Zygote及System進程啓動
1. init 根據init.rc 運行 app_process, 並攜帶‘--zygote' 和 ’--startSystemServer' 參數。java
2. AndroidRuntime.cpp::start() 裏將啓動JavaVM,而且註冊全部framework相關的系統JNI接口。linux
3. 第一次進入Java世界,運行ZygoteInit.java::main() 函數初始化Zygote. Zygote 並建立Socket的server 端。android
4. 而後fork一個新的進程並在新進程裏初始化SystemServer. Fork以前,Zygote是preload經常使用的Java類庫,以及系統的resources,同時GC()清理內存空間,爲子進程省去重複的工做。app
5. SystemServer 裏將全部的系統Service初始化,包括ActivityManager 和 WindowManager, 他們是應用程序運行起來的前提。框架
6. 與此同時,Zygote監聽服務端Socket,等待新的應用啓動請求。less
7. ActivityManager ready 以後尋找系統的「Startup」 Application, 將請求發給Zygote。dom
8. Zygote收到請求後,fork出一個新的進程。socket
9. Zygote監聽並處理SystemServer 的 SIGCHID 信號,一旦System Server崩潰,當即將本身殺死。init會重啓Zygote.ide
如下內容主要針對上面的介紹展開,附上兩張圖,這兩張圖片包含了咱們今天要講解的全部內容函數
zygote啓動流程圖
zygote相關的全部類的結構圖
這裏要講的是zygote啓動流程因此主要針對第一張圖來說 ,關於這部份內容,我的以爲,對於想本身開發系統的人來講是頗有幫助,每一個系統首先啓動的即是孵化器進程,以及server監聽進程。
一 概念
在Android系統中,全部的應用程序和系統服務進程,都是Zygote負責建立的,所以,Zygote也就被成爲進程孵化器。Zygote進程是經過複製自身的方式來建立System進程和應用程序進程的。 Zygote會在系統啓動時建立一個虛擬機實例,所以,經過複製Zygote進程而獲得的System進程和應用程序進程能夠快速第在內部得到一個虛擬機實例拷貝。
Zygote進程啓動完成以後,會將system進程啓動起來,以便它能夠將系統的關鍵服務啓動起來。例如AMS ContentService 和WMS及PMS等。
二 Zygote啓動
Zygote進程在init進程啓動過程當中被以service服務的形式啓動,代碼以下:./system/core/rootdir/init.zygote32.rc的service_start()
service zygote /system/bin/app_process -Xzygote /system/bin --zygote --start-system-server ... socket zygote stream 660 root system
onrestart write /sys/android_power/request_state wake
onrestart write /sys/power/state on
onrestart restart media
onrestart restart netd
前面的關鍵字service告訴init進程建立一個名爲"zygote"的進程,這個zygote進程要執行的程序是/system/bin/app_process,後面是要傳給app_process的參數。
接下來的socket關鍵字表示這個zygote進程須要一個名稱爲"zygote"的socket資源,這樣,系統啓動後,咱們就能夠在/dev/socket目錄下看到有一個名爲zygote的文件。這裏定義的socket的類型爲unix domain socket,它是用來做本地進程間通訊用的。前面咱們說到的ActivityManagerService就是通這個socket來和zygote進程通訊請求fork一個應用程序進程的了。
最後的一系列onrestart關鍵字表示這個zygote進程重啓時須要執行的命令。
關於init.rc文件的更多信息,請參考system/core/init/readme.txt文件。
瞭解了這個信息以後,咱們就知道Zygote進程要執行的程序即是system/bin/app_process了,它的源代碼位於frameworks/base/cmds/app_process/app_main.cpp文件中,入口函數是main。
在繼續分析Zygote進程啓動的過程以前,咱們先來看看它的啓動序列圖:
下面咱們就詳細分析每個步驟。
Step 1. app_process.main
這個函數定義在frameworks/base/cmds/app_process/app_main.cpp文件中:
int main(int argc, char* const argv[]) { if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) < 0) { // Older kernels don't understand PR_SET_NO_NEW_PRIVS and return // EINVAL. Don't die on such kernels. if (errno != EINVAL) { LOG_ALWAYS_FATAL("PR_SET_NO_NEW_PRIVS failed: %s", strerror(errno)); return 12; } } AppRuntime runtime(argv[0], computeArgBlockSize(argc, argv)); // Process command line arguments // ignore argv[0] argc--; argv++; // Everything up to '--' or first non '-' arg goes to the vm. // // The first argument after the VM args is the "parent dir", which // is currently unused. // // After the parent dir, we expect one or more the following internal // arguments : // // --zygote : Start in zygote mode // --start-system-server : Start the system server. // --application : Start in application (stand alone, non zygote) mode. // --nice-name : The nice name for this process. // // For non zygote starts, these arguments will be followed by // the main class name. All remaining arguments are passed to // the main method of this class. // // For zygote starts, all remaining arguments are passed to the zygote. // main function. // // Note that we must copy argument string values since we will rewrite the // entire argument block when we apply the nice name to argv0. int i; for (i = 0; i < argc; i++) { if (argv[i][0] != '-') { break; } if (argv[i][1] == '-' && argv[i][2] == 0) { ++i; // Skip --. break; } runtime.addOption(strdup(argv[i])); } // Parse runtime arguments. Stop at first unrecognized option. bool zygote = false; bool startSystemServer = false; bool application = false; String8 niceName; String8 className; ++i; // Skip unused "parent dir" argument. while (i < argc) { const char* arg = argv[i++]; if (strcmp(arg, "--zygote") == 0) { zygote = true; niceName = ZYGOTE_NICE_NAME; } else if (strcmp(arg, "--start-system-server") == 0) { startSystemServer = true; } else if (strcmp(arg, "--application") == 0) { application = true; } else if (strncmp(arg, "--nice-name=", 12) == 0) { niceName.setTo(arg + 12); } else if (strncmp(arg, "--", 2) != 0) { className.setTo(arg); break; } else { --i; break; } } Vector<String8> args; if (!className.isEmpty()) { // We're not in zygote mode, the only argument we need to pass // to RuntimeInit is the application argument. // // The Remainder of args get passed to startup class main(). Make // copies of them before we overwrite them with the process name. args.add(application ? String8("application") : String8("tool")); runtime.setClassNameAndArgs(className, argc - i, argv + i); } else { // We're in zygote mode. maybeCreateDalvikCache(); if (startSystemServer) { args.add(String8("start-system-server")); } char prop[PROP_VALUE_MAX]; if (property_get(ABI_LIST_PROPERTY, prop, NULL) == 0) { LOG_ALWAYS_FATAL("app_process: Unable to determine ABI list from property %s.", ABI_LIST_PROPERTY); return 11; } String8 abiFlag("--abi-list="); abiFlag.append(prop); args.add(abiFlag); // In zygote mode, pass all remaining arguments to the zygote // main() method. for (; i < argc; ++i) { args.add(String8(argv[i])); } } if (!niceName.isEmpty()) { runtime.setArgv0(niceName.string()); set_process_name(niceName.string()); } if (zygote) { runtime.start("com.android.internal.os.ZygoteInit", args, zygote); } else if (className) { runtime.start("com.android.internal.os.RuntimeInit", args, zygote); } else { fprintf(stderr, "Error: no class name or --zygote supplied.\n"); app_usage(); LOG_ALWAYS_FATAL("app_process: no class name or --zygote supplied."); return 10; } }
這個函數的主要做用就是建立一個AppRuntime變量,而後調用它的start成員函數。它一樣是在frameworks/base/cmds/app_process/app_main.cpp文件中定義:
class AppRuntime : public AndroidRuntime { public: AppRuntime(char* argBlockStart, const size_t argBlockLength) : AndroidRuntime(argBlockStart, argBlockLength) , mClass(NULL) { } void setClassNameAndArgs(const String8& className, int argc, char * const *argv) { mClassName = className; for (int i = 0; i < argc; ++i) { mArgs.add(String8(argv[i])); } } virtual void onVmCreated(JNIEnv* env) { if (mClassName.isEmpty()) { return; // Zygote. Nothing to do here. } /* * This is a little awkward because the JNI FindClass call uses the * class loader associated with the native method we're executing in. * If called in onStarted (from RuntimeInit.finishInit because we're * launching "am", for example), FindClass would see that we're calling * from a boot class' native method, and so wouldn't look for the class * we're trying to look up in CLASSPATH. Unfortunately it needs to, * because the "am" classes are not boot classes. * * The easiest fix is to call FindClass here, early on before we start * executing boot class Java code and thereby deny ourselves access to * non-boot classes. */ char* slashClassName = toSlashClassName(mClassName.string()); mClass = env->FindClass(slashClassName); if (mClass == NULL) { ALOGE("ERROR: could not find class '%s'\n", mClassName.string()); } free(slashClassName); mClass = reinterpret_cast<jclass>(env->NewGlobalRef(mClass)); } virtual void onStarted() { sp<ProcessState> proc = ProcessState::self(); ALOGV("App process: starting thread pool.\n"); proc->startThreadPool(); AndroidRuntime* ar = AndroidRuntime::getRuntime(); ar->callMain(mClassName, mClass, mArgs); IPCThreadState::self()->stopProcess(); } virtual void onZygoteInit() { sp<ProcessState> proc = ProcessState::self(); ALOGV("App process: starting thread pool.\n"); proc->startThreadPool(); } virtual void onExit(int code) { if (mClassName.isEmpty()) { // if zygote IPCThreadState::self()->stopProcess(); } AndroidRuntime::onExit(code); } String8 mClassName; Vector<String8> mArgs; jclass mClass; }; }
它繼承於AndroidRuntime類, AndroidRuntime類定義在frameworks/base/core/jni/AndroidRuntime.cpp文件中:
static AndroidRuntime* gCurRuntime = NULL; ... AndroidRuntime::AndroidRuntime(char* argBlockStart, const size_t argBlockLength) : mExitWithoutCleanup(false), mArgBlockStart(argBlockStart), mArgBlockLength(argBlockLength) { SkGraphics::Init(); // There is also a global font cache, but its budget is specified by // SK_DEFAULT_FONT_CACHE_COUNT_LIMIT and SK_DEFAULT_FONT_CACHE_LIMIT. // Pre-allocate enough space to hold a fair number of options. mOptions.setCapacity(20); assert(gCurRuntime == NULL); // one per process gCurRuntime = this; }
當AppRuntime對象建立時,會調用其父類AndroidRuntime的構造函數,而在AndroidRuntime類的構造函數裏面,會將this指針保存在靜態全局變量gCurRuntime中,這樣,當其它地方須要使用這個AppRuntime對象時,就能夠經過同一個文件中的這個函數來獲取這個對象的指針:
AndroidRuntime* AndroidRuntime::getRuntime() { return gCurRuntime; }
