SlideShare une entreprise Scribd logo

Android Internals: Understanding the Android Architecture

Opersys inc.
Opersys inc.

Android Internals presentation at the Android Builders Summit in April 2011.

1  sur  39
Télécharger pour lire hors ligne
Android Internals Android Builders Summit – April 13th 2011 Karim Yaghmour karim.yaghmour@opersys.com @karimyaghmour
About ... ● Author of: ● Introduced Linux Trace Toolkit in 1999 ● Originated Adeos and relayfs (kernel/relay.c)
1. Android Concepts 9. System Server 2. Overall Architecture 10.Activity Manager 3. System startup 11.Binder 4. Linux Kernel 12.Stock AOSP Apps 5. Hardware Support 13.Hacking 6. Native User-Space 7. Dalvik 8. JNI
1. Android Concepts ● Components ● Intents ● Component lifecycle ● Manifest file ● Processes and threads ● Remote procedure calls
1.1. Components ● 1 App = N Components ● Apps can use components of other applications ● App processes are automagically started whenever any part is needed ● Ergo: N entry points, !1, and !main() ● Components: ● Activities ● Services ● Broadcast Receivers ● Content Providers
1.2. Intents ● Intent = asynchronous message w/ or w/o designated target ● Like a polymorphic Unix signal, but w/o required target ● Intents “payload” held in Intent Object ● Intent Filters specified in Manifest file
1.3. Component lifecycle ● System automagically starts/stops/kills processes: ● Entire system behaviour predicated on low memory ● System triggers Lifecycle callbacks when relevant ● Ergo: Must manage Component Lifecycle ● Some Components are more complex to manage than others
1.4. Manifest file ● Informs system about app’s components ● XML format ● Always called AndroidManifest.xml ● Activity = <activity> ... static ● Service = <service> ... static ● Broadcast Receiver: ● Static = <receiver> ● Dynamic = Context.registerReceiver() ● Content Provider = <provider> ... static
1.5. Processes and threads ● Processes ● Default: all callbacks to any app Component are issued to the main process thread ● <activity>—<service>—<recipient>—<provider> have process attribute to override default ● Do NOT perform blocking/long operations in main process thread: – Spawn threads instead ● Process termination/restart is at system’s discretion ● Therefore: – Must manage Component Lifecycle ● Threads: ● Create using the regular Java Thread Object ● Android API provides thread helper classes: – Looper: for running a message loop with a thread – Handler: for processing messages – HandlerThread: for setting up a thread with a message loop
1.6. Remote procedure calls ● Apparently System V IPC is evil ... ● Android RPCs = Binder mechanism ● Binder is a low-level functionality, not used as-is ● Instead: must define interface using Interface Definition Language (IDL) ● IDL fed to aidl Tool to generate Java interface definitions
1.7. Development tools ● SDK: ● android – manage AVDs and SDK components ● apkbuilder – creating .apk packages ● dx – converting .jar to .dex ● adb – debug bridge ● emulator – QEMU-based ARM emulator ● ... ● Eclipse w/ ADT plugin ● NDK: GNU toolchain for native binaries
2.1. Overall Architecture - EL
2.2. Overall Architecture - Android
3. System Startup ● Bootloader ● Kernel ● Init ● Zygote ● System Server ● Activity Manager ● Launcher (Home)
3.1. Bootloader ● aosp/bootable/bootloader ● Custom bootloader for Android ● USB-based ● Implements the “fastboot” protocol ● Controlled via “fastboot” cli tool on host ● aosp/bootable/recovery ● UI-based recovery boot program ● Accessed through magic key sequence at boot ● Usually manufacturer specific variant
● Flash layout: 0x000003860000­0x000003900000 : "misc" 0x000003900000­0x000003e00000 : "recovery" 0x000003e00000­0x000004300000 : "boot" Kernel 0x000004300000­0x00000c300000 : "system" /system 0x00000c300000­0x0000183c0000 : "userdata" /data 0x0000183c0000­0x00001dd20000 : "cache" /cache 0x00001dd20000­0x00001df20000 : "kpanic" 0x00001df20000­0x00001df60000 : "dinfo" 0x00001df60000­0x00001dfc0000 : "setupdata" 0x00001dfc0000­0x00001e040000 : "splash1" 0x000000300000­0x000001680000 : "modem" From Acer Liquid-E
3.2. Kernel ● Early startup code is very hardware dependent ● Initializes environment for the running of C code ● Jumps to the architecture-independent start_kernel() function. ● Initializes high-level kernel subsystems ● Mounts root filesystem ● Starts the init process
3.3. Android Init ● Open, parses, and runs /init.rc: ● Create mountpoints and mount filesystems ● Set up filesystem permissions ● Set OOM adjustments properties ● Start daemons: – adbd – servicemanager (binder context manager) – vold – netd – rild – app_process -Xzygote (Zygote) – mediaserver – ...
3.4. Zygote, etc. ● Init: ● app_process -Xzygote (Zygote) ● frameworks/base/cmds/app_process/app_main.cpp: ● runtime.start(“com.android.internal.os.Zygote”, ... ● frameworks/base/core/jni/AndroidRuntime.cpp: ● startVM() ● Call Zygote's main() ● frameworks/base/core/java/com/android/internal/os/Zy goteInit.java: ● ...
● preloadClasses() ● startSystemServer() ● ... magic ... ● Call SystemServer's run() ● frameworks/base/services/java/com/android/server /SystemServer.java: ● Start all system services/managers ● Start ActivityManager: – Send Intent.CATEGORY_HOME – Launcher2 kicks in
4. Linux Kernel
4.1. Androidisms ● Wakelocks ● lowmem handler ● Binder ● ashmem – Anonymous Shared Memory ● RAM console ● Logger ● ...
5. Hardware support Bluetooth BlueZ through D-BUS IPC (to avoid GPL contamination it seems) GPS Manufacturer-provided libgps.so Wifi wpa_supplicant Display Std framebuffer driver (/dev/fb0) Keymaps and Keyboards Std input event (/dev/event0) Lights Manufacturer-provided liblights.so Backlight Keyboard Buttons Battery Notifications Attention Audio Manufacturer-provided libaudio.so (could use ALSA underneath ... at least as illustrated in their porting guide) Camera Manufacturer-provided libcamera.so (could use V4L2 kernel driver underneath ... as illustrated in porting guide) Power Management “Wakelocks” kernel patch Sensors Manufacturer-provided libsensors.so Accelerometer Magnetic Field Orientation Gyroscope Light Pressure Temperature Proximity Radio Layer Interface Manufacturer-provided libril-<companyname>-<RIL version>.so
