浅谈系统定制之recovery篇
前言
目前为止,接触到的系统开发有这几个模块的定制与修改,分别是bootable下的recovery,system下的init,dvm与art虚拟机,还有以及包罗万象的framework模块,接下来会一一做一个简单的总结,以供大家学习参考。
工作实现
recovery是一个进程,当系统进入恢复模式时由init.rc启动,代码路径为androidSource/bootable/recovery/recovery.cpp
首先呢,我们全局大体看一下这个程序大体有哪些骚操作,进入main函数
int
main(int argc, char **argv) {
if (argc == 2 && strcmp(argv[1], "--adbd") == 0) {
adb_main();
return 0;
}
load_volume_table(); //1
get_args(&argc, &argv); //2
int arg;
while ((arg = getopt_long(argc, argv, "", OPTIONS, NULL)) != -1) {
switch (arg) {
case 'p': previous_runs = atoi(optarg); break;
case 's': send_intent = optarg; break;
case 'u': update_package = optarg; break;
case 'w': wipe_data = wipe_cache = 1; break;
case 'c': wipe_cache = 1; break;
case 't': show_text = 1; break;
case 'x': just_exit = true; break;
case 'l': locale = optarg; break;
case '?':
LOGE("Invalid command argument\n");
continue;
}
}
if (locale == NULL) {
load_locale_from_cache();
}
printf("locale is [%s]\n", locale);
Device* device = make_device(); //3
ui = device->GetUI(); //4
gCurrentUI = ui; //5
ui->Init(); //6
ui->SetLocale(locale); //7
ui->SetBackground(RecoveryUI::INSTALLING_UPDATE);//8
int rt = 0;
if(send_intent){
rt = !strcmp(send_intent,"update_ui");
}
if(rt)
{
update_UI = 1;
send_intent = NULL;
}
if (show_text) ui->ShowText(true);
struct selinux_opt seopts[] = {
{ SELABEL_OPT_PATH, "/file_contexts" }
};
sehandle = selabel_open(SELABEL_CTX_FILE, seopts, 1);
if (!sehandle) {
ui->Print("Warning: No file_contexts\n");
}
device->StartRecovery();
printf("Command:");
for (arg = 0; arg < argc; arg++) {
printf(" \"%s\"", argv[arg]);
}
if (update_package) {
if (strncmp(update_package, "CACHE:", 6) == 0) {
int len = strlen(update_package) + 10;
char* modified_path = (char*)malloc(len);
strlcpy(modified_path, "/cache/", len);
strlcat(modified_path, update_package+6, len);
printf("(replacing path \"%s\" with \"%s\")\n",
update_package, modified_path);
update_package = modified_path;
}
}
property_list(print_property, NULL);
property_get("ro.build.display.id", recovery_version, "");
int status = INSTALL_SUCCESS;
if (update_package != NULL) {
status = install_package(update_package, &wipe_cache, TEMPORARY_INSTALL_FILE);
if (status == INSTALL_SUCCESS && wipe_cache) {
if (erase_volume("/cache")) {
LOGE("Cache wipe (requested by package) failed.");
}
}
if (status != INSTALL_SUCCESS) {
ui->Print("Installation aborted.\n");
char buffer[PROPERTY_VALUE_MAX+1];
property_get("ro.build.fingerprint", buffer, "");
if (strstr(buffer, ":userdebug/") || strstr(buffer, ":eng/")) {
ui->ShowText(true);
}
}
} else if (wipe_data) {
char value[PROP_VALUE_MAX] = {0};
property_get("persist.sys.qb.enable", value, "false");
if ( 0 == strcmp(value, "true") ) {
printf("quickboot enable \n");
write_clean("qbflag");
}
if (device->WipeData()) status = INSTALL_ERROR;
char buffer[PROP_VALUE_MAX];
property_get("ro.sdcardfs.support", buffer, "false");
if(buffer != NULL && (strcmp(buffer,"true")==0)) {
delete_data("/data");
} else {
if (erase_volume("/data")) status = INSTALL_ERROR;
}
if (wipe_cache && erase_volume("/cache")) status = INSTALL_ERROR;
if (status != INSTALL_SUCCESS) ui->Print("Data wipe failed.\n");
} else if (wipe_cache) {
if (wipe_cache && erase_volume("/cache")) status = INSTALL_ERROR;
