2. 程式人生 > >android—init.rc中on property的觸發

android—init.rc中on property的觸發

阿新 發佈:2019-02-09

在前面的文章《android—init.rc的讀取 》中主要介紹了init.rc檔案的讀取,本文主要分析init針對on property型別的屬性觸發的原理。

init中的處理過程

在init.c的main()中,

int main(int argc, char **argv)
{
    //新增property相關的action
    queue_builtin_action(property_service_init_action, "property_service_init");
}

void queue_builtin_action(int (*func)(int nargs, char
 
 **args), char *name)
{
    struct action *act;
    struct command *cmd;

    act = calloc(1, sizeof(*act));
    act->name = name;
    list_init(&act->commands);
    list_init(&act->qlist);

    cmd = calloc(1, sizeof(*cmd));
    cmd->func = func;
    cmd->args[0] = name;
    list_add_tail(&act->commands, &cmd->clist);

    list_add_tail(&action_list, &act->alist);
    //該action放到全域性的action_queue連結串列中
 

    action_add_queue_tail(act);
}

那麼當init在執行for迴圈,逐個執行action中的commands時便會執行到上面的property_service_init_action()函式,

static int property_service_init_action(int nargs, char **args)
{
    /* read any property files on system or data and
     * fire up the property service.  This must happen
     * after the ro.foo properties are set above so
     * that /data/local.prop cannot interfere with them.
     */
 

    start_property_service();
    return 0;
}

void start_property_service(void)
{
    int fd;

    load_properties_from_file(PROP_PATH_SYSTEM_BUILD);
    load_properties_from_file(PROP_PATH_SYSTEM_DEFAULT);
    load_override_properties();
    /* Read persistent properties after all default values have been loaded. */
    load_persistent_properties();


    //PROP_SERVICE_NAME為 "property_service"

    fd = create_socket(PROP_SERVICE_NAME, SOCK_STREAM, 0666, 0, 0);
    if(fd < 0) return;
    fcntl(fd, F_SETFD, FD_CLOEXEC);
    fcntl(fd, F_SETFL, O_NONBLOCK);

    listen(fd, 8);
    property_set_fd = fd;
}

/*
 * create_socket - creates a Unix domain socket in ANDROID_SOCKET_DIR
 * ("/dev/socket") as dictated in init.rc. This socket is inherited by the
 * daemon. We communicate the file descriptor's value via the environment
 * variable ANDROID_SOCKET_ENV_PREFIX<name> ("ANDROID_SOCKET_foo").
 */
int create_socket(const char *name, int type, mode_t perm, uid_t uid, gid_t gid)
{
    struct sockaddr_un addr;
    int fd, ret;
    char *secon;

    fd = socket(PF_UNIX, type, 0);
    if (fd < 0) {
        ERROR("Failed to open socket '%s': %s\n", name, strerror(errno));
        return -1;
    }

    memset(&addr, 0 , sizeof(addr));
    addr.sun_family = AF_UNIX;
    snprintf(addr.sun_path, sizeof(addr.sun_path), ANDROID_SOCKET_DIR"/%s",
             name);

    ret = unlink(addr.sun_path);
    if (ret != 0 && errno != ENOENT) {
        ERROR("Failed to unlink old socket '%s': %s\n", name, strerror(errno));
        goto out_close;
    }

    secon = NULL;
    if (sehandle) {
        ret = selabel_lookup(sehandle, &secon, addr.sun_path, S_IFSOCK);
        if (ret == 0)
            setfscreatecon(secon);
    }

    ret = bind(fd, (struct sockaddr *) &addr, sizeof (addr));
    if (ret) {
        ERROR("Failed to bind socket '%s': %s\n", name, strerror(errno));
        goto out_unlink;
    }

    setfscreatecon(NULL);
    freecon(secon);

    chown(addr.sun_path, uid, gid);
    chmod(addr.sun_path, perm);

    INFO("Created socket '%s' with mode '%o', user '%d', group '%d'\n",
         addr.sun_path, perm, uid, gid);

    return fd;

out_unlink:
    unlink(addr.sun_path);
out_close:
    close(fd);
    return -1;
}

