无锡网站制作哪家正规什么推广方法是有效果的
首语
init进程是Android系统中用户空间的第一个进程,进程号为1,是Android系统启动的一个关键步骤,作为第一个进程,它的主要工作是创建Zygote和启动属性服务等。init进程是由多个源文件共同组成的,源码目录在system/core/init中。
源码分析
main(入口函数)
Linux内核加载完成后,在系统文件中寻找init.rc文件,并启动init进程。init进程的入口函数main。
源码路径:system/core/init/main.cpp
main函数根据参数分别执行:
ueventd_main
。init进程创建子进程ueventd,并将创建设备节点文件的工作交给veventd。veventd通过两种方式创建设备节点文件(冷启动和热启动)。FirstStageMain
。启动第一阶段。SubcontextMain
。初始化日志系统。SetupSelinux
。加载Selinux规则,并设置Selinux日志,完成Selinux相关工作。SecondStageMain
。启动第二阶段。
int main(int argc, char** argv) {
#if __has_feature(address_sanitizer)__asan_set_error_report_callback(AsanReportCallback);
#elif __has_feature(hwaddress_sanitizer)__hwasan_set_error_report_callback(AsanReportCallback);
#endif// Boost prio which will be restored latersetpriority(PRIO_PROCESS, 0, -20);//当arg[0]的内容是"ueventd",strcmp的值为0,!strcmp的值为1,执行ueventd_main。veventd主要进行设备节点的创建、权限设置工作if (!strcmp(basename(argv[0]), "ueventd")) {return ueventd_main(argc, argv);}//当传入的参数个数大于1if (argc > 1) {//参数为"subcontext",初始化日志系统if (!strcmp(argv[1], "subcontext")) {android::base::InitLogging(argv, &android::base::KernelLogger);const BuiltinFunctionMap& function_map = GetBuiltinFunctionMap();return SubcontextMain(argc, argv, &function_map);}//参数为"selinux_setup",启动Selinux安全策略if (!strcmp(argv[1], "selinux_setup")) {return SetupSelinux(argv);}//参数为"second_stage",启动init进程第二阶段if (!strcmp(argv[1], "second_stage")) {return SecondStageMain(argc, argv);}}//默认启动init进程第一阶段return FirstStageMain(argc, argv);
}
ueventd(节点创建)
ueventd_main
负责节点创建。
源码路径:system/core/init/ueventd.cpp
ueventd进程通过两种方式创建设备节点文件:
- 冷启动。统一创建好的文件节点如cpu频率等。
- 热启动。动态创建的节点如usb插拔等。
int ueventd_main(int argc, char** argv) {//创建的文件没有权限限制umask(000);android::base::InitLogging(argv, &android::base::KernelLogger);LOG(INFO) << "ueventd started!";SelinuxSetupKernelLogging();SelabelInitialize();std::vector<std::unique_ptr<UeventHandler>> uevent_handlers;auto ueventd_configuration = GetConfiguration();uevent_handlers.emplace_back(std::make_unique<DeviceHandler>(std::move(ueventd_configuration.dev_permissions),std::move(ueventd_configuration.sysfs_permissions),std::move(ueventd_configuration.subsystems), android::fs_mgr::GetBootDevices(), true));uevent_handlers.emplace_back(std::make_unique<FirmwareHandler>(std::move(ueventd_configuration.firmware_directories),std::move(ueventd_configuration.external_firmware_handlers)));//enable_modalias_handling=true,创建一个新的ModaliasHandler对象并添加到uevent_handlers中if (ueventd_configuration.enable_modalias_handling) {std::vector<std::string> base_paths = {"/odm/lib/modules", "/vendor/lib/modules"};uevent_handlers.emplace_back(std::make_unique<ModaliasHandler>(base_paths));}UeventListener uevent_listener(ueventd_configuration.uevent_socket_rcvbuf_size);//kColdBootDoneProp=false,冷启动if (!android::base::GetBoolProperty(kColdBootDoneProp, false)) {ColdBoot cold_boot(uevent_listener, uevent_handlers,ueventd_configuration.enable_parallel_restorecon,ueventd_configuration.parallel_restorecon_dirs);cold_boot.Run();}for (auto& uevent_handler : uevent_handlers) {uevent_handler->ColdbootDone();}// We use waitpid() in ColdBoot, so we can't ignore