if (status != INSTALL_SUCCESS) ui->Print("Cache wipe failed.\n");
} else {
prompt_and_wait(device, status);
goto RGCLEAR ;
}
if (status == INSTALL_ERROR || status == INSTALL_CORRUPT) {
copy_logs();
char value[PROP_VALUE_MAX] = {0};
property_get("ro.product.target", value, "ott");
if(0 == strcmp(value, "xxxxx")) {
sleep(2);
ui->SetBackground(RecoveryUI::ERROR_MOBILE);
sleep(5);
} else {
ui->SetBackground(RecoveryUI::ERROR);
}
}
RGCLEAR: //8
finish_recovery(send_intent); //9
ui->Print("Rebooting...\n");
property_set(ANDROID_RB_PROPERTY, "reboot,");
return EXIT_SUCCESS;
}
上边代码有部分删减,其中需要特别说明的以注释,下面将一一说明
注释说明
注释1:
load_volume_table这个函数从”/etc/recovery.fstab”读取分区信息
void load_volume_table() {
int i;
int ret;
int alloc = 2;
device_volumes = (Volume*)malloc(alloc * sizeof(Volume));
fstab = fs_mgr_read_fstab("/etc/recovery.fstab");
if (!fstab) {
LOGE("failed to read /etc/recovery.fstab\n");
return;
}
ret = fs_mgr_add_entry(fstab, "/tmp", "ramdisk", "ramdisk", 0);
if (ret < 0 ) {
LOGE("failed to add /tmp entry to fstab\n");
fs_mgr_free_fstab(fstab);
fstab = NULL;
return;
}
printf("recovery filesystem table\n");
printf("=========================\n");
for (i = 0; i < fstab->num_entries; ++i) {
Volume* v = &fstab->recs[i];
printf(" %d %s %s %s %lld\n", i, v->mount_point, v->fs_type,
v->blk_device, v->length);
}
printf("\n");
}
注释2:
get_args这个函数读取BCB数据块到boot变量中,置其为空,最后从/cache/recovey/command中获取数据,据此更新BCB内容。
static void
get_args(int *argc, char ***argv) {
struct bootloader_message boot;
memset(&boot, 0, sizeof(boot));
get_bootloader_message(&boot); // this may fail, leaving a zeroed structure
if (boot.command[0] != 0 && boot.command[0] != 255) {
LOGI("Boot command: %.*s\n", sizeof(boot.command), boot.command);
}
if (boot.status[0] != 0 && boot.status[0] != 255) {
LOGI("Boot status: %.*s\n", sizeof(boot.status), boot.status);
}
// --- if arguments weren't supplied, look in the bootloader control block
if (*argc <= 1) {
boot.recovery[sizeof(boot.recovery) - 1] = '\0'; // Ensure termination
const char *arg = strtok(boot.recovery, "\n");
if (arg != NULL && !strcmp(arg, "recovery")) {
*argv = (char **) malloc(sizeof(char *) * MAX_ARGS);
(*argv)[0] = strdup(arg);
for (*argc = 1; *argc < MAX_ARGS; ++*argc) {
if ((arg = strtok(NULL, "\n")) == NULL) break;
(*argv)[*argc] = strdup(arg);
}
LOGI("Got arguments from boot message\n");
} else if (boot.recovery[0] != 0 && boot.recovery[0] != 255) {
LOGE("Bad boot message\n\"%.20s\"\n", boot.recovery);
}
}
// --- if that doesn't work, try the command file form bootloader:recovery_command
if (*argc <= 1) {
char *parg = NULL;
char *recovery_command = fw_getenv("recovery_command");
if (recovery_command != NULL && strcmp(recovery_command, "")) {
char *argv0 = (*argv)[0];
*argv = (char **) malloc(sizeof(char *) * MAX_ARGS);
(*argv)[0] = argv0; // use the same program name
char buf[MAX_ARG_LENGTH];
strcpy(buf, recovery_command);
if((parg = strtok(buf, "#")) == NULL){
LOGE("Bad bootloader arguments\n\"%.20s\"\n", recovery_command);
}else{
(*argv)[1] = strdup(parg); // Strip newline.
for (*argc = 2; *argc < MAX_ARGS; ++*argc) {
if((parg = strtok(NULL, "#")) == NULL){
break;
}else{
(*argv)[*argc] = strdup(parg); // Strip newline.