6. Native User-Space ● Mainly ● /data => User data ● /system => System components ● Also found: ● /cache ● /mnt ● /sbin ● Etc.
● Libs: Bionic, SQLite, SSL, OpenGL|ES, Non-Posix: limited Pthreads support, no SysV IPC ● Toolbox ● Daemons: servicemanager, vold, rild, netd, adbd, ...
7. Dalvik ● Sun-Java = Java language + JVM + JDK libs ● Android Java = Java language + Dalvik + Apache Harmony ● Target: ● Slow CPU ● Relatively low RAM ● OS without swap space ● Battery powered ● Now has JIT
7.1. Dalvik's .dex files ● JVM munches on “.class” files ● Dalvik munches on “.dex” files ● .dex file = .class files post-processed by “dx” utility ● Uncompressed .dex = 0.5 * Uncompressed .jar
8. JNI – Java Native Interface ● Call gate for other languages, such as C, C++ ● Equivalent to .NET's pinvoke ● Usage: include and call native code from App ● Tools = NDK ... samples included ● Check out “JNI Programmer's Guide and Specification” - freely available PDF
9. System Server Entropy Service Device Policy Audio Service Power Manager Status Bar Headset Observer Activity Manager Clipboard Service Dock Observer Telephone Registry Input Method Service UI Mode Manager Service Package Manager NetStat Service Backup Service Account Manager NetworkManagement Service AppWidget Service Content Manager Connectivity Service Recognition Service System Content Providers Throttle Service Status Bar Icons Battery Service Accessibility Manager DiskStats Service Lights Service Mount Service ADB Settings Observer Vibrator Service Notification Manager Alarm Manager Device Storage Monitor Init Watchdog Location Manager Sensor Service Search Service Window Manager DropBox Service Bluetooth Service Wallpaper Service
9.1. Some stats ● frameworks/base/services/java/com/android/ser ver: ● 3.5 M ● ~100 files ● 85 kloc ● Activity manager: ● 920K ● 30+ files ● 20 kloc
9.2. Observing with “logcat” ● Find the System Server's PID $ adb shell ps | grep system_server system 63 32 120160 35408 ffffffff afd0c738 S system_server ● Look for its output: $ adb logcat | grep “63)” ... D/PowerManagerService( 63): bootCompleted I/TelephonyRegistry( 63): notifyServiceState: 0 home Android Android 310260 UMTS CSS not supp... I/TelephonyRegistry( 63): notifyDataConnection: state=0 isDataConnectivityPossible=false reason=null interfaceName=null networkType=3 I/SearchManagerService( 63): Building list of searchable activities I/WifiService( 63): WifiService trying to setNumAllowed to 11 with persist set to true I/ActivityManager( 63): Config changed: { scale=1.0 imsi=310/260 loc=en_US touch=3 keys=2/1/2 nav=3/1 ... I/TelephonyRegistry( 63): notifyMessageWaitingChanged: false I/TelephonyRegistry( 63): notifyCallForwardingChanged: false I/TelephonyRegistry( 63): notifyDataConnection: state=1 isDataConnectivityPossible=true reason=simL... I/TelephonyRegistry( 63): notifyDataConnection: state=2 isDataConnectivityPossible=true reason=simL... D/Tethering( 63): MasterInitialState.processMessage what=3 I/ActivityManager( 63): Start proc android.process.media for broadcast com.android.providers.downloads/.DownloadReceiver: pid=223 uid=10002 gids={1015, 2001, 3003} I/RecoverySystem( 63): No recovery log file W/WindowManager( 63): App freeze timeout expired. ...
9.3. Snapshot with “dumpsys” Currently running services: SurfaceFlinger accessibility account activity alarm appwidget audio backup ... wifi window ------------------------------------------------------------------------------- DUMP OF SERVICE SurfaceFlinger: + Layer 0x396b90 z= 21000, pos=( 0, 0), size=( 480, 800), needsBlending=1, needsDithering=1, invalidat ... 0] name=com.android.launcher/com.android.launcher2.Launcher client=0x391e48, identity=6 [ head= 1, available= 2, queued= 0 ] reallocMask=00000000, inUse=-1, identity=6, status=0 format= 1, [480x800:480] [480x800:480], freezeLock=0x0, dq-q-time=53756 us ...
10. ActivityManager ● Start new Activities, Services ● Fetch Content Providers ● Intent broadcasting ● OOM adj. maintenance ● Application Not Responding ● Permissions ● Task management ● Lifecycle management
● Ex. starting new app from Launcher: ● onClick(Launcher) ● startActivity(Activity.java) ● <Binder> ● ActivityManagerService ● startViaZygote(Process.java) ● <Socket> ● Zygote
11. Binder ● CORBA/COM-like IPC ● Data sent through “parcels” in “transactions” ● Kernel-supported mechanism ● /dev/binder ● Check /proc/binder/* ● android.* API connected to System Server through binder.
12. Stock AOSP Apps /packages/apps /packages/providers /packages/inputmethods AccountsAndSettings Launcher2 ApplicationProvider LatinIME AlarmClock Mms CalendarProvider OpenWnn Bluetooth Music ContactsProvider PinyinIME Browser PackageInstaller DownloadProvider Calculator Protips DrmProvider Calendar Provision GoogleContactsProvider Camera QuickSearchBox MediaProvider CertInstaller Settings TelephonyProvider Contacts SoundRecorder UserDictionaryProvider DeskClock SpeechRecorder Email Stk Gallery VoiceDialer HTMLViewer
13. Hacking ● Source: ● AOSP – source.android.com / android.git.kernel.org ● Cyanogenmod – www.cyanogenmod.com ● xdadevelopers – www.xda-developers.com ● Tools: ● repo / git ● fastboot ● recovery ● Kernel privilege escalation exploits -- “one-click root” ● ...
Thank you ... karim.yaghmour@opersys.com

Recommandé

Android booting sequece and setup and debugging
Android booting sequece and setup and debuggingAndroid booting sequece and setup and debugging
Android booting sequece and setup and debuggingUtkarsh Mankad
 
Native Android Userspace part of the Embedded Android Workshop at Linaro Conn...
Native Android Userspace part of the Embedded Android Workshop at Linaro Conn...Native Android Userspace part of the Embedded Android Workshop at Linaro Conn...
Native Android Userspace part of the Embedded Android Workshop at Linaro Conn...Opersys inc.
 
