android 开机启动流程分析(12)SystemServer启动分析
阅读原文时间:2021年04月23日阅读:1

该系列文章总纲链接:专题分纲目录 android 开机启动流程分析


本章关键点总结 & 说明:

这里因为整体的导图太大,因此截取一部分 ,方便大家看的清楚:

同时,下面的图是开机启动流程分析 持续迭代的效果,可放大观看。

说明:思维导图是基于之前文章不断迭代的,本章内容我们关注➕"启动SystemServer ->SS"部分即可

1 SS创建

1.1 SS fork进程

SystemServer的进程名实际上叫system_server(后简称为SS)。SS是由Zygote通过Zygote.forkSystemServer函数fork诞生出来的。forkSystemServer的实现(java部分)代码如下:

public static int forkSystemServer(int uid, int gid, int[] gids, int debugFlags,
        int[][] rlimits, long permittedCapabilities, long effectiveCapabilities) {
    VM_HOOKS.preFork();
    /**
     nativeForkSystemServer{java->native调用关联}
     ->com_android_internal_os_Zygote_nativeForkSystemServer//接下来关键分析该方法
     */
    int pid = nativeForkSystemServer(
            uid, gid, gids, debugFlags, rlimits, permittedCapabilities, effectiveCapabilities);
    VM_HOOKS.postForkCommon();
    return pid;
}

native层对应实现方法com_android_internal_os_Zygote_nativeForkSystemServer,代码如下:

static jint com_android_internal_os_Zygote_nativeForkSystemServer(JNIEnv* env, jclass, uid_t uid, gid_t gid, jintArray gids,
        jint debug_flags, jobjectArray rlimits, jlong permittedCapabilities,jlong effectiveCapabilities) {
  //根据传递的参数,fork一个子进程
    pid_t pid = ForkAndSpecializeCommon(env, uid, gid, gids,debug_flags, rlimits,permittedCapabilities, effectiveCapabilities,
                                        MOUNT_EXTERNAL_NONE, NULL, NULL, true, NULL,NULL, NULL);
    if (pid > 0) {
        gSystemServerPid = pid;    //保存system_server的进程id
        int status;
        if (waitpid(pid, &status, WNOHANG) == pid) {    //函数退出前须先检查刚创建的子进程是否退出了
            RuntimeAbort(env);    //如果system_server退出了,Zygote直接干掉了自己
        }
    }
    return pid;
}

继续分析ForkAndSpecializeCommon,实现如下:

static pid_t ForkAndSpecializeCommon(JNIEnv* env, uid_t uid, gid_t gid,...) {
    uint64_t start = MsTime();
    /**
      SetSigChldHandler
      ->sigaction(SIGCHLD, &sa, NULL);//设置信号处理函数sigchldHandler
      {该信号是子进程死亡的信号,进程死亡会执行对应的信号处理函数}
      -->sigchldHandler处理信号{
        while ((pid = waitpid(-1, &status, WNOHANG)) > 0) {
            ...
            if (pid == gSystemServerPid) {//如果死去的子进程是SS,则Zygote把自己也杀死了
                kill(getpid(), SIGKILL);
            }
        }
      }
     */
    SetSigChldHandler();
    ckTime(start, "ForkAndSpecializeCommon:SetSigChldHandler");
    pid_t pid = fork();
    if (pid == 0) {//子进程初始化操作
        //对子进程要根据传入的参数做一些处理,例如设置进程名,设置各种id(用户id,组id等)
        ...
    } else if (pid > 0) {
        //父进程相关操作
        ...
    }
    return pid;//注意,这里也意味着有两个返回值
}

1.2 SystemServer创建过程

SS创建后,便和生父Zygote分开处理,它有了自己的历史使命。
startSystemServer中在子进程SS中最关键调用为handleSystemServerProcess来承担自己的职责。代码实现如下:

//startSystemServer->handleSystemServerProcess
private static void handleSystemServerProcess(ZygoteConnection.Arguments parsedArgs) throws ZygoteInit.MethodAndArgsCaller {
    closeServerSocket();//因为当前已经不是运行在zygote进程里了,所以zygote里的那个监听socket就应该关闭了
    // set umask to 0077 so new files and directories will default to owner-only permissions.
    Os.umask(S_IRWXG | S_IRWXO);
    if (parsedArgs.niceName != null) {
        Process.setArgV0(parsedArgs.niceName);//设置进程名为niceName,也就是"system_server"
    }
    final String systemServerClasspath = Os.getenv("SYSTEMSERVERCLASSPATH");
    if (systemServerClasspath != null) {
        performSystemServerDexOpt(systemServerClasspath);
    }
    if (parsedArgs.invokeWith != null) {
        String[] args = parsedArgs.remainingArgs;
        if (systemServerClasspath != null) {
            String[] amendedArgs = new String[args.length + 2];
            amendedArgs[0] = "-cp";
            amendedArgs[1] = systemServerClasspath;
            System.arraycopy(parsedArgs.remainingArgs, 0, amendedArgs, 2, parsedArgs.remainingArgs.length);
        }
        //设置SS进程的一些参数
        WrapperInit.execApplication(parsedArgs.invokeWith,parsedArgs.niceName, parsedArgs.targetSdkVersion,null, args);
    } else {
        ClassLoader cl = null;
        if (systemServerClasspath != null) {
            cl = new PathClassLoader(systemServerClasspath, ClassLoader.getSystemClassLoader());
            Thread.currentThread().setContextClassLoader(cl);
        }
        //调用ZygoteInit函数
        RuntimeInit.zygoteInit(parsedArgs.targetSdkVersion, parsedArgs.remainingArgs, cl);
    }
}

SS走到RuntimeInit了,它的代码实现如下所示:

public static final void zygoteInit(int targetSdkVersion, String[] argv, ClassLoader classLoader)
        throws ZygoteInit.MethodAndArgsCaller {
    redirectLogStreams();//重定向Log输出流。
    commonInit();//做一些常规初始化。{时区,网络,日志}
    nativeZygoteInit();//native层的初始化,关键点1
    applicationInit(targetSdkVersion, argv, classLoader);//应用初始化,关键点2
}

 1.2.1 nativeZygoteInit的调用栈,代码实现如下:

/**
  nativeZygoteInit{java->native调用关联}
  ->com_android_internal_os_RuntimeInit_nativeZygoteInit
  -->gCurRuntime->onZygoteInit();//app_process的main函数中的runtime
  {gCurRuntime类型为AppRuntime,由于SS是从Zygote fork出来的,所以它拥有Zygote进程的gCurRuntime}
  {AppRuntime继承AndroidRuntime,初始化时会执行gCurRuntime = this;的操作,即gCurRuntime被设置为AndroidRuntime对象自己}
*/

分析gCurRuntime->onZygoteInit()的实现(定要在App_main.cpp中)如下:

virtual void onZygoteInit()
{
    //这些和Binder有关系
    sp<ProcessState> proc = ProcessState::self();
    proc->startThreadPool();/启动一个线程,用于Binder通信。
}

SS调用zygoteInitNative后,将和Binder通信系统建立联系,这样SS就能够使用Binder了。 
1.2.2 applicationInit的分析,代码实现如下:

private static void applicationInit(int targetSdkVersion, 
        String[] argv, ClassLoader classLoader)
        throws ZygoteInit.MethodAndArgsCaller {
    nativeSetExitWithoutCleanup(true);
    VMRuntime.getRuntime().setTargetHeapUtilization(0.75f);
    VMRuntime.getRuntime().setTargetSdkVersion(targetSdkVersion);
    final Arguments args;
    args = new Arguments(argv);
    ...//异常处理
    //这里注意:startClass名为"com.android.server.SystemServer"
    invokeStaticMain(args.startClass,args.startArgs, classLoader);
}

这里分析关键代码invokeStaticMain,实现如下:

private static void invokeStaticMain(String className, String[] argv, ClassLoader classLoader) throws ZygoteInit.MethodAndArgsCaller {
    //注意我们的参数,className为"com.android.server.SystemServer"
    Class<?> cl = Class.forName(className, true, classLoader);
    ...//异常处理
    //找到com.android.server.SystemServer类的main函数,肯定有地方要调用它
    Method m;        
    m = cl.getMethod("main", new Class[] { String[].class });

    int modifiers = m.getModifiers();
    if (! (Modifier.isStatic(modifiers) && Modifier.isPublic(modifiers))) {
        throw new RuntimeException("Main method is not public and static on " + className);
    }
    //抛出一个异常,为什么不在这里直接调用上面的main函数呢?后面会给出答案
    throw new ZygoteInit.MethodAndArgsCaller(m, argv);
}

invokeStaticMain竟然抛出了一个异常,它是在ZygoteInit的main函数中截获。

代码如下(注意:我们所在的进程是system_server):

 ... 
    //接着ZygoteInit中第5个关键点继续分析
    ...
         if (startSystemServer) { //我们传入的参数满足if分支,这里是可能抛出异常的
             startSystemServer(abiList, socketName);//该方法最后抛出一个异常MethodAndArgsCaller
         }
    ...
     } catch (MethodAndArgsCaller caller) {
         /**
          caller的run方法
          mMethod.invoke(null, new Object[] { mArgs });
          {mMethod为com.android.server.SystemServer的main函数}
          {抛出的这个异常最后会导致com.android.server.SystemServer类的main函数被调用}
         */
         caller.run();    //关键点5,被截获,调用caller的run函数
     } catch (RuntimeException ex) {
         Log.e(TAG, "Zygote died with exception", ex);
         closeServerSocket();
         throw ex;
     }

