开篇
本篇以android-11.0.0_r25作为基础解析
上一篇文章Android源码分析 - Zygote进程,我们分析了Android Zygote进程的启动和之后是如何接收消息创建App进程的
在上一章中,我们说了,Zygote的一大作用就是启动SystemServer,那么SystemServer是怎么启动的呢?启动后又做了些什么呢?我们分上下两篇来分析,本篇介绍SystemServer是如何启动的
介绍
SystemServer主要是用来创建系统服务的,譬如我们熟知的ActivityManagerService,PackageManagerService都是由它创建的
启动SystemServer
我们从上一篇文章的ZygoteInit开始,ZygoteInit类的源码路径为frameworks/base/core/java/com/android/internal/os/ZygoteInit.java
public static void main(String argv[]) {
...
boolean startSystemServer = false;
...
for (int i = 1; i < argv.length; i++) {
//参数中有start-system-server
if ("start-system-server".equals(argv[i])) {
startSystemServer = true;
}
...
}
...
//启动SystemServer
if (startSystemServer) {
Runnable r = forkSystemServer(abiList, zygoteSocketName, zygoteServer);
//子进程中才会满足r != null
if (r != null) {
//此时执行这个Runnable
r.run();
return;
}
}
}
之前在c++代码中JNI调用Java函数的时候,带了参数start-system-server,在这里就会通过这个参数判断是否启动SystemServer,接下来调用forkSystemServer方法
private static Runnable forkSystemServer(String abiList, String socketName,
ZygoteServer zygoteServer) {
//设置Linux capabilities
long capabilities = posixCapabilitiesAsBits(
OsConstants.CAP_IPC_LOCK,
OsConstants.CAP_KILL,
OsConstants.CAP_NET_ADMIN,
OsConstants.CAP_NET_BIND_SERVICE,
OsConstants.CAP_NET_BROADCAST,
OsConstants.CAP_NET_RAW,
OsConstants.CAP_SYS_MODULE,
OsConstants.CAP_SYS_NICE,
OsConstants.CAP_SYS_PTRACE,
OsConstants.CAP_SYS_TIME,
OsConstants.CAP_SYS_TTY_CONFIG,
OsConstants.CAP_WAKE_ALARM,
OsConstants.CAP_BLOCK_SUSPEND
);
//移除一些当前线程都不可用的特权
StructCapUserHeader header = new StructCapUserHeader(
OsConstants._LINUX_CAPABILITY_VERSION_3, 0);
StructCapUserData[] data;
try {
data = Os.capget(header);
} catch (ErrnoException ex) {
throw new RuntimeException("Failed to capget()", ex);
}
//data[0].effective为当前线程所可用的特权,data[1].effective貌似为0
capabilities &= ((long) data[0].effective) | (((long) data[1].effective) << 32);
//设置fork参数
String args[] = {
"--setuid=1000",
"--setgid=1000",
"--setgroups=1001,1002,1003,1004,1005,1006,1007,1008,1009,1010,1018,1021,1023,"
+ "1024,1032,1065,3001,3002,3003,3006,3007,3009,3010,3011",
"--capabilities=" + capabilities + "," + capabilities,
"--nice-name=system_server",
"--runtime-args",
"--target-sdk-version=" + VMRuntime.SDK_VERSION_CUR_DEVELOPMENT,
"com.android.server.SystemServer",
};
ZygoteArguments parsedArgs = null;
int pid;
try {
//解析设置的参数
parsedArgs = new ZygoteArguments(args);
... //进一步设置参数
pid = Zygote.forkSystemServer(