Android Internals
Android InternalsAndroid Internals
Android InternalsOpersys inc.
 
Explore Android Internals
Explore Android InternalsExplore Android Internals
Explore Android InternalsNational Cheng Kung University
 
Porting Android
Porting AndroidPorting Android
Porting AndroidOpersys inc.
 
Using and Customizing the Android Framework / part 4 of Embedded Android Work...
Using and Customizing the Android Framework / part 4 of Embedded Android Work...Using and Customizing the Android Framework / part 4 of Embedded Android Work...
Using and Customizing the Android Framework / part 4 of Embedded Android Work...Opersys inc.
 
Android Booting Sequence
Android Booting SequenceAndroid Booting Sequence
Android Booting SequenceJayanta Ghoshal
 
Learning AOSP - Android Linux Device Driver
Learning AOSP - Android Linux Device DriverLearning AOSP - Android Linux Device Driver
Learning AOSP - Android Linux Device DriverNanik Tolaram
 

Recommandé

Android booting sequece and setup and debugging
Android booting sequece and setup and debuggingAndroid booting sequece and setup and debugging
Android booting sequece and setup and debuggingUtkarsh Mankad
 
Native Android Userspace part of the Embedded Android Workshop at Linaro Conn...
Native Android Userspace part of the Embedded Android Workshop at Linaro Conn...Native Android Userspace part of the Embedded Android Workshop at Linaro Conn...
Native Android Userspace part of the Embedded Android Workshop at Linaro Conn...Opersys inc.
 
Android Internals
Android InternalsAndroid Internals
Android InternalsOpersys inc.
 
Explore Android Internals
Explore Android InternalsExplore Android Internals
Explore Android InternalsNational Cheng Kung University
 
Porting Android
Porting AndroidPorting Android
Porting AndroidOpersys inc.
 
Using and Customizing the Android Framework / part 4 of Embedded Android Work...
Using and Customizing the Android Framework / part 4 of Embedded Android Work...Using and Customizing the Android Framework / part 4 of Embedded Android Work...
Using and Customizing the Android Framework / part 4 of Embedded Android Work...Opersys inc.
 
Android Booting Sequence
Android Booting SequenceAndroid Booting Sequence
Android Booting SequenceJayanta Ghoshal
 
Learning AOSP - Android Linux Device Driver
Learning AOSP - Android Linux Device DriverLearning AOSP - Android Linux Device Driver
Learning AOSP - Android Linux Device DriverNanik Tolaram
 
Understanding the Android System Server
Understanding the Android System ServerUnderstanding the Android System Server
Understanding the Android System ServerOpersys inc.
 
"Learning AOSP" - Android Hardware Abstraction Layer (HAL)
"Learning AOSP" - Android Hardware Abstraction Layer (HAL)"Learning AOSP" - Android Hardware Abstraction Layer (HAL)
"Learning AOSP" - Android Hardware Abstraction Layer (HAL)Nanik Tolaram
 
Project meeting: Android Graphics Architecture Overview
Project meeting: Android Graphics Architecture OverviewProject meeting: Android Graphics Architecture Overview
Project meeting: Android Graphics Architecture OverviewYu-Hsin Hung
 
Android device driver structure introduction
Android device driver structure introductionAndroid device driver structure introduction
Android device driver structure introductionWilliam Liang
 
Using the Android Native Development Kit (NDK)
Using the Android Native Development Kit (NDK)Using the Android Native Development Kit (NDK)
Using the Android Native Development Kit (NDK)Xavier Hallade
 
Learning AOSP - Android Booting Process
Learning AOSP - Android Booting ProcessLearning AOSP - Android Booting Process
Learning AOSP - Android Booting ProcessNanik Tolaram
 
Android Boot Time Optimization
Android Boot Time OptimizationAndroid Boot Time Optimization
Android Boot Time OptimizationKan-Ru Chen
 
Low Level View of Android System Architecture
Low Level View of Android System ArchitectureLow Level View of Android System Architecture
Low Level View of Android System ArchitectureNational Cheng Kung University
 
Embedded Android : System Development - Part II (Linux device drivers)
Embedded Android : System Development - Part II (Linux device drivers)Embedded Android : System Development - Part II (Linux device drivers)
Embedded Android : System Development - Part II (Linux device drivers)Emertxe Information Technologies Pvt Ltd
 
Android internals By Rajesh Khetan
Android internals By Rajesh KhetanAndroid internals By Rajesh Khetan
Android internals By Rajesh KhetanRajesh Khetan
 
The Android graphics path, in depth
The Android graphics path, in depthThe Android graphics path, in depth
The Android graphics path, in depthChris Simmonds
 
Embedded Android : System Development - Part II (HAL)
Embedded Android : System Development - Part II (HAL)Embedded Android : System Development - Part II (HAL)
Embedded Android : System Development - Part II (HAL)Emertxe Information Technologies Pvt Ltd
 
Scheduling in Android
Scheduling in AndroidScheduling in Android
Scheduling in AndroidOpersys inc.
 
Android internals 07 - Android graphics (rev_1.1)
Android internals 07 - Android graphics (rev_1.1)Android internals 07 - Android graphics (rev_1.1)
Android internals 07 - Android graphics (rev_1.1)Egor Elizarov
 
Design and Concepts of Android Graphics
Design and Concepts of Android GraphicsDesign and Concepts of Android Graphics
Design and Concepts of Android GraphicsNational Cheng Kung University
 
Embedded Android : System Development - Part I
Embedded Android : System Development - Part IEmbedded Android : System Development - Part I
Embedded Android : System Development - Part IEmertxe Information Technologies Pvt Ltd
 
Q4.11: Porting Android to new Platforms
Q4.11: Porting Android to new PlatformsQ4.11: Porting Android to new Platforms
Q4.11: Porting Android to new PlatformsLinaro
 
Android Internals at Linaro Connect Asia 2013
Android Internals at Linaro Connect Asia 2013Android Internals at Linaro Connect Asia 2013
Android Internals at Linaro Connect Asia 2013Opersys inc.
 
