@guhuizaifeiyang
2017-09-27T09:24:12.000000Z
字数 6621
阅读 1819
init进程的执行过程分析
开关机流程
Init进程,它是Linux内核启动之后运行的第一个进程。它的进程号是1,并且生命周期贯穿整个linux 内核运行的始终。
linux中所有其它的进程的共同祖先均为init进程,可以通过“adb shell ps | grep init”查看进程号。
Android init进程的入口文件在system/core/init/init.cpp中,由于init是命令行程序,所以分析init.cpp首先应从main函数开始:
时序图:
main()
system/core/init/init.cpp
- "ueventd"和"watchdogd"执行的是另外的入口
- 挂载文件系统
- 屏蔽标准的输入输出/初始化内核log系统,初始化log系统。
- selinux初始化
- 重新设置属性
- 处理子进程kill时的情况
- 加载default.prop中的属性
- 解析init.rc
int main(int argc, char** argv) {// (1) "ueventd"和"watchdogd"执行的是另外的入口if (!strcmp(basename(argv[0]), "ueventd")) {return ueventd_main(argc, argv);}if (!strcmp(basename(argv[0]), "watchdogd")) {return watchdogd_main(argc, argv);}/* umask是Linux函数,用来控制权限。文件的默认权限是644,目录是755。umask(0)表示赋予文件和目录所有的默认权限,即不去除任何权限。*/// Clear the umask.umask(0);// 添加PATH=_PATH_DEFPATH _PATH_DEFPATH="/usr/bin:/bin"add_environment("PATH", _PATH_DEFPATH);bool is_first_stage = (argc == 1) || (strcmp(argv[1], "--second-stage") != 0);// Get the basic filesystem setup we need put together in the initramdisk// on / and then we'll let the rc file figure out the rest.// (2) 挂载文件系统if (is_first_stage) {// 挂载tmpfs文件系统mount("tmpfs", "/dev", "tmpfs", MS_NOSUID, "mode=0755");mkdir("/dev/pts", 0755);mkdir("/dev/socket", 0755);// 挂载devpts文件系统mount("devpts", "/dev/pts", "devpts", 0, NULL);#define MAKE_STR(x) __STRING(x)// 挂载proc文件系统mount("proc", "/proc", "proc", 0, "hidepid=2,gid=" MAKE_STR(AID_READPROC));// 挂载sysfs文件系统mount("sysfs", "/sys", "sysfs", 0, NULL);}// We must have some place other than / to create the device nodes for// kmsg and null, otherwise we won't be able to remount / read-only// later on. Now that tmpfs is mounted on /dev, we can actually talk// to the outside world.// (3) 屏蔽标准的输入输出/初始化内核log系统,初始化log系统。open_devnull_stdio();klog_init(); // 创建/dev/kmsg,保存内核log。klog_set_level(KLOG_NOTICE_LEVEL); // 设置log级别为5// 首次启动is_first_stage=first stage,再次启动is_first_stage=second stage。NOTICE("init %s started!\n", is_first_stage ? "first stage" : "second stage");if (!is_first_stage) {// Indicate that booting is in progress to background fw loaders, etc.close(open("/dev/.booting", O_WRONLY | O_CREAT | O_CLOEXEC, 0000));// 初始化属性(具体实现,还有待探究)property_init();// If arguments are passed both on the command line and in DT,// properties set in DT always have priority over the command-line ones.// (待探究)process_kernel_dt();process_kernel_cmdline();// Propagate the kernel variables to internal variables// used by init as well as the current required properties.export_kernel_boot_props();}// Set up SELinux, including loading the SELinux policy if we're in the kernel domain.// (4) selinux初始化(待探究)/* selinux有两种工作模式:1、"permissive",所有的操作都被允许(即没有MAC),但是如果违反权限的话,会记录日志2、"enforcing",所有操作都会进行权限检查。在一般的终端中,应该工作于enforing模式adb shell getenforce 查看selinux模式adb shell setenforce 0 命令进入permissive模式adb shell setenforce 1 命令进入Enforcing模式 */selinux_initialize(is_first_stage);// If we're in the kernel domain, re-exec init to transition to the init domain now// that the SELinux policy has been loaded.// (5) 重新设置属性if (is_first_stage) {if (restorecon("/init") == -1) { // restorecon命令用来恢复SELinux文件属性来自: http://man.linuxde.net/restoreconERROR("restorecon failed: %s\n", strerror(errno));security_failure();}char* path = argv[0];char* args[] = { path, const_cast<char*>("--second-stage"), nullptr }; //设置参数--second-stage// 执行init进程,重新进入main函数if (execv(path, args) == -1) {ERROR("execv(\"%s\") failed: %s\n", path, strerror(errno));security_failure();}}// These directories were necessarily created before initial policy load// and therefore need their security context restored to the proper value.