Android M PackageManagerService解析

#############################################

本文为极度寒冰原创,转载请注明出处 #############################################

1 PackageManager

/*常用命令*/

adb shell dumpsys package   (dump出系统中所有的application信息)

adb shell dumpsys package “com.android.contacts” p  (dump出系统中特定包名的application信息)

/*常用命令*/

一: PackageManager服务

在Android系统中,和用户关系最密切的service应该是PackageManager了。

一般来说,用户想要在Android Phone上进行自己感兴趣的活动,都少不了apk的支持。

不论是打电话,上网,发短信还是玩一些自己喜欢的游戏,这些内容在android的世界里都是以apk的形式存在的。

所以,apk的安装,卸载是与每个用户息息相关的。

我们接下来会用一些文章去解析PackageManager的工作原理,apk的安装和卸载的过程。

在SystemServer中,经过前面的分析,我们知道了启动Android的系统关键服务的函数首先就是startBootstrapServices.

private void startBootstrapServices() {
    // Wait for installd to finish starting up so that it has a chance to
    // create critical directories such as /data/user with the appropriate
    // permissions.  We need this to complete before we initialize other services.
    mInstaller = mSystemServiceManager.startService(Installer.class); // Install是pm路径下面的一个单独的类,主要用于通过InstallerConnection建立和installd的链接
                                                                      // 然后Installd会进行创建一些系统关键目录的作用,所以我们要等待Installd的结束,才可以继续进行其它的创建
.....
    // Only run "core" apps if we're encrypting the device.
    String cryptState = SystemProperties.get("vold.decrypt");
    if (ENCRYPTING_STATE.equals(cryptState)) {
        Slog.w(TAG, "Detected encryption in progress - only parsing core apps");
        mOnlyCore = true;
    } else if (ENCRYPTED_STATE.equals(cryptState)) {
        Slog.w(TAG, "Device encrypted - only parsing core apps");
        mOnlyCore = true;
    }


    // Start the package manager.
    Slog.i(TAG, "Package Manager");
    // mOnlyCore 用于判断是否只扫描系统的目录
    mPackageManagerService = PackageManagerService.main(mSystemContext, mInstaller,
            mFactoryTestMode != FactoryTest.FACTORY_TEST_OFF, mOnlyCore); // mFactoryTestMode 用于判断是否为工厂测试,正常情况下mOnlyCore = false
    mFirstBoot = mPackageManagerService.isFirstBoot();
    mPackageManager = mSystemContext.getPackageManager();
.....
}

在经过systemServer的启动后,我们知道了系统将会通过PackageManagerService的main函数进入到PackageManager的实际工作中。

PackageManagerService的main函数其实很简单,只有一点点的内容。

public static final PackageManagerService main(Context context, Installer installer,
        boolean factoryTest, boolean onlyCore) {
    PackageManagerService m = new PackageManagerService(context, installer,
            factoryTest, onlyCore);
    ServiceManager.addService("package", m);
    return m;
}

我们知道了PackageManager的main函数其实主要的实现是通过PackageManagerService的构造函数实现的。

那么构造函数的实现也是比较多的,做了很多耗时的工作。

其中,PackageManager的构造函数的主要功能为:

1. 扫描Android系统中几个目标文件夹中的apk,并且建立相应的数据结构去管理Package的信息,四大组件的信息,权限信息等内容

2. 解析物理的apk的文件,生成符合自己需求的数据结构。

所以,学习PackageManager最重要的就是学习保存各种信息的数据结构和他们之间的关系,以及控制的策略

———————————————————————————————————————————————————————————–

二: PackageManager的构造函数之前期准备

/*UID和GID*/

如果你是一个Linux的用户,那么一定会有如下的体验。当你的Linux的系统里面,存在多个用户的时候,你在登录了用户A之后,是没有权限去修改用户B的文件内容的。

再举个极端的例子,用普通用户的权限是没有办法进行Root用户所特有的操作的。

UID: Linux系统用于区别不同的用户,使用不同的用户名是一种方法。但是用户名只是一种让人方便读的字符串,对机器来讲是没有意义的。

      为了方便机器的读取,Linux采用了一个32位的整数记录和区分不同的用户。这个用来区分不同用户的数字被称为User ID,简称UID。

      Root的UID为0,普通的UID一般是从500开始。Android系统不同,后续会进行分析

GID: 除了用户的概念,Linux的系统还有用户组的概念。同一个用户组的用户之间具有相似的特征。

      假如我们把某一个用户加入到root组,那么这个用户就可以浏览root用户组目录的文件。 如果root用户把某个文件的读写执行权限开放,root用户组的所有用户都可以修改该文件。

/*PackageManager 构造函数解析*/

     public PackageManagerService(Context context, Installer installer,
            boolean factoryTest, boolean onlyCore) {
        EventLog.writeEvent(EventLogTags.BOOT_PROGRESS_PMS_START,
                SystemClock.uptimeMillis());
       if (mSdkVersion <= 0) { // 在最开始,我们会去检查sdk的version,因为如果检查不到sdk的话,apk就不知道运行在哪个版本上
            Slog.w(TAG, "**** ro.build.version.sdk not set!");
        }

        mContext = context;
        mFactoryTest = factoryTest;
        mOnlyCore = onlyCore;
        mLazyDexOpt = "eng".equals(SystemProperties.get("ro.build.type")); //判断build的类型,一般为eng,user版本,eng的版本一般是不会进行odex的优化的
        mMetrics = new DisplayMetrics(); // 初始化一个DisplayMetrics,用于保存屏幕像素的参数
        mSettings = new Settings(context); // new了一个Settings的对象,这个settings是pm里面的,主要是保存系统apk的相关设置,互相之间关系等内容  --1
        mSettings.addSharedUserLPw("android.uid.system", Process.SYSTEM_UID,
                ApplicationInfo.FLAG_SYSTEM|ApplicationInfo.FLAG_PRIVILEGED);  // --2
        mSettings.addSharedUserLPw("android.uid.phone", RADIO_UID,
                ApplicationInfo.FLAG_SYSTEM|ApplicationInfo.FLAG_PRIVILEGED);
        mSettings.addSharedUserLPw("android.uid.log", LOG_UID,
                ApplicationInfo.FLAG_SYSTEM|ApplicationInfo.FLAG_PRIVILEGED);
        mSettings.addSharedUserLPw("android.uid.nfc", NFC_UID,
                ApplicationInfo.FLAG_SYSTEM|ApplicationInfo.FLAG_PRIVILEGED);
        mSettings.addSharedUserLPw("android.uid.bluetooth", BLUETOOTH_UID,
                ApplicationInfo.FLAG_SYSTEM|ApplicationInfo.FLAG_PRIVILEGED);
        mSettings.addSharedUserLPw("android.uid.shell", SHELL_UID,
                ApplicationInfo.FLAG_SYSTEM|ApplicationInfo.FLAG_PRIVILEGED);


        String separateProcesses = SystemProperties.get("debug.separate_processes");
        if (separateProcesses != null && separateProcesses.length() > 0) {
            if ("*".equals(separateProcesses)) {
                mDefParseFlags = PackageParser.PARSE_IGNORE_PROCESSES;
                mSeparateProcesses = null;
                Slog.w(TAG, "Running with debug.separate_processes: * (ALL)");
            } else {
                mDefParseFlags = 0;
                mSeparateProcesses = separateProcesses.split(",");
                Slog.w(TAG, "Running with debug.separate_processes: "
                        + separateProcesses);
            }
        } else {
            mDefParseFlags = " + mDefParseFlags + " mSeparateProcesses " + mSeparateProcesses);
        }
        mInstaller = installer;

        getDefaultDisplayMetrics(context, mMetrics);

        SystemConfig systemConfig = SystemConfig.getInstance();
        mGlobalGids = systemConfig.getGlobalGids();
        mSystemPermissions = systemConfig.getSystemPermissions();
        mAvailableFeatures = systemConfig.getAvailableFeatures();
......
}

/* –1 Settings的分析*/

/*

Settings的构造函数如下,在构造函数中主要是创建了/data/system的目录,并且创建了packages.xml, packages-backup.xml, packages.list, packages-stopped.xml等文件。

这些文件又都有一些具体的作用:

packages.xml:        是保存了系统所有的Package信息

packages-backup.xml: 是packages.xml的备份,防止在写packages.xml突然断电

packages.list:        保存了系统中已经安装的apk,以及对应的data/data/下面的对应关系

packages-stopped.xml: 用于记录系统中强制停止运行的Package信息

packages-stopped-backup.xml: 是packages-stopped.xml的备份,防止在写packages-stopped-backup的时候突然断电