SIGCHLD until now.signal(SIGCHLD, SIG_IGN);// Reap and pending children that exited between the last call to waitpid() and setting SIG_IGN// for SIGCHLD above.while (waitpid(-1, nullptr, WNOHANG) > 0) {}// Restore prio before main loop//监听驱动的热插拔处理setpriority(PRIO_PROCESS, 0, 0);uevent_listener.Poll([&uevent_handlers](const Uevent& uevent) {for (auto& uevent_handler : uevent_handlers) {uevent_handler->HandleUevent(uevent);}return ListenerAction::kContinue;});return 0;
}} // namespace init
} // namespace android
FirstStageMain(启动第一阶段)
init进程第一阶段主要进行挂载分区、创建设备节点和一些关键目录、初始化日志输出系统、启用Selinux安全策略。
源码路径:system/core/init/first_stage_init.cpp
挂载了tmpsfs、devpts、proc、sysfs和selinuxfs五种文件系统,这些都是系统运行时目录,系统停止时会消失。
挂载mnt和tmpfs,分别创建vendor和product目录。
CHECKCALL(mount("tmpfs", "/dev", "tmpfs", MS_NOSUID, "mode=0755"));CHECKCALL(mount("devpts", "/dev/pts", "devpts", 0, NULL));CHECKCALL(mount("proc", "/proc", "proc", 0, "hidepid=2,gid=" MAKE_STR(AID_READPROC)));CHECKCALL(mount("sysfs", "/sys", "sysfs", 0, NULL));CHECKCALL(mount("selinuxfs", "/sys/fs/selinux", "selinuxfs", 0, NULL));
启动init进程,根据main函数,传入参数selinux_setup,执行SetupSelinux函数。
const char* path = "/system/bin/init";const char* args[] = {path, "selinux_setup", nullptr};auto fd = open("/dev/kmsg", O_WRONLY | O_CLOEXEC);dup2(fd, STDOUT_FILENO);dup2(fd, STDERR_FILENO);close(fd);execv(path, const_cast<char**>(args));// execv() only returns if an error happened, in which case we// panic and never fall through this conditional.PLOG(FATAL) << "execv(\"" << path << "\") failed";return 1;
SetupSelinux(加载Selinux)
SetupSelinux主要做了初始化Selinux、加载Selinux并启动。
源码路径:system/core/init/selinux.cpp
SelinuxSetupKernelLogging();LOG(INFO) << "Opening SELinux policy";PrepareApexSepolicy();// Read the policy before potentially killing snapuserd.std::string policy;ReadPolicy(&policy);CleanupApexSepolicy();auto snapuserd_helper = SnapuserdSelinuxHelper::CreateIfNeeded();if (snapuserd_helper) {// Kill the old snapused to avoid audit messages. After this we cannot// read from /system (or other dynamic partitions) until we call// FinishTransition().snapuserd_helper->StartTransition();}LoadSelinuxPolicy(policy);
传入参数second_stage,执行main函数,匹配参数执行SecondStageMain函数。
const char* path = "/system/bin/init";const char* args[] = {path, "second_stage", nullptr};execv(path, const_cast<char**>(args));// execv() only returns if an error happened, in which case we// panic and never return from this function.PLOG(FATAL) << "execv(\"" << path << "\") failed";return 1;
SecondStageMain(启动第二阶段)
启动第二阶段主要做了初始化属性系统、解析Selinux的匹配路径、处理子进程终止信号、启动系统属性服务、解析init.rc文件等。
代码路径:system/core/init/init.cpp
int SecondStageMain(int argc, char** argv) { //初始化属性服务配置PropertyInit();...//子进程信号处理函数,如果子进程异常退出,init进程会调用该函数设定的信号处理函数进行处理InstallSignalFdHandler(&epoll);//启动属性服务StartPropertyService(&property_fd);...ActionManager& am = ActionManager::GetInstance();ServiceList& sm = ServiceList::GetInstance();//解析各个目录下的init.rcLoadBootScripts(am, sm);...//重启终止进程auto next_process_action_time = HandleProcessActions();
}static void InstallSignalFdHandler(Epoll* epoll) {...auto handler = std::bind(HandleSignalFd, false);...