}
}
LOGI("Got arguments from bootloader\n");
}
} else {
LOGE("Bad bootloader arguments\n\"%.20s\"\n", recovery_command);
}
}
// --- if that doesn't work, try the command file
char * temp_args =NULL;
if (*argc <= 1) {
FILE *fp = fopen_path(COMMAND_FILE, "r");
if (fp != NULL) {
char *token;
char *argv0 = (*argv)[0];
*argv = (char **) malloc(sizeof(char *) * MAX_ARGS);
(*argv)[0] = argv0; // use the same program name
char buf[MAX_ARG_LENGTH];
for (*argc = 1; *argc < MAX_ARGS; ) {
if (!fgets(buf, sizeof(buf), fp)) break;
temp_args = strtok(buf, "\r\n");
if (temp_args == NULL) continue;
(*argv)[*argc] = strdup(temp_args); // Strip newline.
++*argc;
//} else {
// --*argc;
//}
}
check_and_fclose(fp, COMMAND_FILE);
LOGI("Got arguments from %s\n", COMMAND_FILE);
}
}
// -- sleep 1 second to ensure SD card initialization complete
usleep(1000000);
// --- if that doesn't work, try the sdcard command file
if (*argc <= 1) {
FILE *fp = fopen_path(SDCARD_COMMAND_FILE, "r");
if (fp != NULL) {
char *argv0 = (*argv)[0];
*argv = (char **) malloc(sizeof(char *) * MAX_ARGS);
(*argv)[0] = argv0; // use the same program name
char buf[MAX_ARG_LENGTH];
for (*argc = 1; *argc < MAX_ARGS; ) {
if (!fgets(buf, sizeof(buf), fp)) break;
temp_args = strtok(buf, "\r\n");
if(temp_args == NULL) continue;
(*argv)[*argc] = strdup(temp_args); // Strip newline.
++*argc;
}
check_and_fclose(fp, SDCARD_COMMAND_FILE);
LOGI("Got arguments from %s\n", SDCARD_COMMAND_FILE);
}
}
// --- if that doesn't work, try the udisk command file
if (*argc <= 1) {
FILE *fp = fopen_path(UDISK_COMMAND_FILE, "r");
if (fp != NULL) {
char *argv0 = (*argv)[0];
*argv = (char **) malloc(sizeof(char *) * MAX_ARGS);
(*argv)[0] = argv0; // use the same program name
char buf[MAX_ARG_LENGTH];
for (*argc = 1; *argc < MAX_ARGS; ) {
if (!fgets(buf, sizeof(buf), fp)) break;
temp_args = strtok(buf, "\r\n");
if(temp_args == NULL) continue;
(*argv)[*argc] = strdup(temp_args); // Strip newline.
++*argc;
}
check_and_fclose(fp, UDISK_COMMAND_FILE);
LOGI("Got arguments from %s\n", UDISK_COMMAND_FILE);
}
}
// --- if no argument, then force show_text
if (*argc <= 1) {
char *argv0 = (*argv)[0];
*argv = (char **) malloc(sizeof(char *) * MAX_ARGS);
(*argv)[0] = argv0; // use the same program name
(*argv)[1] = "--show_text";
*argc = 2;
}
// --> write the arguments we have back into the bootloader control block
// always boot into recovery after this (until finish_recovery() is called)
strlcpy(boot.command, "boot-recovery", sizeof(boot.command));
strlcpy(boot.recovery, "recovery\n", sizeof(boot.recovery));
int i;
for (i = 1; i < *argc; ++i) {
strlcat(boot.recovery, (*argv)[i], sizeof(boot.recovery));
strlcat(boot.recovery, "\n", sizeof(boot.recovery));
}
set_bootloader_message(&boot);
}
注释3:
Device* device = make_device(); //3
获取device对象实例
注释4:
ui = device->GetUI(); //4
获取ScreenRecoveryUI对象实例
注释5:
gCurrentUI = ui; //5
赋值操作,这里不做说明
注释6:
ui->Init(); //6
初始化操作,调用ScreenRecoveryUI的Init函数,将图片加入surface数组中去,以供后面调用
注释7:
设置语言类型,如果不主动设置。默认为英文
ui->SetLocale(locale); //7
注释8:
设置背景图:
ui->SetBackground(RecoveryUI::INSTALLING_UPDATE);//8
注释9:
finish_recovery函数如下:
static void
finish_recovery(const char *send_intent) {
// By this point, we're ready to return to the main system...
