了解 PackageManagerService 如何安装 android 应用程序 [英] Understanding how android app is installed by PackageManagerService
问题描述
所以我一直在研究 AOSP,试图弄清楚 Android 应用程序是如何安装的.到目前为止,这是我所在的位置:
So I've been digging around AOSP trying to figure out how an android app is installed. So far this is where I'm at:
apk 文件将从 PackageInstallerActivity 发送到 InstallAppProgress,在那里它调用 PackageManager 方法 installPackage().
The apk File will be sent from PackageInstallerActivity to InstallAppProgress where it invokes the PackageManager method installPackage().
之前对 PackageManager 的调用被定向到 PackageManagerService,借助 AIDL 的魔力(我花了一些时间才理解这一点).
The previous call to PackageManager gets directed to the PackageManagerService, with the magic of AIDL (took some time for me to understand this).
在核心方法 installPackageWithVerification() 中,会创建 PackageHandler 的一个实例,并使用一堆状态代码(如 INIT_COPY、PACKAGE_VERIFIED 等)以稳健的方式传递消息.
In the core method installPackageWithVerification() an instance of the PackageHandler gets created and the message passing takes place in a robust way with the usage of a bunch of status codes like INIT_COPY, PACKAGE_VERIFIED etc.
根据在处理程序中收到的消息的状态代码,操作发生.从 INIT_COPY 开始 - 将包添加到挂起安装列表并调用带有代码 MCS_BOUND 的消息.
Based on the status codes of the messages received in the Handler the ops takes place. To start of with INIT_COPY - adds the package to the list of pending installs and invokes message with code MCS_BOUND.
这会复制从 apk 文件中提取的基本文件,如数据文件.
This copies the basic files extracted from the apk files like the data files.
在车道下方的某处出现带有标志 CHECK_PENDING_VERIFICATION 的消息,它从待处理列表中获取包并解析条目,尤其是 AndroidManifest 文件.验证和验证诸如包签名、包名等内容.
And somewhere down in the lane come the message with flag CHECK_PENDING_VERIFICATION, which takes the package from the pending list parses the entries, especially the AndroidManifest file. Verifies and validates stuff like package signature, packageName etc etc.
然后对 updateSettingLI() 进行调用,这反过来最终会调用 3 个更重要的函数.
Then a call is made to updateSettingLI() which in turn makes 3 more important function calls eventually.
- moveDexFilesLI()
- setPermissionsLI() - 提取目录 res/文件、resources.arsc、Manifest.xml
- updatePermissionsLPw() - 调用 grantPermissionLPw - 并添加从清单文件解析的权限的 groupids
- moveDexFilesLI()
- setPermissionsLI() - extracts dir res/ files, resources.arsc, Manifest.xml
- updatePermissionsLPw() - calls grantPermissionLPw - and adds the groupids of the permissions parsed from the manifest file
此时,Package 对象具有各自的 groupid,因此直到现在我基本上能够弄清楚 Permissions 是如何转换为 groupid 的.请原谅我的咆哮,我认为这对调试 PackageManagerService 的人可能有用,尤其是 scanPackageLI 方法,它很容易在代码中迷失.
At this point of time the Package object has the respective groupids so until now I was able to figure out basically how Permissions gets transformed into groupids. Pardon my rant, I thought this might be useful for someone dubugging PackageManagerService, especially the scanPackageLI method it is easy to get lost in code.
现在是实际问题,我知道在 android 中,每个应用程序只是一个由自己的 uid 和 gids 控制的 linux 进程.我们有上面的 gids 我想知道如何从 PackageManagerService 将其转换为 linux 进程.
Now the actual question, I know figuratively in android each app is nothing but a linux process controlled with its own uid and gids. We have the gids from the above I want to know how from the PackageManagerService this gets transformed to a linux process.
我知道已安装"在安装过程中也起着至关重要的作用.但是我找不到为正在安装的包(linux 中的进程)设置权限或访问权限(根据 linux 术语)的链接?
I know "installd" also plays a crucial role in the install process. But I was unable to find the link where the permissions or access rights (according to linux teminology) is set for the package (process in linux) being installed?
请帮助我.
推荐答案
很好的问题.但是要找到问题的答案,您需要稍微研究另一个方向,即流程的开始.您可能知道在 Android 中有一个称为 Zygote 的特殊进程.这是一个预热过程(意味着在它的内存中已经加载了一些库)并且从这个过程中所有 Android 进程都被分叉了.
Very good question. But to find the answer to your question you need to look into slightly another direction, namely start of processes. As you may know in Android there is a special process called Zygote. This is a pre-warmed process (meaning that in its memory there are already some libraries loaded) and from this process all Android processes are forked off.
当你启动一个应用程序时,Android系统通过一个socket向Zygote发送一个命令来创建一个新的进程.在此命令中,还会发送一组基于权限分配给应用程序的 gid.在 Zygote 创建一个新进程后,它会设置传递的 gids.因此,分叉进程接收其 uid 和 gids.但是这个过程只与权限相关,权限被映射到 gids.
When you start an application, Android system sends a command through a socket to Zygote to create a new process. Within this command also a set of gids assigned to the application based on permissions is sent. After Zygote has created a new process it setgid the passed gids. Thus, the forked process receives its uid and gids. But this process only relevant for permissions, which are mapped onto gids.
这篇关于了解 PackageManagerService 如何安装 android 应用程序的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