}
static void HandleSignalFd(bool one_off) {...switch (siginfo.ssi_signo) {case SIGCHLD://找到终止进程服务并移除。system/core/init/sigchld_handler.cppReapAnyOutstandingChildren();break;...}
}static void LoadBootScripts(ActionManager& action_manager, ServiceList& service_list) {Parser parser = CreateParser(action_manager, service_list);std::string bootscript = GetProperty("ro.boot.init_rc", "");if (bootscript.empty()) {//解析init.rc配置文件parser.ParseConfig("/system/etc/init/hw/init.rc");if (!parser.ParseConfig("/system/etc/init")) {late_import_paths.emplace_back("/system/etc/init");}// late_import is available only in Q and earlier release. As we don't// have system_ext in those versions, skip late_import for system_ext.parser.ParseConfig("/system_ext/etc/init");if (!parser.ParseConfig("/vendor/etc/init")) {late_import_paths.emplace_back("/vendor/etc/init");}if (!parser.ParseConfig("/odm/etc/init")) {late_import_paths.emplace_back("/odm/etc/init");}if (!parser.ParseConfig("/product/etc/init")) {late_import_paths.emplace_back("/product/etc/init");}} else {parser.ParseConfig(bootscript);}
}Parser CreateParser(ActionManager& action_manager, ServiceList& service_list) {Parser parser;parser.AddSectionParser("service", std::make_unique<ServiceParser>(&service_list, GetSubcontext(), std::nullopt));parser.AddSectionParser("on", std::make_unique<ActionParser>(&action_manager, GetSubcontext()));parser.AddSectionParser("import", std::make_unique<ImportParser>(&parser));return parser;
}
属性服务
Windows有一个注册表管理器,内容采用键值对来记录用户、软件使用信息。即使软件或系统重启,还能根据之前注册表的记录,进行相应的初始化工作,Android提供一个类似的机制,称为属性服务。
init进程启动属性服务并分配内存,存储这些属性,需要直接读取。
源码路径:system/core/init/property_service.cpp
void PropertyInit() {...CreateSerializedPropertyInfo();//__system_property_area_init() 初始化属性内存区域if (__system_property_area_init()) {LOG(FATAL) << "Failed to initialize property area";}if (!property_info_area.LoadDefaultPath()) {LOG(FATAL) << "Failed to load serialized property info file";}...
}void StartPropertyService(int* epoll_socket) {InitPropertySet("ro.property_service.version", "2");int sockets[2];if (socketpair(AF_UNIX, SOCK_SEQPACKET | SOCK_CLOEXEC, 0, sockets) != 0) {PLOG(FATAL) << "Failed to socketpair() between property_service and init";}*epoll_socket = from_init_socket = sockets[0];init_socket = sockets[1];StartSendingMessages();//创建非阻塞的socketif (auto result = CreateSocket(PROP_SERVICE_NAME, SOCK_STREAM | SOCK_CLOEXEC | SOCK_NONBLOCK,false, 0666, 0, 0, {});result.ok()) {property_set_fd = *result;} else {LOG(FATAL) << "start_property_service socket creation failed: " << result.error();}//监听property_set_fd,socket变为server,成为属性服务。属性服务最多同时为8个设置属性的用户提供服务。listen(property_set_fd, 8);auto new_thread = std::thread{PropertyServiceThread};property_service_thread.swap(new_thread);
}static void PropertyServiceThread() {Epoll epoll;if (auto result = epoll.Open(); !result.ok()) {LOG(FATAL) << result.error();}//Epoll是Linux内核为处理大批量文件描述符而作的改进。它是多路复用IO接口select/poll的增强版本,能显著提高程序在大量并发连接中只有少量活跃的情况下的系统CPU利用率。保存数据类型是红黑树,查找速度快。//epoll监听property_set_fd,当property_set_fd有数据时,调用handle_property_set_fd函数处理if (auto result = epoll.RegisterHandler(property_set_fd, handle_property_set_fd);!result.ok()) {LOG(FATAL) << result.error();}...