说明:

  1. 父进程Zygote在fork动作后,会退出startSystemServer()函数,并走到runSelectLoop(),从而进入一种循环监听状态,每当AMS向它发出“启动新应用进程”的命令时,它又会fork一个子进程,并在子进程里抛出一个异常,这样还是会跳转到catch这里。
  2. fork出的SystemServer进程在跳转到catch语句后,会执行SystemServer类的main()函数,而其他情况下,fork出的应用进程在跳转的catch语句后,则会执行ActivityThread类的main()函数。这个ActivityThread对于应用程序而言非常重要
  3. 为什么不在invokeStaticMain那里直接调用,而是采用这种抛异常的方式?这是因为:这个调用是在ZygoteInit.main中,相当于Native的main函数,即入口函数,位于堆栈的顶层。如果不采用抛异常的方式,而是在invokeStaticMain那里调用,则会浪费之前函数调用所占用的一些调用堆栈。这是从效率上来考虑的(由于是系统层的设计,一点点的效率都不可以忽视)

整个过程目的:ZygoteInit分裂产生的SS,其实就是为了调用com.android.server.SystemServer的main函数。

2 SS启动

这里直接查看run的实现,代码如下:

//main->new SystemServer().run();
private void run() {
    ...// 检测时间设置
    ...// 启动性能分析采样
    ...
    // Within the system server, it is an error to access Environment paths without explicitly specifying a user.
    Environment.setUserRequired(true);
    // Ensure binder calls into the system always run at foreground priority.
    BinderInternal.disableBackgroundScheduling(true);
    // Prepare the main looper thread (this thread).
    android.os.Process.setThreadPriority(android.os.Process.THREAD_PRIORITY_FOREGROUND);
    ...
    Looper.prepareMainLooper();    //准备主线程循环
    // Initialize native services.
    System.loadLibrary("android_servers"); //加载libandroid_servers.so,源码在framework/base/services/jni下。
    nativeInit();//调用native函数,关键点1
    ...
    performPendingShutdown();// Check whether we failed to shut down last time we tried.This call may not return.
    createSystemContext();//初始化系统上下文,关键点2
    // Create the system service manager.
    mSystemServiceManager = new SystemServiceManager(mSystemContext);
    LocalServices.addService(SystemServiceManager.class, mSystemServiceManager);
    // 启动服务
    try {
        startBootstrapServices();//启动BootStrap相关服务,关键点3
        startCoreServices();//启动核心服务,关键点4
        startOtherServices();//启动其他服务,关键点5
    } catch (Throwable ex) {           /// M: RecoveryManagerService  @{
        if (mRecoveryManagerService != null && ex instanceof RuntimeException) {
            mRecoveryManagerService.handleException((RuntimeException)ex, true);
        }
    }
    ...
    addBootEvent(new String("Android:SysServerInit_END"));
    // Loop forever.
    Looper.loop();// 启动线程循环,等待消息处理
    throw new RuntimeException("Main thread loop unexpectedly exited");//不应该执行到这里
}

2.1 native_init调用栈如下:

/**
  nativeInit{java->native调用关联}
  ->android_server_SystemServer_nativeInit
  -->property_get("system_init.startsensorservice", propBuf, "1");
  -->if (strcmp(propBuf, "1") == 0){SensorService::instantiate();}
  {通过属性确定SensorService是否启动}
 */

2.2 关注createSystemContext,代码实现如下:

private void createSystemContext() {
    ActivityThread activityThread = ActivityThread.systemMain();
    mSystemContext = activityThread.getSystemContext();
    mSystemContext.setTheme(android.R.style.Theme_DeviceDefault_Light_DarkActionBar);
}

这里主要就是初始化mSystemContext成员变量。
2.3 启动各种各样的服务 2.3.1 startBootstrapServices();//引导服务,使系统可以正常工作的必要服务,这些服务具有复杂的相互依赖性

