SystemServer 启动是在 Zygote startSystemServer 方法中启动的。在 init.zygote32.rc(和运行平台相关)配置了 zygote service 传递的参数是 “–start-system-server” ,经过 app_main.cpp 中 main 方法做了一道中转变为了 “start-system-server”,如此 startSystemServer 标志就赋值为 true,最后就会调用 startSystemServer 来启动 SystemServer。
frameworks/base/core/java/com/android/internal/os/ZygoteInit.java
public class ZygoteInit {
......
public static void main(String argv[]) {
try {
......
boolean startSystemServer = false;
......
for (int i = 1; i < argv.length; i++) {
if ("start-system-server".equals(argv[i])) {
startSystemServer = true;
} else if (argv[i].startsWith(ABI_LIST_ARG)) {
......
} else if (argv[i].startsWith(SOCKET_NAME_ARG)) {
......
} else {
throw new RuntimeException("Unknown command line argument: " + argv[i]);
}
}
......
if (startSystemServer) {
// 启动 SystemServer
startSystemServer(abiList, socketName);
}
......
} catch (MethodAndArgsCaller caller) {
caller.run();
} catch (RuntimeException ex) {
Log.e(TAG, "Zygote died with exception", ex);
closeServerSocket();
throw ex;
}
}
......
}
接下来转入 startSystemServer 函数。它的作用是准备参数并为系统服务器(SystemServer)进程派生。
frameworks/base/core/java/com/android/internal/os/ZygoteInit.java
public class ZygoteInit {
......
private static boolean startSystemServer(String abiList, String socketName)
throws MethodAndArgsCaller, RuntimeException {
long capabilities = posixCapabilitiesAsBits(
OsConstants.CAP_BLOCK_SUSPEND,
OsConstants.CAP_KILL,
OsConstants.CAP_NET_ADMIN,
OsConstants.CAP_NET_BIND_SERVICE,
OsConstants.CAP_NET_BROADCAST,
OsConstants.CAP_NET_RAW,
OsConstants.CAP_SYS_MODULE,
OsConstants.CAP_SYS_NICE,
OsConstants.CAP_SYS_RESOURCE,
OsConstants.CAP_SYS_TIME,
OsConstants.CAP_SYS_TTY_CONFIG
);
/* 硬编码的命令行以启动系统服务器 */
String args[] = {
"--setuid=1000",
"--setgid=1000",
"--setgroups=1001,1002,1003,1004,1005,1006,1007,1008,1009,1010,1018,1021,1032,3001,3002,3003,3006,3007",
"--capabilities=" + capabilities + "," + capabilities,
"--nice-name=system_server",
"--runtime-args",
"com.android.server.SystemServer",
};
ZygoteConnection.Arguments parsedArgs = null;
int pid;
try {
// 解析参数
parsedArgs = new ZygoteConnection.Arguments(args);
ZygoteConnection.applyDebuggerSystemProperty(parsedArgs);
ZygoteConnection.applyInvokeWithSystemProperty(parsedArgs);
/* 请求派生系统服务器进程 */
pid = Zygote.forkSystemServer(
parsedArgs.uid, parsedArgs.gid,
parsedArgs.gids,
parsedArgs.debugFlags,
null,
parsedArgs.permittedCapabilities,
parsedArgs.effectiveCapabilities);
} catch (IllegalArgumentException ex) {
throw new RuntimeException(ex);
}
/* 子进程相关处理 */
if (pid == 0) {
if (hasSecondZygote(abiList)) {
waitForSecondaryZygote(socketName);
}
handleSystemServerProcess(parsedArgs);
}
return true;
}
......
}
forkSystemServer 是启动系统服务器进程的特殊方法,它通过调用 nativeForkSystemServer JNI 方法完成启动系统服务器进程。
frameworks/base/core/java/com/android/internal/os/Zygote.java
public final class Zygote {
......
public static int forkSystemServer(int uid, int gid, int[] gids, int debugFlags,
int[][] rlimits, long permittedCapabilities, long effectiveCapabilities) {
VM_HOOKS.preFork();
int pid = nativeForkSystemServer(
uid, gid, gids, debugFlags, rlimits, permittedCapabilities, effectiveCapabilities);
// Enable tracing as soon as we enter the system_server.
if (pid == 0) {
Trace.setTracingEnabled(true);
}
VM_HOOKS.postForkCommon();
return pid;
}
......
