源码版本:Android12
1. Android启动流程
2. Init进程启动
2.1 Init进程启动关键
- 入口:system/core/init.cpp
- 属性服务初始化,启动
- Signal信号监听子进程异常退出
- Init.rc文件解析:rc文件解析详解,待编辑
- Init.rc 解析后执行
2.2 Init入口类:system/core/init.cpp
入口函数:SecondStageMain
int SecondStageMain(int argc, char** argv) {
// .......省略启动流程非关键代码.......//
// 1. bootloader需要重启的信号通知
if (REBOOT_BOOTLOADER_ON_PANIC) {
InstallRebootSignalHandlers();
}
// 2. 底层日志打印库初始化
InitKernelLogging(argv);
// 3. 初始化属性服务
PropertyInit();
// 4. 子进程信号处理函数:子进程异常退出,Init进程根据信号设置进行处理。Signal是Linux下的进程通信方式
InstallSignalFdHandler(&epoll);
// 5. 启动属性服务
StartPropertyService(&property_fd);
// 6. 解析.rc 配置文件
// 6.1 用于管理 'on' 内容,放入队列中
ActionManager& am = ActionManager::GetInstance();
// 6.2 保存所有 service
ServiceList& sm = ServiceList::GetInstance();
LoadBootScripts(am, sm);
while(true){
if (!(prop_waiter_state.MightBeWaiting() || Service::is_exec_service_running())) {
// 7. 执行 on, 出队
am.ExecuteOneCommand();
}
}
return 0;
}
2.3 启动流程重点:注释6处的LoadBootScripts
static void LoadBootScripts(ActionManager& action_manager, ServiceList& service_list) {
// 1. 创建Parser解析对象,
// 2. 将service,on,import 交给对应parse解析管理,后面讲解rc文件的时候会解析源码
Parser parser = CreateParser(action_manager, service_list);
std::string bootscript = GetProperty("ro.boot.init_rc", "");
if (bootscript.empty()) {
// 2. 解析 /system/etc/init 文件
parser.ParseConfig("/system/etc/init/hw/init.rc");
if (!parser.ParseConfig("/system/etc/init")) {
late_import_paths.emplace_back("/system/etc/init");
}
// late_import is available only in Q and earlier release. As we don't
// have system_ext in those versions, skip late_import for system_ext.
parser.ParseConfig("/system_ext/etc/init");
if (!parser.ParseConfig("/vendor/etc/init")) {
late_import_paths.emplace_back("/vendor/etc/init");
}
if (!parser.ParseConfig("/odm/etc/init")) {
late_import_paths.emplace_back("/odm/etc/init");
}
if (!parser.ParseConfig("/product/etc/init")) {
late_import_paths.emplace_back("/product/etc/init");
}
} else {
parser.ParseConfig(bootscript);
}
}
2.4 init.rc:配置文件较8.0 有一定差别
# 1. init 初始化:挂载文件目录、配置目录权限、启动serviceManager(跟系统服务(AMS、PMS等)相关)
# 1. SurfaceFlinger服务(Window相关)
119 on init
120
447 # Start essential services.
448 start servicemanager
449 start hwservicemanager
450 start vndservicemanager
# 2. 系统文件挂在后:执行zygote-start
468 on late-init
496 trigger zygote-start
499 trigger firmware_mounts_complete
500
501 trigger early-boot
502 trigger boot
# 3. zygote-start action的内容
948 on zygote-start && property:ro.crypto.state=unencrypted
949 wait_for_prop odsign.verification.done 1
951 exec_start update_verifier_nonencrypted
952 start statsd
953 start netd
954 start zygote
# zygote_secondary 为zygote 备用action,一般是64的备用32位,或者反过来
955 start zygote_secondary
# 4. zygote cmd执行配置
1086 on nonencrypted
# 5. main: Zygote执行入口
1087 class_start main
# 6. late_start:对应system/core/init/builtins.cpp的do_class_start,用于启动Zygote进行
1088 class_start late_start
3. Zygote进程启动
3.1 Zygote进程启动关键
- init.zygote***.rc解析
- 入口:frameworks\base\cmds\app_process\app_main.cpp->main()
- Zygote Native:AndroidRuntime.cpp 源码解析
- Zygote Java:ZygoteInit.java 源码解析
3.2 init.zygote64.rc:此处解析zygote64.rc
# 1.1 进程名称 zygote
# 1.2 执行程序 app_process64
# 1.3 参数:start-system-server socket-name=zygote
service zygote /system/bin/app_process64 -Xzygote /system/bin --zygote --start-system-server --socket-name=zygote
# 2.1 classname:main
# 2.2 audioserver 、cameraserver、media、wificond、netd等进程终止,需要restart
class main
priority -20
user root
group root readproc reserved_disk
socket zygote stream 660 root system
socket usap_pool_primary stream 660 root system
onrestart exec_background - system system -- /system/bin/vdc volume abort_fuse
onrestart write /sys/power/state on
