SystemServer启动流程

基于Android U。

SystemServer进程是Android系统中的核心进程,由Zygote进程fork出。

在SystemServer进程中,启动了很多关键的服务,如AMS、PMS、WMS等,还启动出了WatchDog,用于监测系统服务。

创建SystemServer

forkSystemServer

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
/frameworks/base/core/java/com/android/internal/os/ZygoteInit.java
private static Runnable forkSystemServer(String abiList, String socketName,
        ZygoteServer zygoteServer) {
    // 配置进程的能力集
    long capabilities = posixCapabilitiesAsBits(
            OsConstants.CAP_IPC_LOCK,
            OsConstants.CAP_KILL,
            OsConstants.CAP_NET_ADMIN,
            OsConstants.CAP_NET_BIND_SERVICE,
            OsConstants.CAP_NET_BROADCAST,
            OsConstants.CAP_NET_RAW,
            OsConstants.CAP_SYS_MODULE,
            OsConstants.CAP_SYS_NICE,
            OsConstants.CAP_SYS_PTRACE,
            OsConstants.CAP_SYS_TIME,
            OsConstants.CAP_SYS_TTY_CONFIG,
            OsConstants.CAP_WAKE_ALARM,
            OsConstants.CAP_BLOCK_SUSPEND
    );
    
    ...

    // 创建args数组,用来保存启动SystemServer的启动参数
    String[] args = {
            "--setuid=1000",
            "--setgid=1000",
            "--setgroups=1001,1002,1003,1004,1005,1006,1007,1008,1009,1010,1018,1021,1023,"
                    + "1024,1032,1065,3001,3002,3003,3005,3006,3007,3009,3010,3011,3012",
            "--capabilities=" + capabilities + "," + capabilities,
            "--nice-name=system_server",
            "--runtime-args",
            "--target-sdk-version=" + VMRuntime.SDK_VERSION_CUR_DEVELOPMENT,
            "com.android.server.SystemServer",
    };
    ZygoteArguments parsedArgs;

    int pid;

    try {
        ...

        // JNI调用nativeForkSystemServer()函数,派生出SystemServer进程
        pid = Zygote.forkSystemServer(
                parsedArgs.mUid, parsedArgs.mGid,
                parsedArgs.mGids,
                parsedArgs.mRuntimeFlags,
                null,
                parsedArgs.mPermittedCapabilities,
                parsedArgs.mEffectiveCapabilities);
    } catch (IllegalArgumentException ex) {
        throw new RuntimeException(ex);
    }

    // 当前代码逻辑运行在子进程(SystemServer)
    if (pid == 0) {
        if (hasSecondZygote(abiList)) {
            waitForSecondaryZygote(socketName);
        }
        // 销毁zygoteServer,保留和AMS通信的socket(runSelectLoop)
        // 当SystemServer创建过后,zygoteServerSocket就没有用处了,进行关闭
        zygoteServer.closeServerSocket();
        // 处理SystemServer进程初始化工作并启动SystemServer进程
        // 启动了一个binder线程池供SystemServer进程和其他进程通信使用
        // 最后调用RuntimeInit.applicationInit()执行进程启动自身初始化工作
        // applicationInit()最后是通过反射调用了SystemServer.java中的main()工作
        return handleSystemServerProcess(parsedArgs);
    }

    return null;
}

handleSystemServerProcess()

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
/frameworks/base/core/java/com/android/internal/os/ZygoteInit.java
private static Runnable handleSystemServerProcess(ZygoteArguments parsedArgs) {
    ...

    if (parsedArgs.mNiceName != null) {
        // 设置进程名字为niceName: system_server
        Process.setArgV0(parsedArgs.mNiceName);
    }

    // /system/framework/services.jar
    // /system/framework/ethernet-service.jar
    // /system/framework/wifi-service.jar
    // /system/framework/com.android.location.provider.jar
    final String systemServerClasspath = Os.getenv("SYSTEMSERVERCLASSPATH");
    ...

    if (parsedArgs.mInvokeWith != null) {
        
        ...
            
    } else {
        // 创建类加载器并赋予当前线程
        ClassLoader cl = getOrCreateSystemServerClassLoader();
        if (cl != null) {
            Thread.currentThread().setContextClassLoader(cl);
        }

        // 将剩余参数'com.android.server.SystemServer'传入zygoteInit
        return ZygoteInit.zygoteInit(parsedArgs.mTargetSdkVersion,
                parsedArgs.mDisabledCompatChanges,
                parsedArgs.mRemainingArgs, cl);
    }

    /* should never reach here */
}

zygoteInit()

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
/frameworks/base/core/java/com/android/internal/os/ZygoteInit.java
public static Runnable zygoteInit(int targetSdkVersion, 
        long[] disabledCompatChanges,
        String[] argv, ClassLoader classLoader) {
    ...