}
nativeForkSystemServer 方法中调用了 ForkAndSpecializeCommon 完成 fork 动作。
frameworks/base/core/jni/com_android_internal_os_Zygote.cpp
static jint com_android_internal_os_Zygote_nativeForkSystemServer(
JNIEnv* env, jclass, uid_t uid, gid_t gid, jintArray gids,
jint debug_flags, jobjectArray rlimits, jlong permittedCapabilities,
jlong effectiveCapabilities) {
pid_t pid = ForkAndSpecializeCommon(env, uid, gid, gids,
debug_flags, rlimits,
permittedCapabilities, effectiveCapabilities,
MOUNT_EXTERNAL_DEFAULT, NULL, NULL, true, NULL,
NULL, NULL);
if (pid > 0) {
// zygote 进程检查子进程(SystemServer)是否已死亡
ALOGI("System server process %d has been created", pid);
gSystemServerPid = pid;
// 有一个很小的窗口,表明系统服务器进程已崩溃,但由于我们尚未发布其 pid,它没有引起注意。
// 因此,我们在这里重新检查只是为了确保一切都很好。
int status;
if (waitpid(pid, &status, WNOHANG) == pid) {
ALOGE("System server process %d has died. Restarting Zygote!", pid);
RuntimeAbort(env);
}
}
return pid;
}
ForkAndSpecializeCommon 调用了 fork 系统调用创建子进程(SystemServer)。
frameworks/base/core/jni/com_android_internal_os_Zygote.cpp
static pid_t ForkAndSpecializeCommon(JNIEnv* env, uid_t uid, gid_t gid, jintArray javaGids,
jint debug_flags, jobjectArray javaRlimits,
jlong permittedCapabilities, jlong effectiveCapabilities,
jint mount_external,
jstring java_se_info, jstring java_se_name,
bool is_system_server, jintArray fdsToClose,
jstring instructionSet, jstring dataDir) {
......
pid_t pid = fork();
......
}
返回到 ZygoteInit startSystemServer 方法,接着会调用 handleSystemServerProcess 方法开始处理 SystemServer 进程。
frameworks/base/core/java/com/android/internal/os/ZygoteInit.java
public class ZygoteInit {
......
private static void handleSystemServerProcess(
ZygoteConnection.Arguments parsedArgs)
throws ZygoteInit.MethodAndArgsCaller {
closeServerSocket();
// 将umask设置为0077,以便新文件和目录将默认为仅所有者权限。
Os.umask(S_IRWXG | S_IRWXO);
if (parsedArgs.niceName != null) {
Process.setArgV0(parsedArgs.niceName);
}
final String systemServerClasspath = Os.getenv("SYSTEMSERVERCLASSPATH");
if (systemServerClasspath != null) {
performSystemServerDexOpt(systemServerClasspath);
}
if (parsedArgs.invokeWith != null) {
......
} else {
ClassLoader cl = null;
if (systemServerClasspath != null) {
cl = new PathClassLoader(systemServerClasspath, ClassLoader.getSystemClassLoader());
Thread.currentThread().setContextClassLoader(cl);
}
/*
* 将其余参数传递给 SystemServer。
*/
RuntimeInit.zygoteInit(parsedArgs.targetSdkVersion, parsedArgs.remainingArgs, cl);
}
/* should never reach here */
}
......
}
RuntimeInit 类中 zygoteInit 方法最终会调用 applicationInit 运行 SystemServer 静态 main 方法。RuntimeInit 类中 zygoteInit 方法调用流程具体可参见《Android AOSP 6.0.1 Process start 流程分析(二)》。
SystemServer main 方法代码非常简单,其内部新建 SystemServer 对象,并调用 run 方法。
frameworks/base/services/java/com/android/server/SystemServer.java
public final class SystemServer {
......
public static void main(String[] args) {
new SystemServer().run();
}
......
}
SystemServer run 方法启动了一系列我们熟悉的系统级 Service ,比如 ActivityManagerService、PowerManagerService 等。
frameworks/base/services/java/com/android/server/SystemServer.java
public final class SystemServer {
......
private void run() {
// 系统时钟为 1970 年之前; 设置为 1970 年。
if (System.currentTimeMillis() < EARLIEST_SUPPORTED_TIME) {
Slog.w(TAG, "System clock is before 1970; setting to 1970.");
SystemClock.setCurrentTimeMillis(EARLIEST_SUPPORTED_TIME);
}
......
// 清理内存增长限制
VMRuntime.getRuntime().clearGrowthLimit();
// 系统服务器必须一直运行,因此需要在内存使用方面尽可能地提高效率。
VMRuntime.getRuntime().setTargetHeapUtilization(0.8f);
// 一些设备依赖于运行时指纹生成,因此请确保在进一步启动之前已定义它。
Build.ensureFingerprintProperty();
// 在系统服务器内,访问环境路径而不显式指定用户是错误的。
Environment.setUserRequired(true);
// 确保对系统的 binder 调用始终以前台优先级运行。
BinderInternal.disableBackgroundScheduling(true);
// 准备主 looper
android.os.Process.setThreadPriority(
android.os.Process.THREAD_PRIORITY_FOREGROUND);
android.os.Process.setCanSelfBackground(false);
Looper.prepareMainLooper();
// 初始化 native 服务
System.loadLibrary("android_servers");
// 检查上次尝试关机是否失败,这个调用可能不返回
performPendingShutdown();
// 初始化系统上下文
createSystemContext();
// 创建 system service manager
mSystemServiceManager = new SystemServiceManager(mSystemContext);
LocalServices.addService(SystemServiceManager.class, mSystemServiceManager);
// 启动服务
try {
startBootstrapServices();
startCoreServices();
startOtherServices();
} catch (Throwable ex) {
Slog.e("System", "******************************************");
Slog.e("System", "************ Failure starting system services", ex);
throw ex;
}
// For debug builds, log event loop stalls to dropbox for analysis.
