(adapter.getRemoteDevice(address), rssi, advData);
            } catch (Exception ex) {
                Log.w(TAG, "Unhandled exception: " + ex);
            }
        }

mLeScanCb对象为LeScanCallback接口的对象,不过源码中并没有类来实现该接口,故只能分析到这里了。扫描到此结束,over~~ 

 

 

-------------------------------------------------------------------------------------------------------------

贴出流程图,see see,5个步骤:

1.startLeScan(JAVA-->JNI)

-------------------------------------------------------------------------------------------------------------

2.startLeScan(蓝牙栈)

 

-------------------------------------------------------------------------------------------------------------

3.startLeScan(JNI-->JAVA)

 

-------------------------------------------------------------------------------------------------------------

4.startLeScan(蓝牙栈)

-------------------------------------------------------------------------------------------------------------

5.startLeScan(JNI-->JAVA)

 

以上是关于android4.3 Bluetooth(le)分析之startLeScan分析的主要内容,如果未能解决你的问题,请参考以下文章

Android-低功耗蓝牙(BLE)-客户端(主机/中心设备)和服务端(从机/外围设备)

android -------- 蓝牙Bluetooth

android bluetooth LE - 为啥 onReadRemoteRssi 不起作用?

CtsVerifier-Bluetooth-LE-SEcure-ClientServer-Test测试pass但是无法选择PassButton

Android 4.3 LE蓝牙客户端服务器冲突

智能烧水壶(Bluetooth LE版)——硬件设计篇