Android应用程序安装过程源代码分析

最后更新于:2022-04-02 05:05:42

原文出处——>[Android应用程序安装过程源代码分析](http://blog.csdn.net/luoshengyang/article/details/6766010) Android系统在启动的过程中,会启动一个应用程序管理服务PackageManagerService,这个服务负责扫描系统中特定的目录,找到里面的应用程序文件,即以Apk为后缀的文件,然后对这些文件进解析,得到应用程序的相关信息,完成应用程序的安装过程,本文将详细分析这个过程。 应用程序管理服务PackageManagerService安装应用程序的过程,其实就是解析析应用程序配置文件AndroidManifest.xml的过程,并从里面得到得到应用程序的相关信息,例如得到应用程序的组件Activity、Service、Broadcast Receiver和Content Provider等信息,有了这些信息后,通过ActivityManagerService这个服务,我们就可以在系统中正常地使用这些应用程序了。 应用程序管理服务PackageManagerService是系统启动的时候由SystemServer组件启动的,启后它就会执行应用程序安装的过程,因此,本文将从SystemServer启动PackageManagerService服务的过程开始分析系统中的应用程序安装的过程。 应用程序管理服务PackageManagerService从启动到安装应用程序的过程如下图所示: ![](https://docs.gechiui.com/gc-content/uploads/sites/kancloud/13ff462957a790adb7ab26cc45369cf6_697x768.jpg) 下面我们具体分析每一个步骤。 **Step 1. SystemServer.main** 这个函数定义在frameworks/base/services/java/com/android/server/SystemServer.java文件中: ~~~ public class SystemServer { ...... native public static void init1(String[] args); ...... public static void main(String[] args) { ...... init1(args); ...... } ...... } ~~~ SystemServer组件是由Zygote进程负责启动的,启动的时候就会调用它的main函数,这个函数主要调用了JNI方法init1来做一些系统初始化的工作。 **Step 2. SystemServer.init1** 这个函数是一个JNI方法,实现在 frameworks/base/services/jni/com_android_server_SystemServer.cpp文件中: ~~~ namespace android { extern "C" int system_init(); static void android_server_SystemServer_init1(JNIEnv* env, jobject clazz) { system_init(); } /* * JNI registration. */ static JNINativeMethod gMethods[] = { /* name, signature, funcPtr */ { "init1", "([Ljava/lang/String;)V", (void*) android_server_SystemServer_init1 }, }; int register_android_server_SystemServer(JNIEnv* env) { return jniRegisterNativeMethods(env, "com/android/server/SystemServer", gMethods, NELEM(gMethods)); } }; // namespace android ~~~ 这个函数很简单,只是调用了system_init函数来进一步执行操作。 **Step 3. libsystem_server.system_init** 函数system_init实现在libsystem_server库中,源代码位于frameworks/base/cmds/system_server/library/system_init.cpp文件中: ~~~ extern "C" status_t system_init() { LOGI("Entered system_init()"); sp proc(ProcessState::self()); sp sm = defaultServiceManager(); LOGI("ServiceManager: %p\n", sm.get()); sp grim = new GrimReaper(); sm->asBinder()->linkToDeath(grim, grim.get(), 0); char propBuf[PROPERTY_VALUE_MAX]; property_get("system_init.startsurfaceflinger", propBuf, "1"); if (strcmp(propBuf, "1") == 0) { // Start the SurfaceFlinger SurfaceFlinger::instantiate(); } // Start the sensor service SensorService::instantiate(); // On the simulator, audioflinger et al don't get started the // same way as on the device, and we need to start them here if (!proc->supportsProcesses()) { // Start the AudioFlinger AudioFlinger::instantiate(); // Start the media playback service MediaPlayerService::instantiate(); // Start the camera service CameraService::instantiate(); // Start the audio policy service AudioPolicyService::instantiate(); } // And now start the Android runtime. We have to do this bit // of nastiness because the Android runtime initialization requires // some of the core system services to already be started. // All other servers should just start the Android runtime at // the beginning of their processes's main(), before calling // the init function. LOGI("System server: starting Android runtime.\n"); AndroidRuntime* runtime = AndroidRuntime::getRuntime(); LOGI("System server: starting Android services.