在上一篇文中介绍了Zygote进程的启动过程,我们知道,Zygote进程是Android Java世界的开创者,所有的Java应用程序进程都由Zygote进程创建。Zygote创建应用程序进程过程其实就是复制自身进程地址空间作为应用程序进程的地址空间,因此在Zygote进程中加载的类和资源都可以共享给所有由Zygote进程孵化的应用程序,应用程序进程只需加载自身私有资源就可以正常运行,Zygote进程是所有Android Java应用程序进程的父进程,Zygote进程和普通应用程序进程之间的关系正是面向对象编程语言中的继承关系,应用程序进程继承Zygote进程的所有资源,Zygote进程在启动时加载所有应用程序进程运行所需的公共资源,即应用程序运行的共性资源;由于普通应用程序有自己的特性资源,因此普通应用程序在启动时,只需要加载自身特性资源就可以了。Linux进程间这种继承关系加快了普通应用程序启动的速度,也简化了应用程序进程的创建过程。既然所有Java应用程序进程都是由Zygote进程创建,那么Android系统是如何请求Zygote进程创建一个新的应用程序进程的呢?在Zygote进程启动过程的源代码分析中,我们介绍了Zygote进程在启动过程中,会根据启动参数创建第一Java进程,它就是SystemServer进程,它是Android系统至关重要的进程,运行中Android系统的绝大部分服务。普通应用程序进程是无法直接请求Zygote进程孵化新进程的,所有的进程创建请求都是由SystemServer进程发出的。本文依据源码,详细分析SystemServer进程的启动过程。在Zygote进程进入循环监听Socket模式前,会根据Zygote启动参数来选择是否启动SystemServer进程,而Zygote进程的启动是在Android的启动脚本init.rc文件中配置的:
- service zygote /system/bin/app_process -Xzygote /system/bin --zygote --start-system-server
由于配置了参数--start-system-server,因此SystemServer进程会伴随Zygote进程的启动而启动:
frameworks\base\core\java\com\android\internal\os\ZygoteInit.java
- if (argv[1].equals("start-system-server")) {
- startSystemServer();
- } else if (!argv[1].equals("")) {
- throw new RuntimeException(argv[0] + USAGE_STRING);
- }
SystemServer虽然也是又Zygote进程孵化出来,但和普通的应用程序进程的启动方式有所不同,这里是通过调用startSystemServer()函数来启动SystemServer进程的。
frameworks\base\core\java\com\android\internal\os\ZygoteInit.java
- private static boolean startSystemServer()
- throws MethodAndArgsCaller, RuntimeException {
-
- String args[] = {
- "--setuid=1000",
- "--setgid=1000",
- "--setgroups=1001,1002,1003,1004,1005,1006,1007,1008,1009,1010,1018,3001,3002,3003,3006,3007",
- "--capabilities=130104352,130104352",
- "--runtime-init",
- "--nice-name=system_server",
- "com.android.server.SystemServer",
- };
- ZygoteConnection.Arguments parsedArgs = null;
- int pid;
- try {
-
- parsedArgs = new ZygoteConnection.Arguments(args);
-
- ZygoteConnection.applyDebuggerSystemProperty(parsedArgs);
- ZygoteConnection.applyInvokeWithSystemProperty(parsedArgs);
-
-
- pid = Zygote.forkSystemServer(
- parsedArgs.uid, parsedArgs.gid,
- parsedArgs.gids,
- parsedArgs.debugFlags,
- null,
- parsedArgs.permittedCapabilities,
- parsedArgs.effectiveCapabilities);
- } catch (IllegalArgumentException ex) {
- throw new RuntimeException(ex);
- }
-
-
- if (pid == 0) {
- handleSystemServerProcess(parsedArgs);
- }
- return true;
- }
在该函数中首先根据SystemServer进程启动参数args构造一个Arguments对象,然后调用forkSystemServer()函数创建SystemServer进程,最后调用函数handleSystemServerProcess()启动SystemServer进程,SystemServer启动参数如下:
"--setuid=1000",
"--setgid=1000",
"--setgroups=1001,1002,1003,1004,1005,1006,1007,1008,1009,1010,1018,3001,3002,3003,3006,3007",
"--capabilities=130104352,130104352",
"--runtime-init",
"--nice-name=system_server",
"com.android.server.SystemServer",
参数解析
frameworks\base\core\java\com\android\internal\os\ZygoteConnection.java
- Arguments(String args[]) throws IllegalArgumentException {
- parseArgs(args);
- }
在Arguments构造函数中直接调用parseArgs函数来解析SystemServer启动参数
属性配置
frameworks\base\core\java\com\android\internal\os\ZygoteConnection.java
- public static void applyDebuggerSystemProperty(Arguments args) {
- if ("1".equals(SystemProperties.get("ro.debuggable"))) {
