Bekket McClane gave a presentation on moving from the Android NDK to AOSP. The presentation covered the Android NDK introduction and JNI programming. It provided an overview of AOSP including the zygote process and Binder IPC. An example was shown for controlling the vibrator using C/C++ Binder APIs by accessing libraries from AOSP. The steps included building AOSP libraries, creating an Android.mk file, and interacting with the vibrator service via a fake AIDL interface. Questions were invited via the speaker's online accounts.

1. FROM ANDROID NDK
TO AOSP
Bekket McClane @SITCON2015

2. WHO AM I ?

3. WHO AM I ?
⺠民2

4. WHO AM I ?
BEKKET MCCLANE

5. WHO AM I ?
MSHOCKWAVE

6. DEPARTMENT OF COMPUTER SCIENCE
Freshman

7. VLC FOR ANDROID

8. TODAY’S TOPIC
• GRAPHIC RENDERING
• GAME
• SECURITY

9. TODAY’S TOPIC
• GRAPHIC RENDERING
• GAME
• SECURITY

10. TODAY’S TOPIC
• GRAPHIC RENDERING
• GAME
• SECURITY

11. TODAY’S TOPIC
• GRAPHIC RENDERING
• GAME
• SECURITY

12. TODAY’S TOPIC
• GRAPHIC RENDERING
• GAME
• SECURITY
LEARNING

13. • Android NDK Introduction
• AOSP Overview
• From NDK To AOSP
• Example
SYLLABUS

14. ANDROID NDK INTRODUCTION

15. APP
JNI
Native Library ( .so )

17. No More Interpreting!!

18. • Graphic Rendering (Ex. OpenGL)
• Multi Media (Ex. OpenMAX)
• Game

19. JNI PROGRAMMING

20. JNI PROGRAMMING

21. OFFICIAL REFERENCE
http://docs.oracle.com/javase/7/docs/technotes/guides/jni/spec/
functions.html

22. Android.mk

23. 1 LOCAL_PATH := $(call my-dir)
2 include $(CLEAR_VARS)
3 LOCAL_MODULE := foo
4 LOCAL_SRC_FILES := bar.c
5 #LOCAL_CFLAGS += -DDUMMY_FLAG
6 #LOCAL_LDLIBS += -llog
7 include $(BUILD_SHARED_LIBRARY)

24. 1 LOCAL_PATH := $(call my-dir)
2 include $(CLEAR_VARS)
3 LOCAL_MODULE := foo
4 LOCAL_SRC_FILES := bar.c
5 #LOCAL_CFLAGS += -DDUMMY_FLAG
6 #LOCAL_LDLIBS += -llog
7 include $(BUILD_SHARED_LIBRARY)

25. 1 LOCAL_PATH := $(call my-dir)
2 include $(CLEAR_VARS)
3 LOCAL_MODULE := foo
4 LOCAL_SRC_FILES := bar.c
5 #LOCAL_CFLAGS += -DDUMMY_FLAG
6 #LOCAL_LDLIBS += -llog
7 include $(BUILD_SHARED_LIBRARY)
Another makefile

26. 1 LOCAL_PATH := $(call my-dir)
2 include $(CLEAR_VARS)
3 LOCAL_MODULE := foo
4 LOCAL_SRC_FILES := bar.c
5 #LOCAL_CFLAGS += -DDUMMY_FLAG
6 #LOCAL_LDLIBS += -llog
7 include $(BUILD_SHARED_LIBRARY)
Another makefile

27. 1 LOCAL_PATH := $(call my-dir)
2 include $(CLEAR_VARS)
3 LOCAL_MODULE := foo
4 LOCAL_SRC_FILES := bar.c
5 #LOCAL_CFLAGS += -DDUMMY_FLAG
6 #LOCAL_LDLIBS += -llog
7 include $(BUILD_SHARED_LIBRARY)
Another makefile
Compiler Options

28. 1 LOCAL_PATH := $(call my-dir)
2 include $(CLEAR_VARS)
3 LOCAL_MODULE := foo
4 LOCAL_SRC_FILES := bar.c
5 #LOCAL_CFLAGS += -DDUMMY_FLAG
6 #LOCAL_LDLIBS += -llog
7 include $(BUILD_SHARED_LIBRARY)
Another makefile
Compiler Options

29. 1 LOCAL_PATH := $(call my-dir)
2 include $(CLEAR_VARS)
3 LOCAL_MODULE := foo
4 LOCAL_SRC_FILES := bar.c
5 #LOCAL_CFLAGS += -DDUMMY_FLAG
6 #LOCAL_LDLIBS += -llog
7 include $(BUILD_SHARED_LIBRARY)
Another makefile
Compiler Options
The real “builder” makefile

30. 1 LOCAL_PATH := $(call my-dir)
2 include $(CLEAR_VARS)
3 LOCAL_MODULE := foo
4 LOCAL_SRC_FILES := bar.c
5 #LOCAL_CFLAGS += -DDUMMY_FLAG
6 #LOCAL_LDLIBS += -llog
7 include $(BUILD_SHARED_LIBRARY)
libfoo.so (in this case)
Another makefile
Compiler Options
The real “builder” makefile