if (send_intent != NULL) {
FILE *fp = fopen_path(INTENT_FILE, "w");
if (fp == NULL) {
LOGE("Can't open %s\n", INTENT_FILE);
} else {
fputs(send_intent, fp);
check_and_fclose(fp, INTENT_FILE);
}
}
// Save the locale to cache, so if recovery is next started up
// without a --locale argument (eg, directly from the bootloader)
// it will use the last-known locale.
if (locale != NULL) {
LOGI("Saving locale \"%s\"\n", locale);
FILE* fp = fopen_path(LOCALE_FILE, "w");
fwrite(locale, 1, strlen(locale), fp);
fflush(fp);
fsync(fileno(fp));
check_and_fclose(fp, LOCALE_FILE);
}
copy_logs();
// Reset to normal system boot so recovery won't cycle indefinitely.
struct bootloader_message boot;
memset(&boot, 0, sizeof(boot));
set_bootloader_message(&boot);
// Remove the command file, so recovery won't repeat indefinitely.
if (ensure_path_mounted(COMMAND_FILE) != 0 ||
(unlink(COMMAND_FILE) && errno != ENOENT)) {
LOGW("Can't unlink %s\n", COMMAND_FILE);
}
ensure_path_unmounted(CACHE_ROOT);
sync(); // For good measure.
}
①将intent(字符串)的内容作为参数传进finish_recovery中。如果有intent需要告知Main System,则将其写入/cache/recovery/intent中。这个intent的作用尚不知有何用。
② 将内存文件系统中的Recovery服务的日志(/tmp/recovery.log)拷贝到cache(/cache/recovery/log)分区中,以便告知重启后的Main System发生过什么。
③ 擦除MISC分区中的BCB数据块的内容,以便系统重启后不在进入Recovery模式而是进入更新后的主系统。
④ 删除/cache/recovery/command文件。这一步也是很重要的,因为重启后Bootloader会自动检索这个文件,如果未删除的话又会进入Recovery模式。原理在上面已经讲的很清楚
补充(install_package)
这里需要提一下,recovery其实会根据用户选择,做出清除和升级等操作,代码如下:
while ((arg = getopt_long(argc, argv, "", OPTIONS, NULL)) != -1) {
switch (arg) {
case 'p': previous_runs = atoi(optarg); break;
case 's': send_intent = optarg; break;
case 'u': update_package = optarg; break;
case 'w': wipe_data = wipe_cache = 1; break;
case 'c': wipe_cache = 1; break;
case 't': show_text = 1; break;
case 'x': just_exit = true; break;
case 'l': locale = optarg; break;
case '?':
LOGE("Invalid command argument\n");
continue;
}
}
这里需要特别将升级操作提出来讲一下,因为这是理解系统ota升级的重要一环。接下来看函数
install_package:
int
install_package(const char* path, int* wipe_cache, const char* install_file)
{
FILE* install_log = fopen_path(install_file, "w");
if (install_log) {
fputs(path, install_log);
fputc('\n', install_log);
} else {
LOGE("failed to open last_install: %s\n", strerror(errno));
}
int result;
if (setup_install_mounts() != 0) {
LOGE("failed to set up expected mounts for install; aborting\n");
set_upgrade_step("2");
result = INSTALL_ERROR;
} else {
result = really_install_package(path, wipe_cache);
}
if (install_log) {
fputc(result == INSTALL_SUCCESS ? '1' : '0', install_log);
fputc('\n', install_log);
fclose(install_log);
}
return result;
}
上面代码可以直接跟踪到关键函数really_install_package实现:
static int
really_install_package(const char *path, int* wipe_cache)
{
set_upgrade_step("3");
ui->SetBackground(RecoveryUI::INSTALLING_UPDATE);
ui->Print("Finding update package...\n");
// Give verification half the progress bar...