回到上面的main函數中,因爲咱們在init.rc文件中,設置了app_process啓動參數--zygote和--start-system-server,所以,在main函數裏面,最終會執行下面語句:
runtime.start("com.android.internal.os.ZygoteInit", args, zygote);
這裏的參數startSystemServer爲true,表示要啓動SystemServer組件。因爲AppRuntime沒有實現本身的start函數,它繼承了父類AndroidRuntime的start函數,所以,下面會執行AndroidRuntime類的start函數。
Step 2. AndroidRuntime.start
這個函數定義在frameworks/base/core/jni/AndroidRuntime.cpp文件中:
/* * Start the Android runtime. This involves starting the virtual machine * and calling the "static void main(String[] args)" method in the class * named by "className". * * Passes the main function two arguments, the class name and the specified * options string. */ void AndroidRuntime::start(const char* className, const Vector<String8>& options, bool zygote) { ALOGD(">>>>>> START %s uid %d <<<<<<\n", className != NULL ? className : "(unknown)", getuid()); static const String8 startSystemServer("start-system-server"); /* * 'startSystemServer == true' means runtime is obsolete and not run from * init.rc anymore, so we print out the boot start event here. */ for (size_t i = 0; i < options.size(); ++i) { if (options[i] == startSystemServer) { /* track our progress through the boot sequence */ const int LOG_BOOT_PROGRESS_START = 3000; LOG_EVENT_LONG(LOG_BOOT_PROGRESS_START, ns2ms(systemTime(SYSTEM_TIME_MONOTONIC))); } } const char* rootDir = getenv("ANDROID_ROOT"); if (rootDir == NULL) { rootDir = "/system"; if (!hasDir("/system")) { LOG_FATAL("No root directory specified, and /android does not exist."); return; } setenv("ANDROID_ROOT", rootDir, 1); } //const char* kernelHack = getenv("LD_ASSUME_KERNEL"); //ALOGD("Found LD_ASSUME_KERNEL='%s'\n", kernelHack); /* start the virtual machine */ JniInvocation jni_invocation; jni_invocation.Init(NULL); JNIEnv* env; if (startVm(&mJavaVM, &env, zygote) != 0) { return; } onVmCreated(env); /* * Register android functions. */ if (startReg(env) < 0) { ALOGE("Unable to register all android natives\n"); return; } /* * We want to call main() with a String array with arguments in it. * At present we have two arguments, the class name and an option string. * Create an array to hold them. */ jclass stringClass; jobjectArray strArray; jstring classNameStr; stringClass = env->FindClass("java/lang/String"); assert(stringClass != NULL); strArray = env->NewObjectArray(options.size() + 1, stringClass, NULL); assert(strArray != NULL); classNameStr = env->NewStringUTF(className); assert(classNameStr != NULL); env->SetObjectArrayElement(strArray, 0, classNameStr); for (size_t i = 0; i < options.size(); ++i) { jstring optionsStr = env->NewStringUTF(options.itemAt(i).string()); assert(optionsStr != NULL); env->SetObjectArrayElement(strArray, i + 1, optionsStr); } /* * Start VM. This thread becomes the main thread of the VM, and will * not return until the VM exits. */ char* slashClassName = toSlashClassName(className); jclass startClass = env->FindClass(slashClassName); if (startClass == NULL) { ALOGE("JavaVM unable to locate class '%s'\n", slashClassName); /* keep going */ } else { jmethodID startMeth = env->GetStaticMethodID(startClass, "main", "([Ljava/lang/String;)V"); if (startMeth == NULL) { ALOGE("JavaVM unable to find main() in '%s'\n", className); /* keep going */ } else { env->CallStaticVoidMethod(startClass, startMeth, strArray); #if 0 if (env->ExceptionCheck()) threadExitUncaughtException(env); #endif } } free(slashClassName); ALOGD("Shutting down VM\n"); if (mJavaVM->DetachCurrentThread() != JNI_OK) ALOGW("Warning: unable to detach main thread\n"); if (mJavaVM->DestroyJavaVM() != 0) ALOGW("Warning: VM did not shut down cleanly\n"); }
這個函數的做用是啓動Android系統運行時庫,它主要作了三件事情,一是調用函數startVM啓動虛擬機,二是調用函數startReg註冊JNI方法,三是調用了com.android.internal.os.ZygoteInit類的main函數。
Step 3. ZygoteInit.main
這個函數定義在frameworks/base/core/java/com/android/internal/os/ZygoteInit.java文件中:
public static void main(String argv[]) { try { RuntimeInit.enableDdms(); // Start profiling the zygote initialization. SamplingProfilerIntegration.start(); boolean startSystemServer = false; String socketName = "zygote"; String abiList = null; for (int i = 1; i < argv.length; i++) { if ("start-system-server".equals(argv[i])) { startSystemServer = true; } else if (argv[i].startsWith(ABI_LIST_ARG)) { abiList = argv[i].substring(ABI_LIST_ARG.length()); } else if (argv[i].startsWith(SOCKET_NAME_ARG)) { socketName = argv[i].substring(SOCKET_NAME_ARG.length()); } else { throw new RuntimeException("Unknown command line argument: " + argv[i]); } } if (abiList == null) { throw new RuntimeException("No ABI list supplied."); } registerZygoteSocket(socketName); EventLog.writeEvent(LOG_BOOT_PROGRESS_PRELOAD_START, SystemClock.uptimeMillis()); preload(); EventLog.writeEvent(LOG_BOOT_PROGRESS_PRELOAD_END, SystemClock.uptimeMillis()); // Finish profiling the zygote initialization. SamplingProfilerIntegration.writeZygoteSnapshot(); // Do an initial gc to clean up after startup gcAndFinalize(); // Disable tracing so that forked processes do not inherit stale tracing tags from // Zygote. Trace.setTracingEnabled(false); if (startSystemServer) { startSystemServer(abiList, socketName); } Log.i(TAG, "Accepting command socket connections"); runSelectLoop(abiList); closeServerSocket(); } catch (MethodAndArgsCaller caller) { caller.run(); } catch (RuntimeException ex) { Log.e(TAG, "Zygote died with exception", ex); closeServerSocket(); throw ex; } }
它主要做了三件事情,一個調用registerZygoteSocket函數建立了一個socket接口,用來和ActivityManagerService通信,二是調用startSystemServer函數來啓動SystemServer組件,三是調用runSelectLoopMode函數進入一個無限循環在前面建立的socket接口上等待ActivityManagerService請求建立新的應用程序進程。
Step 4. ZygoteInit.registerZygoteSocket
這個函數定義在frameworks/base/core/java/com/android/internal/os/ZygoteInit.java文件中:
private static void registerZygoteSocket(String socketName) { if (sServerSocket == null) { int fileDesc; final String fullSocketName = ANDROID_SOCKET_PREFIX + socketName; try { String env = System.getenv(fullSocketName); fileDesc = Integer.parseInt(env); } catch (RuntimeException ex) { throw new RuntimeException(fullSocketName + " unset or invalid", ex); } try { FileDescriptor fd = new FileDescriptor(); fd.setInt$(fileDesc); sServerSocket = new LocalServerSocket(fd); } catch (IOException ex) { throw new RuntimeException( "Error binding to local socket '" + fileDesc + "'", ex); } } }
這個socket接口是經過文件描述符來建立的,這個文件描符表明的就是咱們前面說的/dev/socket/zygote文件了。這個文件描述符是經過環境變量ANDROID_SOCKET_ENV獲得的,它定義爲:
public class ZygoteInit { ...... private static final String ANDROID_SOCKET_ENV = "ANDROID_SOCKET_zygote"; ...... }
那麼,這個環境變量的值又是由誰來設置的呢?咱們知道,系統啓動腳本文件system/core/rootdir/init.rc是由init進程來解釋執行的,而init進程的源代碼位於system/core/init目錄中,在init.cpp文件中,是由service_start函數來解釋init.rc文件中的service命令的:
void service_start(struct service *svc, const char *dynamic_args) { // Starting a service removes it from the disabled or reset state and // immediately takes it out of the restarting state if it was in there. svc->flags &= (~(SVC_DISABLED|SVC_RESTARTING|SVC_RESET|SVC_RESTART|SVC_DISABLED_START)); svc->time_started = 0; // Running processes require no additional work --- if they're in the // process of exiting, we've ensured that they will immediately restart // on exit, unless they are ONESHOT. if (svc->flags & SVC_RUNNING) { return; } bool needs_console = (svc->flags & SVC_CONSOLE); if (needs_console && !have_console) { ERROR("service '%s' requires console\n", svc->name); svc->flags |= SVC_DISABLED; return; } struct stat s; if (stat(svc->args[0], &s) != 0) { ERROR("cannot find '%s', disabling '%s'\n", svc->args[0], svc->name); svc->flags |= SVC_DISABLED; return; } if ((!(svc->flags & SVC_ONESHOT)) && dynamic_args) { ERROR("service '%s' must be one-shot to use dynamic args, disabling\n", svc->args[0]); svc->flags |= SVC_DISABLED; return; } char* scon = NULL; if (is_selinux_enabled() > 0) { if (svc->seclabel) { scon = strdup(svc->seclabel); if (!scon) { ERROR("Out of memory while starting '%s'\n", svc->name); return; } } else { char *mycon = NULL, *fcon = NULL; INFO("computing context for service '%s'\n", svc->args[0]); int rc = getcon(&mycon); if (rc < 0) { ERROR("could not get context while starting '%s'\n", svc->name); return; } rc = getfilecon(svc->args[0], &fcon); if (rc < 0) { ERROR("could not get context while starting '%s'\n", svc->name); freecon(mycon); return; } rc = security_compute_create(mycon, fcon, string_to_security_class("process"), &scon); if (rc == 0 && !strcmp(scon, mycon)) { ERROR("Warning! Service %s needs a SELinux domain defined; please fix!\n", svc->name); } freecon(mycon); freecon(fcon); if (rc < 0) { ERROR("could not get context while starting '%s'\n", svc->name); return; } } } NOTICE("Starting service '%s'...