31. $ ndk-build
$ ndk-build -B

32. $ ndk-build
($ ndk-build NDK_DEBUG=1)
$ ndk-build -B

33. AOSP OVERVIEW

34. AOSP
= Android Open Source Project
(vendors’ property libraries)

35. AOSP
= Android Open Source Project
NOT INCLUDED
(vendors’ property libraries)

36. Zygote

39. Zygote
( Java World )

40. Zygote
Request
via Local Socket
( Java World )

41. Zygote
fork
app_01
app_02 app_03
Request
via Local Socket
( Java World )

42. Zygote
fork
app_01
app_02 app_03
Shared address space
Request
via Local Socket
( Java World )

43. Pros: Preload Java Classes

44. $ adb shell ps
| grep -e "u0_" -e "zygote"
| awk '{print $1,"t",$2,"t",$3,"t",$9}'

45. root 328 1 zygote
u0_a24 1051 328 com.android.systemui
u0_a8 1151 328 com.asus.launcher
u0_a20 1351 328 com.google.process.gapps
User PID PPID Process Name
.
.
.

46. root 328 1 zygote
u0_a24 1051 328 com.android.systemui
u0_a8 1151 328 com.asus.launcher
u0_a20 1351 328 com.google.process.gapps
User PID PPID Process Name
.
.
.

47. And their friends
System Services

48. Service Manager
Java Services
Native Services
App

49. Service Manager
Java Services
Native Services
App
addService

50. Service Manager
Java Services
Native Services
App
Query
addService

51. Service Manager
Java Services
Native Services
App
Query
addService
Communicate
via IPC

52. system 979 328 system_server
root 328 1 zygote
media 331 1 /system/bin/mediaserver
system 316 1 /system/bin/servicemanager

53. system 979 328 system_server
root 328 1 zygote
media 331 1 /system/bin/mediaserver
system 316 1 /system/bin/servicemanager
Most of the Java services live in here

54. system 979 328 system_server
root 328 1 zygote
media 331 1 /system/bin/mediaserver
system 316 1 /system/bin/servicemanager
Most of the Java services live in here
One of native services

55. Binder IPC

56. HIGHLIGHT
send() / recv()-like APIs

57. HIGHLIGHT
send() / recv()-like APIs

58. • Still need kernel’s help
• Heavily object oriented
• Put “transmission part” and “logic part” together

59. • Still need kernel’s help
• Heavily object oriented
• Put “transmission part” and “logic part” together
(Interface, Inheritance…etc)

60. • Still need kernel’s help
• Heavily object oriented
• Put “transmission part” and “logic part” together
(Inheritance)
(Interface, Inheritance…etc)

61. EX: AIDL PROGRAMMING
IMyLight led;
led = IMyLight.Stub.asInterface(binder);
led.turnOn();

62. EX: AIDL PROGRAMMING
IMyLight led;
led = IMyLight.Stub.asInterface(binder);
led.turnOn();
The real “messenger”

63. EX: AIDL PROGRAMMING
IMyLight led;
led = IMyLight.Stub.asInterface(binder);
led.turnOn();
The real “messenger”

64. EX: AIDL PROGRAMMING
IMyLight led;
led = IMyLight.Stub.asInterface(binder);
led.turnOn();
Interface The real “messenger”

65. From NDK To AOSP

66. FACT:

67. b6beb000 156K r-xp /system/lib/libbinder.so
b6b22000 4K r-xp /system/lib/libhardware.so
PMAP RESULT

68. – NOT Barack Obama
“If there is a way, there’s a will”

69. “If there is a way, there’s a will”
“If there is a LIBRARY in the address space,
there are SYMBOLS (we can use)”

71. Normal App

72. Normal App
Place we utilize

73. clang -c demo.c
clang -o demoExe demo.o
-I./include -L./lib —lmyLib
COMPILE A PROGRAM

74. clang -c demo.c
clang -o demoExe demo.o
-I./include -L./lib —lmyLib
COMPILE A PROGRAM

75. clang -c demo.c
clang -o demoExe demo.o
-I./include -L./lib —lmyLib
COMPILE A PROGRAM

76. clang -c demo.c
clang -o demoExe demo.o
-I./include -L./lib —lmyLib
COMPILE A PROGRAM
Only used for looking up for symbols
(shared library)

77. Example

78. Goal: Control vibrator using C/C++ Binder API
Available on Github:
https://github.com/mshockwave/android-binder-demo-with-vibrator

79. HEADER FILES
• frameworks/native/include (binder)
• system/core/include (cutils, utils)

80. • https://android.googlesource.com/platform/frameworks/native
• https://android.googlesource.com/platform/system/core
git clone

81. LIBRARIES
1. adb pull /system/lib/libfoo.so
2. Build yourself
Options:

82. BUILDYOURSELF
1. make -jxx
2. mm / mma

83. BUILDYOURSELF
1. make -jxx
2. mm / mma

84. mm: Build current modules
mmm: Build supplied modules
mma: Current modules + dependencies
mmma: Supplied modules + dependencies

85. mm: Build current modules
mmm: Build supplied modules
mma: Current modules + dependencies
mmma: Supplied modules + dependencies
LOCAL_MODULE := myModuleName

86. $ cd ${AOSP_ROOT}/frameworks/native/libs/binder
$ mma
$ ls ${AOSP_ROOT}/out/target/product/${DEVICE}
system/lib
> libbinder.so libutils.so libcutils.so . . . .

