相关文章链接:
1. Android FrameWork - 学习启动篇
2. Android FrameWork - 开机启动 Init 进程
3. Android FrameWork - 开机启动 Zygote 进程
相关源码文件:
/system/core/rootdir/init.rc
/frameworks/base/cmds/app_process/App_main.cpp
/frameworks/base/core/jni/AndroidRuntime.cpp
/frameworks/base/core/java/com/android/internal/os/ZygoteInit.java
/frameworks/base/core/java/com/android/internal/os/ZygoteConnection.java
Zygote 进程是由 init 进程通过解析 init.rc 文件而创建的。
service zygote /system/bin/app_process -Xzygote /system/bin --zygote --start-system-server
class main
socket zygote stream 660 root system
onrestart write /sys/android_power/request_state wake
onrestart write /sys/power/state on
onrestart restart media
onrestart restart netd
对应找到 /frameworks/base/cmds/app_process/app_main.cpp 源码文件中的 main 方法
int main(int argc, char* const argv[])
{
// AppRuntime 继承 AndoirdRuntime
AppRuntime runtime(argv[0], computeArgBlockSize(argc, argv));
// 过滤第一个参数
argc--;
argv++;
// Everything up to '--' or first non '-' arg goes to the vm.
//
// The first argument after the VM args is the "parent dir", which
// is currently unused.
//
// After the parent dir, we expect one or more the following internal
// arguments :
//
// --zygote : Start in zygote mode
// --start-system-server : Start the system server.
// --application : Start in application (stand alone, non zygote) mode.
// --nice-name : The nice name for this process.
//
// For non zygote starts, these arguments will be followed by
// the main class name. All remaining arguments are passed to
// the main method of this class.
//
// For zygote starts, all remaining arguments are passed to the zygote.
// main function.
//
// Note that we must copy argument string values since we will rewrite the
// entire argument block when we apply the nice name to argv0.
// Parse runtime arguments. Stop at first unrecognized option.
bool zygote = false;
bool startSystemServer = false;
bool application = false;
String8 niceName;
String8 className;
++i; // Skip unused "parent dir" argument.
// 解析参数
while (i < argc) {
const char* arg = argv[i++];
if (strcmp(arg, "--zygote") == 0) {
zygote = true;
niceName = ZYGOTE_NICE_NAME;
} else if (strcmp(arg, "--start-system-server") == 0) {
startSystemServer = true;
} else if (strcmp(arg, "--application") == 0) {
application = true;
} else if (strncmp(arg, "--nice-name=", 12) == 0) {
niceName.setTo(arg + 12);
} else if (strncmp(arg, "--", 2) != 0) {
className.setTo(arg);
break;
} else {
--i;
break;
}
}
...
//设置进程名
if (!niceName.isEmpty()) {
runtime.setArgv0(niceName.string());
set_process_name(niceName.string());
}
// 如果 zygote ,AndroidRuntime 执行 com.android.internal.os.ZygoteInit
// 看上面解析的脚本参数执行的是这里。
if (zygote) {
runtime.start("com.android.internal.os.ZygoteInit", args, zygote);
} else if (className) {
runtime.start("com.android.internal.os.RuntimeInit", args, zygote);
} else {
fprintf(stderr, "Error: no class name or --zygote supplied.\n");
app_usage();
LOG_ALWAYS_FATAL("app_process: no class name or --zygote supplied.");
return 10;
}
}
上面首先是解析参数,然后来到 /frameworks/base/core/jni/AndroidRuntime.cpp 中的 start 方法:
/*
* Start the Android runtime. This involves starting the virtual machine
* and calling the "static void main(String[] args)" method in the class
* named by "className".
*
* Passes the main function two arguments, the class name and the specified
* options string.
*/
void AndroidRuntime::start(const char* className, const Vector<String8>& options, bool zygote)
{
...
// 创建一个虚拟机的实例
/* start the virtual machine */
JniInvocation jni_invocation;
jni_invocation.Init(NULL);
JNIEnv* env;
if (startVm(&mJavaVM, &env, zygote) != 0) {
return;
}
onVmCreated(env);
// JNI 方法注册
/*
* Register android functions.
*/
if (startReg(env) < 0) {
ALOGE("Unable to register all android natives\n");
return;
}
/*
* We want to call main() with a String array with arguments in it.
* At present we have two arguments, the class name and an option string.
* Create an array to hold them.