其實init就是為property建立了一個域套接字,如下所示,名字為property_service,

這裡寫圖片描述

在建立完域套接字後,init利用poll監聽了這個fd,

        if (!property_set_fd_init && get_property_set_fd() > 0) {
            ufds[fd_count].fd = get_property_set_fd();
            ufds[fd_count].events = POLLIN;
            ufds[fd_count].revents = 0;
            fd_count++;
            property_set_fd_init = 1;
        }
 nr = poll(ufds, fd_count, timeout);
        if (nr <= 0)
            continue;

        for (i = 0; i < fd_count; i++) {
            if (ufds[i].revents == POLLIN) {
                if (ufds[i].fd == get_property_set_fd())
                    //該描述符有資料時,執行handle_property_set_fd
                    handle_property_set_fd();
                else if (ufds[i].fd == get_keychord_fd())
                    handle_keychord();
                else if (ufds[i].fd == get_signal_fd())
                    handle_signal();
            }
        }

下面是處理函式handle_property_set_fd(),基本原理就是從域套接字中讀取資料,也就是屬性name和value,

void handle_property_set_fd()
{
    prop_msg msg;
    int s;
    int r;
    int res;
    struct ucred cr;
    struct sockaddr_un addr;
    socklen_t addr_size = sizeof(addr);
    socklen_t cr_size = sizeof(cr);
    char * source_ctx = NULL;

    if ((s = accept(property_set_fd, (struct sockaddr *) &addr, &addr_size)) < 0) {
        return;
    }

    /* Check socket options here */
    if (getsockopt(s, SOL_SOCKET, SO_PEERCRED, &cr, &cr_size) < 0) {
        close(s);
        ERROR("Unable to receive socket options\n");
        return;
    }

    r = TEMP_FAILURE_RETRY(recv(s, &msg, sizeof(msg), 0));
    if(r != sizeof(prop_msg)) {
        ERROR("sys_prop: mis-match msg size received: %d expected: %d errno: %d\n",
              r, sizeof(prop_msg), errno);
        close(s);
        return;
    }

    switch(msg.cmd) {
    case PROP_MSG_SETPROP:
        msg.name[PROP_NAME_MAX-1] = 0;
        msg.value[PROP_VALUE_MAX-1] = 0;

    //property名字要合法
        if (!is_legal_property_name(msg.name, strlen(msg.name))) {
            ERROR("sys_prop: illegal property name. Got: \"%s\"\n", msg.name);
            close(s);
            return;
        }

        getpeercon(s, &source_ctx);

        if(memcmp(msg.name,"ctl.",4) == 0) {
            // Keep the old close-socket-early behavior when handling
            // ctl.* properties.
            close(s);
            if (check_control_perms(msg.value, cr.uid, cr.gid, source_ctx)) {
                handle_control_message((char*) msg.name + 4, (char*) msg.value);
            } else {
                ERROR("sys_prop: Unable to %s service ctl [%s] uid:%d gid:%d pid:%d\n",
                        msg.name + 4, msg.value, cr.uid, cr.gid, cr.pid);
            }
        } else {
            if (check_perms(msg.name, cr.uid, cr.gid, source_ctx)) {
                //許可權檢查通過,呼叫property_set,
                //這是init自己的property_set函式,別搞混了
                property_set((char*) msg.name, (char*) msg.value);
            } else {
                ERROR("sys_prop: permission denied uid:%d  name:%s\n",
                      cr.uid, msg.name);
            }

            // Note: bionic's property client code assumes that the
            // property server will not close the socket until *AFTER*
            // the property is written to memory.
            close(s);
        }
        freecon(source_ctx);
        break;

    default:
        close(s);
        break;
    }
}

//prop的名字長度不能大於32
static bool is_legal_property_name(const char* name, size_t namelen)
{
    size_t i;
    bool previous_was_dot = false;
    if (namelen >= PROP_NAME_MAX) return false;
    if (namelen < 1) return false;
    if (name[0] == '.') return false;
    if (name[namelen - 1] == '.') return false;