}static void handle_property_set_fd() {...switch (cmd) {case PROP_MSG_SETPROP: {...//封装处理uint32_t result =HandlePropertySet(prop_name, prop_value, source_context, cr, nullptr, &error);...break;}}
uint32_t HandlePropertySet(const std::string& name, const std::string& value,const std::string& source_context, const ucred& cr,SocketConnection* socket, std::string* error) {...//属性名称以"ctl."开头,为控制属性if (StartsWith(name, "ctl.")) {//设置控制属性return SendControlMessage(name.c_str() + 4, value, cr.pid, socket, error);}//特殊属性sys.powerctl,可使设备重新启动。// sys.powerctl is a special property that is used to make the device reboot. We want to log// any process that sets this property to be able to accurately blame the cause of a shutdown.if (name == "sys.powerctl") {...}...//普通属性return PropertySet(name, value, error);
}static uint32_t PropertySet(const std::string& name, const std::string& value, std::string* error) {...//判断属性是否合法,实现规则在sytem/core/init/util.cppif (!IsLegalPropertyName(name)) {*error = "Illegal property name";return PROP_ERROR_INVALID_NAME;}if (auto result = IsLegalPropertyValue(name, value); !result.ok()) {*error = result.error().message();return PROP_ERROR_INVALID_VALUE;}//从属性存储空间查找该属性prop_info* pi = (prop_info*) __system_property_find(name.c_str());//如果属性存在if (pi != nullptr) {//属性名称以"ro."开头,则表示只读,不能修改,直接返回// ro.* properties are actually "write-once".if (StartsWith(name, "ro.")) {*error = "Read-only property was already set";return PROP_ERROR_READ_ONLY_PROPERTY;}//属性存在,更新属性值__system_property_update(pi, value.c_str(), valuelen);} else {int rc = __system_property_add(name.c_str(), name.size(), value.c_str(), valuelen);//属性不存在,添加属性if (rc < 0) {*error = "__system_property_add failed";return PROP_ERROR_SET_FAILED;}}//属性名称以"persist."开头,可写。// Don't write properties to disk until after we have read all default// properties to prevent them from being overwritten by default values.if (persistent_properties_loaded && StartsWith(name, "persist.")) {WritePersistentProperty(name, value);}// If init hasn't started its main loop, then it won't be handling property changed messages// anyway, so there's no need to try to send them.auto lock = std::lock_guard{accept_messages_lock};if (accept_messages) {PropertyChanged(name, value);}return PROP_SUCCESS;
}
Android系统属性分为普通属性和控制属性两种。
普通属性是用于描述设备或系统的某些特定信息,例如手机厂商、型号等。这些属性通常以特定的字符串作为前缀,例如"ro"、“persist” 等。
控制属性是用于执行某些命令的属性,例如启动或关闭某个服务。这些属性通常以"ctl.“作为前缀,例如"ctl.start”、"ctl.stop"等。
通过adb setprop/getprop命令,可以在Android系统中查看和设置系统属性。
adb shell setprop [key] [value]