private void startBootstrapServices() {
    //服务必须提前加载的原因
    //installd完成启动它才有一个机会用适当的方法创建关键的目录,如数据/用户权限。
    Installer installer = mSystemServiceManager.startService(Installer.class);
    //AMS是核心显示相关
    mActivityManagerService = mSystemServiceManager.startService(
            ActivityManagerService.Lifecycle.class).getService();
    mActivityManagerService.setSystemServiceManager(mSystemServiceManager);
    mActivityManagerService.setInstaller(installer);
    //PowerMS很多服务需要使用它,被native daemon监听并很快处理binder回调
    mPowerManagerService = mSystemServiceManager.startService(PowerManagerService.class);
    //AMS关联PowerMS
    mActivityManagerService.initPowerManagement();
    //为PackageMS初始化准备
    mDisplayManagerService = mSystemServiceManager.startService(DisplayManagerService.class);
    mSystemServiceManager.startBootPhase(SystemService.PHASE_WAIT_FOR_DEFAULT_DISPLAY);
    // Only run "core" apps if we're encrypting the device.
    String cryptState = SystemProperties.get("vold.decrypt");
    if (ENCRYPTING_STATE.equals(cryptState)) {
        Slog.w(TAG, "Detected encryption in progress - only parsing core apps");
        mOnlyCore = true;
    } else if (ENCRYPTED_STATE.equals(cryptState)) {
        Slog.w(TAG, "Device encrypted - only parsing core apps");
        mOnlyCore = true;
    }
    //PackageMS启动初始化
    mPackageManagerService = PackageManagerService.main(mSystemContext, installer,
            mFactoryTestMode != FactoryTest.FACTORY_TEST_OFF, mOnlyCore);
    mFirstBoot = mPackageManagerService.isFirstBoot();
    mPackageManager = mSystemContext.getPackageManager();
    ServiceManager.addService(Context.USER_SERVICE, UserManagerService.getInstance());
    //用attribute cache来初始化packages的cache resources
    AttributeCache.init(mSystemContext);
    //为系统进程设置应用程序实例且启动
    mActivityManagerService.setSystemProcess();
}

2.3.2 startCoreServices();     //核心服务,启动一些不在引导过程中的一些基本服务。

private void startCoreServices() {
    // Manages LEDs and display backlight.
    mSystemServiceManager.startService(LightsService.class);
    // Tracks the battery level.  Requires LightService.
    mSystemServiceManager.startService(BatteryService.class);
    // Tracks application usage stats.
    mSystemServiceManager.startService(UsageStatsService.class);
    mActivityManagerService.setUsageStatsManager(
            LocalServices.getService(UsageStatsManagerInternal.class));

    // Update after UsageStatsService is available, needed before performBootDexOpt.
    mPackageManagerService.getUsageStatsIfNoPackageUsageInfo();
    // Tracks whether the updatable WebView is in a ready state and watches for update installs.
    mSystemServiceManager.startService(WebViewUpdateService.class);
}

2.3.3 startOtherServices();    //其他服务,一般添加服务都在这里添加{所有其他的java系统服务都在这里启动}

private void startOtherServices() {
    final Context context = mSystemContext;
    AccountManagerService accountManager = null;
    ...
    AudioService audioService = null;
    MmsServiceBroker mmsService = null;
    ...
    try {
        Slog.i(TAG, "Reading configuration...");
        SystemConfig.getInstance();
        Slog.i(TAG, "Scheduling Policy");
        ServiceManager.addService("scheduling_policy", new SchedulingPolicyService());
        mSystemServiceManager.startService(TelecomLoaderService.class);
    ...
    try {
        wm.displayReady();
    } catch (Throwable e) {
        reportWtf("making display ready", e);
    }
    ...
    mActivityManagerService.systemReady(new Runnable() {
        @Override
        public void run() {
            Slog.i(TAG, "Making services ready");
            mSystemServiceManager.startBootPhase(
                    SystemService.PHASE_ACTIVITY_MANAGER_READY);
            ...
            try {
                mActivityManagerService.startObservingNativeCrashes();
            } catch (Throwable e) {
                reportWtf("observing native crashes", e);
            }
            ...
        }
    });
}

2.4 总结
在这个run方法中,主要完成三件事情:

  1. 创建system context和system service manager
  2. 启动一些系统服务
  3. 进入主线程消息循环。

2.5 SS整体总结

    Zygote调用startSystemServer创建system_server进程
&nbsp; &nbsp; SS调用handleSystemServerProcess完成自己的使命
&nbsp; &nbsp; handleSystemServerProcess抛出异常,最终调用com.android.server.SystemServer的main函数
&nbsp; &nbsp; main加载libandroid_server.so并调用native_init方法
&nbsp; &nbsp; 在后面的3个关键方法中,启动一些系统服务
&nbsp; &nbsp; &nbsp; &nbsp; startBootstrapServices();
&nbsp; &nbsp; &nbsp; &nbsp; startCoreServices();
&nbsp; &nbsp; &nbsp; &nbsp; startOtherServices();
&nbsp; &nbsp; 进入消息循环,等待请求

说明:启动系统各项服务,Java世界的核心Service都在这里启动,所以它非常重要。

手机扫一扫

移动阅读更方便

阿里云服务器
腾讯云服务器
七牛云服务器

你可能感兴趣的文章