*/

    Settings(Context context) {
        this(context, Environment.getDataDirectory());
    }


    Settings(Context context, File dataDir) {
        mSystemDir = new File(dataDir, "system");
        mSystemDir.mkdirs();
        FileUtils.setPermissions(mSystemDir.toString(),
                FileUtils.S_IRWXU|FileUtils.S_IRWXG
                |FileUtils.S_IROTH|FileUtils.S_IXOTH,
                -1, -1);
        mSettingsFilename = new File(mSystemDir, "packages.xml");
        mBackupSettingsFilename = new File(mSystemDir, "packages-backup.xml");
        mPackageListFilename = new File(mSystemDir, "packages.list");
        FileUtils.setPermissions(mPackageListFilename, 0660, SYSTEM_UID, PACKAGE_INFO_GID);


        // Deprecated: Needed for migration
        mStoppedPackagesFilename = new File(mSystemDir, "packages-stopped.xml");
        mBackupStoppedPackagesFilename = new File(mSystemDir, "packages-stopped-backup.xml");
    }

/*在初始化了Settings的文件之后,就进行了addSharedUserLPw的操作*/

/*

    mSharedUsers是一个hashmap,HashMap<String, SharedUserSetting>,保存的是string和SharedUserSetting的对应

    SharedUserSetting类继承自GrantedPermissions,包含了如下的五个内部变量:

        final String name;

        int userId;

        // flags that are associated with this uid, regardless of any package flags

        int uidFlags;

        final HashSet<PackageSetting> packages = new HashSet<PackageSetting>();

        final PackageSignatures signatures = new PackageSignatures();

    PackageSetting 继承自PackageSettingBase,主要有下面的三个成员变量:

        int appId;

        PackageParser.Package pkg;

        SharedUserSetting sharedUser;

*/

    SharedUserSetting addSharedUserLPw(String name, int uid, int pkgFlags) {
        SharedUserSetting s = mSharedUsers.get(name); // 从当前的mSharedUsers里面寻找对应名字的字符串是否已经有了对应
        if (s != null) {  // 如果已经存在的话,就返回对应的UID
            if (s.userId == uid) {
                return s;
            }
            // 如果从hashmap里面找到了这个String name,但是两个的uid却不一样的话,那么就会报错。因为一个shared user不可能有两个UID,只会保留第一个
            PackageManagerService.reportSettingsProblem(Log.ERROR,
                    "Adding duplicate shared user, keeping first: " + name);
            return null;
        }
        s = new SharedUserSetting(name, pkgFlags); // 如果从mSharedUsers里面没有找到这个name的话,就会去新建一个
        s.userId = uid; // 赋值UID
        if (addUserIdLPw(uid, s, name)) { // 将index和sharedUserSettings保存在mUserIds和mOtherUserIds
            mSharedUsers.put(name, s); // 讲name和sharedUserSettings保存在mSharedUsers
            return s;
        }
        return null;
    }

/*接下来就会进入到addUserIdLPw的函数中*/

/*

    UID前面讲了,是Linux的一种安全机制。

    在android系统里面,继承并扩展了这种安全机制。

    Android的系统,不同的应用程序之间原则上是不可以互相访问数据的。除非运行在同一个进程,或者通过contentProvider或其他的机制。

    这个安全机制的主要原因,也就是android为每一个app都分配了一个UID,每个app从Linux的层面上面,都是一个独立的用户。

    所以可以解释了这个安全机制的实现原理。

*/

    private boolean addUserIdLPw(int uid, Object obj, Object name) {
        if (uid > Process.LAST_APPLICATION_UID) { // 系统为app分配的UID为10000 - 19999,如果超出了这个范围就会报错
            return false;
        }

        /*
           mUserIds是一个ArrayList,也就是一个动态的数组
           private final ArrayList<Object> mUserIds = new ArrayList<Object>();

           举个例子,如果是uid=10001的用户,说明是一个app,那么这个时候就会进入到app的相应处理中去
           会去读去mUserIds的size.

           在第一次读取的时候,N肯定是为0的。但是index肯定不会为0,因为在apk安装的时候就会为其分配一个UID
           所以在第一次读取的时候,index一定是>=N的。
           这个时候,会add null,其实就是什么也没有做,而只是对N进行++
           所以,N的数字,一定是比前面遍历过得apk的uid的index大1的
           N只是用来统计当前的ArrayList里面的apk,index的数目

           mOtherUserIds的定义如下:是一个SparseArray。可以通过put,append两种方式写入数据
           private final SparseArray<Object> mOtherUserIds = new SparseArray<Object>();
        */
        if (uid >= Process.FIRST_APPLICATION_UID) {
            int N = mUserIds.size();
            final int index = uid - Process.FIRST_APPLICATION_UID;
            while (index >= N) {
                mUserIds.add(null);
                N++;
            }

            /*如果通过index从mUserIds里面读取到了数据,那肯定是错误的。因为一个app只有一个index,且只能被赋值一次*/
            if (mUserIds.get(index) != null) {
                PackageManagerService.reportSettingsProblem(Log.ERROR,
                        "Adding duplicate user id: " + uid
                        + " name=" + name);
                return false;
            }
            mUserIds.set(index, obj); // 将当前的obj设置到ArrayList对应的index中
        } else {
            if (mOtherUserIds.get(uid) != null) {
                PackageManagerService.reportSettingsProblem(Log.ERROR,
                        "Adding duplicate shared id: " + uid
                        + " name=" + name);
                return false;
            }
            mOtherUserIds.put(uid, obj);
        }
        return true;
    }

        /*

           mUserIds是一个ArrayList,也就是一个动态的数组

           private final ArrayList<Object> mUserIds = new ArrayList<Object>();

           举个例子,如果是uid=10001的用户,说明是一个app,那么这个时候就会进入到app的相应处理中去

           会去读去mUserIds的size.

           在第一次读取的时候,N肯定是为0的。但是index肯定不会为0,因为在apk安装的时候就会为其分配一个UID

           所以在第一次读取的时候,index一定是>=N的。

           这个时候,会add null,其实就是什么也没有做,而只是对N进行++

           所以,N的数字,一定是比前面遍历过得apk的uid的index大1的

           N只是用来统计当前的ArrayList里面的apk,index的数目

           mOtherUserIds的定义如下:是一个SparseArray。可以通过put,append两种方式写入数据

           private final SparseArray<Object> mOtherUserIds = new SparseArray<Object>();

        */

/*

    通过上述的分析,我们可以知道在PackageManager的构造函数中,先将系统的一些关键进程的UID进行了添加

    为什么这样做呢?举个例子

    在Settings里面,AndroidManifest里面有如下的声明:

    <manifest xmlns:android=”http://schemas.android.com/apk/res/android”

        package=”com.android.settings”

        coreApp=”true”

        android:sharedUserId=”android.uid.system”>

    关注的焦点为sharedUserId为android.uid.system,设置这个可以使生成的apk能够获取system权限。

    可以在任意system权限目录下面进行目录或者文件的创建,以及访问其他apk资源等

    进行这个设置,也应该是让后面的app的uid在进行添加的时候,可以找到对应的android.uid.system的权限

    然后在实际添加的过程中,调用了addSharedUserLPw函数,在这个函数中,我们会去检查是否当前的UID已经在mSharedUsers中存在,如果存在,就返回已经存在的对象。如果UID不一致,则会报错。

    如果不存在的话,就会去new一个SharedUserSetting的对象。

    在SharedUserSetting中,主要存在以下的对象。

    final String name;  –> name

    int userId;         –> 对应的UID

    int uidFlags;       –> 对应的FLAG

    final HashSet<PackageSetting> packages = new HashSet<PackageSetting>();  –> 一个PackageSetting的对象,

    final PackageSignatures signatures = new PackageSignatures();  –>  签名

    在new出来SharedUserSetting的对象后,会将传递进来的UID进行赋值给userId,这样的话,结合构造函数,就完成了对

    name, userId, uidFlags的赋值

    然后执行addUserIdLPw函数,会将当前的SharedUserSetting对象和index进行关联,如果是app的话存入到了mUserIds的动态数组,如果是系统的userId的话,将对应的SharedUserSetting存入到了mOtherUserIds的hashmap中

*/

/*

    在构造函数中,下面的code部分也是非常重要的

*/

    SystemConfig systemConfig = SystemConfig.getInstance(); // 单例模式,获取SystemConfig的实例

    mGlobalGids = systemConfig.getGlobalGids();

    mSystemPermissions = systemConfig.getSystemPermissions();

    mAvailableFeatures = systemConfig.getAvailableFeatures();