parsedArgs.mUid, parsedArgs.mGid,
parsedArgs.mGids,
parsedArgs.mRuntimeFlags,
null,
parsedArgs.mPermittedCapabilities,
parsedArgs.mEffectiveCapabilities);
} catch (IllegalArgumentException ex) {
throw new RuntimeException(ex);
}
//SystemServer子进程
if (pid == 0) {
if (hasSecondZygote(abiList)) {
waitForSecondaryZygote(socketName);
}
//关闭zygote server socket
zygoteServer.closeServerSocket();
return handleSystemServerProcess(parsedArgs);
}
return null;
}
Capabilities
这里需要先了解一下Linux Capabilities机制:Linux Capabilities机制
这里先定义了SystemServer进程的Permitted和Effective能力集合
private static long posixCapabilitiesAsBits(int... capabilities) {
long result = 0;
for (int capability : capabilities) {
//非法capability,直接抛出异常
if ((capability < 0) || (capability > OsConstants.CAP_LAST_CAP)) {
throw new IllegalArgumentException(String.valueOf(capability));
}
//为或操作,构建capabilities集合
result |= (1L << capability);
}
return result;
}
检查一下有无非法capability,然后做位或运算,构建出一个capabilities集合
然后通过Os.capget方法获取当前线程的capabilities集合,上一篇文章中我们已经分析过了Os的作用,最终通过Linux_capgetJNI函数调用Linuxcapget函数,通过返回回来的值,剔除一些当前线程不支持的特权
Fork
接着设置一些fork参数,通过ZygoteArguments去解析它
然后调用Zygote.forkSystemServer方法,这个和上一章里说的fork App的过程差不多
static int forkSystemServer(int uid, int gid, int[] gids, int runtimeFlags,
int[][] rlimits, long permittedCapabilities, long effectiveCapabilities) {
//停止其他线程
ZygoteHooks.preFork();
int pid = nativeForkSystemServer(
uid, gid, gids, runtimeFlags, rlimits,
permittedCapabilities, effectiveCapabilities);
//设置默认线程优先级
Thread.currentThread().setPriority(Thread.NORM_PRIORITY);
//恢复其他线程
ZygoteHooks.postForkCommon();
return pid;
}
先把子线程都停止掉,fork完后再恢复,调用native函数nativeForkSystemServer,路径为frameworks/base/core/jni/com_android_internal_os_Zygote.cpp
static jint com_android_internal_os_Zygote_nativeForkSystemServer(
JNIEnv* env, jclass, uid_t uid, gid_t gid, jintArray gids,
jint runtime_flags, jobjectArray rlimits, jlong permitted_capabilities,
jlong effective_capabilities) {
...
pid_t pid = ForkCommon(env, true,
fds_to_close,
fds_to_ignore,
true);
if (pid == 0) {
// System server prcoess does not need data isolation so no need to
// know pkg_data_info_list.
SpecializeCommon(env, uid, gid, gids, runtime_flags, rlimits,
permitted_capabilities, effective_capabilities,
MOUNT_EXTERNAL_DEFAULT, nullptr, nullptr, true,
false, nullptr, nullptr, /* is_top_app= */ false,
/* pkg_data_info_list */ nullptr,
/* whitelisted_data_info_list */ nullptr, false, false);
} else if (pid > 0) {
...