ui->SetProgressType(RecoveryUI::DETERMINATE);
ui->ShowProgress(VERIFICATION_PROGRESS_FRACTION, VERIFICATION_PROGRESS_TIME);
LOGI("Update location: %s\n", path);
if (ensure_path_mounted(path) != 0) {
LOGE("Can't mount %s\n", path);
set_upgrade_step("2");
return INSTALL_CORRUPT;
}
/* Check board whether is encrypted and rsa whether is the same.
*/
int retSecureCheck = -1;
ui->Print("\nStart to check secure update...\n");
retSecureCheck = aml_secure_upgrade_check(path);
if(retSecureCheck == 0x1234) {
ui->Print("Kernel not support check secure upgrade package,skip...\n\n");
} else if(retSecureCheck <= 0) {
ui->Print("Check secure upgrade package doesn't pass!\n\n");
set_upgrade_step("2");
return INSTALL_CORRUPT;
} else {
ui->Print("Check secure upgrade package pass!\n\n");
}
ui->Print("Opening update package...\n");
int numKeys;
Certificate* loadedKeys = load_keys(PUBLIC_KEYS_FILE, &numKeys);
if (loadedKeys == NULL) {
LOGE("Failed to load keys\n");
set_upgrade_step("2");
return INSTALL_CORRUPT;
}
LOGI("%d key(s) loaded from %s\n", numKeys, PUBLIC_KEYS_FILE);
ui->Print("Verifying update package...\n");
int err;
err = verify_file(path, loadedKeys, numKeys);
free(loadedKeys);
LOGI("verify_file returned %d\n", err);
if (err != VERIFY_SUCCESS) {
set_upgrade_step("2");
LOGE("signature verification failed\n");
return INSTALL_CORRUPT;
}
/* Try to open the package.
*/
ZipArchive zip;
err = mzOpenZipArchive(path, &zip);
if (err != 0) {
set_upgrade_step("2");
LOGE("Can't open %s\n(%s)\n", path, err != -1 ? strerror(err) : "bad");
return INSTALL_CORRUPT;
}
#ifdef RECOVERY_WIPE_BOOT_BEFORE_UPGRADE
if (wipe_boot_before_upgrade(zip) < 0) {
set_upgrade_step("2");
return INSTALL_CORRUPT;
}
#endif
/* Verify and install the contents of the package.
*/
ui->Print("Installing update...\n");
return try_update_binary(path, &zip, wipe_cache);
}
static int
try_update_binary(const char *path, ZipArchive *zip, int* wipe_cache) {
const ZipEntry* binary_entry =
mzFindZipEntry(zip, ASSUMED_UPDATE_BINARY_NAME);
if (binary_entry == NULL) {
mzCloseZipArchive(zip);
return INSTALL_CORRUPT;
}
const char* binary = "/tmp/update_binary";
unlink(binary);
int fd = creat(binary, 0755);
if (fd < 0) {
mzCloseZipArchive(zip);
LOGE("Can't make %s\n", binary);
return INSTALL_ERROR;
}
bool ok = mzExtractZipEntryToFile(zip, binary_entry, fd);
close(fd);
mzCloseZipArchive(zip);
if (!ok) {
LOGE("Can't copy %s\n", ASSUMED_UPDATE_BINARY_NAME);
return INSTALL_ERROR;
}
int pipefd[2];
pipe(pipefd);
const char** args = (const char**)malloc(sizeof(char*) * 5);
args[0] = binary;