/*

    SystemConfig 的构造函数如下,可以看到,主要是去读取了一些系统的权限相关的信息

    读取的路径是/ststem/etc/目录

*/

    SystemConfig() {
        // Read configuration from system
        readPermissions(Environment.buildPath(
                Environment.getRootDirectory(), "etc", "sysconfig"), false);
        // Read configuration from the old permissions dir
        readPermissions(Environment.buildPath(
                Environment.getRootDirectory(), "etc", "permissions"), false);
        // Only read features from OEM config
        readPermissions(Environment.buildPath(
                Environment.getOemDirectory(), "etc", "sysconfig"), true);
        readPermissions(Environment.buildPath(
                Environment.getOemDirectory(), "etc", "permissions"), true);
    }

/*

    那么接下来去看一下readPermissions的实现

*/

    void readPermissions(File libraryDir, boolean onlyFeatures) {
        // Read permissions from given directory.
        if (!libraryDir.exists() || !libraryDir.isDirectory()) { // 如果文件夹不存在,或者不为一个文件夹的时候
            if (!onlyFeatures) { // 并且读取onlyFeatures的值为flase的时候
                Slog.w(TAG, "No directory " + libraryDir + ", skipping");
            }
            return;
        } // /system/etc/sysconfig 会进入到No directory skipping


        if (!libraryDir.canRead()) {  // 如果文件夹不可读的话,会返回
            Slog.w(TAG, "Directory " + libraryDir + " cannot be read");
            return;
        }


        // Iterate over the files in the directory and scan .xml files
        for (File f : libraryDir.listFiles()) { // 遍历目录下面的文件夹
            // We'll read platform.xml last
            if (f.getPath().endsWith("etc/permissions/platform.xml")) { // 最后再去处理platform.xml
                continue;
            }


            if (!f.getPath().endsWith(".xml")) { // 如果文件的路径不是xml结尾的话, 会继续读取其他的文件
                Slog.i(TAG, "Non-xml file " + f + " in " + libraryDir + " directory, ignoring");
                continue;
            }
            if (!f.canRead()) { // 如果文件不可读的话,会返回继续读取其它的文件
                Slog.w(TAG, "Permissions library file " + f + " cannot be read");
                continue;
            }


            readPermissionsFromXml(f, onlyFeatures);
        }


        // Read permissions from .../etc/permissions/platform.xml last so it will take precedence
        final File permFile = new File(Environment.getRootDirectory(),
                "etc/permissions/platform.xml");
        readPermissionsFromXml(permFile, onlyFeatures);
    }

然后最终会通过readPermissionsFromXml去进行文件的读取

/*

 * 正如前面的文章分析init.rc时,我们知道针对这个文本的解析,都会有一个文本的解析器。

 * 主要是对文本中的各个标签进行解析,并且对应成了相应的数据结构

 * 解析android的system config的permission也是基于这个思想进行的解析

 * 下面就来具体分析一下这个解析的过程和对应的数据结构

 */

private void readPermissionsFromXml(File permFile, boolean onlyFeatures) {
/*
   FileReader fr = new FileReader(String fileName);//使用带有指定文件的String参数的构造方法。创建该输入流对象。并关联源文件。
   主要方法:
   int read(); // 读取单个字符。返回作为整数读取的字符,如果已达到流末尾,则返回 -1。
   int read(char []cbuf);//将字符读入数组。返回读取的字符数。如果已经到达尾部,则返回-1。
   void close();//关闭此流对象。释放与之关联的所有资源。


   XmlPullParser:
   常用的有:
   XmlPullParser.END_DOCUMENT
   XmlPullParser.START_DOCUMENT
   XmlPullParser.START_TAG
   XmlPullParser.END_TAG
   XmlPullParser.TEXT
   分别代表着XML文档的结束,开始,标签的开始,标签的结束,内容


   XmlPullParser.getEventType() : Returns the type of the current event (START_TAG, END_TAG, TEXT, etc.) 【获取当前事件回调类型】
   XmlPullParser.getName():For START_TAG or END_TAG events, the (local) name of the current element is returned when namespaces are enabled.【获取当前节点名字】
   XmlPullParser.getAttributeValue(int index):Returns the given attributes value.【根据id获取节点属性值】
   XmlPullParser.getAttributeValue(String namespace, String name):Returns the attributes value identified by namespace URI and namespace localName.【根据name获取节点属性值】
   XmlPullParser.netxText():  If current event is START_TAG then if next element is TEXT then element content is returned or if next event is END_TAG then empty string is returned, otherwise exception is thrown.【回调节点START_TAG时,通过此方法获取节点内容】
*/
    FileReader permReader = null;
    try {
        permReader = new FileReader(permFile);
    } catch (FileNotFoundException e) {
        Slog.w(TAG, "Couldn't find or open permissions file " + permFile);
        return;
    }


    try {
        XmlPullParser parser = Xml.newPullParser();
        parser.setInput(permReader);


        int type;
        /*
         * parser.next() 指向下一个标签
         */
        while ((type=parser.next()) != parser.START_TAG
                   && type != parser.END_DOCUMENT) {
            ;
        } // 如果下一个标签不是START_TAG的话,会一直寻找到下一个标签


        if (type != parser.START_TAG) { // 如果遍历完了,都没有遍历到一个标签的开始的话,会返回error
            throw new XmlPullParserException("No start tag found");
        }


        /*
         * parser.getName() 获取标签的标题
         */
        if (!parser.getName().equals("permissions") && !parser.getName().equals("config")) {//如果获取到的标签的标题不为permissions,或者解析出来的标签的标题不为config的话,会报错
/*
    以android.hardware.nfc.hce.xml为例,该文件中的内容为:
    <permissions>
        <feature name="android.hardware.nfc.hce" />
    </permissions>
*/
            throw new XmlPullParserException("Unexpected start tag: found " + parser.getName() +
                    ", expected 'permissions' or 'config'");
        }


/*
具体的标签的属性如下:
group: 安装到系统中的所有 APK 都具备的组 ID。
permission: 可以指定一个权限与几个组 ID 对应。当一个 APK 被授予这个权限时,它也同时属于这几个组。
assign-permission: 把一个权限赋予一个 UID,当进程使用这个 UID 运行时,就具备了这个权限。
library: 为系统添加一些扩展库用的。对应的.jar 文件放在/system/framework/目录下。比如Google Map 相关的库。
feature: 每添加一个硬件,都要增加对应的feature
*/
        while (true) { // 如果是permissions和config的话,会进入到这个while循环,用来解析这个大的标签,和配置文件
            XmlUtils.nextElement(parser); // 读取permissions的大标签下面的每一个小标签
            if (parser.getEventType() == XmlPullParser.END_DOCUMENT) {
                break;
            }


            String name = parser.getName();
/*
    <permission name="android.permission.MODIFY_NETWORK_ACCOUNTING">
        <group gid="net_bw_acct" />
    </permission>
*/
            if ("group".equals(name) && !onlyFeatures) {
                String gidStr = parser.getAttributeValue(null, "gid"); // 如果tag的name是group的话,根据gid去获取当前的属性
                if (gidStr != null) {
                    int gid = android.os.Process.getGidForName(gidStr);
                    mGlobalGids = appendInt(mGlobalGids, gid); // 将gid保存到mGlobalGids的数组中
                } else {
                    Slog.w(TAG, "<group> without gid at "
                            + parser.getPositionDescription());
                }


                XmlUtils.skipCurrentTag(parser);
                continue;
            } else if ("permission".equals(name) && !onlyFeatures) { // 如果tag的name是permission的话,根据name去获取当前的属性
                String perm = parser.getAttributeValue(null, "name");
                if (perm == null) {
                    Slog.w(TAG, "<permission> without name at "
                            + parser.getPositionDescription());
                    XmlUtils.skipCurrentTag(parser);
                    continue;
                }
                perm = perm.intern();  //  返回string池中的perm,此处perm的值并没有改变
                readPermission(parser, perm); // 调用readPermission进行perm的解析,该函数的解析我们放到后面进行分析  ----1


