简介
从上一篇文章Zygote进程浅析我们知道Zygote是孵化器,所有其他Dalvik虚拟机进程都是通过zygote孵化(fock)出来的;所以SystemServer进程是由Zygote进程fock(孵化)出来的。SystemServer进程是Android系统的核心之一,大部分Android提供的服务都在该进程中,SystemServer中运行的进程总共有六十多种,主要包括:ActivityManagerService(AMS),WindowManagerService(WMS),PackagManagerService(PMS)等;这些系统服务都是以一个线程的方式存在Systemserver进程中。
SystemServer启动
启动系统服务system_server进程从ZygoteInit.java的main()方法调用forkSystemServer()方法开始,先看看该方法:
private static Runnable forkSystemServer(String abiList, String socketName,
ZygoteServer zygoteServer) {
.....
String args[] = {
"--setuid=1000",
"--setgid=1000",
"--setgroups=1001,1002,1003,1004,1005,1006,1007,1008,1009,1010,1018,1021,1023,1032,3001,3002,3003,3006,3007,3009,3010",
"--capabilities=" + capabilities + "," + capabilities,
"--nice-name=system_server",
"--runtime-args",
"com.android.server.SystemServer",
};
.......
try {
......
/* Request to fork the system server process */
pid = Zygote.forkSystemServer(
parsedArgs.uid, parsedArgs.gid,
parsedArgs.gids,
parsedArgs.runtimeFlags,
null,
parsedArgs.permittedCapabilities,
parsedArgs.effectiveCapabilities);
} catch (IllegalArgumentException ex) {
throw new RuntimeException(ex);
}
.......
if (pid == 0) {
if (hasSecondZygote(abiList)) {
waitForSecondaryZygote(socketName);
}
zygoteServer.closeServerSocket();
return handleSystemServerProcess(parsedArgs);
}
return null;
}
首先设置了system_server进程的uid。gid和groups,然后设置进程的名字为”–nice-name=system_server”。接着调用forkSystemServer()函数来fork一个新的进程,他有两个返回值,一个在当前进程中返回,另一个在新创建的进程中返回,在当前进程中返回值是新创建的pid值,而新创建进程中的返回值是0。
如果pid==0,表示已经进入SystemServer子进程,于是先调用zygoteServer.closeServerSocket()关闭“Zygote”socket,由于Zygote启动过程中创建一个“Zygote”Socket。而系统服务进程system_server也继承了Socket,不用所以close它。接着调用了handleSystemServerProcess()方法:
private static Runnable handleSystemServerProcess(ZygoteConnection.Arguments parsedArgs) {
.......
return ZygoteInit.zygoteInit(parsedArgs.targetSdkVersion, parsedArgs.remainingArgs, cl);
.......
}
主要调用了ZygoteInit.zygoteInit()方法:
public static final Runnable zygoteInit(int targetSdkVersion, String[] argv, ClassLoader classLoader) {
RuntimeInit.redirectLogStreams();
RuntimeInit.commonInit();
ZygoteInit.nativeZygoteInit();
return RuntimeInit.applicationInit(targetSdkVersion, argv, classLoader);
}
zygoteInit()方法主要调用了ZygoteInit.nativeZygoteInit()和RuntimeInit.applicationInit()这两个方法:
- nativeZygoteInit()主要执行Binder驱动程序初始化的相关工作,它调用之后system_server进程就可以进行Binder进程通信(),是个native方法。
- 调用applicationInit()方法主要是为了进入SystemServer.java的main()方法
接下来看看RuntimeInit.applicationInit()方法:
protected static Runnable applicationInit(int targetSdkVersion, String[] argv,
ClassLoader classLoader) {
........