*/
jclass stringClass;
jobjectArray strArray;
jstring classNameStr;
// strArray= new String[options.size() + 1];
stringClass = env->FindClass("java/lang/String");
strArray = env->NewObjectArray(options.size() + 1, stringClass, NULL);
// strArray[0] = "com.android.internal.os.ZygoteInit"
classNameStr = env->NewStringUTF(className);
env->SetObjectArrayElement(strArray, 0, classNameStr);
// strArray[1] = "start-system-server";
// strArray[2] = "--abi-list=系统响应的cpu架构类型";
for (size_t i = 0; i < options.size(); ++i) {
jstring optionsStr = env->NewStringUTF(options.itemAt(i).string());
env->SetObjectArrayElement(strArray, i + 1, optionsStr);
}
// slashClassName = "com/android/internal/os/ZygoteInit"
char* slashClassName = toSlashClassName(className);
jclass startClass = env->FindClass(slashClassName);
if (startClass == NULL) {
ALOGE("JavaVM unable to locate class '%s'\n", slashClassName);
/* keep going */
} else {
// 获取 ZygoteInit.java 的 main 方法
jmethodID startMeth = env->GetStaticMethodID(startClass, "main",
"([Ljava/lang/String;)V");
if (startMeth == NULL) {
ALOGE("JavaVM unable to find main() in '%s'\n", className);
/* keep going */
} else {
// 执行 ZygoteInit.java 的 main 方法,从 Native 世界进入 Java 世界
env->CallStaticVoidMethod(startClass, startMeth, strArray);
}
}
...
}
Java 代码是跑在 Java 虚拟机上的,而 Java 与 native 通信采用的是 JNI ,从这里我们就开始进入 Java 世界:
public static void main(String argv[]) {
try {
// 解析参数
boolean startSystemServer = false;
String socketName = "zygote";
String abiList = null;
for (int i = 1; i < argv.length; i++) {
if ("start-system-server".equals(argv[i])) {
startSystemServer = true;
} else if (argv[i].startsWith(ABI_LIST_ARG)) {
abiList = argv[i].substring(ABI_LIST_ARG.length());
} else if (argv[i].startsWith(SOCKET_NAME_ARG)) {
socketName = argv[i].substring(SOCKET_NAME_ARG.length());
} else {
throw new RuntimeException("Unknown command line argument: " + argv[i]);
}
}
...
// 为 Zygote 注册 socket 用于通信
registerZygoteSocket(socketName);
// 预加载类和资源
preload();
// 启动 system_server
if (startSystemServer) {
startSystemServer(abiList, socketName);
}
// 进入循环模式,等待孵化进程
runSelectLoop(abiList);
closeServerSocket();
} catch (MethodAndArgsCaller caller) {
caller.run();
} catch (RuntimeException ex) {
closeServerSocket();
throw ex;
}
}
private static void registerZygoteSocket(String socketName) {
if (sServerSocket == null) {
int fileDesc;
final String fullSocketName = ANDROID_SOCKET_PREFIX + socketName;
try {
String env = System.getenv(fullSocketName);
fileDesc = Integer.parseInt(env);
} catch (RuntimeException ex) {
...
}
try {
FileDescriptor fd = new FileDescriptor();
// 设置文件描述符
fd.setInt$(fileDesc);
// 创建 Socket 的本地服务端
sServerSocket = new LocalServerSocket(fd);
} catch (IOException ex) {
...
}
}
}
static void preload() {
// 预加载位于 /system/etc/preloaded-classes 文件中的类
preloadClasses();
// 预加载资源,包含 drawable 和 color 资源
preloadResources();
// 预加载 OpenGL
preloadOpenGL();
// 通过 System.loadLibrary() 方法,
// 预加载 "android", "compiler_rt", "jnigraphics" 这3个共享库
preloadSharedLibraries();
// 预加载 文本连接符资源
preloadTextResources();
// 仅用于 zygote 进程,用于内存共享的进程
WebViewFactory.prepareWebViewInZygote();
}
private static boolean startSystemServer(String abiList, String socketName) throws MethodAndArgsCaller, RuntimeException {
...
// 设置一些参数
String args[] = {
"--setuid=1000",
"--setgid=1000",
"--setgroups=1001,1002,1003,1004,1005,1006,1007,1008,1009,1010,1018,1021,1032,3001,3002,3003,3006,3007",
"--capabilities=" + capabilities + "," + capabilities,
"--nice-name=system_server",
"--runtime-args",
"com.android.server.SystemServer",
};
ZygoteConnection.Arguments parsedArgs = null;
int pid;
try {
...