gSystemServerPid = pid;
//检查SystemServer进程状态
int status;
if (waitpid(pid, &status, WNOHANG) == pid) {
//如果SystemServer进程死亡,重启整个Zygote
ALOGE("System server process %d has died. Restarting Zygote!", pid);
RuntimeAbort(env, __LINE__, "System server process has died. Restarting Zygote!");
}
//如果是低内存设备,限制SystemServer进程使用内存大小
if (UsePerAppMemcg()) {
if (!SetTaskProfiles(pid, std::vector<std::string>{"SystemMemoryProcess"})) {
ALOGE("couldn't add process %d into system memcg group", pid);
}
}
}
return pid;
}
ForkCommon
我们先看ForkCommon函数
static pid_t ForkCommon(JNIEnv* env, bool is_system_server,
const std::vector<int>& fds_to_close,
const std::vector<int>& fds_to_ignore,
bool is_priority_fork) {
//设置子进程信号处理器
SetSignalHandlers();
//C++中的一种可调用对象,ZygoteFailure函数接收4个参数,前三个参数都已提供,最后一个参数占位等待调用方填入
auto fail_fn = std::bind(ZygoteFailure, env, is_system_server ? "system_server" : "zygote",
nullptr, _1);
//在fork期间阻塞住SIGCHLD信号,避免在SIGCHLD信号处理函数中打印log,导致后面关闭的日志fd重新被打开
BlockSignal(SIGCHLD, fail_fn);
//关闭所有日志相关fd
__android_log_close();
AStatsSocket_close();
//SystemServer是Zygote进程起来后第一个fork的出来进程,创建打开的文件描述符表
if (gOpenFdTable == nullptr) {
gOpenFdTable = FileDescriptorTable::Create(fds_to_ignore, fail_fn);
} else {
gOpenFdTable->Restat(fds_to_ignore, fail_fn);
}
android_fdsan_error_level fdsan_error_level = android_fdsan_get_error_level();
//立即清除任何未使用的内存
mallopt(M_PURGE, 0);
pid_t pid = fork();
if (pid == 0) {
//fork SystemServer时,此参数为true
if (is_priority_fork) {
//设置最高进程优先级
setpriority(PRIO_PROCESS, 0, PROCESS_PRIORITY_MAX);
} else {
setpriority(PRIO_PROCESS, 0, PROCESS_PRIORITY_MIN);
}
// The child process.
PreApplicationInit();
//清除所有需要立即关闭的fd
DetachDescriptors(env, fds_to_close, fail_fn);
//USAP机制我们现在不关注
ClearUsapTable();
//重新打开剩余打开的文件描述符,避免文件描述符通过fork在SystemServer和Zygote之间共享
gOpenFdTable->ReopenOrDetach(fail_fn);
//Sanitizer机制,用来检测程序异常
android_fdsan_set_error_level(fdsan_error_level);
// Reset the fd to the unsolicited zygote socket
gSystemServerSocketFd = -1;
} else {
ALOGD("Forked child process %d", pid);
}
//取消之前阻塞的SIGCHLD信号
UnblockSignal(SIGCHLD, fail_fn);
return pid;
}
处理子进程信号
先设置子进程信号处理器
static void SetSignalHandlers() {
struct sigaction sig_chld = {.sa_flags = SA_SIGINFO, .sa_sigaction = SigChldHandler};
if (sigaction(SIGCHLD, &sig_chld, nullptr) < 0) {
ALOGW("Error setting SIGCHLD handler: %s", strerror(errno));
}
struct sigaction sig_hup = {};
sig_hup.sa_handler = SIG_IGN;
if (sigaction(SIGHUP, &sig_hup, nullptr) < 0) {
ALOGW("Error setting SIGHUP handler: %s", strerror(errno));
}
}
关于信号的处理,我们在Android源码分析 - init进程中已经了解过一次,SA_SIGINFO这个flag代表调用信号处理函数sa_sigaction的时候,会将信号的信息通过参数siginfo_t传入
SIGHUP表示终端断开信号,SIG_IGN表示忽略信号,即忽略终端断开信号
我们看一下Zygote是怎么处理其子进程信号的
static void SigChldHandler(int /*signal_number*/, siginfo_t* info, void* /*ucontext*/) {
pid_t pid;
int status;
...
int saved_errno = errno;
while ((pid = waitpid(-1, &status, WNOHANG)) > 0) {
//通知SystemServer,Zygote收到了一个SIGCHLD信号
sendSigChildStatus(pid, info->si_uid, status);
... //打印子进程状态日志
//如果崩溃的进程是SystemServer,整个Zygote都会退出,再通过init进程重启
if (pid == gSystemServerPid) {
async_safe_format_log(ANDROID_LOG_ERROR, LOG_TAG,
"Exit zygote because system server (pid %d) has terminated", pid);
kill(getpid(), SIGKILL);
}
}
...