Embedded Android Workshop with Pie
Embedded Android Workshop with PieEmbedded Android Workshop with Pie
Embedded Android Workshop with PieOpersys inc.
 
Android OTA updates
Android OTA updatesAndroid OTA updates
Android OTA updatesGary Bisson
 
Android for Embedded Linux Developers
Android for Embedded Linux DevelopersAndroid for Embedded Linux Developers
Android for Embedded Linux DevelopersOpersys inc.
 
Leveraging Android's Linux Heritage at AnDevCon3
Leveraging Android's Linux Heritage at AnDevCon3Leveraging Android's Linux Heritage at AnDevCon3
Leveraging Android's Linux Heritage at AnDevCon3Opersys inc.
 

Contenu connexe

Tendances

Understanding the Android System Server
Understanding the Android System ServerUnderstanding the Android System Server
Understanding the Android System ServerOpersys inc.
 
"Learning AOSP" - Android Hardware Abstraction Layer (HAL)
"Learning AOSP" - Android Hardware Abstraction Layer (HAL)"Learning AOSP" - Android Hardware Abstraction Layer (HAL)
"Learning AOSP" - Android Hardware Abstraction Layer (HAL)Nanik Tolaram
 
Project meeting: Android Graphics Architecture Overview
Project meeting: Android Graphics Architecture OverviewProject meeting: Android Graphics Architecture Overview
Project meeting: Android Graphics Architecture OverviewYu-Hsin Hung
 
Android device driver structure introduction
Android device driver structure introductionAndroid device driver structure introduction
Android device driver structure introductionWilliam Liang
 
Using the Android Native Development Kit (NDK)
Using the Android Native Development Kit (NDK)Using the Android Native Development Kit (NDK)
Using the Android Native Development Kit (NDK)Xavier Hallade
 
Learning AOSP - Android Booting Process
Learning AOSP - Android Booting ProcessLearning AOSP - Android Booting Process
Learning AOSP - Android Booting ProcessNanik Tolaram
 
Android Boot Time Optimization
Android Boot Time OptimizationAndroid Boot Time Optimization
Android Boot Time OptimizationKan-Ru Chen
 
Android internals By Rajesh Khetan
Android internals By Rajesh KhetanAndroid internals By Rajesh Khetan
Android internals By Rajesh KhetanRajesh Khetan
 
The Android graphics path, in depth
The Android graphics path, in depthThe Android graphics path, in depth
The Android graphics path, in depthChris Simmonds
 
Scheduling in Android
Scheduling in AndroidScheduling in Android
Scheduling in AndroidOpersys inc.
 
Android internals 07 - Android graphics (rev_1.1)
Android internals 07 - Android graphics (rev_1.1)Android internals 07 - Android graphics (rev_1.1)
Android internals 07 - Android graphics (rev_1.1)Egor Elizarov
 
Q4.11: Porting Android to new Platforms
Q4.11: Porting Android to new PlatformsQ4.11: Porting Android to new Platforms
Q4.11: Porting Android to new PlatformsLinaro
 
Android Internals at Linaro Connect Asia 2013
Android Internals at Linaro Connect Asia 2013Android Internals at Linaro Connect Asia 2013
Android Internals at Linaro Connect Asia 2013Opersys inc.
 
Embedded Android Workshop with Pie
Embedded Android Workshop with PieEmbedded Android Workshop with Pie
Embedded Android Workshop with PieOpersys inc.
 
Android OTA updates
Android OTA updatesAndroid OTA updates
Android OTA updatesGary Bisson
 

Tendances (20)

Understanding the Android System Server
Understanding the Android System ServerUnderstanding the Android System Server
Understanding the Android System Server
 
"Learning AOSP" - Android Hardware Abstraction Layer (HAL)
"Learning AOSP" - Android Hardware Abstraction Layer (HAL)"Learning AOSP" - Android Hardware Abstraction Layer (HAL)
"Learning AOSP" - Android Hardware Abstraction Layer (HAL)
 
Project meeting: Android Graphics Architecture Overview
Project meeting: Android Graphics Architecture OverviewProject meeting: Android Graphics Architecture Overview
Project meeting: Android Graphics Architecture Overview
 
Android device driver structure introduction
Android device driver structure introductionAndroid device driver structure introduction
Android device driver structure introduction
 
Using the Android Native Development Kit (NDK)
Using the Android Native Development Kit (NDK)Using the Android Native Development Kit (NDK)
Using the Android Native Development Kit (NDK)
 
Learning AOSP - Android Booting Process
Learning AOSP - Android Booting ProcessLearning AOSP - Android Booting Process
Learning AOSP - Android Booting Process
 
Android Boot Time Optimization
Android Boot Time OptimizationAndroid Boot Time Optimization
Android Boot Time Optimization
 
Low Level View of Android System Architecture
Low Level View of Android System ArchitectureLow Level View of Android System Architecture
Low Level View of Android System Architecture
 
Embedded Android : System Development - Part II (Linux device drivers)
Embedded Android : System Development - Part II (Linux device drivers)Embedded Android : System Development - Part II (Linux device drivers)
Embedded Android : System Development - Part II (Linux device drivers)
 
Android internals By Rajesh Khetan
Android internals By Rajesh KhetanAndroid internals By Rajesh Khetan
Android internals By Rajesh Khetan
 
The Android graphics path, in depth
The Android graphics path, in depthThe Android graphics path, in depth
The Android graphics path, in depth
 
Embedded Android : System Development - Part II (HAL)
Embedded Android : System Development - Part II (HAL)Embedded Android : System Development - Part II (HAL)
Embedded Android : System Development - Part II (HAL)
 
Scheduling in Android
Scheduling in AndroidScheduling in Android
Scheduling in Android
 
Android internals 07 - Android graphics (rev_1.1)
Android internals 07 - Android graphics (rev_1.1)Android internals 07 - Android graphics (rev_1.1)
Android internals 07 - Android graphics (rev_1.1)
 
Design and Concepts of Android Graphics
Design and Concepts of Android GraphicsDesign and Concepts of Android Graphics
Design and Concepts of Android Graphics
 