    /* Only allow alphanumeric, plus '.', '-', or '_' */
    /* Don't allow ".." to appear in a property name */
    for (i = 0; i < namelen; i++) {
        if (name[i] == '.') {
            if (previous_was_dot == true) return false;
            previous_was_dot = true;
            continue;
        }
        previous_was_dot = false;
        if (name[i] == '_' || name[i] == '-') continue;
        if (name[i] >= 'a' && name[i] <= 'z') continue;
        if (name[i] >= 'A' && name[i] <= 'Z') continue;
        if (name[i] >= '0' && name[i] <= '9') continue;
        return false;
    }

    return true;
}

接著是一些許可權的檢查,還有特殊的屬性,例如ctrl.start以ctrl開頭的,是用來start stop restart service的。接著執行property_set,這是init自己的property_set函式,別搞混了,

int property_set(const char *name, const char *value)
{
    prop_info *pi;
    int ret;

    size_t namelen = strlen(name);
    size_t valuelen = strlen(value);

    if (!is_legal_property_name(name, namelen)) return -1;
    if (valuelen >= PROP_VALUE_MAX) return -1;

    pi = (prop_info*) __system_property_find(name);

    //read only的是不能修改的

    if(pi != 0) {
        /* ro.* properties may NEVER be modified once set */
        if(!strncmp(name, "ro.", 3)) return -1;

        __system_property_update(pi, value, valuelen);
    } else {
        ret = __system_property_add(name, namelen, value, valuelen);
        if (ret < 0) {
            ERROR("Failed to set '%s'='%s'\n", name, value);
            return ret;
        }
    }
    //如果是設定net.開頭的屬性,
    //如果是net.change,不做任何東西
    //net.change是為了記錄當前哪個net.開頭的屬性被設定了
    //[net.change]: [net.qtaguid_enabled]
    /* If name starts with "net." treat as a DNS property. */
    if (strncmp("net.", name, strlen("net.")) == 0)  {
        if (strcmp("net.change", name) == 0) {
            return 0;
        }
       /*
        * The 'net.change' property is a special property used track when any
        * 'net.*' property name is updated. It is _ONLY_ updated here. Its value
        * contains the last updated 'net.*' property.
        */
        property_set("net.change", name);
    } else if (persistent_properties_loaded &&
            strncmp("persist.", name, strlen("persist.")) == 0) {
        /*
         * Don't write properties to disk until after we have read all default properties
         * to prevent them from being overwritten by default values.
         */
        write_persistent_property(name, value);
    } else if (strcmp("selinux.reload_policy", name) == 0 &&
               strcmp("1", value) == 0) {
        selinux_reload_policy();
    }
    property_changed(name, value);
    return 0;
}

void property_changed(const char *name, const char *value)
{
    if (property_triggers_enabled)
        queue_property_triggers(name, value);
}

void queue_property_triggers(const char *name, const char *value)
{
    struct listnode *node;
    struct action *act;
    list_for_each(node, &action_list) {
        act = node_to_item(node, struct action, alist);
        if (!strncmp(act->name, "property:", strlen("property:"))) {
            const char *test = act->name + strlen("property:");
            int name_length = strlen(name);
            //如果屬性值相同,則將act加入到action_queue
            if (!strncmp(name, test, name_length) &&
                    test[name_length] == '=' &&
                    (!strcmp(test + name_length + 1, value) ||
                     !strcmp(test + name_length + 1, "*"))) {
                action_add_queue_tail(act);
            }
        }
    }
}

從queue_property_triggers()函式中我們能看到,當屬性的name和value對應上後,就會將該action新增到全域性的action_queue中,等到init中for迴圈的執行。下面我們看看在adb在呼叫setprop這類命令時,發生了什麼。