return findStaticMain(args.startClass, args.startArgs, classLoader);
}
private static Runnable findStaticMain(String className, String[] argv,
ClassLoader classLoader) {
Class<?> cl;
try {
cl = Class.forName(className, true, classLoader);
} catch (ClassNotFoundException ex) {
throw new RuntimeException(
"Missing class when invoking static main " + className,
ex);
}
Method m;
try {
m = cl.getMethod("main", new Class[] { String[].class });
} catch (NoSuchMethodException ex) {
..........
return new MethodAndArgsCaller(m, argv);
}
可以看出applicationInit()方法调用findStaticMain()方法,而该方法通过反射获取system-server的main()方法后返回一个MethodAndArgsCaller,这是一个Runnable:
static class MethodAndArgsCaller implements Runnable {
/** method to call */
private final Method mMethod;
/** argument array */
private final String[] mArgs;
public MethodAndArgsCaller(Method method, String[] args) {
mMethod = method;
mArgs = args;
}
public void run() {
try {
mMethod.invoke(null, new Object[] { mArgs });
} catch (IllegalAccessException ex) {
.......
}
}
}
可见通过反射调用main()方法,但返回到哪呢?其实在上面的ZygoteInit类的main()方法中,在创建完system_server后直接调用,如下ZygoteInit类的main()方法代码所示,Runnable类型的r调用r.run()方法:
public static void main(String argv[]) {
......
try {
........
zygoteServer.registerServerSocket(socketName);
.......
preload(bootTimingsTraceLog);
.......
if (startSystemServer) {
Runnable r = forkSystemServer(abiList, socketName, zygoteServer);
// {@code r == null} in the parent (zygote) process, and {@code r != null} in the child (system_server) process.
if (r != null) {
r.run();
return;
}
}
caller = zygoteServer.runSelectLoop(abiList);
} catch (Throwable ex) {
.....
} finally {
zygoteServer.closeServerSocket();
}
if (caller != null) {
caller.run();
}
}
SystemServer fork新进程
Init进程、Zygote进程和SystemServer进程都非常重要,因为任何一个死机否会出现重启。从上面的讲解中可知,SystemServer系统服务的启动从ZygoteInit类的forkSystemServer()方法开始:
private static Runnable forkSystemServer(String abiList, String socketName,
ZygoteServer zygoteServer) {
.....
String args[] = {
"--setuid=1000",
"--setgid=1000",
"--setgroups=1001,1002,1003,1004,1005,1006,1007,1008,1009,1010,1018,1021,1023,1032,3001,3002,3003,3006,3007,3009,3010",
"--capabilities=" + capabilities + "," + capabilities,
"--nice-name=system_server",
"--runtime-args",
"com.android.server.SystemServer",
};
.......
try {
......
/* Request to fork the system server process */
pid = Zygote.forkSystemServer(
parsedArgs.uid, parsedArgs.gid,
parsedArgs.gids,
parsedArgs.runtimeFlags,
null,
parsedArgs.permittedCapabilities,
parsedArgs.effectiveCapabilities);
} catch (IllegalArgumentException ex) {
throw new RuntimeException(ex);
}
.......
if (pid == 0) {
if (hasSecondZygote(abiList)) {
waitForSecondaryZygote(socketName);
}
zygoteServer.closeServerSocket();
return handleSystemServerProcess(parsedArgs);
}
return null;
}
主要调用了两个方法,Zygote.forkSystemServer()和handleSystemServerProcess(),上面讲解了handleSystemServerProcess(),现在主要分析Zygote.forkSystemServer():
public static int forkSystemServer(int uid, int gid, int[] gids, int runtimeFlags,
int[][] rlimits, long permittedCapabilities, long effectiveCapabilities) {
VM_HOOKS.preFork();
// Resets nice priority for zygote process.
resetNicePriority();
int pid = nativeForkSystemServer(
uid, gid, gids, runtimeFlags, rlimits, permittedCapabilities, effectiveCapabilities);
// Enable tracing as soon as we enter the system_server.