\n"); runtime->callStatic("com/android/server/SystemServer", "init2"); // If running in our own process, just go into the thread // pool. Otherwise, call the initialization finished // func to let this process continue its initilization. if (proc->supportsProcesses()) { LOGI("System server: entering thread pool.\n"); ProcessState::self()->startThreadPool(); IPCThreadState::self()->joinThreadPool(); LOGI("System server: exiting thread pool.\n"); } return NO_ERROR; } ~~~ 这个函数首先会初始化SurfaceFlinger、SensorService、AudioFlinger、MediaPlayerService、CameraService和AudioPolicyService这几个服务,然后就通过系统全局唯一的AndroidRuntime实例变量runtime的callStatic来调用SystemServer的init2函数了。关于这个AndroidRuntime实例变量runtime的相关资料,可能参考前面一篇文章Android应用程序进程启动过程的源代码分析一文。 **Step 4. AndroidRuntime.callStatic** 这个函数定义在frameworks/base/core/jni/AndroidRuntime.cpp文件中: ~~~ /* * Call a static Java Programming Language function that takes no arguments and returns void. */ status_t AndroidRuntime::callStatic(const char* className, const char* methodName) { JNIEnv* env; jclass clazz; jmethodID methodId; env = getJNIEnv(); if (env == NULL) return UNKNOWN_ERROR; clazz = findClass(env, className); if (clazz == NULL) { LOGE("ERROR: could not find class '%s'\n", className); return UNKNOWN_ERROR; } methodId = env->GetStaticMethodID(clazz, methodName, "()V"); if (methodId == NULL) { LOGE("ERROR: could not find method %s.%s\n", className, methodName); return UNKNOWN_ERROR; } env->CallStaticVoidMethod(clazz, methodId); return NO_ERROR; } ~~~ 这个函数调用由参数className指定的java类的静态成员函数,这个静态成员函数是由参数methodName指定的。上面传进来的参数className的值为"com/android/server/SystemServer",而参数methodName的值为"init2",因此,接下来就会调用SystemServer类的init2函数了。 **Step 5. SystemServer.init2** 这个函数定义在frameworks/base/services/java/com/android/server/SystemServer.java文件中: ~~~ public class SystemServer { ...... public static final void init2() { Slog.i(TAG, "Entered the Android system server!"); Thread thr = new ServerThread(); thr.setName("android.server.ServerThread"); thr.start(); } } ~~~ 这个函数创建了一个ServerThread线程,PackageManagerService服务就是这个线程中启动的了。这里调用了ServerThread实例thr的start函数之后,下面就会执行这个实例的run函数了。 **Step 6. ServerThread.run** 这个函数定义在frameworks/base/services/java/com/android/server/SystemServer.java文件中: ~~~ class ServerThread extends Thread { ...... @Override public void run() { ...... IPackageManager pm = null; ...... // Critical services... try { ...... Slog.i(TAG, "Package Manager"); pm = PackageManagerService.main(context, factoryTest != SystemServer.FACTORY_TEST_OFF); ...... } catch (RuntimeException e) { Slog.e("System", "Failure starting core service", e); } ...... } ...... } ~~~ 这个函数除了启动PackageManagerService服务之外,还启动了其它很多的服务,例如在前面学习Activity和Service的几篇文章中经常看到的ActivityManagerService服务,有兴趣的读者可以自己研究一下。 **Step 7. PackageManagerService.main** 这个函数定义在frameworks/base/services/java/com/android/server/PackageManagerService.java文件中: ~~~ class PackageManagerService extends IPackageManager.Stub { ...... public static final IPackageManager main(Context context, boolean factoryTest) { PackageManagerService m = new PackageManagerService(context, factoryTest); ServiceManager.addService("package", m); return m; } ...... } ~~~ 这个函数创建了一个PackageManagerService服务实例,然后把这个服务添加到ServiceManager中去,ServiceManager是Android系统Binder进程间通信机制的守护进程,负责管理系统中的Binder对象,具体可以参考浅谈Service Manager成为Android进程间通信(IPC)机制Binder守护进程之路一文。 