Unveiling Android NFC: From App to Kernel – A Deep Source Code Walkthrough

NFC Introduction

Near Field Communication (NFC) is a short‑range wireless technology originally derived from RFID, now widely integrated into smartphones for tasks such as contactless payment, ticketing, and data exchange.

Android NFC Architecture

The Android NFC stack mirrors other Android subsystems: the NFC app layer communicates with a Service, which uses JNI to interact with the native NFC protocol stack. The stack talks to the HAL, which in turn communicates with the kernel driver.

Source Code Locations

APP : packages/apps/Nfc/src/com/android/nfc/NfcApplication.java Service : packages/apps/Nfc/src/com/android/nfc/NfcService.java Dhimpl : packages/apps/Nfc/nci/src/com/android/nfc/dhimpl/ JNI : packages/apps/Nfc/nci/jni/ Stack : system/nfc/src/ HAL (NXP) : hardware/nxp/nfc/pn8x/halimpl/hal/ TML :

hardware/nxp/nfc/pn8x/halimpl/tml/

Startup Process Overview

When NFC is enabled, NfcApplication.onCreate() creates NfcService, which instantiates NativeNfcManager (implemented in the dhimpl module) as mDeviceHost. The service then launches EnableDisableTask with the TASK_BOOT flag, causing enableInternal() to run. enableInternal() calls initialize(), which invokes the JNI entry nfcManager_doInitialize(). This function triggers NFA_Init() and NFA_Enable() in the native stack ( system/nfc/src/nfa/dm/nfa_dm_api.cc). NFA_Init() sets up data structures, registers HAL callbacks, and calls NFC_Init() with a halFuncEntries table. The HAL’s HalOpen() registers eventCallback and dataCallback, then opens the NXP PN8x driver.

The HAL creates a client thread ( phNxpNciHal_client_thread) and a transport‑mapping layer (TML) thread. The TML reads and writes I²C messages to the NFC controller, forwarding events and data back to the stack via callbacks such as nfc_main_hal_cback() and nfc_main_hal_data_cback().

The stack’s main task ( nfc_task()) processes events from the HAL, performs a core reset with nci_snd_core_reset(), and finally calls NFA_Enable() to activate the NFC controller.

Key Takeaways

The NFC startup consists of resource initialization, HAL‑to‑controller communication, and event‑driven state transitions. After successful enablement, subsequent tag reads follow the same TML‑HAL‑stack pathway, with the stack dispatching card‑type‑specific handling.