// This must happen before /dev is populated by ueventd.NOTICE("Running restorecon...\n");restorecon("/dev");restorecon("/dev/socket");restorecon("/dev/__properties__");restorecon("/property_contexts");restorecon_recursive("/sys");// 创建epoll句柄(暂时不清楚用途)epoll_fd = epoll_create1(EPOLL_CLOEXEC);if (epoll_fd == -1) {ERROR("epoll_create1 failed: %s\n", strerror(errno));exit(1);}// (6) signal_handler_init函数就是处理子进程kill时的情况signal_handler_init();// (7) 加载default.prop中的属性property_load_boot_defaults();// 读取"ro.oem_unlock_supported"属性值export_oem_lock_status();// start_property_service函数创建了socket,然后监听,并且调用register_epoll_handler函数把socket的fd放入了epoll中。start_property_service();const BuiltinFunctionMap function_map;Action::set_function_map(&function_map);// (8) 解析init.rcParser& parser = Parser::GetInstance();parser.AddSectionParser("service",std::make_unique<ServiceParser>());parser.AddSectionParser("on", std::make_unique<ActionParser>());parser.AddSectionParser("import", std::make_unique<ImportParser>());parser.ParseConfig("/init.rc");// ...return 0;}
open_devnull_stdio()
Util.cpp
void open_devnull_stdio(void){// Try to avoid the mknod() call if we can. Since SELinux makes// a /dev/null replacement available for free, let's use it.int fd = open("/sys/fs/selinux/null", O_RDWR);if (fd == -1) {// OOPS, /sys/fs/selinux/null isn't available, likely because// /sys/fs/selinux isn't mounted. Fall back to mknod.static const char *name = "/dev/__null__";if (mknod(name, S_IFCHR | 0600, (1 << 8) | 3) == 0) {fd = open(name, O_RDWR);unlink(name);}if (fd == -1) {exit(1);}}dup2(fd, 0); // 复制文件描述符fd到0(标准输入)dup2(fd, 1); // 复制文件描述符fd到1(标准输出)dup2(fd, 2); // 复制文件描述符fd到2(错误输出)if (fd > 2) {close(fd);}}
这个函数调用dup函数把标准输入,输出,错误输出都重定位到/dev/null,如果需要在后面的程序中看到打印的话需要屏蔽这个函数。
klog_init()
Klog.c
void klog_init(void) {if (klog_fd >= 0) return; /* Already initialized */klog_fd = open("/dev/kmsg", O_WRONLY | O_CLOEXEC);if (klog_fd >= 0) {return;}static const char* name = "/dev/__kmsg__";if (mknod(name, S_IFCHR | 0600, (1 << 8) | 11) == 0) {klog_fd = open(name, O_WRONLY | O_CLOEXEC);unlink(name);}}
创建/dev/kmsg/,保存内核的log。
property_init()
property_service.cpp
void property_init() {if (__system_property_area_init()) {ERROR("Failed to initialize property area\n");exit(1);}}bionic\libc\bionic\System_properties.cppint __system_property_area_init(){free_and_unmap_contexts();mkdir(property_filename, S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH);if (!initialize_properties()) {return -1;}bool open_failed = false;bool fsetxattr_failed = false;list_foreach(contexts, [&fsetxattr_failed, &open_failed](context_node* l) {if (!l->open(true, &fsetxattr_failed)) {open_failed = true;}});if (open_failed || !map_system_property_area(true, &fsetxattr_failed)) {free_and_unmap_contexts();return -1;}initialized = true;return fsetxattr_failed ? -2 : 0;}
signal_handler_init()
Note:init是一个守护进程,为了防止init的子进程成为僵尸进程(zombie process),需要init在子进程结束时获取子进程的结束码,通过结束码将程序表中的子进程移除,防止成为僵尸进程的子进程占用程序表的空间(程序表的空间达到上限时,系统就不能再启动新的进程了,会引起严重的系统问题)。
system/core/init/Singal_handler.cpp
void signal_handler_init() {// // 在linux当中,父进程是通过捕捉SIGCHLD信号来得知子进程运行结束的情况// Create a signalling mechanism for SIGCHLD.int s[2];if (socketpair(AF_UNIX, SOCK_STREAM | SOCK_NONBLOCK | SOCK_CLOEXEC, 0, s) == -1) {ERROR("socketpair failed: %s\n", strerror(errno));exit(1);}signal_write_fd = s[0];signal_read_fd = s[1];// Write to signal_write_fd if we catch SIGCHLD.struct sigaction act;memset(&act, 0, sizeof(act));act.sa_handler = SIGCHLD_handler;act.sa_flags = SA_NOCLDSTOP;sigaction(SIGCHLD, &act, 0);ServiceManager::GetInstance().ReapAnyOutstandingChildren();register_epoll_handler(signal_read_fd, handle_signal);}