Embedded Android : System Development - Part I
Embedded Android : System Development - Part IEmbedded Android : System Development - Part I
Embedded Android : System Development - Part I
 
Q4.11: Porting Android to new Platforms
Q4.11: Porting Android to new PlatformsQ4.11: Porting Android to new Platforms
Q4.11: Porting Android to new Platforms
 
Android Internals at Linaro Connect Asia 2013
Android Internals at Linaro Connect Asia 2013Android Internals at Linaro Connect Asia 2013
Android Internals at Linaro Connect Asia 2013
 
Embedded Android Workshop with Pie
Embedded Android Workshop with PieEmbedded Android Workshop with Pie
Embedded Android Workshop with Pie
 
Android OTA updates
Android OTA updatesAndroid OTA updates
Android OTA updates
 

Similaire à Android Internals: Understanding the Android Architecture

Android for Embedded Linux Developers
Android for Embedded Linux DevelopersAndroid for Embedded Linux Developers
Android for Embedded Linux DevelopersOpersys inc.
 
Leveraging Android's Linux Heritage at AnDevCon3
Leveraging Android's Linux Heritage at AnDevCon3Leveraging Android's Linux Heritage at AnDevCon3
Leveraging Android's Linux Heritage at AnDevCon3Opersys inc.
 
Inside Android's UI
Inside Android's UIInside Android's UI
Inside Android's UIOpersys inc.
 
Leveraging Android's Linux Heritage
Leveraging Android's Linux HeritageLeveraging Android's Linux Heritage
Leveraging Android's Linux HeritageOpersys inc.
 
Inside Android's UI / ABS 2013
Inside Android's UI / ABS 2013Inside Android's UI / ABS 2013
Inside Android's UI / ABS 2013Opersys inc.
 
Leveraging Android's Linux Heritage at ELC-E 2011
Leveraging Android's Linux Heritage at ELC-E 2011Leveraging Android's Linux Heritage at ELC-E 2011
Leveraging Android's Linux Heritage at ELC-E 2011Opersys inc.
 
Porting Android ABS 2011
Porting Android ABS 2011Porting Android ABS 2011
Porting Android ABS 2011Opersys inc.
 
OWF12/PAUG Conf Days Android tools for developpeurs, paul marois, design and ...
OWF12/PAUG Conf Days Android tools for developpeurs, paul marois, design and ...OWF12/PAUG Conf Days Android tools for developpeurs, paul marois, design and ...
OWF12/PAUG Conf Days Android tools for developpeurs, paul marois, design and ...Paris Open Source Summit
 
Android crash debugging
Android crash debuggingAndroid crash debugging
Android crash debuggingAshish Agrawal
 
Leveraging Android's Linux Heritage at AnDevCon IV
Leveraging Android's Linux Heritage at AnDevCon IVLeveraging Android's Linux Heritage at AnDevCon IV
Leveraging Android's Linux Heritage at AnDevCon IVOpersys inc.
 
Android porting for dummies @droidconin 2011
Android porting for dummies @droidconin 2011Android porting for dummies @droidconin 2011
Android porting for dummies @droidconin 2011pundiramit
 
Automotive Grade Linux and systemd
Automotive Grade Linux and systemdAutomotive Grade Linux and systemd
Automotive Grade Linux and systemdAlison Chaiken
 
Workshop su Android Kernel Hacking
Workshop su Android Kernel HackingWorkshop su Android Kernel Hacking
Workshop su Android Kernel HackingDeveler S.r.l.
 
Working with the AOSP - Linaro Connect Asia 2013
Working with the AOSP - Linaro Connect Asia 2013Working with the AOSP - Linaro Connect Asia 2013
Working with the AOSP - Linaro Connect Asia 2013Opersys inc.
 
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit FrameworkUnmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit Frameworkegypt
 
An Introduction To Android
An Introduction To AndroidAn Introduction To Android
An Introduction To Androidnatdefreitas
 

Similaire à Android Internals: Understanding the Android Architecture (20)

Android for Embedded Linux Developers
Android for Embedded Linux DevelopersAndroid for Embedded Linux Developers
Android for Embedded Linux Developers
 
Leveraging Android's Linux Heritage at AnDevCon3
Leveraging Android's Linux Heritage at AnDevCon3Leveraging Android's Linux Heritage at AnDevCon3
Leveraging Android's Linux Heritage at AnDevCon3
 
Inside Android's UI
Inside Android's UIInside Android's UI
Inside Android's UI
 
Leveraging Android's Linux Heritage
Leveraging Android's Linux HeritageLeveraging Android's Linux Heritage
Leveraging Android's Linux Heritage
 
Inside Android's UI / ABS 2013
Inside Android's UI / ABS 2013Inside Android's UI / ABS 2013
Inside Android's UI / ABS 2013
 
Leveraging Android's Linux Heritage at ELC-E 2011
Leveraging Android's Linux Heritage at ELC-E 2011Leveraging Android's Linux Heritage at ELC-E 2011
Leveraging Android's Linux Heritage at ELC-E 2011
 
Porting Android
Porting AndroidPorting Android
Porting Android
 
Porting Android ABS 2011
Porting Android ABS 2011Porting Android ABS 2011
Porting Android ABS 2011
 
OWF12/PAUG Conf Days Android tools for developpeurs, paul marois, design and ...
OWF12/PAUG Conf Days Android tools for developpeurs, paul marois, design and ...OWF12/PAUG Conf Days Android tools for developpeurs, paul marois, design and ...
OWF12/PAUG Conf Days Android tools for developpeurs, paul marois, design and ...
 