\n", svc->name); pid_t pid = fork(); if (pid == 0) { struct socketinfo *si; struct svcenvinfo *ei; char tmp[32]; int fd, sz; umask(077); if (properties_initialized()) { get_property_workspace(&fd, &sz); snprintf(tmp, sizeof(tmp), "%d,%d", dup(fd), sz); add_environment("ANDROID_PROPERTY_WORKSPACE", tmp); } for (ei = svc->envvars; ei; ei = ei->next) add_environment(ei->name, ei->value); for (si = svc->sockets; si; si = si->next) { int socket_type = ( !strcmp(si->type, "stream") ? SOCK_STREAM : (!strcmp(si->type, "dgram") ? SOCK_DGRAM : SOCK_SEQPACKET)); int s = create_socket(si->name, socket_type, si->perm, si->uid, si->gid, si->socketcon ?: scon); if (s >= 0) { publish_socket(si->name, s); } } freecon(scon); scon = NULL; if (svc->writepid_files_) { std::string pid_str = android::base::StringPrintf("%d", pid); for (auto& file : *svc->writepid_files_) { if (!android::base::WriteStringToFile(pid_str, file)) { ERROR("couldn't write %s to %s: %s\n", pid_str.c_str(), file.c_str(), strerror(errno)); } } } if (svc->ioprio_class != IoSchedClass_NONE) { if (android_set_ioprio(getpid(), svc->ioprio_class, svc->ioprio_pri)) { ERROR("Failed to set pid %d ioprio = %d,%d: %s\n", getpid(), svc->ioprio_class, svc->ioprio_pri, strerror(errno)); } } if (needs_console) { setsid(); open_console(); } else { zap_stdio(); } if (false) { for (size_t n = 0; svc->args[n]; n++) { INFO("args[%zu] = '%s'\n", n, svc->args[n]); } for (size_t n = 0; ENV[n]; n++) { INFO("env[%zu] = '%s'\n", n, ENV[n]); } } setpgid(0, getpid()); // As requested, set our gid, supplemental gids, and uid. if (svc->gid) { if (setgid(svc->gid) != 0) { ERROR("setgid failed: %s\n", strerror(errno)); _exit(127); } } if (svc->nr_supp_gids) { if (setgroups(svc->nr_supp_gids, svc->supp_gids) != 0) { ERROR("setgroups failed: %s\n", strerror(errno)); _exit(127); } } if (svc->uid) { if (setuid(svc->uid) != 0) { ERROR("setuid failed: %s\n", strerror(errno)); _exit(127); } } if (svc->seclabel) { if (is_selinux_enabled() > 0 && setexeccon(svc->seclabel) < 0) { ERROR("cannot setexeccon('%s'): %s\n", svc->seclabel, strerror(errno)); _exit(127); } } if (!dynamic_args) { if (execve(svc->args[0], (char**) svc->args, (char**) ENV) < 0) { ERROR("cannot execve('%s'): %s\n", svc->args[0], strerror(errno)); } } else { char *arg_ptrs[INIT_PARSER_MAXARGS+1]; int arg_idx = svc->nargs; char *tmp = strdup(dynamic_args); char *next = tmp; char *bword; /* Copy the static arguments */ memcpy(arg_ptrs, svc->args, (svc->nargs * sizeof(char *))); while((bword = strsep(&next, " "))) { arg_ptrs[arg_idx++] = bword; if (arg_idx == INIT_PARSER_MAXARGS) break; } arg_ptrs[arg_idx] = NULL; execve(svc->args[0], (char**) arg_ptrs, (char**) ENV); } _exit(127); } freecon(scon); if (pid < 0) { ERROR("failed to start '%s'\n", svc->name); svc->pid = 0; return; } svc->time_started = gettime(); svc->pid = pid; svc->flags |= SVC_RUNNING; if ((svc->flags & SVC_EXEC) != 0) { INFO("SVC_EXEC pid %d (uid %d gid %d+%zu context %s) started; waiting...\n", svc->pid, svc->uid, svc->gid, svc->nr_supp_gids, svc->seclabel ? : "default"); waiting_for_exec = true; } svc->NotifyStateChange("running"); }
每個service命令都會促使init進程調用fork函數來建立一個新的進程,在新的進程裏面,會分析裏面的socket選項,對於每個socket選項,都會經過create_socket函數來在/dev/socket目錄下建立一個文件,在這個場景中,這個文件即是zygote了,而後獲得的文件描述符經過publish_socket函數寫入到環境變量中去:
static void publish_socket(const char *name, int fd) { char key[64] = ANDROID_SOCKET_ENV_PREFIX; char val[64]; strlcpy(key + sizeof(ANDROID_SOCKET_ENV_PREFIX) - 1, name, sizeof(key) - sizeof(ANDROID_SOCKET_ENV_PREFIX)); snprintf(val, sizeof(val), "%d", fd); add_environment(key, val); /* make sure we don't close-on-exec */ fcntl(fd, F_SETFD, 0); }
這裏傳進來的參數name值爲"zygote",而ANDROID_SOCKET_ENV_PREFIX在system/core/include/cutils/sockets.h定義爲:
#define ANDROID_SOCKET_ENV_PREFIX "ANDROID_SOCKET_" #define ANDROID_SOCKET_DIR "/dev/socket"
所以,這裏就把上面獲得的文件描述符寫入到以"ANDROID_SOCKET_zygote"爲key值的環境變量中。又由於上面的ZygoteInit.registerZygoteSocket函數與這裏建立socket文件的create_socket函數是運行在同一個進程中,所以,上面的ZygoteInit.registerZygoteSocket函數能夠直接使用這個文件描述符來建立一個Java層的LocalServerSocket對象。若是其它進程也須要打開這個/dev/socket/zygote文件來和Zygote進程進行通訊,那就必需要經過文件名來鏈接這個LocalServerSocket了,ActivityManagerService是經過Process.start函數來建立一個新的進程的,而Process.start函數會首先經過Socket鏈接到Zygote進程中,最終由Zygote進程來完成建立新的應用程序進程,而Process類是經過openZygoteSocketIfNeeded函數來鏈接到Zygote進程中的Socket的:frameworks/base/core/java/android/os/Process.java
public static final String ZYGOTE_SOCKET = "zygote";
