上一遍寫了AndFix原理淺析(一)之補丁生成原理,本篇來分析補丁過程原理。如果還沒有了解如何使用AndFix可以看之前的文章AndFix 實戰以及遇到的坑。回顧之前文章,AndFix使用上主要是如下程式碼:
//1)初始化PatchManager
mPatchManager = new PatchManager(this);
mPatchManager.init(AppInfoUtils.getVersionCode(this));
//2)load patch
mPatchManager.loadPatch();
try {
// .apatch file path ,這裡一定要注意每臺手機sd卡路徑不同
String patchFileString = "sdcard" + Environment.getExternalStorageDirectory()
.getAbsolutePath() + APATCH_PATH;
//3)新增patch
mPatchManager.addPatch(patchFileString);
Log.d(TAG, "apatch:" + patchFileString + " added.");
} catch (IOException e) {
Log.e(TAG, "", e);
}
複製程式碼#####JAVA原始碼分析
首先到github上把AndFix原始碼clone下來。按照順序先來看com.alipay.euler.andfix.patch包下PatchManager.init()
public void init(String appVersion) {
if (!mPatchDir.exists() && !mPatchDir.mkdirs()) {// make directory fail
Log.e(TAG, "patch dir create error.");
return;
} else if (!mPatchDir.isDirectory()) {// not directory
mPatchDir.delete();
return;
}
SharedPreferences sp = mContext.getSharedPreferences(SP_NAME,
Context.MODE_PRIVATE);
String ver = sp.getString(SP_VERSION, null);
//獲取之前儲存的版本號與當前版本號對比、如果不同清除patch,並儲存當前版本號
if (ver == null || !ver.equalsIgnoreCase(appVersion)) {
cleanPatch();
sp.edit().putString(SP_VERSION, appVersion).commit();
} else {
//如果相同初始化patchs
initPatchs();
}
}
複製程式碼看初始化patchs方法PatchManager.initPatchs()
private void initPatchs() {
// 快取目錄data/data/package/file/apatch/會快取補丁檔案
// 即使原目錄被刪除也可以打補丁
File[] files = mPatchDir.listFiles();
for (File file : files) {
addPatch(file);
}
}
複製程式碼這裡可以看下mPatchDir變數的定義
mPatchDir = new File(mContext.getFilesDir(), DIR);
是沙盒中data/data/package/file/apatch/ 目錄下的資料夾目錄。這一步邏輯我們可以試想肯定有patch檔案會存入此目錄下。 每次程式初始化載入patch檔案都會從沙盒的快取目錄下讀取, 而不用擔心patch檔案被刪除。
繼續來看PatchManager.addPatch()
private Patch addPatch(File file) {
Patch patch = null;
if (file.getName().endsWith(SUFFIX)) {
try {
patch = new Patch(file);
mPatchs.add(patch);
} catch (IOException e) {
Log.e(TAG, "addPatch", e);
}
}
return patch;
}
複製程式碼這裡邏輯比較簡單,檢測只要檔案字尾為.apatch就加入到mPatchs陣列中。至此PatchManager.initPatchs()走完了。往下走來看PatchManager.loadPatch()
public void loadPatch() {
mLoaders.put("*", mContext.getClassLoader());// wildcard
Set<String> patchNames;
List<String> classes;
for (Patch patch : mPatchs) {
patchNames = patch.getPatchNames();
for (String patchName : patchNames) {
classes = patch.getClasses(patchName);
mAndFixManager.fix(patch.getFile(), mContext.getClassLoader(),
classes);
}
}
}
複製程式碼這個函式對所有的patchs進行了遍歷,並取出每個patch內的class陣列,然後傳入AndFixManager.fix()。
public synchronized void fix(File file, ClassLoader classLoader,
List<String> classes) {
......省略安全性檢測相關程式碼
//讀取dex檔案
final DexFile dexFile = DexFile.loadDex(file.getAbsolutePath(),
optfile.getAbsolutePath(), Context.MODE_PRIVATE);
if (saveFingerprint) {
mSecurityChecker.saveOptSig(optfile);
}
//初始化類載入器
ClassLoader patchClassLoader = new ClassLoader(classLoader) {
@Override
protected Class<?> findClass(String className)
throws ClassNotFoundException {
Class<?> clazz = dexFile.loadClass(className, this);
if (clazz == null
&& className.startsWith("com.alipay.euler.andfix")) {
return Class.forName(className);// annotation’s class
// not found
}
if (clazz == null) {
throw new ClassNotFoundException(className);
}
return clazz;
}
};
Enumeration<String> entrys = dexFile.entries();
Class<?> clazz = null;
//遍歷dex中條目(類名稱)