adb shell getprop [prop_name [default]]
Android系统属性配置文件主要是***/default.prop和/system/build.prop***两个文件。
/default.prop文件位于/default.prop,包含了一些默认的系统属性,如ro.sf.cpu_name、ro.product.model等。
/system/build.prop文件位于/system/build.prop,包含了系统的一些详细配置信息,如ro.product.name、ro.product.cpu_abi等。
子进程信号处理
InstallSignalFdHandler函数用于设置子进程信号处理函数。主要防止init进程的子进程成为僵尸进程,为了防止僵尸进程出现,系统会在子进程暂停和终止的时候发出SIGCHLD 信号,InstallSignalFdHandler函数就是用来接收SIGCHLD 信号的(内部只处理进程终止的SIGCHLD 信号)。
假设init进程的某个子进程终止了,InstallSignalFdHandler函数调用HandleSignalFd函数,层层调用处理,找到终止的子进程服务并移除它。再重启子进程服务的启动脚本中带有onrestart的服务。
僵尸进程
在Unix/Linux中,父进程fork创建子进程,在子进程终止后,如果父进程不知道子进程已经终止了,这时子进程虽然退出了,但是系统进程表还保留它的信息,这个子进程就被称为僵尸进程。系统进程表是有限资源,如果系统进程表被僵尸进程耗尽的话,就不能创建新的进程了。
这里着重说明下fork。fork用于创建一个子进程(复制调用fork进程的堆栈等信息),它与原进程(调用fork进程)同时运行,原进程称为父进程。fork不需要参数并返回一个返回值。
- 负值:创建子进程失败
- 零:返回到新创建的子进程
- 正值:返回父进程,该值包含创建子进程的进程ID
源码路径:system/core/init/sigchld_handler.cpp
void ReapAnyOutstandingChildren() {while (ReapOneProcess() != 0) {}
}static pid_t ReapOneProcess() {...//找到服务service = ServiceList::GetInstance().FindService(pid, &Service::pid);...//移除服务ServiceList::GetInstance().RemoveService(*service);...
}
解析init.rc
init.rc是Android初始化语言(Android Init Language)编写的脚本,这种语言主要包含五种类型语句:Action、Command、Service、Option和Import。
以system/core/rootdir/init.rc文件为例。
on initsysclktz 0
...
service ueventd /sbin/ueventdclass core
...
on init 是Action类型的语句,格式如下:
on <trigger> [&& <trigger>]* //设置触发器<command><command> //动作出发要执行的命令
service ueventd /sbin/ueventd是Service类型的语句,格式如下:
service <name> <pathname> [ <argument> ]* //<service name><执行程序路径><传递参数><option> //option是service的修饰词,影响什么时候,如何启动service<option>
每个服务对应一个rc文件,基本都被加载到/system/etc/init、/vendor/etc/init、/odm/etc/init、/product/etc/init等目录。
解析Service 类型语句
init.rc中的Action类型语句、Import类型语句和Service类型语句都有相应的文件来解析,如CreateParser函数中的ActionParser、ImportParser、ServiceParser。对应解析文件目录均在sytem/core/init下。
源码路径:system/core/init/service_parser.cpp
Result<void> ServiceParser::ParseSection(std::vector<std::string>&& args,const std::string& filename, int line) {//判断service是否有name和可执行程序if (args.size() < 3) {return Error() << "services must have a name and a program";}const std::string& name = args[1];//检查service的name是否有效if (!IsValidName(name)) {return Error() << "invalid service name '" << name << "'";}...//构造service对象,解析完所有数据后,调用EndSection函数service_ = std::make_unique<Service>(name, restart_action_subcontext, str_args, from_apex_);return {};
}Result<void> ServiceParser::EndSection() {...//构造Service list对象service_list_->AddService(std::move(service_));...