設定屬性時發生了什麼

java層或者native中呼叫設定屬性的相關函式時,最終都會呼叫andorid的c庫bonic中的__system_property_set()函式,

int __system_property_set(const char *key, const char *value)
{
    int err;
    prop_msg msg;

    if(key == 0) return -1;
    if(value == 0) value = "";
    if(strlen(key) >= PROP_NAME_MAX) return -1;
    if(strlen(value) >= PROP_VALUE_MAX) return -1;

    memset(&msg, 0, sizeof msg);
    msg.cmd = PROP_MSG_SETPROP;
    strlcpy(msg.name, key, sizeof msg.name);
    strlcpy(msg.value, value, sizeof msg.value);

    err = send_prop_msg(&msg);
    if(err < 0) {
        return err;
    }

    return 0;
}
static const char property_service_socket[] = "/dev/socket/" PROP_SERVICE_NAME;
//通過uniux域套接字進行互動,
static int send_prop_msg(prop_msg *msg)
{
    struct pollfd pollfds[1];
    struct sockaddr_un addr;
    socklen_t alen;
    size_t namelen;
    int s;
    int r;
    int result = -1;

    s = socket(AF_LOCAL, SOCK_STREAM, 0);
    if(s < 0) {
        return result;
    }

    memset(&addr, 0, sizeof(addr));
    namelen = strlen(property_service_socket);
    strlcpy(addr.sun_path, property_service_socket, sizeof addr.sun_path);
    addr.sun_family = AF_LOCAL;
    alen = namelen + offsetof(struct sockaddr_un, sun_path) + 1;

    if(TEMP_FAILURE_RETRY(connect(s, (struct sockaddr *) &addr, alen)) < 0) {
        close(s);
        return result;
    }

    r = TEMP_FAILURE_RETRY(send(s, msg, sizeof(prop_msg), 0));

    if(r == sizeof(prop_msg)) {
        // We successfully wrote to the property server but now we
        // wait for the property server to finish its work.  It
        // acknowledges its completion by closing the socket so we
        // poll here (on nothing), waiting for the socket to close.
        // If you 'adb shell setprop foo bar' you'll see the POLLHUP
        // once the socket closes.  Out of paranoia we cap our poll
        // at 250 ms.
        pollfds[0].fd = s;
        pollfds[0].events = 0;
        r = TEMP_FAILURE_RETRY(poll(pollfds, 1, 250 /* ms */));
        if (r == 1 && (pollfds[0].revents & POLLHUP) != 0) {
            result = 0;
        } else {
            // Ignore the timeout and treat it like a success anyway.
            // The init process is single-threaded and its property
            // service is sometimes slow to respond (perhaps it's off
            // starting a child process or something) and thus this
            // times out and the caller thinks it failed, even though
            // it's still getting around to it.  So we fake it here,
            // mostly for ctl.* properties, but we do try and wait 250
            // ms so callers who do read-after-write can reliably see
            // what they've written.  Most of the time.
            // TODO: fix the system properties design.
            result = 0;
        }
    }

    close(s);
    return result;
}

通過上面的程式碼,我們能看出來這裡會和/dev/socket/property_service這個域套接字去send資料,send完成後,init中自然會收到該套接字相關的資料,達到互動的目的。

相關推薦

androidinit.rcon property觸發

在前面的文章《android—init.rc的讀取 》中主要介紹了init.rc檔案的讀取,本文主要分析init針對on property型別的屬性觸發的原理。 init中的處理過程 在init.c的main()中, int main(int

Android init.rc各條命令開機過程執行順序

1. 所有的action運行於service之前2.  下面為各個section的執行順序,英文編號的section是系統內建的(寫死在init.c中的命令)1) early-init    a) wait_for_coldboot_done    b) property_i

Android init.rc on property

在 init.rc 中,可以見到下面類似的用法,當一個屬性值等於XX時,觸發下面的事件,比如啟動一個程序,或者設定列印級別 on property:sys.init_log_level=*  

Android如何配置init.rc的開機啟動程序(service)

轉載。 http://blog.csdn.net/qq_28899635/article/details/56289063 開篇:為什麼寫這篇文章 先說下我自己的情況,我是個普通的學生,之前在學校一直做Android應用開發,找實習的時候也一直想找相關的工作,來到現在這家公司以

Androidinit.rc加入指令碼開機安裝APK並啟動APK的服務

要求:開機檢查APK是否安裝,如果不安裝則自動靜默安裝,同時啟動APK的服務。 把要安裝的APK放在device資料夾下,編譯時用指令碼拷貝到out目錄下,開機啟動指令碼安裝APK並啟動服務。 這裡以Airplay.apk為例。 1.在device目錄下建立資料夾Ai

Android init.rc 筆記(概況及init.rc文法)