/** * Tries to open socket to Zygote process if not already open. If * already open, does nothing. May block and retry. */ private static ZygoteState openZygoteSocketIfNeeded(String abi) throws ZygoteStartFailedEx { if (primaryZygoteState == null || primaryZygoteState.isClosed()) { try { primaryZygoteState = ZygoteState.connect(ZYGOTE_SOCKET); } catch (IOException ioe) { throw new ZygoteStartFailedEx("Error connecting to primary zygote", ioe); } } if (primaryZygoteState.matches(abi)) { return primaryZygoteState; } // The primary zygote didn't match. Try the secondary. if (secondaryZygoteState == null || secondaryZygoteState.isClosed()) { try { secondaryZygoteState = ZygoteState.connect(SECONDARY_ZYGOTE_SOCKET); } catch (IOException ioe) { throw new ZygoteStartFailedEx("Error connecting to secondary zygote", ioe); } } if (secondaryZygoteState.matches(abi)) { return secondaryZygoteState; } throw new ZygoteStartFailedEx("Unsupported zygote ABI: " + abi); }
ZYGOTE_SOCKET恰好就是對應/dev/socket目錄下的zygote文件了。
Android系統中的socket機制和binder機制同樣,都是能夠用來進行進程間通訊。
Socket對象建立完成以後,回到Step 3中的ZygoteInit.main函數中,startSystemServer函數來啓動SystemServer組件。
Step 5. ZygoteInit.startSystemServer
這個函數定義在frameworks/base/core/java/com/android/internal/os/ZygoteInit.java文件中:
/** * Prepare the arguments and fork for the system server process. */ private static boolean startSystemServer(String abiList, String socketName) throws MethodAndArgsCaller, RuntimeException { long capabilities = posixCapabilitiesAsBits( OsConstants.CAP_BLOCK_SUSPEND, OsConstants.CAP_KILL, OsConstants.CAP_NET_ADMIN, OsConstants.CAP_NET_BIND_SERVICE, OsConstants.CAP_NET_BROADCAST, OsConstants.CAP_NET_RAW, OsConstants.CAP_SYS_MODULE, OsConstants.CAP_SYS_NICE, OsConstants.CAP_SYS_RESOURCE, OsConstants.CAP_SYS_TIME, OsConstants.CAP_SYS_TTY_CONFIG ); /* Hardcoded command line to start the system server */ String args[] = { "--setuid=1000", "--setgid=1000", "--setgroups=1001,1002,1003,1004,1005,1006,1007,1008,1009,1010,1018,1021,1032,3001,3002,3003,3006,3007", "--capabilities=" + capabilities + "," + capabilities, "--nice-name=system_server", "--runtime-args", "com.android.server.SystemServer", }; ZygoteConnection.Arguments parsedArgs = null; int pid; try { parsedArgs = new ZygoteConnection.Arguments(args); ZygoteConnection.applyDebuggerSystemProperty(parsedArgs); ZygoteConnection.applyInvokeWithSystemProperty(parsedArgs); /* Request to fork the system server process */ pid = Zygote.forkSystemServer( parsedArgs.uid, parsedArgs.gid, parsedArgs.gids, parsedArgs.debugFlags, null, parsedArgs.permittedCapabilities, parsedArgs.effectiveCapabilities); } catch (IllegalArgumentException ex) { throw new RuntimeException(ex); } /* For child process */ if (pid == 0) { if (hasSecondZygote(abiList)) { waitForSecondaryZygote(socketName); } handleSystemServerProcess(parsedArgs); } return true; }
這裏咱們能夠看到,Zygote進程經過Zygote.forkSystemServer函數來建立一個新的進程來啓動SystemServer組件,返回值pid等0的地方就是新的進程要執行的路徑,即新建立的進程會執行handleSystemServerProcess函數。
Step 6. ZygoteInit.handleSystemServerProcess
這個函數定義在frameworks/base/core/java/com/android/internal/os/ZygoteInit.java文件中:
/** * Finish remaining work for the newly forked system server process. */ private static void handleSystemServerProcess( ZygoteConnection.Arguments parsedArgs) throws ZygoteInit.MethodAndArgsCaller { closeServerSocket(); // set umask to 0077 so new files and directories will default to owner-only permissions. Os.umask(S_IRWXG | S_IRWXO); if (parsedArgs.niceName != null) { Process.setArgV0(parsedArgs.niceName); } final String systemServerClasspath = Os.getenv("SYSTEMSERVERCLASSPATH"); if (systemServerClasspath != null) { performSystemServerDexOpt(systemServerClasspath); } if (parsedArgs.invokeWith != null) { String[] args = parsedArgs.remainingArgs; // If we have a non-null system server class path, we'll have to duplicate the // existing arguments and append the classpath to it. ART will handle the classpath // correctly when we exec a new process. if (systemServerClasspath != null) { String[] amendedArgs = new String[args.length + 2]; amendedArgs[0] = "-cp"; amendedArgs[1] = systemServerClasspath; System.arraycopy(parsedArgs.remainingArgs, 0, amendedArgs, 2, parsedArgs.remainingArgs.length); } WrapperInit.execApplication(parsedArgs.invokeWith, parsedArgs.niceName, parsedArgs.targetSdkVersion, VMRuntime.getCurrentInstructionSet(), null, args); } else { ClassLoader cl = null; if (systemServerClasspath != null) { cl = new PathClassLoader(systemServerClasspath, ClassLoader.getSystemClassLoader()); Thread.currentThread().setContextClassLoader(cl); } /* * Pass the remaining arguments to SystemServer. */ RuntimeInit.zygoteInit(parsedArgs.targetSdkVersion, parsedArgs.remainingArgs, cl); } /* should never reach here */ }