Android crash debugging
Android crash debuggingAndroid crash debugging
Android crash debugging
 
Android Attacks
Android AttacksAndroid Attacks
Android Attacks
 
Leveraging Android's Linux Heritage at AnDevCon IV
Leveraging Android's Linux Heritage at AnDevCon IVLeveraging Android's Linux Heritage at AnDevCon IV
Leveraging Android's Linux Heritage at AnDevCon IV
 
Android porting for dummies @droidconin 2011
Android porting for dummies @droidconin 2011Android porting for dummies @droidconin 2011
Android porting for dummies @droidconin 2011
 
Android presentation
Android presentationAndroid presentation
Android presentation
 
Android OS
Android OSAndroid OS
Android OS
 
Automotive Grade Linux and systemd
Automotive Grade Linux and systemdAutomotive Grade Linux and systemd
Automotive Grade Linux and systemd
 
Workshop su Android Kernel Hacking
Workshop su Android Kernel HackingWorkshop su Android Kernel Hacking
Workshop su Android Kernel Hacking
 
Working with the AOSP - Linaro Connect Asia 2013
Working with the AOSP - Linaro Connect Asia 2013Working with the AOSP - Linaro Connect Asia 2013
Working with the AOSP - Linaro Connect Asia 2013
 
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit FrameworkUnmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework
 
An Introduction To Android
An Introduction To AndroidAn Introduction To Android
An Introduction To Android
 

Plus de Opersys inc.

Android Automotive
Android AutomotiveAndroid Automotive
Android AutomotiveOpersys inc.
 
Android 10 Internals Update
Android 10 Internals UpdateAndroid 10 Internals Update
Android 10 Internals UpdateOpersys inc.
 
Android Security Internals
Android Security InternalsAndroid Security Internals
Android Security InternalsOpersys inc.
 
Android's HIDL: Treble in the HAL
Android's HIDL: Treble in the HALAndroid's HIDL: Treble in the HAL
Android's HIDL: Treble in the HALOpersys inc.
 
Android Treble: Blessing or Trouble?
Android Treble: Blessing or Trouble?Android Treble: Blessing or Trouble?
Android Treble: Blessing or Trouble?Opersys inc.
 
Embedded Android Workshop with Oreo
Embedded Android Workshop with OreoEmbedded Android Workshop with Oreo
Embedded Android Workshop with OreoOpersys inc.
 
Android Things Internals
Android Things InternalsAndroid Things Internals
Android Things InternalsOpersys inc.
 
Android Platform Debugging and Development
Android Platform Debugging and DevelopmentAndroid Platform Debugging and Development
Android Platform Debugging and DevelopmentOpersys inc.
 
Embedded Android Workshop with Nougat
Embedded Android Workshop with NougatEmbedded Android Workshop with Nougat
Embedded Android Workshop with NougatOpersys inc.
 
Embedded Android Workshop with Nougat
Embedded Android Workshop with NougatEmbedded Android Workshop with Nougat
Embedded Android Workshop with NougatOpersys inc.
 
Android Things: Android for IoT
Android Things: Android for IoTAndroid Things: Android for IoT
Android Things: Android for IoTOpersys inc.
 
Android Things Internals
Android Things InternalsAndroid Things Internals
Android Things InternalsOpersys inc.
 
Scheduling in Android
Scheduling in AndroidScheduling in Android
Scheduling in AndroidOpersys inc.
 
Brillo / Weave Internals
Brillo / Weave InternalsBrillo / Weave Internals
Brillo / Weave InternalsOpersys inc.
 
Android Platform Debugging and Development
Android Platform Debugging and DevelopmentAndroid Platform Debugging and Development
Android Platform Debugging and DevelopmentOpersys inc.
 
Memory Management in Android
Memory Management in AndroidMemory Management in Android
Memory Management in AndroidOpersys inc.
 
Embedded Android Workshop with Nougat
Embedded Android Workshop with NougatEmbedded Android Workshop with Nougat
Embedded Android Workshop with NougatOpersys inc.
 
Brillo / Weave Internals
Brillo / Weave InternalsBrillo / Weave Internals
Brillo / Weave InternalsOpersys inc.
 
Android Platform Debugging and Development
Android Platform Debugging and DevelopmentAndroid Platform Debugging and Development
Android Platform Debugging and DevelopmentOpersys inc.
 

Plus de Opersys inc. (20)

Android Automotive
Android AutomotiveAndroid Automotive
Android Automotive
 
Android 10 Internals Update
Android 10 Internals UpdateAndroid 10 Internals Update
Android 10 Internals Update
 
Android Security Internals
Android Security InternalsAndroid Security Internals
Android Security Internals
 
Android's HIDL: Treble in the HAL
Android's HIDL: Treble in the HALAndroid's HIDL: Treble in the HAL
Android's HIDL: Treble in the HAL
 
Android Treble: Blessing or Trouble?
Android Treble: Blessing or Trouble?Android Treble: Blessing or Trouble?
Android Treble: Blessing or Trouble?
 
Embedded Android Workshop with Oreo
Embedded Android Workshop with OreoEmbedded Android Workshop with Oreo
Embedded Android Workshop with Oreo
 
Android Things Internals
Android Things InternalsAndroid Things Internals
Android Things Internals
 
Android Platform Debugging and Development
Android Platform Debugging and DevelopmentAndroid Platform Debugging and Development
Android Platform Debugging and Development
 
Embedded Android Workshop with Nougat
Embedded Android Workshop with NougatEmbedded Android Workshop with Nougat
Embedded Android Workshop with Nougat
 
Embedded Android Workshop with Nougat
Embedded Android Workshop with NougatEmbedded Android Workshop with Nougat
Embedded Android Workshop with Nougat
 
Android Things: Android for IoT
Android Things: Android for IoTAndroid Things: Android for IoT
Android Things: Android for IoT
 
Android Things Internals
Android Things InternalsAndroid Things Internals
Android Things Internals
 
Scheduling in Android
Scheduling in AndroidScheduling in Android
Scheduling in Android
 
Brillo / Weave Internals
Brillo / Weave InternalsBrillo / Weave Internals
Brillo / Weave Internals
 
Android Platform Debugging and Development
Android Platform Debugging and DevelopmentAndroid Platform Debugging and Development
Android Platform Debugging and Development
 
Memory Management in Android
Memory Management in AndroidMemory Management in Android
Memory Management in Android
 
Embedded Android Workshop with Nougat
Embedded Android Workshop with NougatEmbedded Android Workshop with Nougat
Embedded Android Workshop with Nougat
 
Brillo / Weave Internals
Brillo / Weave InternalsBrillo / Weave Internals
Brillo / Weave Internals
 
Project Ara
Project AraProject Ara
Project Ara
 
Android Platform Debugging and Development
Android Platform Debugging and DevelopmentAndroid Platform Debugging and Development
Android Platform Debugging and Development
 