errno = saved_errno;
}
如果检测到有子进程退出,通知SystemServer,如果这个进程是SystemServer进程,杀掉Zygote进程重启
ZygoteFailure
这里先需要理解一下C++11 中的std::function和std::bind
简单来说,std::bind返回了一个std::function对象,它是一个可调用对象,实际调用的就是传入的第一个参数:ZygoteFailure函数,这个函数接受4个参数,前三个参数都在std::bind时提供好了,第四个参数以_1占位符替代(std::placeholders::_1)
实际上调用fail_fn(msg)就相当于调用函数ZygoteFailure(env, "system_server", nullptr, msg)
static void ZygoteFailure(JNIEnv* env,
const char* process_name,
jstring managed_process_name,
const std::string& msg) {
std::unique_ptr<ScopedUtfChars> scoped_managed_process_name_ptr = nullptr;
if (managed_process_name != nullptr) {
scoped_managed_process_name_ptr.reset(new ScopedUtfChars(env, managed_process_name));
if (scoped_managed_process_name_ptr->c_str() != nullptr) {
process_name = scoped_managed_process_name_ptr->c_str();
}
}
const std::string& error_msg =
(process_name == nullptr) ? msg : StringPrintf("(%s) %s", process_name, msg.c_str());
//抛出异常
env->FatalError(error_msg.c_str());
__builtin_unreachable();
}
当发生错误后,最终向Java层抛出了一个异常
BlockSignal & UnblockSignal
在fork期间需要阻塞住SIGCHLD信号,避免在SIGCHLD信号处理函数中打印log,导致后面关闭的日志fd重新被打开
static void BlockSignal(int signum, fail_fn_t fail_fn) {
sigset_t sigs;
sigemptyset(&sigs);
sigaddset(&sigs, signum);
if (sigprocmask(SIG_BLOCK, &sigs, nullptr) == -1) {
fail_fn(CREATE_ERROR("Failed to block signal %s: %s", strsignal(signum), strerror(errno)));
}
}
等fork结束,取消阻塞SIGCHLD信号
static void UnblockSignal(int signum, fail_fn_t fail_fn) {
sigset_t sigs;
sigemptyset(&sigs);
sigaddset(&sigs, signum);
if (sigprocmask(SIG_UNBLOCK, &sigs, nullptr) == -1) {
fail_fn(CREATE_ERROR("Failed to un-block signal %s: %s", strsignal(signum), strerror(errno)));
}
}
信号集函数我们之前已经在Android源码分析 - init进程中介绍过了,很简单,就是将SIGCHLD信号添加到屏蔽集中,fork完后再将这个信号从屏蔽集中移除
SpecializeCommon
至此,fork操作结束,我们看一下在SystemServer进程中执行的SpecializeCommon函数
static void SpecializeCommon(JNIEnv* env, uid_t uid, gid_t gid, jintArray gids,
jint runtime_flags, jobjectArray rlimits,
jlong permitted_capabilities, jlong effective_capabilities,
jint mount_external, jstring managed_se_info,
jstring managed_nice_name, bool is_system_server,
bool is_child_zygote, jstring managed_instruction_set,
jstring managed_app_data_dir, bool is_top_app,
jobjectArray pkg_data_info_list,
jobjectArray whitelisted_data_info_list,
bool mount_data_dirs, bool mount_storage_dirs) {
//process_name = "system_server"
const char* process_name = is_system_server ? "system_server" : "zygote";
auto fail_fn = std::bind(ZygoteFailure, env, process_name, managed_nice_name, _1);
auto extract_fn = std::bind(ExtractJString, env, process_name, managed_nice_name, _1);
//均为nullptr
auto se_info = extract_fn(managed_se_info);
auto nice_name = extract_fn(managed_nice_name);
auto instruction_set = extract_fn(managed_instruction_set);
auto app_data_dir = extract_fn(managed_app_data_dir);
//当UID发生改变时(root->非root)保留capabilities
if (uid != 0) {
EnableKeepCapabilities(fail_fn);
}
//设置Inheritable集合
SetInheritable(permitted_capabilities, fail_fn);
//从Bounding集合中移除调用线程相关能力
DropCapabilitiesBoundingSet(fail_fn);
...