- args.debugFlags |= Zygote.DEBUG_ENABLE_DEBUGGER;
- }
- }
-
- public static void applyInvokeWithSystemProperty(Arguments args) {
- if (args.invokeWith == null && args.niceName != null) {
- if (args.niceName != null) {
- String property = "wrap." + args.niceName;
- if (property.length() > 31) {
- property = property.substring(0, 31);
- }
- args.invokeWith = SystemProperties.get(property);
- if (args.invokeWith != null && args.invokeWith.length() == 0) {
- args.invokeWith = null;
- }
- }
- }
- }
创建SystemServer进程
通过调用forkSystemServer函数来创建SystemServer进程
- public static int forkSystemServer(int uid, int gid, int[] gids,
- int debugFlags, int[][] rlimits,
- long permittedCapabilities, long effectiveCapabilities) {
-
- preFork();
- int pid = nativeForkSystemServer(uid, gid, gids, debugFlags, rlimits,permittedCapabilities,effectiveCapabilities);
-
- postFork();
- return pid;
- }
该函数调用native函数nativeForkAndSpecialize来fork出systemserver进程
- native public static int nativeForkSystemServer(int uid, int gid,int[] gids, int debugFlags, int[][] rlimits,
- long permittedCapabilities, long effectiveCapabilities);
- { "nativeForkSystemServer", "(II[II[[IJJ)I", Dalvik_dalvik_system_Zygote_forkSystemServer },
根据JNI函数映射关系,最终会调用C++的Dalvik_dalvik_system_Zygote_forkSystemServer函数,在dalvik_system_Zygote.c文件中实现:
- static void Dalvik_dalvik_system_Zygote_forkSystemServer(const u4* args, JValue* pResult)
- {
- pid_t pid;
-
- pid = forkAndSpecializeCommon(args, true);
-
-
- if (pid > 0) {
- int status;
- ALOGI("System server process %d has been created", pid);
- gDvm.systemServerPid = pid;
-
-
-
-
- if (waitpid(pid, &status, WNOHANG) == pid) {
- ALOGE("System server process %d has died. Restarting Zygote!", pid);
-
- sleep(15);
-
- #ifdef HOST_DALVIK
- reboot(RB_AUTOBOOT);
- #else
- android_reboot(ANDROID_RB_RESTART2, 0, (char *)"special-systemserver-died");
- #endif
- }
- }
- RETURN_INT(pid);
- }
真正创建进程的核心函数:
- static pid_t forkAndSpecializeCommon(const u4* args, bool isSystemServer)
- {
- ..........
- pid = fork();
-
- if (pid == 0) {
-
-
- } else if (pid > 0) {
-
- }
- return pid;
- }
创建好SystemServer进程后,继续调用preFork()来启动后台线程
- private static void postFork() {
- Daemons.start();
- }
libcore\luni\src\main\java\java\lang\Daemons.java
- public static void start() {
-
- ReferenceQueueDaemon.INSTANCE.start();
-
- FinalizerDaemon.INSTANCE.start();
-
- FinalizerWatchdogDaemon.INSTANCE.start();
- }
运行SystemServer进程
新创建的SystemServer进程会执行handleSystemServerProcess函数,来完成自己的使命。
- private static void handleSystemServerProcess(ZygoteConnection.Arguments parsedArgs)
- throws ZygoteInit.MethodAndArgsCaller {
-
- closeServerSocket();
-
- FileUtils.setUMask(FileUtils.S_IRWXG | FileUtils.S_IRWXO);
-
- if (parsedArgs.niceName != null) {
- Process.setArgV0(parsedArgs.niceName);
- }
- if (parsedArgs.invokeWith != null) {
- WrapperInit.execApplication(parsedArgs.invokeWith,
- parsedArgs.niceName, parsedArgs.targetSdkVersion,
- null, parsedArgs.remainingArgs);
- } else {
-
-
- RuntimeInit.zygoteInit(parsedArgs.targetSdkVersion, parsedArgs.remainingArgs);
- }
- }
