In almost all android source base as found in the AOSP/CAF/CM source (Android Open Source Project, CodeAurora Forum, Cyanogenmod respectively), will have C code called the rild, (Radio Interface Layer Daemon). This is commonly found within the /hardware/rilof the source tree.

在 AOSP/CAF/CM 源（分别是 Android 开源项目、CodeAurora 论坛、Cyanogenmod）中找到的几乎所有 android 源代码库中，都会有 C 代码称为rild（无线电接口层守护程序）。这通常在/hardware/ril源代码树中找到。

This daemon runs from the moment Android boots up, and creates a socket called /dev/socket/rildand /dev/socket/rild-debug. There will be a proprietary library coming from Qualcomm, HTC, that gets dynamically loaded at run time upon boot. It is that proprietary library that in turn, communicates to the radio firmware. And the rild's hooks for the call-backs into the proprietary library is established there and then.

这个守护进程从 Android 启动的那一刻开始运行，并创建一个名为/dev/socket/rildand的套接字/dev/socket/rild-debug。将有一个来自高通公司、HTC 的专有库，在启动时在运行时动态加载。正是该专有库反过来与无线电固件进行通信。然后在那里建立了用于回调到专有库的rild钩子。

At the rildlayer, via the aforementioned socket, is how the Android layer (found in the source tree, frameworks/base/telephony/com/android/internal/telephony/RIL.java) communicates.

在rild层，通过上述套接字，是 Android 层（在源代码树中找到frameworks/base/telephony/com/android/internal/telephony/RIL.java）进行通信的方式。

On the Java side, it opens the socket for reading/writing, along with establishing intents and setting up delegates for broadcasting/receiving events via this socket.

在 Java 端，它打开套接字以进行读/写，同时通过此套接字建立意图和设置广播/接收事件的委托。

For example, an incoming call, the proprietary library, invokes a callback hook as set up by rild. The rildwrites standard generic AT Hayes modem commands to the socket, on the Java side, it reads and interprets the modem commands, and from there, the PhoneManagerbroadcasts CALL_STATE_RINGING, in which Phoneapplication (found in the source packages/apps/Phone) has registered a receiver and kickstarts the User interface, and that is how you get to answer the call.

例如，传入呼叫（专有库）会调用rild设置的回调挂钩。该RILD写入标准通用海耶斯调制解调器命令到插座，在Java端，它读取并解释调制解调器命令，并从那里，PhoneManager广播CALL_STATE_RINGING，在手机应用程序（在源中找到packages/apps/Phone）已注册的接收器和的kickstart用户界面，这就是您接听电话的方式。

Another example, making an outgoing call, you dial a number on Android, the intent gets created and which in turn the PhoneManager(This is the root of it all, here, cannot remember top of my head, think its in frameworks/base/core/javasomewhere in the source tree) receives the intent, convert it into either a sequence of AT Hayes modem commands, write it out to the socket, the rildthen invokes a callback to the proprietary library, the proprietary library in turn delegates to the radio firmware.

另一个例子，拨打电话，你在 Android 上拨打一个号码，意图被创建，这反过来又是PhoneManager（这是一切的根源，在这里，我不记得我的头顶，认为它在frameworks/base/core/java源头的某个地方tree) 接收意图，将其转换为 AT Hayes 调制解调器命令序列，将其写入套接字，然后rild调用对专有库的回调，专有库又委托给无线电固件。

Final example, sending text messages, from the Messaging(found in packages/apps/Mmssource tree) application, the text you type, gets shoved into an intent, the PhoneManagerreceives the intent, converts the text into GSM-encoded using 7-bit GSM letters (IIRC), gets written out to the socket, the rildin turn invokes a callback to the proprietary library, the proprietary library in turn delegates to the radio firmware and the text has now left the domain of the handset and is in the airwaves somewhere... :) Along with sending a broadcast message within Android itself, provided that READ_PHONE_STATEpermission is used and specified in the AndroidManifest.xml.