}
源码路径:system/core/init/service_list.cpp
void ServiceList::AddService(std::unique_ptr<Service> service) {//将services对象添加到Service链表中services_.emplace_back(std::move(service));
}
init启动Zygote
init进程会启动Zygote进程。我们分析下Zygote的启动脚本,以64位处理器为例。
脚本路径:system/core/rootdir/init.zygote64.rc
service zygote /system/bin/app_process64 -Xzygote /system/bin --zygote --start-system-serverclass mainpriority -20user rootgroup root readproc reserved_disksocket zygote stream 660 root systemsocket usap_pool_primary stream 660 root systemonrestart exec_background - system system -- /system/bin/vdc volume abort_fuseonrestart write /sys/power/state ononrestart restart audioserveronrestart restart cameraserveronrestart restart mediaonrestart restart media.tuneronrestart restart netdonrestart restart wificondtask_profiles ProcessCapacityHighcritical window=${zygote.critical_window.minute:-off} target=zygote-fatal
上述脚本大致含义是创建名为zygote的进程,这个进程的执行程序路径为/system/bin/app_process64,后面的代码是传给app_process64的参数。class main
表示zygote的classname是main。
在解析init.rc时,有以下一段Action类型语句,脚本路径:system/core/rootdir/init.rc
on nonencryptedclass_start mainclass_start late_start
class_start是一个command,对应的函数为do_class_start, class_start main
表示启动classname为main的Service,刚才分析zygote的classname为main,因此它会启动zygote进程。
do_class_start函数在builtins.cpp中。源码路径:system/core/init/builtins.cpp
static Result<void> do_class_start(const BuiltinArguments& args) {// Do not start a class if it has a property persist.dont_start_class.CLASS set to 1.if (android::base::GetBoolProperty("persist.init.dont_start_class." + args[1], false))return {};// Starting a class does not start services which are explicitly disabled.// They must be started individually.for (const auto& service : ServiceList::GetInstance()) {if (service->classnames().count(args[1])) {if (auto result = service->StartIfNotDisabled(); !result.ok()) {LOG(ERROR) << "Could not start service '" << service->name()<< "' as part of class '" << args[1] << "': " << result.error();}}}return {};
}
遍历ServiceList,执行StartIfNotDisabled函数。
如果没有在对应的rc文件中设置disable选项,zygote对应的rc文件没有设置disable选项,则会调用Start函数。
子进程启动,并进入该Service的的main函数中,对于zygote来说,执行程序路径是/system/bin/app_process64,对应的文件为app_main.cpp,进入app_main.cpp的main函数中,也是zygote的main函数。
源码路径:system/core/init/service.cpp
Result<void> Service::StartIfNotDisabled() {if (!(flags_ & SVC_DISABLED)) {return Start();} else {flags_ |= SVC_DISABLED_START;}return {};
}Result<void> Service::Start() {...//service 运行,则不启动// Running processes require no additional work --- if they're in the// process of exiting, we've ensured that they will immediately restart// on exit, unless they are ONESHOT. For ONESHOT service, if it's in// stopping status, we just set SVC_RESTART flag so it will get restarted// in Reap().if (flags_ & SVC_RUNNING) {if ((flags_ & SVC_ONESHOT) && disabled) {flags_ |= SVC_RESTART;}LOG(INFO) << "service '" << name_<< "' requested start, but it is already running (flags: " << flags_ << ")";// It is not an error to try to start a service that is already running.reboot_on_failure.Disable();return {};}...//判断service对应的执行文件是否存在,不存在则不启动该servicestruct stat sb;if (stat(args_[0].c_str(), &sb) == -1) {flags_ |= SVC_DISABLED;return ErrnoError() << "Cannot find '" << args_[0] << "'";}...pid_t pid = -1;if (namespaces_.flags) {pid = clone(nullptr, nullptr, namespaces_.flags | SIGCHLD, nullptr);} else {//如果子进程没有启动,则调用fork函数创建子进程pid = fork();}//当前代码逻辑在子进程运行if (pid == 0) {umask(077);//子进程启动RunService(override_mount_namespace, descriptors, std::move(pipefd));_exit(127);}if (pid < 0) {pid_ = 0;return ErrnoError() << "Failed to fork";}...
}
zygote的main函数源码如下,源码路径:frameworks\base\cmds\app_process\app_main.cpp
int main(int argc, char* const argv[])
{...if (zygote) {//启动zygote,细节会在Zygote进程启动过程中分析runtime.start("com.android.internal.os.ZygoteInit", args, zygote);} else if (className) {runtime.start("com.android.internal.os.RuntimeInit", args, zygote);} else {fprintf(stderr, "Error: no class name or --zygote supplied.\n");app_usage();LOG_ALWAYS_FATAL("app_process: no class name or --zygote supplied.");}
}
init启动总结
init进程启动做了很多工作,总的来说有以下三点:
- 挂载分区、创建设备结点和一些关键目录、初始化日志输出系统、启用Selinux安全策略。
- 初始化属性系统、解析Selinux的匹配规则、启动属性服务。
- 解析init.rc配置文件并启动Zygote进程。