Simple NDKBinder Demo

一个简单的NDKBinder例子，目的是不直接借助JNI能够实现两个native进程间的Binder跨进程通信。我偷懒把我写的英文README略微修改后粘贴过来，给我的小破站水上一文（bushi

Caution: AServiceManager_getService() isn't stable ABI
Github项目地址

Introduction

This is a simple demo shows one possible way that two processes or more can do binder IPC purely using NDKBinder without the help of JNI.

But how?

The key point is that how native server can publish their service & native client can get it.

After doing some research, I found two possible ways:

1. Do it like the native codes in Android Framework does.

   It's impossible in userspace because those APIs isn't exported to NDK. And we can't dlopen some system libraries like libbinder.so since API Level 24.

2. Using BroadcastReceiver to help exchange binder

   Parcel.writeStrongBinder transfers Binder object into flatten_binder. The kernel driver finds it & creates the reference of binder for the client so that client can talk to the server directly.

   I tried implement bindService() first, but it isn't an easy way to do this.

   And I found the Shizuku implement a command line tool in JAVA with the help of BroadcastReceiver

By the way, NDKBinder from Android 10 (API 29) provide us the code we need to build Parcel & do binder transaction.

However, the NDKBinder Demo here only creates the Parcel in native and Java does the rest.

Luckily, this answer on Stackoverflow shows that we can get the binder to the ActivityManager in native, the possibility to get two processes exchange their binder.

Update:

It's possible to work without the help of NDKBinder, just talk directly to the binder driver, with working parcel format for Android 11 & 12 here.

Todo

1. Figure out how binder really works

2. Figure out the format of the parcel or make the Android Framework's Parcel available under NDK.

   The parcel used by broadcastIntent() works in a weired way.

   For example, it will get broken if I change Intent's mPackage field.