最后一个例子，从Messaging（在packages/apps/Mms源树中找到）应用程序发送文本消息，你输入的文本被推到一个意图中，PhoneManager接收到这个意图，使用 7 位 GSM 字母 (IIRC) 将文本转换为 GSM 编码)，被写入套接字，rild反过来调用专有库的回调，专有库又委托给无线电固件，文本现在已经离开了手机的域并在某处的无线电波中.. . :) 连同在 Android 本身内发送广播消息，前提READ_PHONE_STATE是在AndroidManifest.xml 中使用并指定了该权限。

Likewise conversely, when receiving a text message, it is in the reverse, radio firmware receives some bytes, the proprietary library invokes the callback to the rild, and thus writes out the bytes to the socket. On the Java side, it reads from it, and decodes the sequence of bytes, converts it to text as we know of, fires a broadcast with a message received notification. The Messagingapplication in turn, has registered receivers for the said broadcast, and sends an intent to the notification bar to say something like "New message received from +xxxxxx"

同样，相反，当接收文本消息时，情况正好相反，无线电固件接收一些字节，专有库调用对rild的回调，从而将字节写出到套接字。在 Java 端，它从中读取，并解码字节序列，将其转换为我们所知道的文本，使用收到的消息通知触发广播。该消息又申请，注册了接收器的说广播，并发送一个意向通知栏说“有点像从+ XXXXXX收到的新邮件”

The intents are found in frameworks/base/telephony/java/com/android/internal/telephony/TelephonyIntents.java

意图可以在 frameworks/base/telephony/java/com/android/internal/telephony/TelephonyIntents.java

That is the gist of how the telephony system works, the real beauty is, that it uses generic AT Hayes modem commands thusly simplifying and hiding the real proprietary mechanisms.

这就是电话系统工作原理的要点，真正的美妙之处在于它使用通用的 AT Hayes 调制解调器命令，从而简化和隐藏了真正的专有机制。

As for the likes of Qualcomm, HTC, forget about it in thinking they'd ever open source the library in question because the radio telephony layer is embedded within the S-o-C (System on a Chip) circuitry!

至于像高通、宏达电这样的公司，忘记它吧，因为他们会开源这个库，因为无线电话层嵌入在 SoC（片上系统）电路中！

Which is also, as a side note, why its risky to flash radio firmware, some handsets provide the capability to do it, flash the wrong firmware (such as an incompatible or not suitable for handset), kiss the handset good-bye and use that as a door stopper or paper-weight! :)

这也是，作为旁注，为什么闪存无线电固件有风险，有些手机提供了这样做的能力，闪存错误的固件（例如不兼容或不适合手机），吻手机再见并使用作为门塞或镇纸！:)

It should be noted, that there is zero JNI mechanisms involved.

应该注意的是，涉及的 JNI 机制为零。

This is from my understanding of how it works, from what I can tell is this, the radio firmware is loaded into a memory address somewhere where the linux kernel has reserved the address space and does not touch it, something like back in the old PC days when DOS booted up, there was reserved addresses used by the BIOS, I think, its similar here, the addresses marked as reserved are occupied by the firmware, in which the proprietary radio library talks to it - and since the library is running in the address space owned by the kernel, a lá owned by root with root privileges, it can "talk" to it, if you think of using the old BASIC dialect of peek and poke, I'd guess you would not be far off the mark there, by writing a certain sequence of bytes to that address, the radio firmware acts on it, almost like having a interrupt vector table... this am guessing here how it works exactly. :)

. 我在这里猜测它是如何工作的。:)

Continuing from the explanation by t0mm13b, When we talk about a smartphone, think of 3 layer operations wrt to SMS/Calls.

继续 t0mm13b 的解释，当我们谈论智能手机时，请考虑与 SMS/Calls 相关的 3 层操作。

RIL (User level) <-> AP <-> CP

RIL（用户级别）<-> AP <-> CP

AP : Application Processor(Where your Android OS runs. Think of games, songs, videos, camera etc running on this processor)

AP：应用处理器（Android 操作系统运行的地方。想想在这个处理器上运行的游戏、歌曲、视频、相机等）

CP : Cellular Processor (Which actually deals with Air-interface for incoming/outgoing calls/sms, interacts with Network Tower etc ..)

CP：蜂窝处理器（实际上处理呼入/呼出电话/短信的空中接口，与网络塔等交互......）

Now let say some data is received at CP side (It could be internet data/sms/call). Now there are certain logical channels between AP and CP. So CP will push the data received to a corresponding channel based on type of data. This data will be received by AP. AP will send this data back to RIL/App. RIL will decode this data (specially call/sms data). Based on that gives notification to User about SMS/Call.

现在假设在 CP 端接收到一些数据（可能是互联网数据/短信/通话）。现在AP和CP之间有一定的逻辑通道。所以CP会根据数据的类型将接收到的数据推送到对应的通道。该数据将由AP接收。AP 会将此数据发送回 RIL/App。RIL 将解码这些数据（特别是电话/短信数据）。基于此向用户提供有关短信/电话的通知。