Android Internals: Understanding the Android Architecture

  • 1. Android Internals Android Builders Summit – April 13th 2011 Karim Yaghmour karim.yaghmour@opersys.com @karimyaghmour
  • 2. About ... ● Author of: ● Introduced Linux Trace Toolkit in 1999 ● Originated Adeos and relayfs (kernel/relay.c)
  • 3. 1. Android Concepts 9. System Server 2. Overall Architecture 10.Activity Manager 3. System startup 11.Binder 4. Linux Kernel 12.Stock AOSP Apps 5. Hardware Support 13.Hacking 6. Native User-Space 7. Dalvik 8. JNI
  • 4. 1. Android Concepts ● Components ● Intents ● Component lifecycle ● Manifest file ● Processes and threads ● Remote procedure calls
  • 5. 1.1. Components ● 1 App = N Components ● Apps can use components of other applications ● App processes are automagically started whenever any part is needed ● Ergo: N entry points, !1, and !main() ● Components: ● Activities ● Services ● Broadcast Receivers ● Content Providers
  • 6. 1.2. Intents ● Intent = asynchronous message w/ or w/o designated target ● Like a polymorphic Unix signal, but w/o required target ● Intents “payload” held in Intent Object ● Intent Filters specified in Manifest file
  • 7. 1.3. Component lifecycle ● System automagically starts/stops/kills processes: ● Entire system behaviour predicated on low memory ● System triggers Lifecycle callbacks when relevant ● Ergo: Must manage Component Lifecycle ● Some Components are more complex to manage than others
  • 8. 1.4. Manifest file ● Informs system about app’s components ● XML format ● Always called AndroidManifest.xml ● Activity = <activity> ... static ● Service = <service> ... static ● Broadcast Receiver: ● Static = <receiver> ● Dynamic = Context.registerReceiver() ● Content Provider = <provider> ... static
  • 9. 1.5. Processes and threads ● Processes ● Default: all callbacks to any app Component are issued to the main process thread ● <activity>—<service>—<recipient>—<provider> have process attribute to override default ● Do NOT perform blocking/long operations in main process thread: – Spawn threads instead ● Process termination/restart is at system’s discretion ● Therefore: – Must manage Component Lifecycle ● Threads: ● Create using the regular Java Thread Object ● Android API provides thread helper classes: – Looper: for running a message loop with a thread – Handler: for processing messages – HandlerThread: for setting up a thread with a message loop
  • 10. 1.6. Remote procedure calls ● Apparently System V IPC is evil ... ● Android RPCs = Binder mechanism ● Binder is a low-level functionality, not used as-is ● Instead: must define interface using Interface Definition Language (IDL) ● IDL fed to aidl Tool to generate Java interface definitions
  • 11. 1.7. Development tools ● SDK: ● android – manage AVDs and SDK components ● apkbuilder – creating .apk packages ● dx – converting .jar to .dex ● adb – debug bridge ● emulator – QEMU-based ARM emulator ● ... ● Eclipse w/ ADT plugin ● NDK: GNU toolchain for native binaries
  • 14. 3. System Startup ● Bootloader ● Kernel ● Init ● Zygote ● System Server ● Activity Manager ● Launcher (Home)
  • 15. 3.1. Bootloader ● aosp/bootable/bootloader ● Custom bootloader for Android ● USB-based ● Implements the “fastboot” protocol ● Controlled via “fastboot” cli tool on host ● aosp/bootable/recovery ● UI-based recovery boot program ● Accessed through magic key sequence at boot ● Usually manufacturer specific variant
  • 16. Flash layout: 0x000003860000­0x000003900000 : "misc" 0x000003900000­0x000003e00000 : "recovery" 0x000003e00000­0x000004300000 : "boot" Kernel 0x000004300000­0x00000c300000 : "system" /system 0x00000c300000­0x0000183c0000 : "userdata" /data 0x0000183c0000­0x00001dd20000 : "cache" /cache 0x00001dd20000­0x00001df20000 : "kpanic" 0x00001df20000­0x00001df60000 : "dinfo" 0x00001df60000­0x00001dfc0000 : "setupdata" 0x00001dfc0000­0x00001e040000 : "splash1" 0x000000300000­0x000001680000 : "modem" From Acer Liquid-E
  • 17. 3.2. Kernel ● Early startup code is very hardware dependent ● Initializes environment for the running of C code ● Jumps to the architecture-independent start_kernel() function. ● Initializes high-level kernel subsystems ● Mounts root filesystem ● Starts the init process
  • 18. 3.3. Android Init ● Open, parses, and runs /init.rc: ● Create mountpoints and mount filesystems ● Set up filesystem permissions ● Set OOM adjustments properties ● Start daemons: – adbd – servicemanager (binder context manager) – vold – netd – rild – app_process -Xzygote (Zygote) – mediaserver – ...
  • 19. 3.4. Zygote, etc. ● Init: ● app_process -Xzygote (Zygote) ● frameworks/base/cmds/app_process/app_main.cpp: ● runtime.start(“com.android.internal.os.Zygote”, ... ● frameworks/base/core/jni/AndroidRuntime.cpp: ● startVM() ● Call Zygote's main() ● frameworks/base/core/java/com/android/internal/os/Zy goteInit.java: ● ...
  • 20. preloadClasses() ● startSystemServer() ● ... magic ... ● Call SystemServer's run() ● frameworks/base/services/java/com/android/server /SystemServer.java: ● Start all system services/managers ● Start ActivityManager: – Send Intent.CATEGORY_HOME – Launcher2 kicks in
  • 22. 4.1. Androidisms ● Wakelocks ● lowmem handler ● Binder ● ashmem – Anonymous Shared Memory ● RAM console ● Logger ● ...
  • 23. 5. Hardware support Bluetooth BlueZ through D-BUS IPC (to avoid GPL contamination it seems) GPS Manufacturer-provided libgps.so Wifi wpa_supplicant Display Std framebuffer driver (/dev/fb0) Keymaps and Keyboards Std input event (/dev/event0) Lights Manufacturer-provided liblights.so Backlight Keyboard Buttons Battery Notifications Attention Audio Manufacturer-provided libaudio.so (could use ALSA underneath ... at least as illustrated in their porting guide) Camera Manufacturer-provided libcamera.so (could use V4L2 kernel driver underneath ... as illustrated in porting guide) Power Management “Wakelocks” kernel patch Sensors Manufacturer-provided libsensors.so Accelerometer Magnetic Field Orientation Gyroscope Light Pressure Temperature Proximity Radio Layer Interface Manufacturer-provided libril-<companyname>-<RIL version>.so