if (pid == 0) {
Trace.setTracingEnabled(true);
}
VM_HOOKS.postForkCommon();
return pid;
}
主要调用了nativeForkSystemServer(),这是一个native方法,对应的实现如下:
static jint com_android_internal_os_Zygote_nativeForkSystemServer(
JNIEnv* env, jclass, uid_t uid, gid_t gid, jintArray gids,
jint runtime_flags, jobjectArray rlimits, jlong permittedCapabilities,
jlong effectiveCapabilities) {
pid_t pid = ForkAndSpecializeCommon(env, uid, gid, gids,
runtime_flags, rlimits,
permittedCapabilities, effectiveCapabilities,
MOUNT_EXTERNAL_DEFAULT, NULL, NULL, true, NULL,
NULL, NULL, NULL);
//传入了众多参数来fork一个新的进程
if (pid > 0) {
ALOGI("System server process %d has been created", pid);
gSystemServerPid = pid;
int status;
if (waitpid(pid, &status, WNOHANG) == pid) {
ALOGE("System server process %d has died. Restarting Zygote!", pid);
RuntimeAbort(env, __LINE__, "System server process has died. Restarting Zygote!");
}
}
return pid;
}
主要调用了ForkAndSpecializeCommon()函数:
static pid_t ForkAndSpecializeCommon(......) {
.....
pid_t pid = fork();
......
UnsetSigChldHandler();
......
}
主要调用了两个函数,fork()函数来创建一个新的子进程,接下来看看UnsetSigChldHandler():
static void SetSigChldHandler() {
struct sigaction sa;
memset(&sa, 0, sizeof(sa));
sa.sa_handler = SigChldHandler;
int err = sigaction(SIGCHLD, &sa, NULL);
if (err < 0) {
ALOGW("Error setting SIGCHLD handler: %s", strerror(errno));
}
}
SetSigChldHandler()设置了信号处理函数SigChldHandler,意思是子进程死亡之后,就会产生一个信号,Zygote进程受到该信号之后就会调用SigChldHandler()处理异常:
static void SigChldHandler(int /*signal_number*/) {
pid_t pid;
int status;
int saved_errno = errno;
while ((pid = waitpid(-1, &status, WNOHANG)) > 0) {
........
if (pid == gSystemServerPid) {
kill(getpid(), SIGKILL);
}
}
变量gSystemServerPid表示SystemServer进程的pid,若SystemServer进程停止工作,那么首先通过getpid()来获取Zygote进程的pid,然后调用kill函数杀死它,即SystemServer停止工作之后,Zygote进程自杀,已达到Zygote与SystemServer生死与共的目的。在Init进程的main()函数中有一个死循环,如果它的子进程Zygote停止工作,就会去重启子进程,代码如下:
int main(int argc,char** argv){
......
while(true){
if(!waiting_for_exec){
execute_one_command();
restart_processes();
//重启死掉的service,如果zygote死掉了,就重启Zygote。
.......
}
}
}
SystemServer创建框架核心服务
当SystemServer启动之后,就会进入main()方法,又在它的main()方法中调用run()方法。Android系统的核心服务AMS、WMS、PMS等就是在run()方法里进行创建和初始化的,当它们创建之后,会通过ServiceManager的add_server()方法把它们加入到ServiceManager中统一管理。
public final class SystemServer {
.......
public static void main(String[] args) {
new SystemServer().run();
}
......
private void run() {
.....
Looper.prepareMainLooper();
//创建消息队列
System.loadLibrary("android_servers");
//加载SystemServer需要的android_servers库
createSystemContext();
//创建系统Context
......
startBootstrapServices();
startCoreServices();
startOtherServices();
//这三个方法是创建系统核心服务的实现
Looper.loop();
//进入消息循环,不止是应用程序有消息队列,SystemServer也有
}
}
run()方法主要调用了三个重要的方法,在这三个方法中创建和初始化了重要的系统服务,如AMS、WMS、PMS等等。