/*
    <assign-permission name="android.permission.MODIFY_AUDIO_SETTINGS" uid="media" />
    <assign-permission name="android.permission.ACCESS_SURFACE_FLINGER" uid="media" />
    <assign-permission name="android.permission.WAKE_LOCK" uid="media" />
    <assign-permission name="android.permission.UPDATE_DEVICE_STATS" uid="media" />
    <assign-permission name="android.permission.UPDATE_APP_OPS_STATS" uid="media" />
    <assign-permission name="android.permission.ACCESS_SURFACE_FLINGER" uid="graphics" />
*/
            } else if ("assign-permission".equals(name) && !onlyFeatures) { // 如果tag的name是assign-permission的话,会根据name, uid去获取相应的属性
                String perm = parser.getAttributeValue(null, "name"); // 获取name
                if (perm == null) {
                    Slog.w(TAG, "<assign-permission> without name at "
                            + parser.getPositionDescription());
                    XmlUtils.skipCurrentTag(parser);
                    continue;
                }
                String uidStr = parser.getAttributeValue(null, "uid"); // 获取UID
                if (uidStr == null) {
                    Slog.w(TAG, "<assign-permission> without uid at "
                            + parser.getPositionDescription());
                    XmlUtils.skipCurrentTag(parser);
                    continue;
                }
                int uid = Process.getUidForName(uidStr);   // 通过uid的string,获取到真正的UID
                if (uid < 0) {
                    Slog.w(TAG, "<assign-permission> with unknown uid \""
                            + uidStr + "\" at "
                            + parser.getPositionDescription());
                    XmlUtils.skipCurrentTag(parser);
                    continue;
                }
                perm = perm.intern(); // permission的name
                HashSet<String> perms = mSystemPermissions.get(uid);  // 通过uid去perms的hashset中查询,看是否可以查询的到。
                if (perms == null) {   // 如果查询不到的话
                    perms = new HashSet<String>();  // 会新建一个perms
                    mSystemPermissions.put(uid, perms);  //然后把uid和对应的hashset放到mSystemPermissions的SparseArray中
                }
                perms.add(perm); // 将新的permission放入到perms中
                XmlUtils.skipCurrentTag(parser);
                // 通过这个操作,我们可以知道目前的数据结构是mSystemPermissions是一个SparseArray,然后是通过uid建立的映射。保存的是当前的UID所拥有的权限
            } else if ("library".equals(name) && !onlyFeatures) {
/*
<library name="android.test.runner" file="/system/framework/android.test.runner.jar" />
<library name="javax.obex" file="/system/framework/javax.obex.jar"/>
*/
                String lname = parser.getAttributeValue(null, "name");  // 通过name和file去获取对应的属性
                String lfile = parser.getAttributeValue(null, "file");
                if (lname == null) {
                    Slog.w(TAG, "<library> without name at "
                            + parser.getPositionDescription());
                } else if (lfile == null) {
                    Slog.w(TAG, "<library> without file at "
                            + parser.getPositionDescription());
                } else {
                    //Log.i(TAG, "Got library " + lname + " in " + lfile);
                    mSharedLibraries.put(lname, lfile);   // 如果都有值的话,会把name和file都push到mSharedLibraries中
                }
                XmlUtils.skipCurrentTag(parser);
                continue;


            } else if ("feature".equals(name)) {
/*
<permissions>
    <feature name="android.hardware.usb.accessory" />
    <library name="com.android.future.usb.accessory"
            file="/system/framework/com.android.future.usb.accessory.jar" />
</permissions>
*/
                String fname = parser.getAttributeValue(null, "name");  // 在feature的tag下,会获取feature的name,每增加一个硬件,都要增加对应的feature
                if (fname == null) {
                    Slog.w(TAG, "<feature> without name at "
                            + parser.getPositionDescription());
                } else {
                    //Log.i(TAG, "Got feature " + fname);
                    FeatureInfo fi = new FeatureInfo();
                    fi.name = fname;
                    mAvailableFeatures.put(fname, fi); // 将对应的feature name和其对应的FeatureInfo放入到了mAvailableFeatures中
                }
                XmlUtils.skipCurrentTag(parser);
                continue;


            } else if ("allow-in-power-save".equals(name)) {
/*
    allow-in-power-save, 应该是在省电模式下面允许该package获取网络的权限。
    目前的话,只有platform.xml里面一处有这个标签的声明


    <!-- These are the standard packages that are white-listed to always have internet
         access while in power save mode, even if they aren't in the foreground. -->
    <allow-in-power-save package="com.android.providers.downloads" />


*/
                String pkgname = parser.getAttributeValue(null, "package");
                if (pkgname == null) {
                    Slog.w(TAG, "<allow-in-power-save> without package at "
                            + parser.getPositionDescription());
                } else {
                    mAllowInPowerSave.add(pkgname); // 将该pkgname保存到mAllowInPowerSave中
                }
                XmlUtils.skipCurrentTag(parser);
                continue;


            } else if ("fixed-ime-app".equals(name)) { // 目前的permission中,并没有fixed-ime-app这个标签
                String pkgname = parser.getAttributeValue(null, "package");
                if (pkgname == null) {
                    Slog.w(TAG, "<fixed-ime-app> without package at "
                            + parser.getPositionDescription());
                } else {
                    mFixedImeApps.add(pkgname);
                }
                XmlUtils.skipCurrentTag(parser);
                continue;


            } else {
                XmlUtils.skipCurrentTag(parser);
                continue;
            }


        }
        permReader.close();
    } catch (XmlPullParserException e) {
        Slog.w(TAG, "Got execption parsing permissions.", e);
    } catch (IOException e) {
        Slog.w(TAG, "Got execption parsing permissions.", e);
    }
}

在前面的解析中,我们留下了一个函数,是在permission的标签的时候,会用readPermission去进行解析

在这个函数中,我们会把permission和对应的gid进行保存。

void readPermission(XmlPullParser parser, String name) // name是permission的name,parser是读取到的数据流
        throws IOException, XmlPullParserException {


    name = name.intern();


    PermissionEntry perm = mPermissions.get(name); // 去mPermissions中查看是否已经有name对应的PermissionEntry
    if (perm == null) {
        perm = new PermissionEntry(name);
        mPermissions.put(name, perm);
    }  // 如果没有的话,会new一个PermissionEntry
    int outerDepth = parser.getDepth();
    int type;
    while ((type=parser.next()) != XmlPullParser.END_DOCUMENT
           && (type != XmlPullParser.END_TAG
                   || parser.getDepth() > outerDepth)) {
        if (type == XmlPullParser.END_TAG
                || type == XmlPullParser.TEXT) {
            continue;
        }


        String tagName = parser.getName();
        if ("group".equals(tagName)) {
            String gidStr = parser.getAttributeValue(null, "gid");
            if (gidStr != null) {
                int gid = Process.getGidForName(gidStr);
                perm.gids = appendInt(perm.gids, gid);
            } else {
                Slog.w(TAG, "<group> without gid at "
                        + parser.getPositionDescription());
            }
        }
        XmlUtils.skipCurrentTag(parser);
    }
}

分析到了现在,我们分析完了systemConfig的构造函数。

在systemConfig的阶段,我们会去读取/system/etc的permission内容,然后进行解析,保存在不同的数据结构中.

我们接着回到PackageManager的构造函数中:

/*

SystemConfig systemConfig = SystemConfig.getInstance();

mGlobalGids = systemConfig.getGlobalGids();  // 系统的etc的xml下面所声明的所有的gid

mSystemPermissions = systemConfig.getSystemPermissions();  // 系统中etc下xml声明的uid和其对应的权限

mAvailableFeatures = systemConfig.getAvailableFeatures(); // 系统中硬件所拥有的feature

*/

接下来我们继续分析PackageManager的构造函数

synchronized (mInstallLock) {
// writer
synchronized (mPackages) {
    mHandlerThread = new ServiceThread(TAG,
            Process.THREAD_PRIORITY_BACKGROUND, true /*allowIo*/);
    mHandlerThread.start();
    mHandler = new PackageHandler(mHandlerThread.getLooper()); //  建立PackageHandler的消息循环,用于处理apk的安装请求
    Watchdog.getInstance().addThread(mHandler, WATCHDOG_TIMEOUT);


    File dataDir = Environment.getDataDirectory(); // 创建data的文件夹
    mAppDataDir = new File(dataDir, "data"); // /data/data
    mAppInstallDir = new File(dataDir, "app"); // data/app
    mAppLib32InstallDir = new File(dataDir, "app-lib"); // /data/app-lib
    mAsecInternalPath = new File(dataDir, "app-asec").getPath();  // /data/app-ases
    mUserAppDataDir = new File(dataDir, "user");   // /data/user
    mDrmAppPrivateInstallDir = new File(dataDir, "app-private");  // /data/app-private


    sUserManager = new UserManagerService(context, this,
            mInstallLock, mPackages);
....
    }
}

在进行完data的文件夹创建之后,会进入下面的一些操作:

    ArrayMap<String, SystemConfig.PermissionEntry> permConfig
            = systemConfig.getPermissions(); // return 的是SystemConfig的mPermissions,存放的是permission的name和gid
    for (int i=0; i<permConfig.size(); i++) {
        SystemConfig.PermissionEntry perm = permConfig.valueAt(i);
        BasePermission bp = mSettings.mPermissions.get(perm.name);
        if (bp == null) {
            bp = new BasePermission(perm.name, "android", BasePermission.TYPE_BUILTIN);
            mSettings.mPermissions.put(perm.name, bp);
        }
        if (perm.gids != null) {
            bp.gids = appendInts(bp.gids, perm.gids);
        }
    }
    // 该for循环的作用是将前面从/system/etc/permission里面读取到的permission的name和对应的gid放入到bp中,然后保存在mSettings的mPermissions中


    ArrayMap<String, String> libConfig = systemConfig.getSharedLibraries();
    for (int i=0; i<libConfig.size(); i++) {
        mSharedLibraries.put(libConfig.keyAt(i),
                new SharedLibraryEntry(libConfig.valueAt(i), null));
    }
    // 该for循环的作用是将读取出来的SharedLibrary放入到mSharedLibraries中


    mFoundPolicyFile = SELinuxMMAC.readInstallPolicy();

/*

这里首先调用Settings的readLPw函数去解析packages.xml和packages-backup.xml保存的安装列表信息

并把解析的pakcages信息添加到相应的数据结构中

这里我们先假设这是第一次开机,所有packages.xml和packages-backup.xml文件都还不存在。

所以Settings的readLPw函数会直接返回。

packages.xml里面保存了当前系统中保存的所有apk的详细信息

*/

    mRestoredSettings = mSettings.readLPw(this, sUserManager.getUsers(false),
            mSdkVersion, mOnlyCore);


    String customResolverActivity = Resources.getSystem().getString(
            R.string.config_customResolverActivity);
    if (TextUtils.isEmpty(customResolverActivity)) {
        customResolverActivity = null;
    } else {
        mCustomResolverComponentName = ComponentName.unflattenFromString(
                customResolverActivity);
    }

接下来会进行下面的处理:

    long startTime = SystemClock.uptimeMillis(); // 获取当前系统的时间


    EventLog.writeEvent(EventLogTags.BOOT_PROGRESS_PMS_SYSTEM_SCAN_START,
            startTime);


    // Set flag to monitor and not change apk file paths when
    // scanning install directories.
    final int scanFlags = SCAN_NO_PATHS | SCAN_DEFER_DEX | SCAN_BOOTING; // 设置扫描模式


    final HashSet<String> alreadyDexOpted = new HashSet<String>();


    /**
     * Add everything in the in the boot class path to the
     * list of process files because dexopt will have been run
     * if necessary during zygote startup.
     */
    final String bootClassPath = System.getenv("BOOTCLASSPATH");
    final String systemServerClassPath = System.getenv("SYSTEMSERVERCLASSPATH");


    if(Debug_chao) {
/*
    bootClassPath为
    /system/framework/core-libart.jar:
    /system/framework/conscrypt.jar:
    /system/framework/okhttp.jar:
    /system/framework/core-junit.jar:
    /system/framework/bouncycastle.jar:
    /system/framework/ext.jar:
    /system/framework/framework.jar:
    /system/framework/telephony-common.jar:
    /system/framework/voip-common.jar:
    /system/framework/ims-common.jar:
    /system/framework/mms-common.jar:
    /system/framework/android.policy.jar:
    /system/framework/apache-xml.jar
*/
        Log.e(TAG,"bootClassPath = " + bootClassPath);
/*
    /system/framework/services.jar:
    /system/framework/ethernet-service.jar:
    /system/framework/wifi-service.jar
*/
        Log.e(TAG,"systemServerClassPath = " + systemServerClassPath);
    }


    if (bootClassPath != null) { // 将bootClassPath的值,加入到alreadyDexOpted的hashset中
/*
    BOOTCLASSPATH的赋值为:
    PRODUCT_BOOTCLASSPATH := $(subst $(space),:,$(foreach m,$(DEXPREOPT_BOOT_JARS_MODULES),/system/framework/$(m).jar))
    DEXPREOPT_BOOT_JARS_MODULES := $(PRODUCT_BOOT_JARS)


    PRODUCT_BOOT_JARS := \
        core-libart \
        conscrypt \
        okhttp \
        core-junit \
        bouncycastle \
        ext \
        framework \
        telephony-common \
        voip-common \
        ims-common \
        mms-common \
        android.policy \
        apache-xml \
*/
        String[] bootClassPathElements = splitString(bootClassPath, ':');
        for (String element : bootClassPathElements) {
            alreadyDexOpted.add(element);
        }
    } else {
        Slog.w(TAG, "No BOOTCLASSPATH found!");
    }
/*
    # The order of PRODUCT_SYSTEM_SERVER_JARS matters.
    PRODUCT_SYSTEM_SERVER_JARS := \
        services \
        ethernet-service \
        wifi-service
*/
    if (systemServerClassPath != null) {
        String[] systemServerClassPathElements = splitString(systemServerClassPath, ':');
        for (String element : systemServerClassPathElements) {
            alreadyDexOpted.add(element);
        }
    } else {
        Slog.w(TAG, "No SYSTEMSERVERCLASSPATH found!");
    }


    boolean didDexOptLibraryOrTool = false;


    final List<String> allInstructionSets = getAllInstructionSets(); ---1
    final String[] dexCodeInstructionSets = // 将allInstructionSets转化为数组
        getDexCodeInstructionSets(allInstructionSets.toArray(new String[allInstructionSets.size()]));


    /**
     * Ensure all external libraries have had dexopt run on them.
     */
    if (mSharedLibraries.size() > 0) { // 当知道了系统abi的架构后,会进行对sharedLibraries的处理,这边的mSharedLibraries,是jar


        // NOTE: For now, we're compiling these system "shared libraries"
        // (and framework jars) into all available architectures. It's possible
        // to compile them only when we come across an app that uses them (there's
        // already logic for that in scanPackageLI) but that adds some complexity.
        for (String dexCodeInstructionSet : dexCodeInstructionSets) {  // 遍历所支持的平台,一般有arm,x86,arm64等平台
            for (SharedLibraryEntry libEntry : mSharedLibraries.values()) {
                final String lib = libEntry.path; // 获取lib的path
                if (lib == null) {
                    continue;
                }


                try {
    /*
     * 该函数为L上面新增的接口
     *
     * Returns UP_TO_DATE if the VM believes that the apk/jar file
     * is up to date, PATCHOAT_NEEDED if it believes that the file is up
     * to date but it must be relocated to match the base address offset,
     * and DEXOPT_NEEDED if it believes that it is out of date and should
     * be passed through "dexopt" again.
     *
     * @param fileName the absolute path to the apk/jar file to examine.
     * @return DEXOPT_NEEDED if dexopt should be called on the file,
     *         PATCHOAT_NEEDED if we need to run "patchoat" on it and
     *         UP_TO_DATE otherwise.
     */
                    byte dexoptRequired = DexFile.isDexOptNeededInternal(lib, null,
                                                                         dexCodeInstructionSet,
                                                                         false);
                    if (dexoptRequired != DexFile.UP_TO_DATE) {  // 如果不是UP_TO_DATE
                        alreadyDexOpted.add(lib); // 会将lib path加入到alreadyDexOpted


                        // The list of "shared libraries" we have at this point is
                        if (dexoptRequired == DexFile.DEXOPT_NEEDED) {  // 如果是DEXOPT_NEEDED的话,灰烬行dexopt的优化
                            mInstaller.dexopt(lib, Process.SYSTEM_UID, true, dexCodeInstructionSet);
                        } else {  // 如果不是的话,那就是PATCHOAT_NEEDED,会进行oat的优化
                            mInstaller.patchoat(lib, Process.SYSTEM_UID, true, dexCodeInstructionSet);
                        }
                        didDexOptLibraryOrTool = true;  // 只要进行了oat或者opt的优化的话,会将该变量置为true
                    }
                } catch (FileNotFoundException e) {
                    Slog.w(TAG, "Library not found: " + lib);
                } catch (IOException e) {
                    Slog.w(TAG, "Cannot dexopt " + lib + "; is it an APK or JAR? "
                            + e.getMessage());
                }
            }
        }
    }

