通过知道了SystemServer是怎么通过利用JNI,但相继的问题出现了:SystemServer是干嘛用的?本人从《深入理解Android 卷2》截取摘录这一问题的回答:
SystemServer是什么?它是Android Java的两大支柱之一。另外一个支柱是专门负责孵化Java进程的Zygote。这两大支柱倒了一个,都会导致Android Java的崩溃(所有由Zygote孵化的Java进程都会被销毁,而SystemServer就是由Zygote孵化而来)。若Android Java真的崩溃了,则Linux系统中的进程init会重新启动“两大支柱”以重建Android Java。
SystemServer和系统服务有着重要关系。Android系统中几乎所有的核心服务都在这个进程中,如ActivityManagerService、PowerManagerService和WindowManagerService等。那么,作为这些服务的大本营,SystemServer会是什么样的呢?
其中“SystemServer会是什么样的呢?“知道了一些,但不知道SystemServer怎么就是服务的大本营了?在回去看看SystemServer.java。打开Source Insight项目,发现代码如下:
public static final void init2() { Slog.i(TAG, "Entered the Android system server!"); Thread thr = new ServerThread(); thr.setName("android.server.ServerThread"); thr.start(); } 又看见ini2函数了,这个函数主要的功能是创建新的线程ServerThread,所以当它执行start时,我们应该找到这个类的override的run()函数,在同样的SystemServer.java中找到了ServerThread类的run函数,这个函数长的有点令人发指,但再仔细看发现其中有很多”重复的相似的代码“,各种***Service、null、ServiceManager.addService("***",new ***)和try{}catch(){}、以及Slog.i()等等,不愧是大本营,几乎所有的服务都在这里汇集ServiceManager.addService("***",new ***),有人这些服务进行归类,一共六大类。我自己从这长长的run函数中截取皮毛代码,如下所示:
LightsService lights = null; PowerManagerService power = null; BatteryService battery = null; AlarmManagerService alarm = null; NetworkManagementService networkManagement = null; NetworkStatsService networkStats = null; NetworkPolicyManagerService networkPolicy = null; ConnectivityService connectivity = null; WifiP2pService wifiP2p = null; WifiService wifi = null; IPackageManager pm = null; Context context = null; WindowManagerService wm = null; BluetoothService bluetooth = null; BluetoothA2dpService bluetoothA2dp = null; DockObserver dock = null; UsbService usb = null; UiModeManagerService uiMode = null; RecognitionManagerService recognition = null; ThrottleService throttle = null; NetworkTimeUpdateService networkTimeUpdater = null; // Critical services... try { Slog.i(TAG, "Entropy Service"); ServiceManager.addService("entropy", new EntropyService()); Slog.i(TAG, "Power Manager"); power = new PowerManagerService(); ServiceManager.addService(Context.POWER_SERVICE, power); Slog.i(TAG, "Activity Manager"); context = ActivityManagerService.main(factoryTest); Slog.i(TAG, "Telephony Registry"); ServiceManager.addService("telephony.registry", new TelephonyRegistry(context)); AttributeCache.init(context); Slog.i(TAG, "Package Manager"); // Only run "core" apps if we're encrypting the device. String cryptState = SystemProperties.get("vold.decrypt"); boolean onlyCore = false; if (ENCRYPTING_STATE.equals(cryptState)) { Slog.w(TAG, "Detected encryption in progress - only parsing core apps"); onlyCore = true; } else if (ENCRYPTED_STATE.equals(cryptState)) { Slog.w(TAG, "Device encrypted - only parsing core apps"); 所以这里的最重要的一行代码就是ServiceManager.addService("***",new ***),但自己初次分析源代码,还不知道这函数具体是怎么将各种服务添加到系统中的,所以这个ServiceManager类的分析,待到自己有能力了在做总结。高深的自己不懂,只能拿软柿子来捏一捏了,这么多**service,我选择了最简单的一个EntropyService分析(要是你读过了《深入理解Android》别拍砖啊,但求指导~~~)。
找到该文件的137(貌似)代码---->ServiceManager.addService("entropy", new EntropyService()); 所以接着找到这个类EntropyService,类代码如下:public EntropyService() { this(getSystemDir() + "/entropy.dat", "/dev/urandom"); } /** Test only interface, not for public use */ public EntropyService(String entropyFile, String randomDevice) { if (randomDevice == null) { throw new NullPointerException("randomDevice"); } if (entropyFile == null) { throw new NullPointerException("entropyFile"); } this.randomDevice = randomDevice; this.entropyFile = entropyFile; loadInitialEntropy(); addDeviceSpecificEntropy(); writeEntropy(); scheduleEntropyWriter(); } 首先是调用自己的函数getSystemDir(),创建文件夹,然后返回路径名称,接着就是想在创建entropy.dat文件保存信息,最后调用另一个带两个参数的构造函数(有点废话),紧接着保存两个string参数、调用四个函数。字面的意思是初始化、添加、写入、按时间写。看第一个函数:
private void loadInitialEntropy() { try { RandomBlock.fromFile(entropyFile).toFile(randomDevice, false); } catch (IOException e) { Slog.w(TAG, "unable to load initial entropy (first boot?)", e); } } 看似简单,它是调用了RandomBlock类的静态函数fromFile,然后再写入,意思就是从"entropy.dat"写入"/dev/urandom"中,具体是什么现在也不懂,看看RandomBlock类。