//创建私有挂载命名空间,挂载虚拟存储
MountEmulatedStorage(uid, mount_external, need_pre_initialize_native_bridge, fail_fn);
...
//设置GroupId
SetGids(env, gids, is_child_zygote, fail_fn);
//设置资源Limit
SetRLimits(env, rlimits, fail_fn);
...
//设置gid及访问权限
if (setresgid(gid, gid, gid) == -1) {
fail_fn(CREATE_ERROR("setresgid(%d) failed: %s", gid, strerror(errno)));
}
//capabilities集合中仍然存在CAP_SYS_ADMIN,需要过滤系统调用
SetUpSeccompFilter(uid, is_child_zygote);
//设置调度策略
SetSchedulerPolicy(fail_fn, is_top_app);
//设置uid及访问权限
if (setresuid(uid, uid, uid) == -1) {
fail_fn(CREATE_ERROR("setresuid(%d) failed: %s", uid, strerror(errno)));
}
...
//设置Capabilities
SetCapabilities(permitted_capabilities, effective_capabilities, permitted_capabilities, fail_fn);
//关闭所有日志相关fd
__android_log_close();
AStatsSocket_close();
...
//设置线程名
if (nice_name.has_value()) {
SetThreadName(nice_name.value());
} else if (is_system_server) { //nice_name为nullptr, 进入此分支
SetThreadName("system_server");
}
//取消掉之前设置的SIGCHID信号处理函数
UnsetChldSignalHandler();
if (is_system_server) {
//调用ZygoteHooks.postForkSystemServer(runtime_flags);
env->CallStaticVoidMethod(gZygoteClass, gCallPostForkSystemServerHooks, runtime_flags);
if (env->ExceptionCheck()) {
fail_fn("Error calling post fork system server hooks.");
}
...
}
...
//调用ZygoteHooks.postForkChild(runtime_flags, true, false, null);
env->CallStaticVoidMethod(gZygoteClass, gCallPostForkChildHooks, runtime_flags,
is_system_server, is_child_zygote, managed_instruction_set);
//设置默认进程优先级
setpriority(PRIO_PROCESS, 0, PROCESS_PRIORITY_DEFAULT);
if (env->ExceptionCheck()) {
fail_fn("Error calling post fork hooks.");
}
}
这里做了很多工作,有Capabilities相关,selinux相关,权限相关等等,有点太多了,我标了注释,就不再一一分析了
接下来回到nativeForkSystemServer中,在Zygote进程中继续执行
static jint com_android_internal_os_Zygote_nativeForkSystemServer(
JNIEnv* env, jclass, uid_t uid, gid_t gid, jintArray gids,
jint runtime_flags, jobjectArray rlimits, jlong permitted_capabilities,
jlong effective_capabilities) {
...
if (pid == 0) {
...
} else if (pid > 0) {
...
gSystemServerPid = pid;
//检查SystemServer进程状态
int status;
if (waitpid(pid, &status, WNOHANG) == pid) {
//如果SystemServer进程死亡,重启整个Zygote
ALOGE("System server process %d has died. Restarting Zygote!", pid);
RuntimeAbort(env, __LINE__, "System server process has died. Restarting Zygote!");
}
//如果是低内存设备,限制SystemServer进程使用内存大小
if (UsePerAppMemcg()) {
if (!SetTaskProfiles(pid, std::vector<std::string>{"SystemMemoryProcess"})) {
ALOGE("couldn't add process %d into system memcg group", pid);
}
}
}
return pid;
}
通过Linux函数waitpid检查SystemServer进程状态,这个函数和之前在Android源码分析 - init进程中提过的waitid函数类似,WNOHANG表示非阻塞等待
如果SystemServer进程死亡,重启整个Zygote
private static Runnable forkSystemServer(String abiList, String socketName,
ZygoteServer zygoteServer) {
...
//SystemServer子进程
if (pid == 0) {
if (hasSecondZygote(abiList)) {
waitForSecondaryZygote(socketName);
}
//关闭zygote server socket
zygoteServer.closeServerSocket();
return handleSystemServerProcess(parsedArgs);
}
return null;
}
cgroups
如果是小内存设备,使用Linux的cgroups机制,限制SystemServer进程使用内存大小
bool UsePerAppMemcg() {
bool low_ram_device = GetBoolProperty("ro.config.low_ram", false);
return GetBoolProperty("ro.config.per_app_memcg", low_ram_device);
}
关于Linux的cgroups机制,可以查看这篇文档:cgroups(7) — Linux manual page
关于Android的Cgroups机制,可以看这篇官方文档:Cgroup 抽象层
运行
初始化
private static Runnable handleSystemServerProcess(ZygoteArguments parsedArgs) {
//将umask设置为0077,这样新的文件和目录将默认为仅属于所有者的权限
Os.umask(S_IRWXG | S_IRWXO);
//设置进程名
if (parsedArgs.mNiceName != null) {
Process.setArgV0(parsedArgs.mNiceName);
}
//对classpath中的apk,分别进行dex优化操作,由installd真正执行
final String systemServerClasspath = Os.getenv("SYSTEMSERVERCLASSPATH");
if (systemServerClasspath != null) {
performSystemServerDexOpt(systemServerClasspath);
...
}
if (parsedArgs.mInvokeWith != null) {
...
} else {
//SystemServer进入这个分支
ClassLoader cl = null;
if (systemServerClasspath != null) {
cl = createPathClassLoader(systemServerClasspath, parsedArgs.mTargetSdkVersion);
Thread.currentThread().setContextClassLoader(cl);
}
return ZygoteInit.zygoteInit(parsedArgs.mTargetSdkVersion,
parsedArgs.mDisabledCompatChanges,
parsedArgs.mRemainingArgs, cl);
}
}
处理一些初始化操作,然后调用ZygoteInit.zygoteInit方法
public static final Runnable zygoteInit(int targetSdkVersion, long[] disabledCompatChanges,
String[] argv, ClassLoader classLoader) {
...
//通用初始化
RuntimeInit.commonInit();
//开启binder线程池
ZygoteInit.nativeZygoteInit();
return RuntimeInit.applicationInit(targetSdkVersion, disabledCompatChanges, argv,
classLoader);
}
RuntimeInit的路径为frameworks/base/core/java/com/android/internal/os/RuntimeInit.java,先执行通用初始化
protected static final void commonInit() {
//设置默认线程异常处理器
LoggingHandler loggingHandler = new LoggingHandler();
RuntimeHooks.setUncaughtExceptionPreHandler(loggingHandler);
Thread.setDefaultUncaughtExceptionHandler(new KillApplicationHandler(loggingHandler));
//设置时区
RuntimeHooks.setTimeZoneIdSupplier(() -> SystemProperties.get("persist.sys.timezone"));
//重置Log配置
LogManager.getLogManager().reset();
new AndroidConfig();
//设置网络UA信息
String userAgent = getDefaultUserAgent();
System.setProperty("http.agent", userAgent);
//初始化网络流量统计
NetworkManagementSocketTagger.install();
...
initialized = true;
}
接着执行RuntimeInit.applicationInit
protected static Runnable applicationInit(int targetSdkVersion, long[] disabledCompatChanges,
String[] argv, ClassLoader classLoader) {
//如果应用程序调用System.exit(),则立即终止该进程,不运行任何hook函数
nativeSetExitWithoutCleanup(true);
//设置虚拟机参数
VMRuntime.getRuntime().setTargetSdkVersion(targetSdkVersion);
VMRuntime.getRuntime().setDisabledCompatChanges(disabledCompatChanges);
//解析参数
final Arguments args = new Arguments(argv);
...