——————————————-

1.  getAllInstructionSets函数的实现:

    private static List<String> getAllInstructionSets() {
        final String[] allAbis = Build.SUPPORTED_ABIS; // 获取当前手机所支持的硬件架构
        final List<String> allInstructionSets = new ArrayList<String>(allAbis.length); // new一个List,长度即为获取出来的ABI的个数

        for (String abi : allAbis) { // 从所有的支持的架构开始遍历,abi为armeabi,armeabi-v7a....
            final String instructionSet = VMRuntime.getInstructionSet(abi); // 从以下的2,3可以看到,是从目前android系统支持的架构map中,去查找,查找出来一般为arm,mips,arm64...
            if (!allInstructionSets.contains(instructionSet)) { // 如果查询到的不包含在我们从Build的supported里面的话,把其加入到allInstructionSets里面
                allInstructionSets.add(instructionSet); // 第一次的时候,因为allInstructionSets为一个刚new出来的对象,所以肯定是会加入到allInstructionSets里面
            }
        }


        return allInstructionSets;
    }

2. VMRuntime getInstructionSet的函数的实现:

    public static String getInstructionSet(String abi) {
        final String instructionSet = ABI_TO_INSTRUCTION_SET_MAP.get(abi);
        if (instructionSet == null) {
            throw new IllegalArgumentException("Unsupported ABI: " + abi);
        }


        return instructionSet;
    }

3.  ABI_TO_INSTRUCTION_SET_MAP的声明:

    private static final Map<String, String> ABI_TO_INSTRUCTION_SET_MAP
            = new HashMap<String, String>();
    static {
        ABI_TO_INSTRUCTION_SET_MAP.put("armeabi", "arm");
        ABI_TO_INSTRUCTION_SET_MAP.put("armeabi-v7a", "arm");
        ABI_TO_INSTRUCTION_SET_MAP.put("mips", "mips");
        ABI_TO_INSTRUCTION_SET_MAP.put("mips64", "mips64");
        ABI_TO_INSTRUCTION_SET_MAP.put("x86", "x86");
        ABI_TO_INSTRUCTION_SET_MAP.put("x86_64", "x86_64");
        ABI_TO_INSTRUCTION_SET_MAP.put("arm64-v8a", "arm64");
    }
---------------------------------------------------------------------------------
    File frameworkDir = new File(Environment.getRootDirectory(), "framework"); // /system/framework


    // Gross hack for now: we know this file doesn't contain any
    // code, so don't dexopt it to avoid the resulting log spew.
    alreadyDexOpted.add(frameworkDir.getPath() + "/framework-res.apk"); // 将framework-res.apk加入到alreadyDexOpted中


    // Gross hack for now: we know this file is only part of
    // the boot class path for art, so don't dexopt it to
    // avoid the resulting log spew.
    alreadyDexOpted.add(frameworkDir.getPath() + "/core-libart.jar");


    /**
     * And there are a number of commands implemented in Java, which
     * we currently need to do the dexopt on so that they can be
     * run from a non-root shell.
     */
    String[] frameworkFiles = frameworkDir.list();  // 或者/system/framework下的所有文件
    if (frameworkFiles != null) {
        // TODO: We could compile these only for the most preferred ABI. We should
        // first double check that the dex files for these commands are not referenced
        // by other system apps.
        for (String dexCodeInstructionSet : dexCodeInstructionSets) {
            for (int i=0; i<frameworkFiles.length; i++) {
                File libPath = new File(frameworkDir, frameworkFiles[i]);  // 获取文件的绝对路径
                String path = libPath.getPath(); // path是绝对路径
                // Skip the file if we already did it.
                if (alreadyDexOpted.contains(path)) { // 如果该文件是已经包含在alreadyDexOpted中了,就忽略不去处理
                    continue;
                }
                // Skip the file if it is not a type we want to dexopt.
                if (!path.endsWith(".apk") && !path.endsWith(".jar")) { // 如果不是以jar和apk结尾的话,就忽略。因为odex优化针对的就是jar和apk
                    continue;
                }
                try {
                    byte dexoptRequired = DexFile.isDexOptNeededInternal(path, null,
                                                                         dexCodeInstructionSet,
                                                                         false);  // 判断文件是否需要优化
                    if (dexoptRequired == DexFile.DEXOPT_NEEDED) {  // 如果需要dex的话,就会去进行Dex的优化
                        mInstaller.dexopt(path, Process.SYSTEM_UID, true, dexCodeInstructionSet);
                        didDexOptLibraryOrTool = true;
                    } else if (dexoptRequired == DexFile.PATCHOAT_NEEDED) { // 如果是需要oat优化的话,就会去进行oat的优化
                        mInstaller.patchoat(path, Process.SYSTEM_UID, true, dexCodeInstructionSet);
                        didDexOptLibraryOrTool = true;
                    }
                } catch (FileNotFoundException e) {
                    Slog.w(TAG, "Jar not found: " + path);
                } catch (IOException e) {
                    Slog.w(TAG, "Exception reading jar: " + path, e);
                }
            }
        }
    }

    // 在接下来的处理中,就会遇到packagemanager的一个重要的函数,scanDirLI,我们接下来继续分析。

    // (Do this before scanning any apps.)
    // For security and version matching reason, only consider
    // overlay packages if they reside in VENDOR_OVERLAY_DIR.


    /*
     * private static final String VENDOR_OVERLAY_DIR = "/vendor/overlay";
     */
    File vendorOverlayDir = new File(VENDOR_OVERLAY_DIR);
    scanDirLI(vendorOverlayDir, PackageParser.PARSE_IS_SYSTEM
            | PackageParser.PARSE_IS_SYSTEM_DIR, scanFlags | SCAN_TRUSTED_OVERLAY, 0); // 扫描该系统目录下的所有apk,进行安装 -1


    // Find base frameworks (resource packages without code).
    scanDirLI(frameworkDir, PackageParser.PARSE_IS_SYSTEM
            | PackageParser.PARSE_IS_SYSTEM_DIR
            | PackageParser.PARSE_IS_PRIVILEGED,
            scanFlags | SCAN_NO_DEX, 0);


    // Collected privileged system packages.
    final File privilegedAppDir = new File(Environment.getRootDirectory(), "priv-app");
    scanDirLI(privilegedAppDir, PackageParser.PARSE_IS_SYSTEM
            | PackageParser.PARSE_IS_SYSTEM_DIR
            | PackageParser.PARSE_IS_PRIVILEGED, scanFlags, 0);


    // Collect ordinary system packages.
    final File systemAppDir = new File(Environment.getRootDirectory(), "app");
    scanDirLI(systemAppDir, PackageParser.PARSE_IS_SYSTEM
            | PackageParser.PARSE_IS_SYSTEM_DIR, scanFlags, 0);


    // Collect all vendor packages.
    File vendorAppDir = new File("/vendor/app");
    try {
        vendorAppDir = vendorAppDir.getCanonicalFile();
    } catch (IOException e) {
        // failed to look up canonical path, continue with original one
    }
    scanDirLI(vendorAppDir, PackageParser.PARSE_IS_SYSTEM
            | PackageParser.PARSE_IS_SYSTEM_DIR, scanFlags, 0);


    // Collect all OEM packages.
    final File oemAppDir = new File(Environment.getOemDirectory(), "app");
    scanDirLI(oemAppDir, PackageParser.PARSE_IS_SYSTEM
            | PackageParser.PARSE_IS_SYSTEM_DIR, scanFlags, 0);


    if (DEBUG_UPGRADE) Log.v(TAG, "Running installd update commands");
    mInstaller.moveFiles();   

——————————————————————————————————————-

    /*

     *  scanDirLI的实现如下:

     */

    private void scanDirLI(File dir, int parseFlags, int scanFlags, long currentTime) {
        final File[] files = dir.listFiles(); // 会从传入的dir中,遍历所有的文件
        if (ArrayUtils.isEmpty(files)) {  // 如果该文件夹中一个文件都没有的话,会return
            Log.d(TAG, "No files in app dir " + dir);
            return;
        }


        if (DEBUG_PACKAGE_SCANNING) {
            Log.d(TAG, "Scanning app dir " + dir + " scanFlags=" + scanFlags
                    + " flags=0x" + Integer.toHexString(parseFlags));
        }


        for (File file : files) {  // 如果有文件存在的话,就会进行遍历
            final boolean isPackage = (isApkFile(file) || file.isDirectory())
                    && !PackageInstallerService.isStageName(file.getName()); // 判断一个文件是否是一个apk的文件(以apk结尾),或者是一个文件并且文件夹满足isStageName的条件
            if (!isPackage) {
                // Ignore entries which are not packages
                continue;
            }
            try {
                scanPackageLI(file, parseFlags | PackageParser.PARSE_MUST_BE_APK,
                        scanFlags, currentTime, null); // 会利用scanPackageLI进行接下来的解析
            } catch (PackageManagerException e) {
                Slog.w(TAG, "Failed to parse " + file + ": " + e.getMessage());