因爲由Zygote進程建立的子進程會繼承Zygote進程在前面Step 4中建立的Socket文件描述符,而這裏的子進程又不會用到它,所以,這裏就調用closeServerSocket函數來關閉它。這個函數接着調用RuntimeInit.zygoteInit函數來進一步執行啓動SystemServer組件的操做。
Step 7. RuntimeInit.zygoteInit
這個函數定義在frameworks/base/core/java/com/android/internal/os/RuntimeInit.java文件中:
/** * The main function called when started through the zygote process. This * could be unified with main(), if the native code in nativeFinishInit() * were rationalized with Zygote startup.<p> * * Current recognized args: * <ul> * <li> <code> [--] <start class name> <args> * </ul> * * @param targetSdkVersion target SDK version * @param argv arg strings */ public static final void zygoteInit(int targetSdkVersion, String[] argv, ClassLoader classLoader) throws ZygoteInit.MethodAndArgsCaller { if (DEBUG) Slog.d(TAG, "RuntimeInit: Starting application from zygote"); Trace.traceBegin(Trace.TRACE_TAG_ACTIVITY_MANAGER, "RuntimeInit"); redirectLogStreams(); commonInit(); nativeZygoteInit(); applicationInit(targetSdkVersion, argv, classLoader); }
這個函數會執行兩個操做,一個是調用zygoteInitNative函數來執行一個Binder進程間通訊機制的初始化工做,這個工做完成以後,這個進程中的Binder對象就能夠方便地進行進程間通訊了,另外一個是調用上面Step 5傳進來的com.android.server.SystemServer類的main函數。
Step 8. RuntimeInit.nativeZygoteInit
這個函數定義在frameworks/base/core/java/com/android/internal/os/RuntimeInit.java文件中:
public class RuntimeInit { ...... public static final native void nativeZygoteInit(); ...... }
這裏能夠看出,函數nativeZygoteInit是一個Native函數,實如今frameworks/base/core/jni/AndroidRuntime.cpp文件中,完成這一步後,這個進程的Binder進程間通訊機制基礎設施就準備好了。
回到Step 7中的RuntimeInit.nativeZygoteInit函數,下一步它就要執行com.android.server.SystemServer類的main函數了。
Step 9. SystemServer.main
這個函數定義在frameworks/base/services/java/com/android/server/SystemServer.java文件中:
/** * The main entry point from zygote. */ public static void main(String[] args) { new SystemServer().run(); } public SystemServer() { // Check for factory test mode. mFactoryTestMode = FactoryTest.getMode(); } private void run() { // If a device's clock is before 1970 (before 0), a lot of // APIs crash dealing with negative numbers, notably // java.io.File#setLastModified, so instead we fake it and // hope that time from cell towers or NTP fixes it shortly. if (System.currentTimeMillis() < EARLIEST_SUPPORTED_TIME) { Slog.w(TAG, "System clock is before 1970; setting to 1970."); SystemClock.setCurrentTimeMillis(EARLIEST_SUPPORTED_TIME); } // If the system has "persist.sys.language" and friends set, replace them with // "persist.sys.locale". Note that the default locale at this point is calculated // using the "-Duser.locale" command line flag. That flag is usually populated by // AndroidRuntime using the same set of system properties, but only the system_server // and system apps are allowed to set them. // // NOTE: Most changes made here will need an equivalent change to // core/jni/AndroidRuntime.cpp if (!SystemProperties.get("persist.sys.language").isEmpty()) { final String languageTag = Locale.getDefault().toLanguageTag(); SystemProperties.set("persist.sys.locale", languageTag); SystemProperties.set("persist.sys.language", ""); SystemProperties.set("persist.sys.country", ""); SystemProperties.set("persist.sys.localevar", ""); } // Here we go! Slog.i(TAG, "Entered the Android system server!"); EventLog.writeEvent(EventLogTags.BOOT_PROGRESS_SYSTEM_RUN, SystemClock.uptimeMillis()); // In case the runtime switched since last boot (such as when // the old runtime was removed in an OTA), set the system // property so that it is in sync. We can't do this in // libnativehelper's JniInvocation::Init code where we already // had to fallback to a different runtime because it is // running as root and we need to be the system user to set // the property. http://b/11463182 SystemProperties.set("persist.sys.dalvik.vm.lib.2", VMRuntime.getRuntime().vmLibrary()); // Enable the sampling profiler. if (SamplingProfilerIntegration.isEnabled()) { SamplingProfilerIntegration.start(); mProfilerSnapshotTimer = new