args[1] = EXPAND(RECOVERY_API_VERSION); // defined in Android.mk
char* temp = (char*)malloc(10);
sprintf(temp, "%d", pipefd[1]);
args[2] = temp;
args[3] = (char*)path;
args[4] = NULL;
pid_t pid = fork();
if (pid == 0) {
close(pipefd[0]);
execv(binary, (char* const*)args);
fprintf(stdout, "E:Can't run %s (%s)\n", binary, strerror(errno));
_exit(-1);
}
close(pipefd[1]);
}
(代码有删减)
①ensure_path_mount():先判断所传的update.zip包路径所在的分区是否已经挂载。如果没有则先挂载。
②load_keys():加载公钥源文件,路径位于/res/keys。
③verify_file():对升级包update.zip包进行签名验证。
④mzOpenZipArchive():打开升级包,并将相关的信息拷贝到一个临时的ZipArchinve变量中。这一步并未对我们的update.zip包解压。
⑤try_update_binary():在这个函数中才是对我们的update.zip升级的地方。这个函数一开始先根据我们上一步获得的zip包信息,以及升级包的绝对路径将 update_binary文件拷贝到内存文件系统的/tmp/update_binary中。以便后面使用。
⑥pipe():创建管道,用于下面的子进程和父进程之间的通信。父进子出。
⑦fork():创建子进程。其中的子进程主要负责执行binary(execv(binary,args),即执行我们的安装命令脚本),父进程负责接受子进程发送的命令去更新ui显示(显示当前的进度)。子父进程间通信依靠管道。
⑧其中,在创建子进程后,父进程有两个作用。
一是通过管道接受子进程发送的命令来更新UI显示。
二是等待子进程退出并返回INSTALL SUCCESS。
其中子进程在解析执行安装脚本execv(binary,args)的作用就是去执行binary程序,这个程序的实质就是去解析update.zip包中的updater-script脚本中的命令并执行。由此,Recovery服务就进入了实际安装update.zip包的过程。
补充(updater-scrip)
updater-scrip代码路径位于:
./bootable/recovery/etc/META-INF/com/google/android/updater-scrip
系统升级过程中其实就是执行的这个脚本,根据需求可定制脚本以达到目的
这边会列举几个比较重要的字段:
函数名称: format
函数语法: format(fs_type, partition_type, location)
参数详解: fs_type-----------------字符串,数据为"yaffs2"或 “ext4”
partition_type----------字符串, "MTD"或 “EMMC”
location-----------------字符串,分区(partition) 或驱动器(device)
作用解释: 格式化为指定的文件系统
函数示例: format("ext4”,“EMMC”, “system”);格式化system分区
函数名称: package_extract_file
函数语法: package_extract_file(package_path)或 package_extract_file(package_path, destination_path
参数详解: package_path----------字符串,升级包内要提取的文件
destination_path-------字符串,提取文件的目标目录
作用解释: 提取升级包内的单个文件到指定的目标目录
函数示例: package_extract_file(“my.zip”, “/system”);解压ROM包里的my.zip文件至/system
函数名称: ui_print
函数语法: ui_print(msg1, …, msgN)
参数详解: msg----------------------字符串,要处理过程中输出给用户的信息
作用解释: 在脚本运行的时候,在控制台显示的信息。最少要指定1个参数,你可以指定额外的msg参数,并且它们会连接起来输了
函数示例: ui_print(“It’s ready!”);屏幕打印It’s ready!
函数名称: assert
函数语法: assert(condition)
参数详解: condition---------------boolean
作用解释: 如果condition参数的计算结果为False,则停止脚本执行,否则继续执行脚本
函数示例:
assert(package_extract_file(“boot.img”,"/tmp/boot.img"),write_raw_image("/tmp/boot.img",“boot”),delete("/tmp/boot.img"))
执行package_extract_file,如果不返回错误则执行write_raw_image,如果write_raw_image不出错则执行delete
函数名称: getprop
函数语法: getprop(key)
参数详解: key---------------------字符串,想要系统返回的属性
作用解释: 这个函数是用来返指定的属性的值。它是用来从build.props文件中查询手机的信息的。
总结
recovery定制需要理解BCB原理,以及升级动画定制,升级脚本的定制,后面看看还有什么需要补充的会添加上,此文比较基础,如有需要,请根据系统源码深入研读。