                // Delete invalid userdata apps
                if ((parseFlags & PackageParser.PARSE_IS_SYSTEM) == 0 &&
                        e.error == PackageManager.INSTALL_FAILED_INVALID_APK) { // 只有非系统的apk扫描失败的时候,才会删除该apk。
                    logCriticalInfo(Log.WARN, "Deleting invalid package at " + file);
                    if (file.isDirectory()) {
                        FileUtils.deleteContents(file);
                    }
                    file.delete();
                }
            }
        }
    }

———————————————————————————————————————

    public static boolean isStageName(String name) {
        final boolean isFile = name.startsWith("vmdl") && name.endsWith(".tmp");
        final boolean isContainer = name.startsWith("smdl") && name.endsWith(".tmp");
        final boolean isLegacyContainer = name.startsWith("smdl2tmp");
        return isFile || isContainer || isLegacyContainer;
    }

———————————————————————————————————————

  /*
     *  Scan a package and return the newly parsed package.
     *  Returns null in case of errors and the error code is stored in mLastScanError
     *  调用scanPackageLI函数扫描一个特定的文件,返回值是PackageParser的内部类package。
     *  该类的实例代表一个apk文件,所以它就是和apk文件对应的数据结构
     */
    private PackageParser.Package scanPackageLI(File scanFile, int parseFlags, int scanFlags,
            long currentTime, UserHandle user) throws PackageManagerException {
        if (DEBUG_INSTALL) Slog.d(TAG, "Parsing: " + scanFile);
        parseFlags |= mDefParseFlags;
        PackageParser pp = new PackageParser(); // new 了一个PackageParser的对象
        pp.setSeparateProcesses(mSeparateProcesses);
        pp.setOnlyCoreApps(mOnlyCore);
        pp.setDisplayMetrics(mMetrics);


        if ((scanFlags & SCAN_TRUSTED_OVERLAY) != 0) {
            parseFlags |= PackageParser.PARSE_TRUSTED_OVERLAY;
        }


        /*
         * 各个参数的值如下:
           mSeparateProcesses = null,因为前面初始化值的时候separateProcesses为null
           mOnlyCore = false   正常情况下mOnlyCore为flase
           mMetrics 为前面获取到的手机的分辨率
           mDefParseFlags 的值为0
           parseFlags的值会随着scanFile的变化而变化
         */


        final PackageParser.Package pkg;
        try {
            pkg = pp.parsePackage(scanFile, parseFlags);
        } catch (PackageParserException e) {
            throw PackageManagerException.from(e);
        }


        PackageSetting ps = null;
        PackageSetting updatedPkg;
        // reader
        synchronized (mPackages) {
            // Look to see if we already know about this package.
            String oldName = mSettings.mRenamedPackages.get(pkg.packageName);
            if (pkg.mOriginalPackages != null && pkg.mOriginalPackages.contains(oldName)) {
                // This package has been renamed to its original name.  Let's
                // use that.
                ps = mSettings.peekPackageLPr(oldName);
            }
            // If there was no original package, see one for the real package name.
            if (ps == null) {
                ps = mSettings.peekPackageLPr(pkg.packageName);
            }
            // Check to see if this package could be hiding/updating a system
            // package.  Must look for it either under the original or real
            // package name depending on our state.
            updatedPkg = mSettings.getDisabledSystemPkgLPr(ps != null ? ps.name : pkg.packageName);
            if (DEBUG_INSTALL && updatedPkg != null) Slog.d(TAG, "updatedPkg = " + updatedPkg);
        }
        boolean updatedPkgBetter = false;
        // First check if this is a system package that may involve an update
        if (updatedPkg != null && (parseFlags&PackageParser.PARSE_IS_SYSTEM) != 0) {
            if (ps != null && !ps.codePath.equals(scanFile)) {
                // The path has changed from what was last scanned...  check the
                // version of the new path against what we have stored to determine
                // what to do.
                if (DEBUG_INSTALL) Slog.d(TAG, "Path changing from " + ps.codePath);
                if (pkg.mVersionCode < ps.versionCode) {
                    // The system package has been updated and the code path does not match
                    // Ignore entry. Skip it.
                    logCriticalInfo(Log.INFO, "Package " + ps.name + " at " + scanFile
                            + " ignored: updated version " + ps.versionCode
                            + " better than this " + pkg.mVersionCode);
                    if (!updatedPkg.codePath.equals(scanFile)) {
                        Slog.w(PackageManagerService.TAG, "Code path for hidden system pkg : "
                                + ps.name + " changing from " + updatedPkg.codePathString
                                + " to " + scanFile);
                        updatedPkg.codePath = scanFile;
                        updatedPkg.codePathString = scanFile.toString();
                        // This is the point at which we know that the system-disk APK
                        // for this package has moved during a reboot (e.g. due to an OTA),
                        // so we need to reevaluate it for privilege policy.
                        if (locationIsPrivileged(scanFile)) {
                            updatedPkg.pkgFlags |= ApplicationInfo.FLAG_PRIVILEGED;
                        }
                    }
                    updatedPkg.pkg = pkg;
                    throw new PackageManagerException(INSTALL_FAILED_DUPLICATE_PACKAGE, null);
                } else {
                    // The current app on the system partition is better than
                    // what we have updated to on the data partition; switch
                    // back to the system partition version.
                    // At this point, its safely assumed that package installation for
                    // apps in system partition will go through. If not there won't be a working
                    // version of the app
                    // writer
                    synchronized (mPackages) {
                        // Just remove the loaded entries from package lists.
                        mPackages.remove(ps.name);
                    }


                    logCriticalInfo(Log.WARN, "Package " + ps.name + " at " + scanFile
                            + " reverting from " + ps.codePathString
                            + ": new version " + pkg.mVersionCode
                            + " better than installed " + ps.versionCode);


                    InstallArgs args = createInstallArgsForExisting(packageFlagsToInstallFlags(ps),
                            ps.codePathString, ps.resourcePathString, ps.legacyNativeLibraryPathString,
                            getAppDexInstructionSets(ps));
                    synchronized (mInstallLock) {
                        args.cleanUpResourcesLI();
                    }
                    synchronized (mPackages) {
                        mSettings.enableSystemPackageLPw(ps.name);
                    }
                    updatedPkgBetter = true;
                }
            }
        }


        if (updatedPkg != null) {
            // An updated system app will not have the PARSE_IS_SYSTEM flag set
            // initially
            parseFlags |= PackageParser.PARSE_IS_SYSTEM;


            // An updated privileged app will not have the PARSE_IS_PRIVILEGED
            // flag set initially
            if ((updatedPkg.pkgFlags & ApplicationInfo.FLAG_PRIVILEGED) != 0) {
                parseFlags |= PackageParser.PARSE_IS_PRIVILEGED;
            }
        }


        // Verify certificates against what was last scanned
        collectCertificatesLI(pp, ps, pkg, scanFile, parseFlags);


        /*
         * A new system app appeared, but we already had a non-system one of the
         * same name installed earlier.
         */
        boolean shouldHideSystemApp = false;
        if (updatedPkg == null && ps != null
                && (parseFlags & PackageParser.PARSE_IS_SYSTEM_DIR) != 0 && !isSystemApp(ps)) {
            /*
             * Check to make sure the signatures match first. If they don't,
             * wipe the installed application and its data.
             */
            if (compareSignatures(ps.signatures.mSignatures, pkg.mSignatures)
                    != PackageManager.SIGNATURE_MATCH) {
                logCriticalInfo(Log.WARN, "Package " + ps.name + " appeared on system, but"
                        + " signatures don't match existing userdata copy; removing");
                deletePackageLI(pkg.packageName, null, true, null, null, 0, null, false);
                ps = null;
            } else {
                /*
                 * If the newly-added system app is an older version than the
                 * already installed version, hide it. It will be scanned later
                 * and re-added like an update.
                 */
                if (pkg.mVersionCode < ps.versionCode) {
                    shouldHideSystemApp = true;
                    logCriticalInfo(Log.INFO, "Package " + ps.name + " appeared at " + scanFile
                            + " but new version " + pkg.mVersionCode + " better than installed "
                            + ps.versionCode + "; hiding system");
                } else {
                    /*
                     * The newly found system app is a newer version that the
                     * one previously installed. Simply remove the
                     * already-installed application and replace it with our own
                     * while keeping the application data.
                     */
                    logCriticalInfo(Log.WARN, "Package " + ps.name + " at " + scanFile
                            + " reverting from " + ps.codePathString + ": new version "
                            + pkg.mVersionCode + " better than installed " + ps.versionCode);
                    InstallArgs args = createInstallArgsForExisting(packageFlagsToInstallFlags(ps),
                            ps.codePathString, ps.resourcePathString, ps.legacyNativeLibraryPathString,
                            getAppDexInstructionSets(ps));
                    synchronized (mInstallLock) {
                        args.cleanUpResourcesLI();
                    }
                }
            }
        }