//查找startClass中的main方法
return findStaticMain(args.startClass, args.startArgs, classLoader);
}
参数解析
我们看一下它是怎么解析参数的
Arguments(String args[]) throws IllegalArgumentException {
parseArgs(args);
}
private void parseArgs(String args[])
throws IllegalArgumentException {
int curArg = 0;
for (; curArg < args.length; curArg++) {
String arg = args[curArg];
if (arg.equals("--")) {
curArg++;
break;
} else if (!arg.startsWith("--")) {
break;
}
}
if (curArg == args.length) {
throw new IllegalArgumentException("Missing classname argument to RuntimeInit!");
}
startClass = args[curArg++];
startArgs = new String[args.length - curArg];
System.arraycopy(args, curArg, startArgs, 0, startArgs.length);
}
循环读参数直到有一项参数为"--"或者不以"--"开头,然后以下一个参数作为startClass,用再下一个参数到args数组结尾生成一个新的数组作为startArgs,我们观察一下forkSystemServer方法中设置的args
String args[] = {
"--setuid=1000",
"--setgid=1000",
"--setgroups=1001,1002,1003,1004,1005,1006,1007,1008,1009,1010,1018,1021,1023,"
+ "1024,1032,1065,3001,3002,3003,3006,3007,3009,3010,3011",
"--capabilities=" + capabilities + "," + capabilities,
"--nice-name=system_server",
"--runtime-args",
"--target-sdk-version=" + VMRuntime.SDK_VERSION_CUR_DEVELOPMENT,
"com.android.server.SystemServer",
};
可以看出,startClass应该为com.android.server.SystemServer,startArgs数组为空
反射执行
接着调用findStaticMain方法
protected static Runnable findStaticMain(String className, String[] argv,
ClassLoader classLoader) {
Class<?> cl;
try {
cl = Class.forName(className, true, classLoader);
} catch (ClassNotFoundException ex) {
throw new RuntimeException(
"Missing class when invoking static main " + className,
ex);
}
Method m;
try {
m = cl.getMethod("main", new Class[] { String[].class });
} catch (NoSuchMethodException ex) {
throw new RuntimeException(
"Missing static main on " + className, ex);
} catch (SecurityException ex) {
throw new RuntimeException(
"Problem getting static main on " + className, ex);
}
int modifiers = m.getModifiers();
if (! (Modifier.isStatic(modifiers) && Modifier.isPublic(modifiers))) {
throw new RuntimeException(
"Main method is not public and static on " + className);
}
/*
* This throw gets caught in ZygoteInit.main(), which responds
* by invoking the exception's run() method. This arrangement
* clears up all the stack frames that were required in setting
* up the process.
*/
return new MethodAndArgsCaller(m, argv);
}
这里使用了Java中的反射,找到了SystemServer中对应的main方法,并用其创建了一个Runnable对象MethodAndArgsCaller
static class MethodAndArgsCaller implements Runnable {
private final Method mMethod;
private final String[] mArgs;
public MethodAndArgsCaller(Method method, String[] args) {
mMethod = method;
mArgs = args;
}
public void run() {
try {
//执行SystemServer.main方法
mMethod.invoke(null, new Object[] { mArgs });
} catch (IllegalAccessException ex) {
throw new RuntimeException(ex);
} catch (InvocationTargetException ex) {
Throwable cause = ex.getCause();
if (cause instanceof RuntimeException) {
throw (RuntimeException) cause;
} else if (cause instanceof Error) {
throw (Error) cause;
}
throw new RuntimeException(ex);
}
}
}
我们最后再回到ZygoteInit的main方法中
public static void main(String argv[]) {
...
//启动SystemServer
if (startSystemServer) {
Runnable r = forkSystemServer(abiList, zygoteSocketName, zygoteServer);
//子进程中才会满足r != null
if (r != null) {
//此时执行这个Runnable
r.run();
return;
}
}
}
执行这个在子进程中返回出去的Runnable:MethodAndArgsCaller,反射调用SystemServer.main方法
结束
至此,SystemServer的启动我们就分析完了,下一篇我们将分析SystemServer启动后做了什么