class RandomBlock { private static final String TAG = "RandomBlock"; private static final boolean DEBUG = false; private static final int BLOCK_SIZE = 4096; private byte[] block = new byte[BLOCK_SIZE]; private RandomBlock() { } static RandomBlock fromFile(String filename) throws IOException { if (DEBUG) Slog.v(TAG, "reading from file " + filename); InputStream stream = null; try { stream = new FileInputStream(filename); return fromStream(stream); } finally { close(stream); } } private static RandomBlock fromStream(InputStream in) throws IOException { RandomBlock retval = new RandomBlock(); int total = 0; while(total < BLOCK_SIZE) { int result = in.read(retval.block, total, BLOCK_SIZE - total); if (result == -1) { throw new EOFException(); } total += result; } return retval; } void toFile(String filename, boolean sync) throws IOException { if (DEBUG) Slog.v(TAG, "writing to file " + filename); RandomAccessFile out = null; try { out = new RandomAccessFile(filename, sync ? "rws" : "rw"); toDataOut(out); truncateIfPossible(out); } finally { close(out); } } private static void truncateIfPossible(RandomAccessFile f) { try { f.setLength(BLOCK_SIZE); } catch (IOException e) { // ignore this exception. Sometimes, the file we're trying to // write is a character device, such as /dev/urandom, and // these character devices do not support setting the length. } } private void toDataOut(DataOutput out) throws IOException { out.write(block); } private static void close(Closeable c) { try { if (c == null) { return; } c.close(); } catch (IOException e) { Slog.w(TAG, "IOException thrown while closing Closeable", e); } }} 这类够绝的,不是static就是private,连构造函数都private了,明白了,先是从文件entropy.dat读出数据流,保存到block字符数组中,然后写入到urandom中,这里有两个文件操作的类FileInputStream和RandomAccessFile,让我想到了《Head First Design Pattern》中有个(装饰模式?)介绍过怎么解读Java的文件操作类之间的关系,回头好好复习一下。
第一关键函数读完了,接着第二个addDeviceSpecificEntropy函数,看代码:/** * Add additional information to the kernel entropy pool. The * information isn't necessarily "random", but that's ok. Even * sending non-random information to { @code /dev/urandom} is useful * because, while it doesn't increase the "quality" of the entropy pool, * it mixes more bits into the pool, which gives us a higher degree * of uncertainty in the generated randomness. Like nature, writes to * the random device can only cause the quality of the entropy in the * kernel to stay the same or increase. * * For maximum effect, we try to target information which varies * on a per-device basis, and is not easily observable to an * attacker. */ private void addDeviceSpecificEntropy() { PrintWriter out = null; try { out = new PrintWriter(new FileOutputStream(randomDevice)); out.println("Copyright (C) 2009 The Android Open Source Project"); out.println("All Your Randomness Are Belong To Us"); out.println(START_TIME); out.println(START_NANOTIME); out.println(SystemProperties.get("ro.serialno")); out.println(SystemProperties.get("ro.bootmode")); out.println(SystemProperties.get("ro.baseband")); out.println(SystemProperties.get("ro.carrier")); out.println(SystemProperties.get("ro.bootloader")); out.println(SystemProperties.get("ro.hardware")); out.println(SystemProperties.get("ro.revision")); out.println(new Object().hashCode()); out.println(System.currentTimeMillis()); out.println(System.nanoTime()); } catch (IOException e) { Slog.w(TAG, "Unable to add device specific data to the entropy pool", e); } finally { if (out != null) { out.close(); } } }
看着字面的理解就是首先将一些文本信息,如”Copyright (C) 2009 The Android Open Source Project“写入到这个urandom设备(姑且认为是urandom文件)中,接着将SystemProperties获取的东东写入,最后写入系统时间等,现在看看SystemProperties到底是什么东西了。看代码:
View Code public class SystemProperties{ public static final int PROP_NAME_MAX = 31; public static final int PROP_VALUE_MAX = 91; private static native String native_get(String key); private static native String native_get(String key, String def); private static native int native_get_int(String key, int def); private static native long native_get_long(String key, long def); private static native boolean native_get_boolean(String key, boolean def); private static native void native_set(String key, String def); /** * Get the value for the given key. * @return an empty string if the key isn't found * @throws IllegalArgumentException if the key exceeds 32 characters */ public static String get(String key) { if (key.length() > PROP_NAME_MAX) { throw new IllegalArgumentException("key.length > " + PROP_NAME_MAX); } return native_get(key); } /** * Get the value for the given key. * @return if the key isn't found, return def if it isn't null, or an empty string otherwise * @throws IllegalArgumentException if the key exceeds 32 characters */ public static String get(String key, String def) { if (key.length() > PROP_NAME_MAX) { throw new IllegalArgumentException("key.length > " + PROP_NAME_MAX); } return native_get(key, def); } /** * Get the value for the given key, and return as an integer. * @param key the key to lookup * @param def a default value to return * @return the key parsed as an integer, or def if the key isn't found or * cannot be parsed * @throws IllegalArgumentException if the key exceeds 32 characters */ public static int getInt(String key, int def) { if (key.length() > PROP_NAME_MAX) { throw new IllegalArgumentException("key.length > " + PROP_NAME_MAX); } return native_get_int(key, def); } /** * Get the value for the given key, and return as a long. * @param key the key to lookup * @param def a default value to return * @return the key parsed as a long, or def if the key isn't found or * cannot be parsed * @throws IllegalArgumentException if the key exceeds 32 characters */ public static long getLong(String key, long def) { if (key.length() > PROP_NAME_MAX) { throw new IllegalArgumentException("key.length > " + PROP_NAME_MAX); } return native_get_long(key, def); } /** * Get the value for the given key, returned as a boolean. * Values 'n', 'no', '0', 'false' or 'off' are considered false. * Values 'y', 'yes', '1', 'true' or 'on' are considered true. * (case sensitive). * If the key does not exist, or has any other value, then the default * result is returned. * @param key the key to lookup * @param def a default value to return * @return the key parsed as a boolean, or def if the key isn't found or is * not able to be parsed as a boolean. * @throws IllegalArgumentException if the key exceeds 32 characters */ public static boolean getBoolean(String key, boolean def) { if (key.length() > PROP_NAME_MAX) { throw new IllegalArgumentException("key.length > " + PROP_NAME_MAX); } return native_get_boolean(key, def); } /** * Set the value for the given key. * @throws IllegalArgumentException if the key exceeds 32 characters * @throws IllegalArgumentException if the value exceeds 92 characters */ public static void set(String key, String val) { if (key.length() > PROP_NAME_MAX) { throw new IllegalArgumentException("key.length > " + PROP_NAME_MAX); } if (val != null && val.length() > PROP_VALUE_MAX) { throw new IllegalArgumentException("val.length > " + PROP_VALUE_MAX); } native_set(key, val); }} 好嘛~~~这个又是和Native有关了,留给自己接着分析了(也给大家自己分析)~~~
第三个函数了,writeEntropy()看代码:private void writeEntropy() { try { RandomBlock.fromFile(randomDevice).toFile(entropyFile, true); } catch (IOException e) { Slog.w(TAG, "unable to write entropy", e); } } 这不就是和之前的相似吗?直接将urando设备的内容读出写入到entropy.dat中。
第四个函数了,scheduleEntropyWriter,看代码:private void scheduleEntropyWriter() { mHandler.removeMessages(ENTROPY_WHAT); mHandler.sendEmptyMessageDelayed(ENTROPY_WHAT, ENTROPY_WRITE_PERIOD); } 接着看看mHandler它是如何定义操作的:
/** * Handler that periodically updates the entropy on disk. */ private final Handler mHandler = new Handler() { @Override public void handleMessage(Message msg) { if (msg.what != ENTROPY_WHAT) { Slog.e(TAG, "Will not process invalid message"); return; } writeEntropy(); scheduleEntropyWriter(); } }; 具体意思就是向这个类每三个小时发送一个消息,当消息到达之后,该类会再次调用writeEntropy()。。。
现在知道这个服务是怎么进展的,但具体启动这个服务干嘛用的,有知道的教教我~~~