在创建这个PackageManagerService服务实例时,会在PackageManagerService类的构造函数中开始执行安装应用程序的过程: ~~~ class PackageManagerService extends IPackageManager.Stub { ...... public PackageManagerService(Context context, boolean factoryTest) { ...... synchronized (mInstallLock) { synchronized (mPackages) { ...... File dataDir = Environment.getDataDirectory(); mAppDataDir = new File(dataDir, "data"); mSecureAppDataDir = new File(dataDir, "secure/data"); mDrmAppPrivateInstallDir = new File(dataDir, "app-private"); ...... mFrameworkDir = new File(Environment.getRootDirectory(), "framework"); mDalvikCacheDir = new File(dataDir, "dalvik-cache"); ...... // Find base frameworks (resource packages without code). mFrameworkInstallObserver = new AppDirObserver( mFrameworkDir.getPath(), OBSERVER_EVENTS, true); mFrameworkInstallObserver.startWatching(); scanDirLI(mFrameworkDir, PackageParser.PARSE_IS_SYSTEM | PackageParser.PARSE_IS_SYSTEM_DIR, scanMode | SCAN_NO_DEX, 0); // Collect all system packages. mSystemAppDir = new File(Environment.getRootDirectory(), "app"); mSystemInstallObserver = new AppDirObserver( mSystemAppDir.getPath(), OBSERVER_EVENTS, true); mSystemInstallObserver.startWatching(); scanDirLI(mSystemAppDir, PackageParser.PARSE_IS_SYSTEM | PackageParser.PARSE_IS_SYSTEM_DIR, scanMode, 0); // Collect all vendor packages. mVendorAppDir = new File("/vendor/app"); mVendorInstallObserver = new AppDirObserver( mVendorAppDir.getPath(), OBSERVER_EVENTS, true); mVendorInstallObserver.startWatching(); scanDirLI(mVendorAppDir, PackageParser.PARSE_IS_SYSTEM | PackageParser.PARSE_IS_SYSTEM_DIR, scanMode, 0); mAppInstallObserver = new AppDirObserver( mAppInstallDir.getPath(), OBSERVER_EVENTS, false); mAppInstallObserver.startWatching(); scanDirLI(mAppInstallDir, 0, scanMode, 0); mDrmAppInstallObserver = new AppDirObserver( mDrmAppPrivateInstallDir.getPath(), OBSERVER_EVENTS, false); mDrmAppInstallObserver.startWatching(); scanDirLI(mDrmAppPrivateInstallDir, PackageParser.PARSE_FORWARD_LOCK, scanMode, 0); ...... } } } ...... } ~~~ 这里会调用scanDirLI函数来扫描移动设备上的下面这五个目录中的Apk文件: * /system/framework * /system/app * /vendor/app * /data/app * /data/app-private **Step 8. PackageManagerService.scanDirLI** 这个函数定义在frameworks/base/services/java/com/android/server/PackageManagerService.java文件中: ~~~ class PackageManagerService extends IPackageManager.Stub { ...... private void scanDirLI(File dir, int flags, int scanMode, long currentTime) { String[] files = dir.list(); ...... int i; for (i=0; i outerDepth)) { if (type == parser.END_TAG || type == parser.TEXT) { continue; } String tagName = parser.getName(); if (tagName.equals("application")) { ...... if (!parseApplication(pkg, res, parser, attrs, flags, outError)) { return null; } } else if (tagName.equals("permission-group")) { ...... } else if (tagName.equals("permission")) { ...... } else if (tagName.equals("permission-tree")) { ...... } else if (tagName.equals("uses-permission")) { ...... } else if (tagName.equals("uses-configuration")) { ...... } else if (tagName.equals("uses-feature")) { ...... } else if (tagName.equals("uses-sdk")) { ...... } else if (tagName.equals("supports-screens")) { ...... } else if (tagName.equals("protected-broadcast")) { ...... } else if (tagName.equals("instrumentation")) { ...... } else if (tagName.equals("original-package")) { ...... } else if (tagName.equals("adopt-permissions")) { ...... } else if (tagName.equals("uses-gl-texture")) { ...... } else if (tagName.equals("compatible-screens")) { ...... } else if (tagName.equals("eat-comment")) { ...... } else if (RIGID_PARSER) { ...... } else { ...... } } ...... return pkg; } ...... } ~~~ 这里就是对AndroidManifest.xml文件中的各个标签进行解析了,各个标签的含义可以参考官方文档http://developer.android.com/guide/topics/manifest/manifest-intro.html, 这里我们只简单看一下application标签的解析,这是通过调用parseApplication函数来进行的。 **Step 11. PackageParser.parseApplication** 这个函数定义在frameworks/base/core/java/android/content/pm/PackageParser.java文件中: ~~~ public class PackageParser { ...... private boolean parseApplication(Package owner, Resources res, XmlPullParser parser, AttributeSet attrs, int flags, String[] outError) throws XmlPullParserException, IOException { final ApplicationInfo ai = owner.applicationInfo; final String pkgName = owner.applicationInfo.packageName; TypedArray sa = res.obtainAttributes(attrs, com.android.internal.R.styleable.AndroidManifestApplication); ...... int type; while ((type=parser.next()) != parser.END_DOCUMENT && (type != parser.END_TAG || parser.getDepth() > innerDepth)) { if (type == parser.END_TAG || type == parser.TEXT) { continue; } String tagName = parser.getName(); if (tagName.equals("activity")) { Activity a = parseActivity(owner, res, parser, attrs, flags, outError, false); ...... owner.activities.add(a); } else if (tagName.equals("receiver")) { Activity a = parseActivity(owner, res, parser, attrs, flags, outError, true); ...... owner.receivers.add(a); } else if (tagName.equals("service")) { Service s = parseService(owner, res, parser, attrs, flags, outError); ...... owner.services.add(s); } else if (tagName.equals("provider")) { Provider p = parseProvider(owner, res, parser, attrs, flags, outError); ...... owner.providers.add(p); } else if (tagName.equals("activity-alias")) { Activity a = parseActivityAlias(owner, res, parser, attrs, flags, outError); ...... owner.activities.add(a); } else if (parser.getName().equals("meta-data")) { ...... } else if (tagName.equals("uses-library")) { ...... } else if (tagName.equals("uses-package")) { ...... } else { ...... } } return true; } ...... } ~~~ 这里就是对AndroidManifest.xml文件中的application标签进行解析了,我们常用到的标签就有activity、service、receiver和provider,各个标签的含义可以参考官方文档http://developer.android.com/guide/topics/manifest/manifest-intro.html。 这里解析完成后,一层层返回到Step 9中,调用另一个版本的scanPackageLI函数把来解析后得到的应用程序信息保存下来。 **Step 12. PackageManagerService.scanPackageLI** 这个函数定义在frameworks/base/services/java/com/android/server/PackageManagerService.java文件中: ~~~ class PackageManagerService extends IPackageManager.Stub { ...... // Keys are String (package name), values are Package. This also serves // as the lock for the global state. Methods that must be called with // this lock held have the prefix "LP". final HashMap mPackages = new HashMap(); ...... // All available activities, for your resolving pleasure. final ActivityIntentResolver mActivities = new ActivityIntentResolver(); // All available receivers, for your resolving pleasure. final ActivityIntentResolver mReceivers = new ActivityIntentResolver(); // All available services, for your resolving pleasure. final ServiceIntentResolver mServices = new ServiceIntentResolver(); // Keys are String (provider class name), values are Provider. final HashMap mProvidersByComponent = new HashMap(); ...... private PackageParser.Package scanPackageLI(PackageParser.Package pkg, int parseFlags, int scanMode, long currentTime) { ...... synchronized (mPackages) { ...... // Add the new setting to mPackages mPackages.put(pkg.applicationInfo.packageName, pkg); ...... int N = pkg.providers.size(); int i; for (i=0; i ';