Android的根目錄下有一系列非常重要的配置檔案,即:init.rc init.xxxxx.rc Android中解析這些配置檔案的程式碼在:system\core\init目錄下。 核心檔案是init.c,相關的文法說明請參見:readme.txt 本文簡單介紹一下i

Andrid 7.1 啟動init.rc自定義service

平臺: RK3288 + Android7.12 問題: 無法啟動init.rc中新增的服務. 步驟: 新增服務 |–system/extras/info-service/Android.mk LOCAL_PATH:= $(call my-dir) includ

Android init.rc語法介紹

一、簡述    Android init.rc檔案由系統第一個啟動的init程式解析,此檔案由語句組成,主要包含了四種類型的語句:Action, Commands,Services, Options. 在init.rc 檔案中一條語句通常是佔據一行.單詞之間是通過空格符來相

如何去寫 Android init.rc (Android init language)

Android 初始化語言由四大類宣告組成 : 行為類 (Actions), 命令類 (Commands) ,服務類 (Services), 選項類 (Options). 初始化語言以行為單位,由以空格間隔的語言符號組成。 C 風格的反斜槓轉義符可以用

init rc建立檔案

android的init rc目前不支援touch: touch /data/misc/logd/kmsg.log log中會報錯:  init: /init.rc: 83: invalid keyword 'touch' 可以用copy和write命令建立檔案 writ

init.rc的mount等命令執行時呼叫的原始碼位置

以mount命令為例 在Android啟動時,init程序會解析init.rc檔案,對於init.rc中定義的mount這個command,如 on fs     mount functionfs adb /dev/usb-ffs/adb uid=2000,gid=200

設定ctl.start 屬性啟動init.rc service以及許可權問題

通過property_set("ctl.start", service_xx); 來啟動init.rc中的service是一個很方便方法來呼叫某個可執行程式或某個指令碼程式 service service_xx  /system/bin/xx     disabled     oneshot 但在非AID

android init.rc檔案語法詳解

初始化語言包含了四種類型的宣告: Actions(行動)、 Commands(命令)、Services(服務)和Options(選項)。 基本語法規定 1 所有型別的語句都是基於行的,一個語句包含若干個tokens,token之間通過空格字元分隔. 如果一個token中需

Android init.rc啟動服務

轉載 http://m.it610.com/article/5082334.htm 在“上一篇android  init.rc檔案語法詳解”,但是到了android5.0之後,按照上面的方法做,可能我們要啟動的服務就起不來了。這是因為採用了新的安全機制了——SEAndr

[Android6.0]App呼叫init.rc的服務,從而執行shell指令碼

Author: Younix Platform: RK3399 OS: Android 6.0 Kernel: 4.4 Version: v2017.07 需求:希望在 Android App 中新增 SPDIF 測試功能。對 Android

Android init.rc檔案淺析

本文主要來自$ANDROID_SOURCE/system/init/readme.txt的翻譯. 1 簡述 Android init.rc檔案由系統第一個啟動的init程式解析,此檔案由語句組成,主要包含了四種類型的語句:Action,Commands,Services,O

android init.xxx.rc啟動shell指令碼

on boot # start essential services     start shell-setup service shell-setup /system/etc/init.shell.sh     user root     group root    o

init.rc文件面啟動c++程序,通過jni調用java實現

mini val sni ril urn runtime sport mco env </pre><p>註:假設是自己的myself.jar包,還要修改例如以下:</p><p>target/product/core_bas

iOSself.property 和_property的區別,init和dealloc為何避免用self.property

一、self.property訪問 1、self.property 經過oc訊息派發,可以完成屬性所定義的“記憶體管理語義”, 例如copy屬性; 2、通過屬性訪問,可以設定斷點除錯。   二、_property直接訪問例項變數 1、_property直接訪問例項變

Android 8.0 系統啟動流程之init.rc解析與service流程(七)

1、概述     上一篇文章中我們介紹了一下init.rc檔案中的語法規則,而本文將分析如何解析rc檔案,並對rc檔案中的某一service啟動過程進行分析。 2、解析.rc檔案 之前我們在文件中看到.rc檔案主要有根目錄下的 /init.rc ,以及