if (StrictMode.conditionallyEnableDebugLogging()) {
Slog.i(TAG, "Enabled StrictMode for system server main thread.");
}
// 永远循环
Looper.loop();
throw new RuntimeException("Main thread loop unexpectedly exited");
}
......
}
接下来我们看看 startBootstrapServices 启动了那些服务?
frameworks/base/services/java/com/android/server/SystemServer.java
public final class SystemServer {
......
private void startBootstrapServices() {
// 等待安装完成启动,以便它有机会创建具有适当权限的关键目录,
// 例如 /data/user。 在初始化其他服务之前,需要完成此操作。
Installer installer = mSystemServiceManager.startService(Installer.class);
// ActivityManagerService 启动
mActivityManagerService = mSystemServiceManager.startService(
ActivityManagerService.Lifecycle.class).getService();
mActivityManagerService.setSystemServiceManager(mSystemServiceManager);
mActivityManagerService.setInstaller(installer);
// PowerManagerService 启动
mPowerManagerService = mSystemServiceManager.startService(PowerManagerService.class);
// 现在已经启动了 ActivityManagerService,让 ActivityManagerService 初始化电源管理功能。
mActivityManagerService.initPowerManagement();
// 管理 LED 和显示屏背光,因此我们需要它来启动显示屏。
mSystemServiceManager.startService(LightsService.class);
// PackageManagerService 启动之前,需要 DisplayManagerService 提供显示指标。
mDisplayManagerService = mSystemServiceManager.startService(DisplayManagerService.class);
// 在初始化 PackageManagerService 之前,需要使用默认显示。
mSystemServiceManager.startBootPhase(SystemService.PHASE_WAIT_FOR_DEFAULT_DISPLAY);
// 如果我们正在加密设备,则仅运行“核心”应用程序。
String cryptState = SystemProperties.get("vold.decrypt");
if (ENCRYPTING_STATE.equals(cryptState)) {
Slog.w(TAG, "Detected encryption in progress - only parsing core apps");
mOnlyCore = true;
} else if (ENCRYPTED_STATE.equals(cryptState)) {
Slog.w(TAG, "Device encrypted - only parsing core apps");
mOnlyCore = true;
}
// 启动 PackageManagerService
Slog.i(TAG, "Package Manager");
mPackageManagerService = PackageManagerService.main(mSystemContext, installer,
mFactoryTestMode != FactoryTest.FACTORY_TEST_OFF, mOnlyCore);
mFirstBoot = mPackageManagerService.isFirstBoot();
mPackageManager = mSystemContext.getPackageManager();
Slog.i(TAG, "User Service");
// 添加 UserManagerService
ServiceManager.addService(Context.USER_SERVICE, UserManagerService.getInstance());
// 初始化用于缓存程序包中资源的属性缓存。
AttributeCache.init(mSystemContext);
// 为系统进程设置 Application 实例并开始使用。
mActivityManagerService.setSystemProcess();
// 传感器服务需要访问程序包管理器服务,应用程序操作服务和权限服务,因此我们在它们之后启动它。
startSensorService();
}
......
}
再来看 startCoreServices 启动了哪些服务?
frameworks/base/services/java/com/android/server/SystemServer.java
public final class SystemServer {
......
private void startCoreServices() {
// 跟踪电池电量。需要 LightService。启动 BatteryService
mSystemServiceManager.startService(BatteryService.class);
// 跟踪应用程序使用情况统计信息,启动 UsageStatsService
mSystemServiceManager.startService(UsageStatsService.class);
mActivityManagerService.setUsageStatsManager(
LocalServices.getService(UsageStatsManagerInternal.class));
// 在 UsageStatsService 可用之后进行更新,这是在 PerformBootDexOpt 之前需要的。
mPackageManagerService.getUsageStatsIfNoPackageUsageInfo();
// 跟踪可更新的WebView是否处于就绪状态,并监视更新安装。启动 WebViewUpdateService
mSystemServiceManager.startService(WebViewUpdateService.class);
}
......
}
startOtherServices 启动了剩余的一些必须的服务。完成了所有的系统服务启动!
下面是时序图。