Timer(); mProfilerSnapshotTimer.schedule(new TimerTask() { @Override public void run() { SamplingProfilerIntegration.writeSnapshot("system_server", null); } }, SNAPSHOT_INTERVAL, SNAPSHOT_INTERVAL); } // Mmmmmm... more memory! VMRuntime.getRuntime().clearGrowthLimit(); // The system server has to run all of the time, so it needs to be // as efficient as possible with its memory usage. VMRuntime.getRuntime().setTargetHeapUtilization(0.8f); // Some devices rely on runtime fingerprint generation, so make sure // we've defined it before booting further. Build.ensureFingerprintProperty(); // Within the system server, it is an error to access Environment paths without // explicitly specifying a user. Environment.setUserRequired(true); // Ensure binder calls into the system always run at foreground priority. BinderInternal.disableBackgroundScheduling(true); // Prepare the main looper thread (this thread). android.os.Process.setThreadPriority( android.os.Process.THREAD_PRIORITY_FOREGROUND); android.os.Process.setCanSelfBackground(false); Looper.prepareMainLooper(); // Initialize native services. System.loadLibrary("android_servers"); // Check whether we failed to shut down last time we tried. // This call may not return. performPendingShutdown(); // Initialize the system context. createSystemContext(); // Create the system service manager. mSystemServiceManager = new SystemServiceManager(mSystemContext); LocalServices.addService(SystemServiceManager.class, mSystemServiceManager); // Start services. try { startBootstrapServices(); startCoreServices(); startOtherServices(); } catch (Throwable ex) { Slog.e("System", "******************************************"); Slog.e("System", "************ Failure starting system services", ex); throw ex; } // For debug builds, log event loop stalls to dropbox for analysis. if (StrictMode.conditionallyEnableDebugLogging()) { Slog.i(TAG, "Enabled StrictMode for system server main thread."); } // Loop forever. Looper.loop(); throw new RuntimeException("Main thread loop unexpectedly exited"); }
這裏執行完成後,層層返回,最後回到上面的Step 3中的ZygoteInit.main函數中,接下來它就要調用runSelectLoopMode函數進入一個無限循環在前面Step 4中建立的socket接口上等待ActivityManagerService請求建立新的應用程序進程了。
Step 10. ZygoteInit.runSelectLoopMode
這個函數定義在frameworks/base/core/java/com/android/internal/os/ZygoteInit.java文件中:
/** * Runs the zygote process's select loop. Accepts new connections as * they happen, and reads commands from connections one spawn-request's * worth at a time. * * @throws MethodAndArgsCaller in a child process when a main() should * be executed. */ private static void runSelectLoop(String abiList) throws MethodAndArgsCaller { ArrayList<FileDescriptor> fds = new ArrayList<FileDescriptor>(); ArrayList<ZygoteConnection> peers = new ArrayList<ZygoteConnection>(); fds.add(sServerSocket.getFileDescriptor()); peers.add(null); while (true) { StructPollfd[] pollFds = new StructPollfd[fds.size()]; for (int i = 0; i < pollFds.length; ++i) { pollFds[i] = new StructPollfd(); pollFds[i].fd = fds.get(i); pollFds[i].events = (short) POLLIN; } try { Os.poll(pollFds, -1); } catch (ErrnoException ex) { throw new RuntimeException("poll failed", ex); } for (int i = pollFds.length - 1; i >= 0; --i) { if ((pollFds[i].revents & POLLIN) == 0) { continue; } if (i == 0) { ZygoteConnection newPeer = acceptCommandPeer(abiList); peers.add(newPeer); fds.add(newPeer.getFileDesciptor()); } else { boolean done = peers.get(i).runOnce(); if (done) { peers.remove(i); fds.remove(i); } } } } }
這個函數就是在等待ActivityManagerService來鏈接這個Socket,而後調用ZygoteConnection.runOnce函數來建立新的應用程序。
這樣,Zygote進程就啓動完成了,學習到這裏,咱們終於都對Android系統中的進程有了一個深入的認識了,這裏總結一下:
1. 系統啓動時init進程會建立Zygote進程,Zygote進程負責後續Android應用程序框架層的其它進程的建立和啓動工做。
2. Zygote進程會首先建立一個SystemServer進程,SystemServer進程負責啓動系統的關鍵服務,如包管理服務PackageManagerService和應用程序組件管理服務ActivityManagerService。
3. 當咱們須要啓動一個Android應用程序時,ActivityManagerService會經過Socket進程間通訊機制,通知Zygote進程爲這個應用程序建立一個新的進程。
相關文章
- 1. Zygote及System進程啓動
- 2. Zygote和System進程的啓動過程
- 3. zygote進程啓動
- 4. Zygote進程啓動流程
- 5. zygote和system server啓動過程解析
- 6. 圖解Android - Zygote, System Server 啓動分析
- 7. Zygote啓動流程
- 8. Zygote進程就啓動初探
- 9. android進階之瞭解Zygote進程的啓動及「孵化
- 10. Zygote啓動及其做用
- 更多相關文章...
- • 啓動MySQL服務 - MySQL教程
- • SVN 啓動模式 - SVN 教程
- • Flink 數據傳輸及反壓詳解
- • 爲了進字節跳動,我精選了29道Java經典算法題,帶詳細講解
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
歡迎關注本站公眾號,獲取更多信息