87. $ cd ${AOSP_ROOT}/frameworks/native/libs/binder
$ mma
$ ls ${AOSP_ROOT}/out/target/product/${DEVICE}
system/lib
> libbinder.so libutils.so libcutils.so . . . .
Binder module’s dir

88. $ cd ${AOSP_ROOT}/frameworks/native/libs/binder
$ mma
$ ls ${AOSP_ROOT}/out/target/product/${DEVICE}
system/lib
> libbinder.so libutils.so libcutils.so . . . .
Binder module’s dir
Build binder module and its dependencies

89. $ cd ${AOSP_ROOT}/frameworks/native/libs/binder
$ mma
$ ls ${AOSP_ROOT}/out/target/product/${DEVICE}
system/lib
> libbinder.so libutils.so libcutils.so . . . .
Binder module’s dir
Build binder module and its dependencies

90. $ cd ${AOSP_ROOT}/frameworks/native/libs/binder
$ mma
$ ls ${AOSP_ROOT}/out/target/product/${DEVICE}
system/lib
> libbinder.so libutils.so libcutils.so . . . .
Binder module’s dir
Build binder module and its dependencies
Result libraries

91. PART OF ANDROID.MK
LOCAL_MODULE := myVibrator
LOCAL_C_INCLUDES += $(AOSP_INCLUDE)
LOCAL_LDLIBS += -L$(AOSP_LIB)
LOCAL_LDLIBS += -llog -lbinder -lutils -lcutils

92. PART OF ANDROID.MK
LOCAL_MODULE := myVibrator
LOCAL_C_INCLUDES += $(AOSP_INCLUDE)
LOCAL_LDLIBS += -L$(AOSP_LIB)
LOCAL_LDLIBS += -llog -lbinder -lutils -lcutils

93. PART OF ANDROID.MK
LOCAL_MODULE := myVibrator
LOCAL_C_INCLUDES += $(AOSP_INCLUDE)
LOCAL_LDLIBS += -L$(AOSP_LIB)
LOCAL_LDLIBS += -llog -lbinder -lutils -lcutils

94. PART OF ANDROID.MK
LOCAL_MODULE := myVibrator
LOCAL_C_INCLUDES += $(AOSP_INCLUDE)
LOCAL_LDLIBS += -L$(AOSP_LIB)
LOCAL_LDLIBS += -llog -lbinder -lutils -lcutils

95. APP
Hardware Related Library
Hardware
system_server

96. APP
Hardware Related Library
Hardware
Link
system_server

97. APP
Hardware Related Library
Permission Denied
Hardware
Link
system_server

98. APP
Hardware Related Library
Permission Denied
Hardware
Link
system_server
(Mostly control via sysfs)

99. APP
Hardware Related Library
Permission Denied
Hardware
Link
system_server
Link
(Mostly control via sysfs)

100. APP
Hardware Related Library
Permission Denied
Hardware
Link
system_server
Link
Binder IPC
(Mostly control via sysfs)

101. APP
Hardware Related Library
Permission Denied
Hardware
Link
system_server
Link
Binder IPC
Actions
(Mostly control via sysfs)

102. frameworks/base/core/java/android/os/
IVibratorService.aidl
AIDL =
Android Interface Definition Language

103. WE GONNA FAKE ONE !

104. class BpMyVibrator : public BpInterface<IMyVibrator> {
virtual bool hasVibrator(void) {…}
virtual void vibrate(int32_t, String16&, int64_t,
int32_t, sp<IBinder>&) {…}
virtual void cancelVibrate(sp<IBinder>& token) {…}
(vibratePattern Omitted)
}
Same interface in IVibratorService.aidl

105. About detailed Binder part in this example…
http://mshockwave.blogspot.tw/2015/01/using-binder-to-vibrate-android-
binder.html
http://mshockwave.blogspot.tw/2015/02/using-binder-to-vibrate-android-
binder.html

106. IN THE PREVIOUS EXAMPLE…

107. PERMISSION DENIED ?!!!

108. KER KER
I’M ROOT

109. Native Services:
= HIGHER permission
= Able to use MORE libraries

110. Native Service
Libraries
Service Manager
App

111. Native Service
Link
Libraries
Service Manager
App

112. Native Service
Link
Libraries
Service Manager
App
Interact via Binder

113. Native Service
Link
Libraries
Service Manager
App
joinThreadPool()
Interact via Binder

114. • libstagefright.so
• libui.so
• libhardware.so (libhardware_legacy.so)

115. Native Service Example…
https://github.com/mshockwave/android-native-service-demo

116. QUESTIONS?
E-mail / Google account: yihshyng223@gmail.com
Github / Bitbucket account name: mshockwave
Facebook: www.facebook.com/bekket.mcclane