Android 启动过程-蒲公英云

Android 初始化流程,从init.c开始

说明：我已经以word文档的格式将这部分内容上传到我我的资源列表中，感兴趣的朋友可以去下载：

下载地址：http://liranke.download.csdn.net/

Init.c

1.1Main function

Init is the first process after kernel is started.

1.1.1Process step:

Mount basic file system, and nitialize log system.
Parse /init.rc and /init.%hardware%.rc.
Execute early-init action in init.rc.
Device specific initialize.
Initialize property system, and load android image, then print” ANDROID”.
Execute init action in init.rc.
Start property service.
Execute early-boot and boot actions in init.rc.
Execute property action in init.rc.
Enter into an indefinite loop to wait for device/property set/child process exit events. For example, if an SD card is plugined, init will receive a device add event, so it can make node for the device. Most of the important process is forked in init, so if any of them crashed, init will receive a SIGCHLD then translate it into a child process exit event, so in the loop init can handle the process exit event and execute the commands defined in *.rc(it will run command onrestart).

1.1.2Start services:

The .rc file is a script file defined by Android. The default is device/system/rootdir/init.rc. We can take a loot at the file format(device/system/init/readme.txt is a good overall introduction of the script). Basically the script file contains actions and services.

Init.rc will run the following services:

console: star a shell. The source is in device/system/bin/sh.

adbd: start adb daemon. The source is in device/tools/adbd. By default is disabled.

servicemanager: start binder system. The source is in device/commands/binder.

mountd: mount all fs defined in /system/etc/mountd.conf if started, receive commands through local socket to mount any fs. The source is in device/system/bin/mountd.

debuggerd: start debug system. The source is in device/system/bin/debuggerd.

rild: start radio interface layer daemon. The source is in device/commands/rild.

zygote: start Android Java Runtime and start system server. It’s the most important service. The source is in device/servers/app.

media: start AudioFlinger, MediaPlayerService and CameraService. The source is in device/commands/mediaserver.

bootsound: play the default boot sound /system/media/audio/ui/boot.mp3. The source is in device/commands/playmp3.

dbus: start dbus daemon, it’s only used by BlueZ. The source is in device/system/Bluetooth/dbus-daemon.

hcid: redirect hcid’s stdout and stderr to the Android logging system. The source is in device/system/bin/logwrapper. By default is disabled.

hfag: start Bluetooth handsfree audio gateway, it’s only used by BlueZ. The source is in device/system/Bluetooth/bluez-utils. By default is disabled.

hsag: start Bluetooth headset audio gateway, it’s only used by BlueZ. The source is in device/system/Bluetooth/bluez-utils. By default is disabled.

installd: start install package daemon. The source is in device/servers/installd.

flash_recovery: load /system/recovery.img. The source is in device/commands/recovery/mtdutils.

1.2Flow chart：

1.2.1Flow chart:

1.3Analyse：

1.3.1FD:

FD Include :

device _fd, property_set_fd, signal_recv_fd, signal_fd(global value)

ufds: struct pollfd ufds[4] ={ device _fd , property_set_fd , signal_recv_fd , keychord_fd }

1.device_fd

2.property_set_fd

(1)

(2) Property_set_fd C/S chart:

#define PROP_SERVICE_NAME “property_service”

3.signal_recv_fd

signal_recv_fd and signal_fd:

/* create a signalling mechanism for the sigchld handler */

if (socketpair(AF_UNIX, SOCK_STREAM, 0, s) == 0) {

signal_fd = s[0];

signal_recv_fd = s[1];

fcntl(s[0], F_SETFD, FD_CLOEXEC);

fcntl(s[0], F_SETFL, O_NONBLOCK);

fcntl(s[1], F_SETFD, FD_CLOEXEC);

fcntl(s[1], F_SETFL, O_NONBLOCK);

}

……

//read signal

read(signal_recv_fd, tmp, sizeof(tmp);

while (!wait_for_one_process(0)); //阻塞

4.signal_fd( see to signal_recv_fd)

1.4Data structure

1.5System status

1.5.1Ｐrocess list

USERPIDPPIDVSIZE RSSWCHANPCNAME

root10548196c00b8c14 0000d5cc S /init

root2000c006bf70 00000000 S kthreadd

root3200c005cc50 00000000 S ksoftirqd/0

root4200c007e408 00000000 S watchdog/0

root5200c0068eec 00000000 S events/0

root6200c0068eec 00000000 S khelper

root10200c0224f90 00000000 S suspend/0

root81200c0068eec 00000000 S kblockd/0

root89200c01f2f7c 00000000 S kseriod

root111200c0068eec 00000000 S kmmcd

root117200c0068eec 00000000 S btaddconn

root118200c0068eec 00000000 S btdelconn

root135200c00448e0 00000000 S bpmd

root141200c008b5f4 00000000 S pdflush

root142200c008b5f4 00000000 S pdflush

root143200c008f948 00000000 S kswapd0

root189200c0068eec 00000000 S aio/0

root195200c01721f0 00000000 S mtdblockd

root340200c01b4eb0 00000000 S accessory notif

root349200c0068eec 00000000 S camera_task/0

root376200c0061438 00000000 S w1_control

root378200c0061438 00000000 S w1_bus_master1

root386200c0068eec 00000000 S charge

root428 200c02ca26c 00000000 S krfcommd

root430200c0068eec 00000000 S rpciod/0

root724200c0216908 00000000 S mmcqd

root7261772180c019dbc4 afe0c1dc S /system/bin/sh

system7271840188c022d8a0 afe0c47c S /system/bin/servicemanager

root72911920336ffffffff afe0c1dc S /system/bin/mountd

root7301704176c0257854 afe0ce0c S /system/bin/debuggerd

root73114132628c027e2f8 afe0ce0c S /opl/bin/tcmd

root7321852248c00b92b0 afe0c5a4 S /opl/bin/adapter

radio733112796 648ffffffff beaab18c S /system/bin/rild

root734172000 14172 c00b92b0 afe0c5a4 S zygote

root735133848 4512ffffffff afe0c47c S /system/bin/mediaserver

root73611080216c00b8c14 bedc021c S /system/bin/dbus-daemon

root7371832208c02b6e80 afe0c1dc S /system/bin/installd

root7401856260c00b92b0 afe0c5a4 S /opl/bin/bpd

root7411828172c00b8c14 afe0d27c S /opl/bin/battmond

root7681720272c02265ec afe0c1dc S /system/bin/logcat

root7691716264c02265ec afe0c1dc S /system/bin/logcat

root816200c0068eec 00000000 S battery.0

system825734574128 28360 ffffffff afe0c47c S system_server

radio877734158260 20040 ffffffff afe0d404 S com.android.phone

app_5879734100888 13616 ffffffff afe0d404 S android.process.acore

system882734144664 24296 ffffffff afe0d404 S android.process.omsservice

app_4588473492304 10932 ffffffff afe0d404 S com.motorola.motohome

app_22890734117068 30228 ffffffff afe0d404 S oms.home

app_391873498760 12652 ffffffff afe0d404 S oms.widgetmanager

app_5928734100888 13336 ffffffff afe0d404 S com.android.inputmethod.borqs

app_24930734105176 19168 ffffffff afe0d404 S com.db4o.servo.search

app_18960734104180 15208 ffffffff afe0d404 S com.android.mms

app_8979734118860 14044 ffffffff afe0d404 S android.process.media

app_999173491980 12264 ffffffff afe0d404 S com.android.alarmclock

app_15998734103144 12908 ffffffff afe0d404 S oms.dcd

system101873494732 13792 ffffffff afe0d404 S oms.dm

app_14102573495636 13036 ffffffff afe0d404 S com.android.calendar

app_42104173493292 11316 ffffffff afe0d404 S com.motorola.smsautoreg

app_40109073497152 15192 ffffffff afe0d404 S com.motorola.mtc

app_38110273493832 12868 ffffffff afe0d404 S com.streamezzo.browser.android

app_26111573496596 15084 ffffffff afe0d404 S oms.mediacenter

app_37112673498208 15212 ffffffff afe0d404 S com.hyfsoft.docviewer

app_20114673499260 15320 ffffffff afe0d404 S com.android.music

app_471157734100204 15964 ffffffff afe0d404 S com.motorola.camera

app_111183734122672 23576 ffffffff afe0d404 S com.android.browser

app_61199734117032 20388 ffffffff afe0d404 S oms.mobilemusic

system124473499292 15940 ffffffff afe0d404 S com.android.settings

app_23131173496932 16004 ffffffff afe0d404 S oms.bru

root1334200c0216908 00000000 S mmcqd

app_81351734100308 15876 ffffffff afe0d404 S com.android.camera

app_11424734111904 17024 ffffffff afe0d404 S oms.messaging

app_41436734101172 15504 ffffffff afe0d404 S oms.mail

app_21484734100716 18128 ffffffff afe0d404 S com.ms

app_161663734101024 16748 ffffffff afe0d404 S oms.android.filemanager

root168413364176ffffffff 0000e8f4 S /sbin/adbd

root16921684776348c0059cd4 afe0d0ac S /system/bin/sh

root1724169292035600000000 afe0c1dc R ps

从真正的应用层的角度来看，所有的应用程序（如settings,media……）的父进程都是zygote. 因为任何一个应用都是一个VM。

2Adbd

Default is disable.

3Servicemanager

3.1Introcuce

3.2Flow chart

3.3Analyse

3.4Data structure

3.5Questions

1.从进程的角度来看，在zygote_run_oneshot中创建的pid是servicemanager的子进程。

2.在zygote_run_oneshot中，socket_local_client对ZYGOTE_SOCKET（”zygote”）进行了connect.

随后，又调用了pid = send_request(fd, 0, newargc, newargv);创建了一个pid,，而且，在这个函数中，进行了数据的发送与接收

3.在run中，也进行了很多操作，主要是进行了pthread的创建。

4Mountd

4.1Introduce

4.2Chart

1.flow:

Mountd.c：

ReadConfigFile（”/system/etc/mountd.conf”）；

StartAutoMounter（）;//在这里，调用了MountDevices和pthread_create.

return RunServer();

RunServer function:

Step1: get socket “mountd” à

Step2: listen

Step3: 阻塞, as below：

while (1)

{

Read

}

典型的server, 那么，client就是各个设备驱动.

4.3Analyse

4.4Other

5Debuggerd

5.1Introduce

5.2Chart

这里，既有client,也有server。

5.3Analyse

5.4Other

6Rild

6.1Introduce

6.2Chart

6.2.1RIL Architecture:

6.2.2RIL Flow:

6.3Analyse

Refernce telephony.rar doc

7Zygote

7.1Introduce

It is the first Dalvik VM

7.2Chart

7.3Analyse

7.3.1Introduce

from network

Zygote service does the following tasks step by step:

Create JAVA VM
Register android native function for JAVA VM.
Call the main function in the JAVA class named

com.android.internal.os.ZygoteInit whose source is device/java/android/com/android/internal/os/ZygoteInit.java.

a) Load ZygoteInit class

b) Register zygote socket

c) Load preload classes(the default file is device/java/android/preloaded-classes)

d) Load preload resources

e) Call Zygote::forkSystemServer (implemented in device/dalvik/vm/InternalNative.c) to fork a new process. In the new process, call the main function in the JAVA class named com.android.server.SystemServer, whose source is in device/java/services/com/android/server.

i. Load libandroid_servers.so

ii. Call JNI native init1 function implemented in device/libs/android_servers/com_android_server_SystemServers. It only calls system_init implemented in device/servers/system/library/system_init.cpp.

. If running on simulator, instantiate AudioFlinger, MediaPlayerService and CameraService here.

. Call init2 function in JAVA class named com.android.server.SystemServer, whose source is in device/java/services/com/android/server. This function is very critical for Android because it start all of Android JAVA services.

. If not running on simulator, call IPCThreadState::self()->joinThreadPool() to enter into service dispatcher.

2.from qcom

Zygote daemon(first Dalvik VM)

Starts rutime process

Starts service manager – lookup service for binder.

Sends command to Zyhgote to start system server.

System server.

System server starts up surface flinger, audio flinger, which registers with the service manager.

Starts up all core services, which also registers with the service manger via a java proxy(how to do?)

Activity manager sends a command to Zygote to start home process with its own dalvik VM.

Home task may start other applications, which run in their own VM.

3.SP(smart pointer)

用到了智能指针。

7.3.2startSystemServer

1.由于前面的servicemanager（runtime）已经初始化，所以，这里的zygoteinit可以是java代码。

2.registerZygoteSocket创建的socket名为“ANDROID_SOCKET_zygote”，从创建过程不难看出，这是一个server；

3.preloadClasses():正如注释中所说的一样，“Performs Zygote process initialization. Loads and initializes commonly used classes”；有log信息，通过调用Log.i(TAG, “Preloading classes…”);load count and used time:preloaded 1166 classes in 8951ms；另外，有哪些资源被load了，共有48+15个。

4.dalvik+lib = runtime；

5.startSystemServer：” Prepare the arguments and fork for the system server process”

pid = Zygote.forkSystemServer /* Request to fork the system server process */

另外，从ps中也可以看出，Zygote 是system_server的父进程。

root734172000 14172 c00b92b0 afe0c5a4 S zygote

system825734574128 28360 ffffffff afe0c47c S system_server