// fork 创建 system_server 进程,后面会具体分析
pid = Zygote.forkSystemServer(
parsedArgs.uid, parsedArgs.gid,
parsedArgs.gids,
parsedArgs.debugFlags,
null,
parsedArgs.permittedCapabilities,
parsedArgs.effectiveCapabilities);
} catch (IllegalArgumentException ex) {
throw new RuntimeException(ex);
}
// pid == 0 代表子进程,也就是 system_server 进程
if (pid == 0) {
// 执行初始化 system_server 进程
handleSystemServerProcess(parsedArgs);
}
return true;
}
private static void runSelectLoop(String abiList) throws MethodAndArgsCaller {
ArrayList<FileDescriptor> fds = new ArrayList<FileDescriptor>();
ArrayList<ZygoteConnection> peers = new ArrayList<ZygoteConnection>();
// sServerSocket 是 registerZygoteSocket 中创建的,即 zygote 进程。保存到 fds[0]
fds.add(sServerSocket.getFileDescriptor());
peers.add(null);
while (true) {
// 给 pollFds 设置参数,fds.size 是 1 ,也就是说 pollFds 里面只有 sServerSocket.getFileDescriptor()
StructPollfd[] pollFds = new StructPollfd[fds.size()];
for (int i = 0; i < pollFds.length; ++i) {
pollFds[i] = new StructPollfd();
pollFds[i].fd = fds.get(i);
pollFds[i].events = (short) POLLIN;
}
try {
// 处理轮询状态,当 pollFds 有事件到来则往下执行,否则阻塞在这里
Os.poll(pollFds, -1);
} catch (ErrnoException ex) {
...
}
for (int i = pollFds.length - 1; i >= 0; --i) {
if (i == 0) {
// 即fds[0],代表的是 sServerSocket,则意味着有客户端连接请求;
// 则创建 ZygoteConnection 对象,并添加到 fds。
ZygoteConnection newPeer = acceptCommandPeer(abiList);
peers.add(newPeer);
//添加到 fds.
fds.add(newPeer.getFileDesciptor());
} else {
// i>0,则代表通过 socket 接收来自对端的数据,并执行相应操作
boolean done = peers.get(i).runOnce();
if (done) {
peers.remove(i);
// 处理完则从fds中移除该文件描述符
fds.remove(i);
}
}
}
}
}
boolean runOnce() throws ZygoteInit.MethodAndArgsCaller {
String args[];
Arguments parsedArgs = null;
FileDescriptor[] descriptors;
try {
// 读取 socket 客户端发送过来的参数列表
args = readArgumentList();
descriptors = mSocket.getAncillaryFileDescriptors();
} catch (IOException ex) {
...
return true;
}
...
try {
// 将 binder 客户端传递过来的参数,解析成 Arguments 对象格式
parsedArgs = new Arguments(args);
...
// fork 创建一个新的进程
pid = Zygote.forkAndSpecialize(parsedArgs.uid, parsedArgs.gid, parsedArgs.gids,
parsedArgs.debugFlags, rlimits, parsedArgs.mountExternal, parsedArgs.seInfo,
parsedArgs.niceName, fdsToClose, parsedArgs.instructionSet,
parsedArgs.appDataDir);
} catch (Exception e) {
...
}
try {
if (pid == 0) {
// pid == 0 执行子进程的逻辑
IoUtils.closeQuietly(serverPipeFd);
serverPipeFd = null;
// 进入子进程流程
handleChildProc(parsedArgs, descriptors, childPipeFd, newStderr);
return true;
} else {
// pid>0 执行父进程的逻辑
IoUtils.closeQuietly(childPipeFd);
childPipeFd = null;
return handleParentProc(pid, descriptors, serverPipeFd, parsedArgs);
}
} finally {
IoUtils.closeQuietly(childPipeFd);
IoUtils.closeQuietly(serverPipeFd);
}
}
相信有很多哥们跟我有一样的感受,刚开始部分代码看起来晦涩难懂。其实刚开始很多地方没必要去死抠,我们先了解整个流程,后面具体细节再慢慢啃。最后再来总结一下:Zygote 进程是由 init 进程解析 init.rc 脚本创建的,其具体的执行源码是在 App_main.main 方法,首先会创建一个虚拟机实例,然后注册 JNI 方法,最后通过 JNI 调用进入 Java 世界来到 ZygoteInit.main 方法。在 Java 世界中我们会为 Zygote 注册 socket 用于进程间通信,预加载一些通用的类和资源,启动 system_server 进程,循环等待孵化创建新的进程。
至于怎么启动的 system_server 进程,如何孵化新的进程,我们到后面再去具体分析,目前我们只需知道 zygote 具体干了些什么就好。最后我们不妨思考一个问题:Android 为什么要用 zygote 来孵化进程?