由于由Zygote进程创建的子进程都会继承Zygote进程在前面创建的Socket文件描述符,而这里的SystemServer进程又不会用到它,因此,这里就调用closeServerSocket函数来关闭它。这个函数接着调用RuntimeInit.zygoteInit函数来进一步执行启动SystemServer
frameworks\base\core\java\com\android\internal\os\RuntimeInit.java
- public static final void zygoteInit(int targetSdkVersion, String[] argv)
- throws ZygoteInit.MethodAndArgsCaller {
- if (DEBUG) Slog.d(TAG, "RuntimeInit: Starting application from zygote");
-
- redirectLogStreams();
-
- commonInit();
-
- nativeZygoteInit();
-
- applicationInit(targetSdkVersion, argv);
- }
1. 初始化Log输出流
-
-
-
- public static void redirectLogStreams() {
- System.out.close();
- System.setOut(new AndroidPrintStream(Log.INFO, "System.out"));
- System.err.close();
- System.setErr(new AndroidPrintStream(Log.WARN, "System.err"));
- }
2.初始化运行环境
- private static final void commonInit() {
- if (DEBUG) Slog.d(TAG, "Entered RuntimeInit!");
-
-
- Thread.setDefaultUncaughtExceptionHandler(new UncaughtHandler());
-
-
-
-
- TimezoneGetter.setInstance(new TimezoneGetter() {
- @Override
- public String getId() {
- return SystemProperties.get("persist.sys.timezone");
- }
- });
- TimeZone.setDefault(null);
-
-
-
-
-
-
-
-
- LogManager.getLogManager().reset();
- new AndroidConfig();
-
-
-
-
- String userAgent = getDefaultUserAgent();
- System.setProperty("http.agent", userAgent);
-
-
-
-
- NetworkManagementSocketTagger.install();
-
-
-
-
-
-
-
- String trace = SystemProperties.get("ro.kernel.android.tracing");
- if (trace.equals("1")) {
- Slog.i(TAG, "NOTE: emulator trace profiling enabled");
- Debug.enableEmulatorTraceOutput();
- }
-
- initialized = true;
- }
3.启动Binder线程池
frameworks\base\core\jni\AndroidRuntime.cpp
- static void com_android_internal_os_RuntimeInit_nativeZygoteInit(JNIEnv* env, jobject clazz)
- {
- gCurRuntime->onZygoteInit();
- }
frameworks\base\cmds\app_process\App_main.cpp
- virtual void onZygoteInit()
- {
- sp<ProcessState> proc = ProcessState::self();
- ALOGV("App process: starting thread pool.\n");
- proc->startThreadPool();
- }
关于Binder线程池的启动过程请参考Android应用程序启动Binder线程源码分析
4.调用进程入口函数
- static void invokeStaticMain(ClassLoader loader,
- String className, String[] argv)
- throws ZygoteInit.MethodAndArgsCaller {
-
- Class<?> cl;
- try {
- cl = loader.loadClass(className);
- } catch (ClassNotFoundException ex) {
- throw new RuntimeException("Missing class when invoking static main " + className,
- ex);
- }
-
- Method m;
- try {
- m = cl.getMethod("main", new Class[] { String[].class });
- } catch (NoSuchMethodException ex) {
- throw new RuntimeException("Missing static main on " + className, ex);
- } catch (SecurityException ex) {
- throw new RuntimeException("Problem getting static main on " + className, ex);
- }
-
- int modifiers = m.getModifiers();
-
- if (! (Modifier.isStatic(modifiers) && Modifier.isPublic(modifiers))) {
- throw new RuntimeException("Main method is not public and static on " + className);
- }
-
-
-
-
-
-
- throw new ZygoteInit.MethodAndArgsCaller(m, argv);
- }
抛出MethodAndArgsCaller异常,并在ZygoteInit.main()函数中捕获该异常,这样就可以清除应用程序进程创建过程的调用栈,将应用程序启动的入口函数设置为SystemServer.main()
frameworks\base\core\java\com\android\internal\os\ZygoteInit.java
- public static void main(String argv[]) {
- try {
- ...