    Trace.traceBegin(Trace.TRACE_TAG_ACTIVITY_MANAGER, "ZygoteInit");
    // 初始化Android Log输出流,重定向System.out和System.err到Android Log
    RuntimeInit.redirectLogStreams();

    // 初始化通用的运行环境,如设置默认的未捕捉异常的Handler,设置时区,重置Log配置等
    RuntimeInit.commonInit();
    // 通过JNI初始化Zygote
    ZygoteInit.nativeZygoteInit();
    
    // 应用初始化
    return RuntimeInit.applicationInit(targetSdkVersion, disabledCompatChanges, 		argv, classLoader);
}

applicationInit()

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
/frameworks/base/core/java/com/android/internal/os/RuntimeInit.java
protected static Runnable applicationInit(int targetSdkVersion, long[] disabledCompatChanges,
        String[] argv, ClassLoader classLoader) {
    // 设置关闭应用程序是否调用AppRuntime.onExit()
    nativeSetExitWithoutCleanup(true);

    VMRuntime.getRuntime().setTargetSdkVersion(targetSdkVersion);
    VMRuntime.getRuntime().setDisabledCompatChanges(disabledCompatChanges);

    final Arguments args = new Arguments(argv);

    // The end of of the RuntimeInit event (see #zygoteInit).
    Trace.traceEnd(Trace.TRACE_TAG_ACTIVITY_MANAGER);

    // 调用findStaticMain()反射获取到SystemServer的main方法
    return findStaticMain(args.startClass, args.startArgs, classLoader);
}

findStaticMain()

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
/frameworks/base/core/java/com/android/internal/os/RuntimeInit.java
protected static Runnable findStaticMain(String className, String[] argv,
        ClassLoader classLoader) {
    Class<?> cl;

    try {
        // 反射得到SystemServer类
        cl = Class.forName(className, true, classLoader);
    } catch (ClassNotFoundException ex) {
        ...
    }

    Method m;
    try {
        // 反射获取SystemServer.main()方法
        m = cl.getMethod("main", new Class[] { String[].class });
    } catch (NoSuchMethodException ex) {
        ...
    } catch (SecurityException ex) {
        ...
    }

    ...

    return new MethodAndArgsCaller(m, argv);
}

此处的作用是先反射得到SystemServer类并获取其main()方法,将其传给MethodAndArgsCaller()并返回。MethodAndArgsCaller()是一个Runnale实现类,其run()方法里反射调用传进去的Method,在这里就是SystemServer.main()方法,最后run()在ZygoteInit.main()中调用。

解析SystemServer

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
/frameworks/base/core/java/com/android/server/SystemServer.java
public static void main(String[] args) {
    new SystemServer().run();
}

private void run() {
    ...
    try {      
        ...
        // 变更虚拟机的库文件
        SystemProperties.set("persist.sys.dalvik.vm.lib.2", VMRuntime.getRuntime().vmLibrary());

        // 清除vm内存增长上限,因为启动过程需要较多的虚拟机内存空间
        VMRuntime.getRuntime().clearGrowthLimit();
        ...        
        // 创建消息Looper
        Looper.prepareMainLooper();
        ...
        // 加载android_server.so库
        System.loadLibrary("android_servers");
        ...
        // 初始化系统Context
        createSystemContext();
        ...
        // 创建SystemServiceManager
        mSystemServiceManager = new SystemServiceManager(mSystemContext);
        mSystemServiceManager.setStartInfo(mRuntimeRestart,
                mRuntimeStartElapsedTime, mRuntimeStartUptime);
        mDumper.addDumpable(mSystemServiceManager);

        // 将mSystemServiceManager添加到本地服务的成员sLocalServiceObjects
        LocalServices.addService(SystemServiceManager.class, mSystemServiceManager);
        // 准备线程池
        SystemServerInitThreadPool tp = SystemServerInitThreadPool.start();
        mDumper.addDumpable(tp);
        ...
    } finally {
        t.traceEnd();  // InitBeforeStartServices
    }

    // Setup the default WTF handler
    RuntimeInit.setDefaultApplicationWtfHandler(SystemServer::handleEarlySystemWtf);

    // Start services.
    try {
        t.traceBegin("StartServices");
        // 启动引导服务
        startBootstrapServices(t);
        // 启动核心服务
        startCoreServices(t);
        // 启动其他服务
        startOtherServices(t);
        startApexServices(t);
    } catch (Throwable ex) {
        Slog.e("System", "******************************************");
        Slog.e("System", "************ Failure starting system services", ex);
        throw ex;
    } finally {
        t.traceEnd(); // StartServices
    }
    ...
    // Loop forever.
    Looper.loop();
    throw new RuntimeException("Main thread loop unexpectedly exited");
}

系统服务启动

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
/frameworks/base/services/core/java/com/android/server/SystemServiceManager.java
public void startService(@NonNull final SystemService service) {
    ...
    // 注册Service,mServices是一个存储SystemService类型的ArrayList
    mServices.add(service);

    long time = SystemClock.elapsedRealtime();
    try {
        // 启动Service
        service.onStart();
    } catch (RuntimeException ex) {
        ...
    }
    warnIfTooLong(SystemClock.elapsedRealtime() - time, service, "onStart");
}

总结

SystemServer的启动过程主要做了以下事情:

  1. 初始化一些系统变量和运行环境;
  2. 启动Binder线程池,这样就可以和其他进程进行通信;
  3. 创建SystemServiceManager,其用于对系统的服务进行创建、启动和生命周期管理;
  4. 启动各种系统服务。
Android
#启动流程 #SystemServer
SystemServer启动流程
https://citrus-maxima.github.io/2024/03/10/SystemServer启动流程/
作者
柚子树
发布于
2024年3月10日
许可协议