onrestart restart audioserver
onrestart restart cameraserver
onrestart restart media
onrestart restart netd
onrestart restart wificond
task_profiles ProcessCapacityHigh MaxPerformance
critical window=${zygote.critical_window.minute:-off} target=zygote-fatal
3.3 执行程序对应类:frameworks\base\cmds\app_process\app_main.cpp
int main(int argc, char* const argv[])
{
// 1. 创建AppRuntime
AppRuntime runtime(argv[0], computeArgBlockSize(argc, argv));
bool zygote = false;
bool startSystemServer = false;
while (i < argc) {
const char* arg = argv[i++];
// 2. 当前在Zygote进程
if (strcmp(arg, "--zygote") == 0) {
zygote = true;
niceName = ZYGOTE_NICE_NAME;
} else if (strcmp(arg, "--start-system-server") == 0) {
// 3. 当前在system-server进程
startSystemServer = true;
} else if (strcmp(arg, "--application") == 0) {
// 4. 当前在Application进程
application = true;
}
}
// 当前在zygote进程
if (zygote) {
// 5. runtime.start com.android.internal.os.ZygoteInit
runtime.start("com.android.internal.os.ZygoteInit", args, zygote);
} else if (className) {
// 6. runtime.start com.android.internal.os.RuntimeInit
runtime.start("com.android.internal.os.RuntimeInit", args, zygote);
}
}
3.4 AndroidRuntime.cpp
3.4.1 AndroidRuntime.cpp 源码解析
AppRuntime是AndroidRuntime子类,start函数由AndroidRuntime实现
入口函数:start
//.......省略非关键代码.......
void AndroidRuntime::start(const char* className, const Vector<String8>& options, bool zygote)
{
static const String8 startSystemServer("start-system-server");
// 1. 当前默认为Zygote进程
bool primary_zygote = false;
for (size_t i = 0; i < options.size(); ++i) {
if (options[i] == startSystemServer) {
// 2. 如果取到start-system-server,当前为SystemServer进程
primary_zygote = true;
}
}
/* start the virtual machine */
JniInvocation jni_invocation;
jni_invocation.Init(NULL);
JNIEnv* env;
// 3. 启动虚拟机
if (startVm(&mJavaVM, &env, zygote, primary_zygote) != 0) {
return;
}
onVmCreated(env);
// 4. 为虚拟机注册JNI方法(JNI的动态注册)
if (startReg(env) < 0) {
ALOGE("Unable to register all android natives\n");
return;
}
// 5. className:Zygote进程(“com.android.Internal.os.Zygoteinit”)
classNameStr = env->NewStringUTF(className);
assert(classNameStr != NULL);
env->SetObjectArrayElement(strArray, 0, classNameStr);
for (size_t i = 0; i < options.size(); ++i) {
jstring optionsStr = env->NewStringUTF(options.itemAt(i).string());
assert(optionsStr != NULL);
env->SetObjectArrayElement(strArray, i + 1, optionsStr);
}
// 6. 替换className "." 为 "/"
char* slashClassName = toSlashClassName(className != NULL ? className : "");
jclass startClass = env->FindClass(slashClassName);
if (startClass == NULL) {
// 6.1 未找到当前java类
} else {
// 6.2 获取当前Java类的main函数
jmethodID startMeth = env->GetStaticMethodID(startClass, "main",
"([Ljava/lang/String;)V");
if (startMeth == NULL) {
// 6.3 未找到main函数
} else {
// 6.4 JNI 调用Java类的main函数:RuntimeInit.java->main()
env->CallStaticVoidMethod(startClass, startMeth, strArray);
}
}
}
3.4.2 ZygoteInit.java 源码解析
public static void main(String[] argv) {
Runnable caller;
try {
boolean startSystemServer = false;
String zygoteSocketName = "zygote";
String abiList = null;
boolean enableLazyPreload = false;
for (int i = 1; i < argv.length; i++) {
if ("start-system-server".equals(argv[i])) {
startSystemServer = true;
} else if ("--enable-lazy-preload".equals(argv[i])) {
enableLazyPreload = true;
} else if (argv[i].startsWith(ABI_LIST_ARG)) {
abiList = argv[i].substring(ABI_LIST_ARG.length());
} else if (argv[i].startsWith(SOCKET_NAME_ARG)) {
zygoteSocketName = argv[i].substring(SOCKET_NAME_ARG.length());
} else {
throw new RuntimeException("Unknown command line argument: " + argv[i]);
}
}
if (!enableLazyPreload) {
bootTimingsTraceLog.traceBegin("ZygotePreload");
// 1. 预加载类、资源(主题、ClassLoader:PathClassLoader、DexClassLoader等)
preload(bootTimingsTraceLog);
bootTimingsTraceLog.traceEnd(); // ZygotePreload
}
// 2. 创建SocketServer
zygoteServer = new ZygoteServer(isPrimaryZygote);
if (startSystemServer) {
// 3. Fork SystemServer进程,并启动,此Runnable为 RuntimeInit.java->MethodAndArgsCaller 对象,用于通过反射调用SystemServer入口main
Runnable r = forkSystemServer(abiList, zygoteSocketName, zygoteServer);
// 4. 当前如果在子进程,此判断成立,调用SystemServer.java->main函数
if (r != null) {
r.run();
return;
}
}
// 5. Zygote SocketServer 循环等待AMS的请求
caller = zygoteServer.runSelectLoop(abiList);
} catch (Throwable ex) {
Log.e(TAG, "System zygote died with fatal exception", ex);
throw ex;
} finally {
if (zygoteServer != null) {
zygoteServer.closeServerSocket();
}
}
if (caller != null) {
caller.run();
}
}
4. SystemServer进程启动
4.1 SystemServer进程启动关键
- 创建入口:ZygoteInit.java->forkSystemServer()源码解析
- 处理入口:forkSystemServer()->handleSystemServerProcess()源码解析,多于参数处理
- 入口调用:handleSystemServerProcess()->ZygoteInit.zygoteInit()->
RuntimeInit.applicationInit()->findStaticMain()
->new MethodAndArgsCaller(m, argv); // 反射调用 com.android.server.SystemServer->main() - 入口:com.android.server.SystemServer->main() 解析,本节不做讲解
4.1 入口:ZygoteInit.java 源码解析
4.1.1 forkSystemServer() 解析
private static Runnable forkSystemServer(String abiList, String socketName,
ZygoteServer zygoteServer) {
// 1.SystemServer 启动参数 用户id,用户组id;所拥有的用户组,进程名system_server
// 入口启动类: com.android.server.SystemServer
long capabilities = posixCapabilitiesAsBits(
OsConstants.CAP_IPC_LOCK,
OsConstants.CAP_KILL,
OsConstants.CAP_NET_ADMIN,
OsConstants.CAP_NET_BIND_SERVICE,
OsConstants.CAP_NET_BROADCAST,
OsConstants.CAP_NET_RAW,
OsConstants.CAP_SYS_MODULE,
OsConstants.CAP_SYS_NICE,
OsConstants.CAP_SYS_PTRACE,
OsConstants.CAP_SYS_TIME,
OsConstants.CAP_SYS_TTY_CONFIG,
OsConstants.CAP_WAKE_ALARM,
OsConstants.CAP_BLOCK_SUSPEND
);
String[] args = {
"--setuid=1000",
"--setgid=1000",
"--setgroups=1001,1002,1003,1004,1005,1006,1007,1008,1009,1010,1018,1021,1023,"
+ "1024,1032,1065,3001,3002,3003,3006,3007,3009,3010,3011",
"--capabilities=" + capabilities + "," + capabilities,
"--nice-name=system_server",
"--runtime-args",
"--target-sdk-version=" + VMRuntime.SDK_VERSION_CUR_DEVELOPMENT,
"com.android.server.SystemServer",
};
ZygoteArguments parsedArgs;
int pid;
try {
ZygoteCommandBuffer commandBuffer = new ZygoteCommandBuffer(args);
try {
parsedArgs = ZygoteArguments.getInstance(commandBuffer);
} catch (EOFException e) {
throw new AssertionError("Unexpected argument error for forking system server", e);
}
commandBuffer.close();
Zygote.applyDebuggerSystemProperty(parsedArgs);
Zygote.applyInvokeWithSystemProperty(parsedArgs);
// 2. Fork SystemServer进程
pid = Zygote.forkSystemServer(
parsedArgs.mUid, parsedArgs.mGid,
parsedArgs.mGids,
parsedArgs.mRuntimeFlags,
null,
parsedArgs.mPermittedCapabilities,
parsedArgs.mEffectiveCapabilities);
} catch (IllegalArgumentException ex) {
throw new RuntimeException(ex);
}
// 3. pid ==0 :当前在子进程fork的。如果父进程fork子进程,当前pid会返回子进程的pid
if (pid == 0) {
if (hasSecondZygote(abiList)) {
waitForSecondaryZygote(socketName);
}
// 4. 关闭了zygoteServerSocket:此ServerSocket值用于Zygote进程等待AMS请求
zygoteServer.closeServerSocket();
// 5. 处理SystemServer进程
return handleSystemServerProcess(parsedArgs);
}
return null;
}
4.1.2 forkSystemServer() 解析
private static Runnable handleSystemServerProcess(ZygoteArguments parsedArgs) {
if (parsedArgs.mInvokeWith != null) {
String[] args = parsedArgs.mRemainingArgs;
// If we have a non-null system server class path, we'll have to duplicate the
// existing arguments and append the classpath to it. ART will handle the classpath
// correctly when we exec a new process.
if (systemServerClasspath != null) {
String[] amendedArgs = new String[args.length + 2];
amendedArgs[0] = "-cp";
amendedArgs[1] = systemServerClasspath;
System.arraycopy(args, 0, amendedArgs, 2, args.length);
args = amendedArgs;
}
WrapperInit.execApplication(parsedArgs.mInvokeWith,
parsedArgs.mNiceName, parsedArgs.mTargetSdkVersion,
VMRuntime.getCurrentInstructionSet(), null, args);
throw new IllegalStateException("Unexpected return from WrapperInit.execApplication");
} else {
// 1. 获取并创建ClassLoader
ClassLoader cl = getOrCreateSystemServerClassLoader();
if (cl != null) {
Thread.currentThread().setContextClassLoader(cl);
}
// 2. 传递剩余参数给SystemServer
return ZygoteInit.zygoteInit(parsedArgs.mTargetSdkVersion,
parsedArgs.mDisabledCompatChanges,
parsedArgs.mRemainingArgs, cl);
}
}
4.1.3 ZygoteInit.zygoteInit() 解析
public static Runnable zygoteInit(int targetSdkVersion, long[] disabledCompatChanges,
String[] argv, ClassLoader classLoader) {
RuntimeInit.commonInit();
// 1. 启动Binder线程池
ZygoteInit.nativeZygoteInit();
// 2. 进入SystemServer main函数:com.android.server.SystemServer->main()
return RuntimeInit.applicationInit(targetSdkVersion, disabledCompatChanges, argv,
classLoader);
}
4.1.4 RuntimeInit.applicationInit()源码解析
protected static Runnable applicationInit(int targetSdkVersion, long[] disabledCompatChanges,
String[] argv, ClassLoader classLoader) {
return findStaticMain(args.startClass, args.startArgs, classLoader);
}
protected static Runnable findStaticMain(String className, String[] argv,
ClassLoader classLoader) {
Class<?> cl;
// 1. 使用PathClassLoader 类加载器获取SystemServer Class
try {
cl = Class.forName(className, true, classLoader);
} catch (ClassNotFoundException ex) {
throw new RuntimeException(
"Missing class when invoking static main " + className,
ex);
}
Method m;
try {
// 2. 通过反射获取SystemServer main函数
m = cl.getMethod("main", new Class[] { String[].class });
} catch (NoSuchMethodException ex) {
throw new RuntimeException(
"Missing static main on " + className, ex);
} catch (SecurityException ex) {
throw new RuntimeException(
"Problem getting static main on " + className, ex);
}
int modifiers = m.getModifiers();
if (! (Modifier.isStatic(modifiers) && Modifier.isPublic(modifiers))) {
throw new RuntimeException(
"Main method is not public and static on " + className);
}
return new MethodAndArgsCaller(m, argv);
}
static class MethodAndArgsCaller implements Runnable {
/** method to call */
private final Method mMethod;
/** argument array */
private final String[] mArgs;
public MethodAndArgsCaller(Method method, String[] args) {
mMethod = method;
mArgs = args;
}
public void run() {
try {
// 1. 调用SystemServer main函数
mMethod.invoke(null, new Object[] { mArgs });
} catch (IllegalAccessException ex) {
throw new RuntimeException(ex);
} catch (InvocationTargetException ex) {
Throwable cause = ex.getCause();
if (cause instanceof RuntimeException) {
throw (RuntimeException) cause;
} else if (cause instanceof Error) {
throw (Error) cause;
}
throw new RuntimeException(ex);
}
}
}
参考文章:《Android进阶解密》作者:刘望舒 ↩︎
目的:分享,梳理,记忆 ↩︎
转载请注明出处,联系方式:elviswong@aliyun.com ↩︎