  • 24. 6. Native User-Space ● Mainly ● /data => User data ● /system => System components ● Also found: ● /cache ● /mnt ● /sbin ● Etc.
  • 25. Libs: Bionic, SQLite, SSL, OpenGL|ES, Non-Posix: limited Pthreads support, no SysV IPC ● Toolbox ● Daemons: servicemanager, vold, rild, netd, adbd, ...
  • 26. 7. Dalvik ● Sun-Java = Java language + JVM + JDK libs ● Android Java = Java language + Dalvik + Apache Harmony ● Target: ● Slow CPU ● Relatively low RAM ● OS without swap space ● Battery powered ● Now has JIT
  • 27. 7.1. Dalvik's .dex files ● JVM munches on “.class” files ● Dalvik munches on “.dex” files ● .dex file = .class files post-processed by “dx” utility ● Uncompressed .dex = 0.5 * Uncompressed .jar
  • 28. 8. JNI – Java Native Interface ● Call gate for other languages, such as C, C++ ● Equivalent to .NET's pinvoke ● Usage: include and call native code from App ● Tools = NDK ... samples included ● Check out “JNI Programmer's Guide and Specification” - freely available PDF
  • 29. 9. System Server Entropy Service Device Policy Audio Service Power Manager Status Bar Headset Observer Activity Manager Clipboard Service Dock Observer Telephone Registry Input Method Service UI Mode Manager Service Package Manager NetStat Service Backup Service Account Manager NetworkManagement Service AppWidget Service Content Manager Connectivity Service Recognition Service System Content Providers Throttle Service Status Bar Icons Battery Service Accessibility Manager DiskStats Service Lights Service Mount Service ADB Settings Observer Vibrator Service Notification Manager Alarm Manager Device Storage Monitor Init Watchdog Location Manager Sensor Service Search Service Window Manager DropBox Service Bluetooth Service Wallpaper Service
  • 30. 9.1. Some stats ● frameworks/base/services/java/com/android/ser ver: ● 3.5 M ● ~100 files ● 85 kloc ● Activity manager: ● 920K ● 30+ files ● 20 kloc
  • 31. 9.2. Observing with “logcat” ● Find the System Server's PID $ adb shell ps | grep system_server system 63 32 120160 35408 ffffffff afd0c738 S system_server ● Look for its output: $ adb logcat | grep “63)” ... D/PowerManagerService( 63): bootCompleted I/TelephonyRegistry( 63): notifyServiceState: 0 home Android Android 310260 UMTS CSS not supp... I/TelephonyRegistry( 63): notifyDataConnection: state=0 isDataConnectivityPossible=false reason=null interfaceName=null networkType=3 I/SearchManagerService( 63): Building list of searchable activities I/WifiService( 63): WifiService trying to setNumAllowed to 11 with persist set to true I/ActivityManager( 63): Config changed: { scale=1.0 imsi=310/260 loc=en_US touch=3 keys=2/1/2 nav=3/1 ... I/TelephonyRegistry( 63): notifyMessageWaitingChanged: false I/TelephonyRegistry( 63): notifyCallForwardingChanged: false I/TelephonyRegistry( 63): notifyDataConnection: state=1 isDataConnectivityPossible=true reason=simL... I/TelephonyRegistry( 63): notifyDataConnection: state=2 isDataConnectivityPossible=true reason=simL... D/Tethering( 63): MasterInitialState.processMessage what=3 I/ActivityManager( 63): Start proc android.process.media for broadcast com.android.providers.downloads/.DownloadReceiver: pid=223 uid=10002 gids={1015, 2001, 3003} I/RecoverySystem( 63): No recovery log file W/WindowManager( 63): App freeze timeout expired. ...
  • 32. 9.3. Snapshot with “dumpsys” Currently running services: SurfaceFlinger accessibility account activity alarm appwidget audio backup ... wifi window ------------------------------------------------------------------------------- DUMP OF SERVICE SurfaceFlinger: + Layer 0x396b90 z= 21000, pos=( 0, 0), size=( 480, 800), needsBlending=1, needsDithering=1, invalidat ... 0] name=com.android.launcher/com.android.launcher2.Launcher client=0x391e48, identity=6 [ head= 1, available= 2, queued= 0 ] reallocMask=00000000, inUse=-1, identity=6, status=0 format= 1, [480x800:480] [480x800:480], freezeLock=0x0, dq-q-time=53756 us ...
  • 33. 10. ActivityManager ● Start new Activities, Services ● Fetch Content Providers ● Intent broadcasting ● OOM adj. maintenance ● Application Not Responding ● Permissions ● Task management ● Lifecycle management
  • 34. Ex. starting new app from Launcher: ● onClick(Launcher) ● startActivity(Activity.java) ● <Binder> ● ActivityManagerService ● startViaZygote(Process.java) ● <Socket> ● Zygote
  • 35. 11. Binder ● CORBA/COM-like IPC ● Data sent through “parcels” in “transactions” ● Kernel-supported mechanism ● /dev/binder ● Check /proc/binder/* ● android.* API connected to System Server through binder.
  • 36.
  • 37. 12. Stock AOSP Apps /packages/apps /packages/providers /packages/inputmethods AccountsAndSettings Launcher2 ApplicationProvider LatinIME AlarmClock Mms CalendarProvider OpenWnn Bluetooth Music ContactsProvider PinyinIME Browser PackageInstaller DownloadProvider Calculator Protips DrmProvider Calendar Provision GoogleContactsProvider Camera QuickSearchBox MediaProvider CertInstaller Settings TelephonyProvider Contacts SoundRecorder UserDictionaryProvider DeskClock SpeechRecorder Email Stk Gallery VoiceDialer HTMLViewer
  • 38. 13. Hacking ● Source: ● AOSP – source.android.com / android.git.kernel.org ● Cyanogenmod – www.cyanogenmod.com ● xdadevelopers – www.xda-developers.com ● Tools: ● repo / git ● fastboot ● recovery ● Kernel privilege escalation exploits -- “one-click root” ● ...