        // The apk is forward locked (not public) if its code and resources
        // are kept in different files. (except for app in either system or
        // vendor path).
        // TODO grab this value from PackageSettings
        if ((parseFlags & PackageParser.PARSE_IS_SYSTEM_DIR) == 0) {
            if (ps != null && !ps.codePath.equals(ps.resourcePath)) {
                parseFlags |= PackageParser.PARSE_FORWARD_LOCK;
            }
        }


        // TODO: extend to support forward-locked splits
        String resourcePath = null;
        String baseResourcePath = null;
        if ((parseFlags & PackageParser.PARSE_FORWARD_LOCK) != 0 && !updatedPkgBetter) {
            if (ps != null && ps.resourcePathString != null) {
                resourcePath = ps.resourcePathString;
                baseResourcePath = ps.resourcePathString;
            } else {
                // Should not happen at all. Just log an error.
                Slog.e(TAG, "Resource path not set for pkg : " + pkg.packageName);
            }
        } else {
            resourcePath = pkg.codePath;
            baseResourcePath = pkg.baseCodePath;
        }


        // Set application objects path explicitly.
        pkg.applicationInfo.setCodePath(pkg.codePath);
        pkg.applicationInfo.setBaseCodePath(pkg.baseCodePath);
        pkg.applicationInfo.setSplitCodePaths(pkg.splitCodePaths);
        pkg.applicationInfo.setResourcePath(resourcePath);
        pkg.applicationInfo.setBaseResourcePath(baseResourcePath);
        pkg.applicationInfo.setSplitResourcePaths(pkg.splitCodePaths);


        // Note that we invoke the following method only if we are about to unpack an application
        PackageParser.Package scannedPkg = scanPackageLI(pkg, parseFlags, scanFlags
                | SCAN_UPDATE_SIGNATURE, currentTime, user);


        /*
         * If the system app should be overridden by a previously installed
         * data, hide the system app now and let the /data/app scan pick it up
         * again.
         */
        if (shouldHideSystemApp) {
            synchronized (mPackages) {
                /*
                 * We have to grant systems permissions before we hide, because
                 * grantPermissions will assume the package update is trying to
                 * expand its permissions.
                 */
                grantPermissionsLPw(pkg, true, pkg.packageName);
                mSettings.disableSystemPackageLPw(pkg.packageName);
            }
        }


        return scannedPkg;
    }

—————————————————————————————————————

    在parsePackage的时候,会进行如下处理,如果是文件夹的话,会调用parseClusterPackage

    如果不是文件夹的话,会进行parseMonolithicPackage的操作。

    public Package parsePackage(File packageFile, int flags) throws PackageParserException {
        if (packageFile.isDirectory()) {
            return parseClusterPackage(packageFile, flags);
        } else {
            return parseMonolithicPackage(packageFile, flags);
        }
    }

—————————————————————————————————————

    对于普通apk来说的话,是会进行parseMonolithicPackage的操作。然后我们来看一下这个函数的实现。

    @Deprecated
    public Package parseMonolithicPackage(File apkFile, int flags) throws PackageParserException {
        if (mOnlyCoreApps) { // mOnlyCoreApps的值是mOnlyCore,正常情况下也为false
            final PackageLite lite = parseMonolithicPackageLite(apkFile, flags);
            if (!lite.coreApp) {
                throw new PackageParserException(INSTALL_PARSE_FAILED_MANIFEST_MALFORMED,
                        "Not a coreApp: " + apkFile);
            }
        }


        final AssetManager assets = new AssetManager(); // new了一个AssetManager的对象,AssetManager是资源管理框架
        try {
            final Package pkg = parseBaseApk(apkFile, assets, flags); // 在parseBaseApk的时候,会把assets传人
            pkg.codePath = apkFile.getAbsolutePath();
            return pkg;
        } finally {
            IoUtils.closeQuietly(assets);
        }
    }

—————————————————————————————————————-

    private Package parseBaseApk(File apkFile, AssetManager assets, int flags)
            throws PackageParserException {
        final String apkPath = apkFile.getAbsolutePath(); // 返回apkFile绝对路径名字字符串


        mParseError = PackageManager.INSTALL_SUCCEEDED; // 在parse的开始,将mParseError的值设置为INSTALL_SUCCEEDED
        mArchiveSourcePath = apkFile.getAbsolutePath();  // 返回apkFile的绝对路径的字符串


        if (DEBUG_JAR) Slog.d(TAG, "Scanning base APK: " + apkPath);


        final int cookie = loadApkIntoAssetManager(assets, apkPath, flags);


        Resources res = null;
        XmlResourceParser parser = null;
        try {
            res = new Resources(assets, mMetrics, null);
            /*
             Resources类的成员函数updateConfiguration首先是根据参数config和metrics来更新设备的当前配置信息,
             例如,屏幕大小和密码、国家地区和语言、键盘配置情况等等,
             接着再调用成员变量mAssets所指向的一个Java层的AssetManager对象的成员函数setConfiguration来将这些配置信息设置到与之关联的C++层的AssetManager对象中去。
            */
            assets.setConfiguration(0, 0, null, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
                    Build.VERSION.RESOURCES_SDK_INT);
            parser = assets.openXmlResourceParser(cookie, ANDROID_MANIFEST_FILENAME);


            final String[] outError = new String[1];
            final Package pkg = parseBaseApk(res, parser, flags, outError);
            if (pkg == null) {
                throw new PackageParserException(mParseError,
                        apkPath + " (at " + parser.getPositionDescription() + "): " + outError[0]);
            }


            pkg.baseCodePath = apkPath;
            pkg.mSignatures = null;


            return pkg;


        } catch (PackageParserException e) {
            throw e;
        } catch (Exception e) {
            throw new PackageParserException(INSTALL_PARSE_FAILED_UNEXPECTED_EXCEPTION,
                    "Failed to read manifest from " + apkPath, e);
        } finally {
            IoUtils.closeQuietly(parser);
        }
    }

—————————————————————————————————————

    private static int loadApkIntoAssetManager(AssetManager assets, String apkPath, int flags)
            throws PackageParserException {
        if ((flags & PARSE_MUST_BE_APK) != 0 && !isApkPath(apkPath)) {
            throw new PackageParserException(INSTALL_PARSE_FAILED_NOT_APK,
                    "Invalid package file: " + apkPath);
        }


        // The AssetManager guarantees uniqueness for asset paths, so if this asset path
        // already exists in the AssetManager, addAssetPath will only return the cookie
        // assigned to it.
        int cookie = assets.addAssetPath(apkPath); // addAssetPath 函数的作用是来将参数resDir所描述的Apk文件路径作为它的资源目录。
        /* cookie有两种情况,分别为等不等于0. 如果等于0的话
           AssetManager类的成员函数addAssetPath接着再检查在其成员变量mAssetPaths所描述的一个类型为asset_path的Vector中是否已经添加过参数path所描述的一个Apk文件路径了。
           如果已经添加过了,那么AssetManager类的成员函数addAssetPath就不会再继续往下处理了,而是将与参数path所描述的一个Apk文件路径所对应的一个Cookie返回给调用者,即保存在输出参数cookie中,
           前提是参数cookie的值不等于NULL。
           一个Apk文件路径所对应的Cookie实际上只是一个整数,这个整数表示该Apk文件路径所对应的一个asset_path对象在成员变量mAssetPaths所描述的一个Vector中的索引再加上1。
         */
        if (cookie == 0) { // 等于0的时候,是添加vector失败的。所以会throw一个exception
            throw new PackageParserException(INSTALL_PARSE_FAILED_BAD_MANIFEST,
                    "Failed adding asset path: " + apkPath);
        }
        return cookie;
    }
    原文作者:猿氏悟语
    原文地址: https://blog.csdn.net/ChaoY1116/article/details/50738750
    本文转自网络文章,转载此文章仅为分享知识,如有侵权,请联系博主进行删除。
点赞