while (entrys.hasMoreElements()) {
String entry = entrys.nextElement();
if (classes != null && !classes.contains(entry)) {
continue;// skip, not need fix
}
//load 需要fix的Class
clazz = dexFile.loadClass(entry, patchClassLoader);
if (clazz != null) {
//fix class
fixClass(clazz, classLoader);
}
}
} catch (IOException e) {
Log.e(TAG, "pacth", e);
}
}
複製程式碼前面都是安全性檢測程式碼略過, 後面檢測出需要fix的Class然後執行到AndFixManager.fixClass()
private void fixClass(Class<?> clazz, ClassLoader classLoader) {
Method[] methods = clazz.getDeclaredMethods();
MethodReplace methodReplace;
String clz;
String meth;
for (Method method : methods) {
//獲取到MethodReplace註解(需要被替換的方法)
methodReplace = method.getAnnotation(MethodReplace.class);
if (methodReplace == null)
continue;
//註解的類
clz = methodReplace.clazz();
//需要被替換的方法
meth = methodReplace.method();
if (!isEmpty(clz) && !isEmpty(meth)) {
//替換方法
replaceMethod(classLoader, clz, meth, method);
}
}
}
複製程式碼繼續看 replaceMethod方法
private void replaceMethod(ClassLoader classLoader, String clz,
String meth, Method method) {
try {
String key = clz + "@" + classLoader.toString();
Class<?> clazz = mFixedClass.get(key);
if (clazz == null) {// class not load
//load 需要修復的class
Class<?> clzz = classLoader.loadClass(clz);
// 初始化並且更改class 訪問許可權public
clazz = AndFix.initTargetClass(clzz);
}
if (clazz != null) {// initialize class OK
//放入快取map
mFixedClass.put(key, clazz);
//獲取原method
Method src = clazz.getDeclaredMethod(meth,
method.getParameterTypes());
//進行替換操作
AndFix.addReplaceMethod(src, method);
}
} catch (Exception e) {
Log.e(TAG, "replaceMethod", e);
}
}
複製程式碼繼續看AndFix.addReplaceMethod()
public static void addReplaceMethod(Method src, Method dest) {
try {
//替換方法為native方法
replaceMethod(src, dest);
//修改類成員變數訪問許可權為public
initFields(dest.getDeclaringClass());
} catch (Throwable e) {
Log.e(TAG, "addReplaceMethod", e);
}
}
複製程式碼private static native void replaceMethod(Method dest, Method src);
replaceMethod的定義可知它為 native方法
#####Native層分析
NatIve原始碼在jni目錄下 如圖:
andfix.cpp
static void replaceMethod(JNIEnv* env, jclass clazz, jobject src,
jobject dest) {
if (isArt) {
art_replaceMethod(env, src, dest);
} else {
dalvik_replaceMethod(env, src, dest);
}
}
複製程式碼根據不同的模式 art or dalvik 呼叫不同的方法。這裡我們只看dalvik ,art 與dalvik原理都差不多。
開啟dalvik資料夾下dalvik_method_replace.cpp 來看dalvik_replaceMethod ()
extern void __attribute__ ((visibility ("hidden"))) dalvik_replaceMethod(
JNIEnv* env, jobject src, jobject dest) {
jobject clazz = env->CallObjectMethod(dest, jClassMethod);
ClassObject* clz = (ClassObject*) dvmDecodeIndirectRef_fnPtr(
dvmThreadSelf_fnPtr(), clazz);
clz->status = CLASS_INITIALIZED;
//舊的方法(需要被替換的方法)
Method* meth = (Method*) env->FromReflectedMethod(src);
//新的方法
Method* target = (Method*) env->FromReflectedMethod(dest);
LOGD("dalvikMethod: %s", meth->name);
// meth->clazz = target->clazz;
//舊的方法訪問許可權設定為public
meth->accessFlags |= ACC_PUBLIC;
meth->methodIndex = target->methodIndex;
meth->jniArgInfo = target->jniArgInfo;
meth->registersSize = target->registersSize;
meth->outsSize = target->outsSize;
meth->insSize = target->insSize;
meth->prototype = target->prototype;
//替換方法資訊
meth->insns = target->insns;
//舊的方法設定為native
meth->nativeFunc = target->nativeFunc;
}
複製程式碼#####總結 AndFix熱補丁原理就是在native動態替換方法java層的程式碼,通過native層hook java層的程式碼。