-
- } catch (MethodAndArgsCaller caller) {
- caller.run();
- } catch (RuntimeException ex) {
- Log.e(TAG, "Zygote died with exception", ex);
- closeServerSocket();
- throw ex;
- }
- }
在该函数里,捕获了MethodAndArgsCaller异常,并调用MethodAndArgsCaller类的run()方法来处理异常
- public static class MethodAndArgsCaller extends Exception implements Runnable {
- public void run() {
- try {
- mMethod.invoke(null, new Object[] { mArgs });
- } catch (IllegalAccessException ex) {
- throw new RuntimeException(ex);
- } catch (InvocationTargetException ex) {
- Throwable cause = ex.getCause();
- if (cause instanceof RuntimeException) {
- throw (RuntimeException) cause;
- } else if (cause instanceof Error) {
- throw (Error) cause;
- }
- throw new RuntimeException(ex);
- }
- }
- }
这里通过反射机制调用SystemServer类的main函数
frameworks\base\services\java\com\android\server\SystemServer.java
- public static void main(String[] args) {
- if (System.currentTimeMillis() < EARLIEST_SUPPORTED_TIME) {
-
-
-
-
-
- Slog.w(TAG, "System clock is before 1970; setting to 1970.");
- SystemClock.setCurrentTimeMillis(EARLIEST_SUPPORTED_TIME);
- }
-
- if (SamplingProfilerIntegration.isEnabled()) {
- SamplingProfilerIntegration.start();
- timer = new Timer();
- timer.schedule(new TimerTask() {
- @Override
- public void run() {
- SamplingProfilerIntegration.writeSnapshot("system_server", null);
- }
- }, SNAPSHOT_INTERVAL, SNAPSHOT_INTERVAL);
- }
-
- dalvik.system.VMRuntime.getRuntime().clearGrowthLimit();
-
-
- VMRuntime.getRuntime().setTargetHeapUtilization(0.8f);
-
- System.loadLibrary("android_servers");
-
- init1(args);
- }
SystemServer类的main函数是SystemServer进程的入口函数,在该函数里,首先加载libandroid_servers.so库,然后调用init1启动native相关服务
frameworks\base\services\jni\com_android_server_SystemServer.cpp
- static void android_server_SystemServer_init1(JNIEnv* env, jobject clazz)
- {
- system_init();
- }
frameworks\base\cmds\system_server\library\system_init.cpp
- extern "C" status_t system_init()
- {
- ALOGI("Entered system_init()");
- sp<ProcessState> proc(ProcessState::self());
- sp<IServiceManager> sm = defaultServiceManager();
- ALOGI("ServiceManager: %p\n", sm.get());
-
- sp<GrimReaper> grim = new GrimReaper();
- sm->asBinder()->linkToDeath(grim, grim.get(), 0);
-
- char propBuf[PROPERTY_VALUE_MAX];
- property_get("system_init.startsurfaceflinger", propBuf, "1");
- if (strcmp(propBuf, "1") == 0) {
-
- SurfaceFlinger::instantiate();
- }
-
- property_get("system_init.startsensorservice", propBuf, "1");
- if (strcmp(propBuf, "1") == 0) {
-
- SensorService::instantiate();
- }
-
-
-
-
-
-
-
- ALOGI("System server: starting Android runtime.\n");
- AndroidRuntime* runtime = AndroidRuntime::getRuntime();
-
- ALOGI("System server: starting Android services.\n");
- JNIEnv* env = runtime->getJNIEnv();
- if (env == NULL) {
- return UNKNOWN_ERROR;
- }
-
- jclass clazz = env->FindClass("com/android/server/SystemServer");
- if (clazz == NULL) {
- return UNKNOWN_ERROR;
- }
- jmethodID methodId = env->GetStaticMethodID(clazz, "init2", "()V");
- if (methodId == NULL) {
- return UNKNOWN_ERROR;
- }
- env->CallStaticVoidMethod(clazz, methodId);
-
- ALOGI("System server: entering thread pool.\n");
- ProcessState::self()->startThreadPool();
- IPCThreadState::self()->joinThreadPool();
- ALOGI("System server: exiting thread pool.\n");
- return NO_ERROR;
- }
在该函数里,通过JNI调用SystemServer类中的init2函数进一步启动Android系统中的Java服务,然后将SystemServer进程的主线程注册到Binder线程池中
frameworks\base\services\java\com\android\server\SystemServer.java
- public static final void init2() {
- Slog.i(TAG, "Entered the Android system server!");
-
- Thread thr = new ServerThread();
- thr.setName("android.server.ServerThread");
- thr.start();
- }
这里通过启动一个名为android.server.ServerThread的线程来启动Android系统服务
frameworks\base\services\java\com\android\server\SystemServer$ServerThread
- public void run() {
- EventLog.writeEvent(EventLogTags.BOOT_PROGRESS_SYSTEM_RUN,SystemClock.uptimeMillis());
- Looper.prepare();
-
- android.os.Process.setThreadPriority(android.os.Process.THREAD_PRIORITY_FOREGROUND);
- BinderInternal.disableBackgroundScheduling(true);
- android.os.Process.setCanSelfBackground(false);
- ....
- ServiceManager.addService("entropy", new EntropyMixer());
- ServiceManager.addService(Context.POWER_SERVICE, power);
- ServiceManager.addService("security", security);
- ServiceManager.addService("telephony.registry",new TelephonyRegistry(context, 0));
- ServiceManager.addService(Context.SCHEDULING_POLICY_SERVICE,new SchedulingPolicyService());
- ....
-
- (new Thread(new WakelockMonitor(power))).start();
-
-
- if (StrictMode.conditionallyEnableDebugLogging()) {
- Slog.i(TAG, "Enabled StrictMode for system server main thread.");
- }
- Looper.loop();
- Slog.d(TAG, "System ServerThread is exiting!");
- }
在run函数中启动并注册Java中的各种Service。至此SystemServer进程启动过程分析完毕!启动过程序列图如下所示: