一、Android4.4属性系统系列文章
Android4.4属性系统-初始化
Android4.4属性系统-系统服务
Android4.4属性系统-内存空间共享
Android4.4属性系统-属性获取
Android4.4属性系统-属性设置
Android4.4-属性的使用总结
二、写在前面-如何阅读本系列文章
本系列文章大部分是对源码的解析和注释,所以读起来枯燥无味,并且杂乱,这是阅读系统源码无法避免的,如果你有条件,可以点击下载Android4.4源码,阅读源码可以使用eclise,AndroidStudio,vim等。
文章的章节安卓是按照代码模块区分的,例如init进程代码,libcutils代码是按章节来区分,但不同模块的代码之间是有关联的,阅读时需要经常跳转,通过搜索功能进行页内搜索即可
三、属性设置
Android 除了提供属性获取函数外,当然还可以进行属性的设置操作,在 Java 层可以通过调用 SystemProperties.set(String key, String val)方法进行属性设置。
3.1 frameworks接口
源码路径frameworks/base/core/java/android/os/Build.java
/**
* Set the value for the given key.
* @throws IllegalArgumentException if the key exceeds 32 characters
* @throws IllegalArgumentException if the value exceeds 92 characters
*/
public static void set(String key, String val) {
if (key.length() > PROP_NAME_MAX) {
throw new IllegalArgumentException("key.length > " + PROP_NAME_MAX);
}
if (val != null && val.length() > PROP_VALUE_MAX) {
throw new IllegalArgumentException("val.length > " +
PROP_VALUE_MAX);
}
native_set(key, val);
}
首先对需要设置的属性的名称以及值做长度检查,再调用 Native函数native_set。native_set对应的C++层函数为SystemProperties_set(/frameworks/base/core/jni/android_os_SystemProperties.cpp)
3.2 JNI接口
源码 路径frameworks/base/core/jni/android_os_SystemProperties.cpp
JNI代码中,有方法映射表,native_get映射为SystemProperties_getS方法
#include "cutils/properties.h"
//方法映射表
static JNINativeMethod method_table[] = {
{ "native_get", "(Ljava/lang/String;)Ljava/lang/String;",
(void*) SystemProperties_getS },
{ "native_get", "(Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String;",
(void*) SystemProperties_getSS },
{ "native_get_int", "(Ljava/lang/String;I)I",
(void*) SystemProperties_get_int },
{ "native_get_long", "(Ljava/lang/String;J)J",
(void*) SystemProperties_get_long },
{ "native_get_boolean", "(Ljava/lang/String;Z)Z",
(void*) SystemProperties_get_boolean },
{ "native_set", "(Ljava/lang/String;Ljava/lang/String;)V",
(void*) SystemProperties_set },
{ "native_add_change_callback", "()V",
(void*) SystemProperties_add_change_callback },
};
//native_set方法对应SystemProperties_set
static void SystemProperties_set(JNIEnv *env, jobject clazz, jstring keyJ, jstring valJ)
{
LOGD("SystemProperties_set,keyJ=%s,valJ=%s", keyJ, valJ);
int err;
const char* key;
const char* val;
if (keyJ == NULL) {
jniThrowNullPointerException(env, "key must not be null.");
return ;
}
//将jstring类型变成一个char *类型
key = env->GetStringUTFChars(keyJ, NULL);
if (valJ == NULL) {
val = ""; /* NULL pointer not allowed here */
} else {
val = env->GetStringUTFChars(valJ, NULL);
}
//关键代码:调用property_set,在properties.c中实现
err = property_set(key, val);
//调用ReleaseStringUTFChars函数通知JVM这块内存已经不使用
env->ReleaseStringUTFChars(keyJ, key);
//一些错误处理
if (valJ != NULL) {
env->ReleaseStringUTFChars(valJ, val);
}
if (err < 0) {
jniThrowException(env, "java/lang/RuntimeException",
"failed to set system property");
}
}
调用了 property_set 函数,该函数统一定义在/system/core/libcutils/properties.c 文件中
3.3 libc库层
3.3.1 内核c库层
源码路径system/core/libcutils/properties.c
#include <cutils/properties.h>
//set方法,参数<key,value>
int property_set(const char *key, const char *value)
{
ALOGV("property_set, key=%s,value=%s", key, value);
//关键调用,位于bionic/libc/bionic/system_properties.c
return __system_property_set(key, value);
}
调用了__system_property_set 函数,该函数位于/bionic/libc/bionic/system_properties.c 文件
3.3.2 bionic库层
源码路径bionic/libc/bionic/system_properties.c
该函数通过__system_property_find 函数在系统属性内存区域查询是否存在 name 参数指定的属性,如果查询到则会通过__system_property_read 读取属性信息。关于__system_property_find函数,前文已经分析过了。__system_property_read 通过获取的内存地址,从内存中读取属性信息。
//set方法
int __system_property_set(const char *key, const char *value)
{
printf("__system_property_set--bianjb,key=%s,value=%s", key, value);
int err;
//prop_msg为要发送给服务端的消息句柄
prop_msg msg;
if(key == 0) return -1;
if(value == 0) value = "";
//判断key,value长度是否合法
if(strlen(key) >= PROP_NAME_MAX) return -1;
if(strlen(value) >= PROP_VALUE_MAX) return -1;
memset(&msg, 0, sizeof msg); //初始化内存
//设置Prop操作类型
msg.cmd = PROP_MSG_SETPROP;
//设置消息name字段
strlcpy(msg.name, key, sizeof msg.name);
//设置消息value字段
strlcpy(msg.value, value, sizeof msg.value);
//send_prop_msg 函数向属性系统服务的 socket发送属性设置请求信息
err = send_prop_msg(&msg);
if(err < 0) {
return err;
}
return 0;
}
//发送消息
static int send_prop_msg(prop_msg *msg)
{
struct pollfd pollfds[1];
struct sockaddr_un addr;
socklen_t alen;
size_t namelen;
int s;
int r;
int result = -1;
s = socket(AF_LOCAL, SOCK_STREAM, 0);
if(s < 0) {
return result;
}
memset(&addr, 0, sizeof(addr));
// property_service_socket 值为”/dev/socket/property_service”
//正是前文分析 Android 属性系统服务所监听的 socket
namelen = strlen(property_service_socket);
strlcpy(addr.sun_path, property_service_socket, sizeof addr.sun_path);
addr.sun_family = AF_LOCAL;
alen = namelen + offsetof(struct sockaddr_un, sun_path) + 1;
//connect尝试连接这个服务端 socket
if(TEMP_FAILURE_RETRY(connect(s, (struct sockaddr *) &addr, alen)) < 0) {
close(s);
return result;
}
//send向该 socket 发送消息
r = TEMP_FAILURE_RETRY(send(s, msg, sizeof(prop_msg), 0));
if(r == sizeof(prop_msg)) {
//我们成功写入了属性服务器,但现在我们等待属性服务器完成其工作。它通过关闭套接字来确认它的完成,所以我们在这里
//轮询(什么都没有),等待套接字关闭。如果你'adb shell setprop foo bar',你会在套接字关闭后看到POLLHUP。出于偏
//执,我们将调查结果限制在250毫秒。
pollfds[0].fd = s;
pollfds[0].events = 0;
r = TEMP_FAILURE_RETRY(poll(pollfds, 1, 250 /* ms */));
if (r == 1 && (pollfds[0].revents & POLLHUP) != 0) {
result = 0;
} else {
//忽略超时并将其视为成功。 init进程是单线程的,它的属性服务有时响应很慢(可能是关闭启动子进程或其他东西),因此
//这时超时并且调用者认为它失败了,即使它仍然可以解决它。所以我们在这里伪造它,主要是为了ctl.*属性,但是我们尝
//试等待250毫秒,因此大多数时候执行read-after-write的调用者可以可靠地看到他们写的内容。
result = 0;
}
}
close(s);
return result;
}
prop_msg消息结构体定义在bionic/libc/include/sys/_system_properties.h
,源码如下:
#define PROP_MSG_SETPROP 1
struct prop_msg
{
unsigned cmd;
char name[PROP_NAME_MAX];
char value[PROP_VALUE_MAX];
};
上面的分析完成了向socket服务器发送请求消息的过程,那么服务器端是如何接收并处理的呢。
3.3 socket服务端接收请求消息并处理
在 init.c 文件中 main 函数的无限 for 循环中有对上述 socket 事件的处理,关键代码如下
源码位置system/core/init/init.c
int main(int argc, char **argv)
{
....
for(;;) {
int nr, i, timeout = -1;
execute_one_command();
restart_processes();
//设置需要监听的 socket 文件描述符以及 socket 请求的事件
if (!property_set_fd_init && get_property_set_fd() > 0) {
ufds[fd_count].fd = get_property_set_fd();
ufds[fd_count].events = POLLIN;
ufds[fd_count].revents = 0;
fd_count++;
property_set_fd_init = 1;
}
....
//调用 poll 检查是否有期望的 soket 事件发生
nr = poll(ufds, fd_count, timeout);
if (nr <= 0)
continue;
for (i = 0; i < fd_count; i++) {
if (ufds[i].revents == POLLIN) { //两个if判断所发生的的 socket 事件是否是来自于属性服务的socket
if (ufds[i].fd == get_property_set_fd())
handle_property_set_fd(); //处理相应的 socket 请求,定义在property_service.c
else if (ufds[i].fd == get_keychord_fd())
handle_keychord();
else if (ufds[i].fd == get_signal_fd())
handle_signal();
}
}
}
//处理控制消息,handle_control_message 根据属性名称来启动、停止或者重启服务
void handle_control_message(const char *msg, const char *arg)
{
if (!strcmp(msg,"start")) {
msg_start(arg);
} else if (!strcmp(msg,"stop")) {
msg_stop(arg);
} else if (!strcmp(msg,"restart")) {
msg_restart(arg);
} else {
ERROR("unknown control msg '%s'\n", msg);
}
}
//prop发生改变
void property_changed(const char *name, const char *value)
{
if (property_triggers_enabled) //是否开启了prop触发器
queue_property_triggers(name, value);
}
static int queue_property_triggers_action(int nargs, char **args)
{
queue_all_property_triggers(); //定义在init_parser.c
/* enable property triggers */
property_triggers_enabled = 1;
return 0;
}
源码路径system/core/init/init_parser.c
void queue_all_property_triggers()
{
struct listnode *node;
struct action *act;
list_for_each(node, &action_list) {
act = node_to_item(node, struct action, alist);
if (!strncmp(act->name, "property:", strlen("property:"))) {
/* parse property name and value
syntax is property:<name>=<value> */
const char* name = act->name + strlen("property:");
const char* equals = strchr(name, '=');
if (equals) {
char prop_name[PROP_NAME_MAX + 1];
char value[PROP_VALUE_MAX];
int length = equals - name;
if (length > PROP_NAME_MAX) {
ERROR("property name too long in trigger %s", act->name);
} else {
memcpy(prop_name, name, length);
prop_name[length] = 0;
/* does the property exist, and match the trigger value? */
property_get(prop_name, value);
if (!strcmp(equals + 1, value) ||!strcmp(equals + 1, "*")) {
action_add_queue_tail(act);
}
}
}
}
}
}
源码路径system/core/init/property_service.c
//处理客户端的连接请求
void handle_property_set_fd()
{
prop_msg msg;
int s;
int r;
int res;
struct ucred cr;
struct sockaddr_un addr;
socklen_t addr_size = sizeof(addr);
socklen_t cr_size = sizeof(cr);
char * source_ctx = NULL;
//accept接受连接请求
if ((s = accept(property_set_fd, (struct sockaddr *) &addr, &addr_size)) < 0) {
return;
}
/* Check socket options here */
if (getsockopt(s, SOL_SOCKET, SO_PEERCRED, &cr, &cr_size) < 0) {
close(s);
ERROR("Unable to receive socket options\n");
return;
}
//recv从 socket 中获取数据,由于 send_prop_msg 发送的数据位 prop_msg,因此此处获得的数据便是一个 prop_msg 结构体
r = TEMP_FAILURE_RETRY(recv(s, &msg, sizeof(msg), 0));
if(r != sizeof(prop_msg)) {
ERROR("sys_prop: mis-match msg size received: %d expected: %d errno: %d\n",
r, sizeof(prop_msg), errno);
close(s);
return;
}
//根据 prop_msg 成员cmd 值做相应操作,对于属性设置请求来说,cmd 值为 PROP_MSG_SETPROP,而实际上
//handle_property_set_fd 函数也只是处理属性设置请求
switch(msg.cmd) {
case PROP_MSG_SETPROP:
msg.name[PROP_NAME_MAX-1] = 0;
msg.value[PROP_VALUE_MAX-1] = 0;
if (!is_legal_property_name(msg.name, strlen(msg.name))) {
ERROR("sys_prop: illegal property name. Got: \"%s\"\n", msg.name);
close(s);
return;
}
getpeercon(s, &source_ctx);
/*判断需要设置的属性名称是否以”ctl.”开头,
*ctl.start 可以用来启动服务,
*ctl.stop 用来停止服务,
*ctl.restart 可以用来重启服务
*/
if(memcmp(msg.name,"ctl.",4) == 0) {
// Keep the old close-socket-early behavior when handling ctl.* properties.
close(s);
//检查控制权限,通过后就可以控制属性服务的启动和停止
if (check_control_perms(msg.value, cr.uid, cr.gid, source_ctx)) {
//处理控制消息
handle_control_message((char*) msg.name + 4, (char*) msg.value);
} else {
ERROR("sys_prop: Unable to %s service ctl [%s] uid:%d gid:%d pid:%d\n",
msg.name + 4, msg.value, cr.uid, cr.gid, cr.pid);
}
} else {
//如果不是控制指令,检查权限
if (check_perms(msg.name, cr.uid, cr.gid, source_ctx)) {
property_set((char*) msg.name, (char*) msg.value);
} else {
ERROR("sys_prop: permission denied uid:%d name:%s\n",
cr.uid, msg.name);
}
// Note: bionic's property client code assumes that the
// property server will not close the socket until *AFTER*
// the property is written to memory.
close(s);
}
freecon(source_ctx);
break;
default:
close(s);
break;
}
}
/* 白名单一
* White list of UID that are allowed to start/stop services.
* Currently there are no user apps that require.
*/
struct {
const char *service;
unsigned int uid;
unsigned int gid;
} control_perms[] = {
{ "dumpstate",AID_SHELL, AID_LOG },
{ "ril-daemon",AID_RADIO, AID_RADIO },
{NULL, 0, 0 }
};
/*
* Checks permissions for starting/stoping system services.
* AID_SYSTEM and AID_ROOT are always allowed.
*
* Returns 1 if uid allowed, 0 otherwise.
*权限检查的基本思路是:若进程的 uid 属于 system 或者 root,则通过;若进程在 control_perms
*白名单中,也可以通过检查,但是目前为止,没有用户应用程序存在于该白名单中。因此只
*有具有 system 或者 root 权限才可以启动、停止以及重启服务。
*/
static int check_control_perms(const char *name, unsigned int uid, unsigned int gid, char *sctx) {
int i;
if (uid == AID_SYSTEM || uid == AID_ROOT)
return check_control_mac_perms(name, sctx);
/* Search the ACL */
for (i = 0; control_perms[i].service; i++) {
if (strcmp(control_perms[i].service, name) == 0) {
if ((uid && control_perms[i].uid == uid) ||
(gid && control_perms[i].gid == gid)) {
return check_control_mac_perms(name, sctx);
}
}
}
return 0;
}
//白名单二,AID定义在`system/core/include/private/android_filesystem_config.h`
/* White list of permissions for setting property services. */
struct {
const char *prefix;
unsigned int uid;
unsigned int gid;
} property_perms[] = {
{ "net.rmnet0.", AID_RADIO, 0 },
{ "net.gprs.", AID_RADIO, 0 },
{ "net.ppp", AID_RADIO, 0 },
{ "net.qmi", AID_RADIO, 0 },
{ "net.lte", AID_RADIO, 0 },
{ "net.cdma", AID_RADIO, 0 },
{ "ril.", AID_RADIO, 0 },
{ "gsm.", AID_RADIO, 0 },
{ "persist.radio", AID_RADIO, 0 },
{ "persist.radio", AID_SYSTEM, 0 },
{ "net.dns", AID_RADIO, 0 },
{ "sys.usb.config", AID_RADIO, 0 },
{ "net.", AID_SYSTEM, 0 },
{ "dev.", AID_SYSTEM, 0 },
{ "runtime.", AID_SYSTEM, 0 },
{ "hw.", AID_SYSTEM, 0 },
{ "sys.", AID_SYSTEM, 0 },
{ "sys.powerctl", AID_SHELL, 0 },
{ "service.", AID_SYSTEM, 0 },
{ "wlan.", AID_SYSTEM, 0 },
{ "bluetooth.", AID_BLUETOOTH, 0 },
{ "dhcp.", AID_SYSTEM, 0 },
{ "dhcp.", AID_DHCP, 0 },
{ "debug.", AID_SYSTEM, 0 },
{ "debug.", AID_SHELL, 0 },
{ "log.", AID_SHELL, 0 },
{ "service.adb.root", AID_SHELL, 0 },
{ "service.adb.tcp.port", AID_SHELL, 0 },
{ "persist.sys.", AID_SYSTEM, 0 },
{ "persist.msms.", AID_RADIO, 0 },//SPRD: add for dsds
{ "persist.msms.", AID_SYSTEM, 0 },
{ "persist.service.", AID_SYSTEM, 0 },
{ "persist.security.", AID_SYSTEM, 0 },
{ "media.", AID_MEDIA, 0 },
{ "persist.service.bdroid.", AID_BLUETOOTH, 0 },
{ "selinux." , AID_SYSTEM, 0 },
{ "persist.modem.", AID_RADIO, 0 },//SPRD: add for lte
{ NULL, 0, 0 }
};
/*
* Checks permissions for setting system properties.
* Returns 1 if uid allowed, 0 otherwise.
*/
static int check_perms(const char *name, unsigned int uid, unsigned int gid, char *sctx)
{
int i;
unsigned int app_id;
if(!strncmp(name, "ro.", 3))
name +=3;
//断是否具有 root 权限,若有通过检查
if (uid == 0)
return check_mac_perms(name, sctx);
app_id = multiuser_get_app_id(uid);
if (app_id == AID_BLUETOOTH) {
uid = app_id;
}
//与 check_control_perms 一样,property_perms 也是一个可以进行属性设置的白名单。若通过权限检查,则会调用
//property_set来进行属性设置操作,该函数在前文已有分析,此处略去
for (i = 0; property_perms[i].prefix; i++) {
if (strncmp(property_perms[i].prefix, name,
strlen(property_perms[i].prefix)) == 0) {
if ((uid && property_perms[i].uid == uid) ||
(gid && property_perms[i].gid == gid)) {
return check_mac_perms(name, sctx);
}
}
}
}
return 0;
}
//最终真正的设置属性的函数
int property_set(const char *name, const char *value)
{
prop_info *pi;
int ret;
size_t namelen = strlen(name); //计算key长度值
size_t valuelen = strlen(value); //计算value长度值
if (!is_legal_property_name(name, namelen)) return -1; //判断prop name是否合法
if (valuelen >= PROP_VALUE_MAX) return -1;
pi = (prop_info*) __system_property_find(name); //获取系统中的prop
if(pi != 0) { //如果已经存在该prop
/* ro.* properties may NEVER be modified once set */
if(!strncmp(name, "ro.", 3)) return -1; //ro.开头的不允许修改,read only
__system_property_update(pi, value, valuelen); //更新prop
} else { //如果不存在,则添加
ret = __system_property_add(name, namelen, value, valuelen); //添加prop
if (ret < 0) {
ERROR("Failed to set '%s'='%s'\n", name, value);
return ret;
}
}
/* If name starts with "net." treat as a DNS property. */
//如果key是以net.开关的,当作DNS属性处理
if (strncmp("net.", name, strlen("net.")) == 0) {
if (strcmp("net.change", name) == 0) { //如果是net.change属性,直接返回
return 0;
}
/*
* The 'net.change' property is a special property used track when any
* 'net.*' property name is updated. It is _ONLY_ updated here. Its value
* contains the last updated 'net.*' property.
*/
//'net.change'属性是一个特殊属性,用于跟踪任何'net.*'属性名称的更新。它只能在这里被更新。
//其值包含最后更新的'net.*'属性。
property_set("net.change", name);
} else if (persistent_properties_loaded &&strncmp("persist.", name, strlen("persist.")) == 0) {
/*
* Don't write properties to disk until after we have read all default properties
* to prevent them from being overwritten by default values.
*/
//如果持久化属性已经加载完毕并且属性以persist.开头
write_persistent_property(name, value);
} else if (strcmp("selinux.reload_policy", name) == 0 && strcmp("1", value) == 0) {
//如果是selinux.reload_policy=1
selinux_reload_policy();
}
property_changed(name, value); //prop改变,发出通知,定义在init.c中
return 0;
}
//判断prop name是否含有非法字符
static bool is_legal_property_name(const char* name, size_t namelen)
{
size_t i;
bool previous_was_dot = false;
if (namelen >= PROP_NAME_MAX) return false; //超过最大长度,非法
if (namelen < 1) return false; //长度小于1非法
if (name[0] == '.') return false; //以'.'开头,非法
if (name[namelen - 1] == '.') return false; //以'.'结尾,非法
/* Only allow alphanumeric, plus '.', '-', or '_' */
/* Don't allow ".." to appear in a property name */
//只允许字母和数字,以及'.' '-' '_',并且不允许”..“
for (i = 0; i < namelen; i++) {
if (name[i] == '.') {
if (previous_was_dot == true) return false;
previous_was_dot = true;
continue;
}
previous_was_dot = false;
if (name[i] == '_' || name[i] == '-') continue;
if (name[i] >= 'a' && name[i] <= 'z') continue;
if (name[i] >= 'A' && name[i] <= 'Z') continue;
if (name[i] >= '0' && name[i] <= '9') continue;
return false;
}
return true;
}
//写入持久化prop,persist类型的prop要生成对应的文件,路径为/data/property
static void write_persistent_property(const char *name, const char *value)
{
char tempPath[PATH_MAX];
char path[PATH_MAX];
int fd;
snprintf(tempPath, sizeof(tempPath), "%s/.temp.XXXXXX", PERSISTENT_PROPERTY_DIR);
fd = mkstemp(tempPath); //建立 临时文件
if (fd < 0) {
ERROR("Unable to write persistent property to temp file %s errno: %d\n", tempPath, errno);
return;
}
write(fd, value, strlen(value));
close(fd);
snprintf(path, sizeof(path), "%s/%s", PERSISTENT_PROPERTY_DIR, name);
if (rename(tempPath, path)) {
unlink(tempPath);
ERROR("Unable to rename persistent property file %s to %s\n", tempPath, path);
}
}
可以看到property_set函数又调用了__system_property_update,__system_property_add等函数,它们定义在
bionic/libc/bionic/system_properties.c
源码如下:
//更新属性
int __system_property_update(prop_info *pi, const char *value, unsigned int len)
{
prop_area *pa = __system_property_area__; //获取静态成员__system_property_area__,拿到共享内存区的地址
if (len >= PROP_VALUE_MAX)
return -1;
//prop_info->serial,其高8位表示该prop_info中name的长度,而低24位表示该prop_info被更新的次数
pi->serial = pi->serial | 1;
ANDROID_MEMBAR_FULL();
memcpy(pi->value, value, len + 1); //赋值value
ANDROID_MEMBAR_FULL();
pi->serial = (len << 24) | ((pi->serial + 1) & 0xffffff);
__futex_wake(&pi->serial, INT32_MAX);
pa->serial++; //访问次数加+,pa->serial表示该属性访问次数
__futex_wake(&pa->serial, INT32_MAX);
return 0;
}
//添加prop
int __system_property_add(const char *name, unsigned int namelen,
const char *value, unsigned int valuelen)
{
prop_area *pa = __system_property_area__;
const prop_info *pi;
if (namelen >= PROP_NAME_MAX) //检查name长度
return -1;
if (valuelen >= PROP_VALUE_MAX) //检查value长度
return -1;
if (namelen < 1)
return -1;
//查询prop应该存储的内存位置
pi = find_property(root_node(), name, namelen, value, valuelen, true);
if (!pi)
return -1;
pa->serial++; //访问次数加+,pa->serial表示该属性访问次数
__futex_wake(&pa->serial, INT32_MAX);
return 0;
}
//前面介绍过了,属性的存储结构为特里结构+二叉树结构,所以查找属性其实就是
//特里结构+二叉树结构的遍历
static const prop_info *find_property(prop_bt *trie, const char *name,
uint8_t namelen, const char *value, uint8_t valuelen,
bool alloc_if_needed)
{
const char *remaining_name = name;
while (true) {
char *sep = strchr(remaining_name, '.');
bool want_subtree = (sep != NULL);
uint8_t substr_size;
prop_bt *root;
if (want_subtree) {
substr_size = sep - remaining_name;
} else {
substr_size = strlen(remaining_name);
}
if (!substr_size)
return NULL;
if (trie->children) {
root = to_prop_obj(trie->children);
} else if (alloc_if_needed) {
root = new_prop_bt(remaining_name, substr_size, &trie->children);
} else {
root = NULL;
}
if (!root)
return NULL;
trie = find_prop_bt(root, remaining_name, substr_size, alloc_if_needed);
if (!trie)
return NULL;
if (!want_subtree)
break;
remaining_name = sep + 1;
}
if (trie->prop) {
return to_prop_obj(trie->prop);
} else if (alloc_if_needed) {
return new_prop_info(name, namelen, value, valuelen, &trie->prop);
} else {
return NULL;
}
}
AID用户定义
system/core/include/private/android_filesystem_config.h
/* This is the master Users and Groups config for the platform.
* DO NOT EVER RENUMBER
*/
#define AID_ROOT 0 /* traditional unix root user */
#define AID_SYSTEM 1000 /* system server */
#define AID_RADIO 1001 /* telephony subsystem, RIL */
#define AID_BLUETOOTH 1002 /* bluetooth subsystem */
#define AID_GRAPHICS 1003 /* graphics devices */
#define AID_INPUT 1004 /* input devices */
#define AID_AUDIO 1005 /* audio devices */
#define AID_CAMERA 1006 /* camera devices */
#define AID_LOG 1007 /* log devices */
#define AID_COMPASS 1008 /* compass device */
#define AID_MOUNT 1009 /* mountd socket */
#define AID_WIFI 1010 /* wifi subsystem */
#define AID_ADB 1011 /* android debug bridge (adbd) */
#define AID_INSTALL 1012 /* group for installing packages */
#define AID_MEDIA 1013 /* mediaserver process */
#define AID_DHCP 1014 /* dhcp client */
#define AID_SDCARD_RW 1015 /* external storage write access */
#define AID_VPN 1016 /* vpn system */
#define AID_KEYSTORE 1017 /* keystore subsystem */
#define AID_USB 1018 /* USB devices */
#define AID_DRM 1019 /* DRM server */
#define AID_MDNSR 1020 /* MulticastDNSResponder (service discovery) */
#define AID_GPS 1021 /* GPS daemon */
#define AID_UNUSED1 1022 /* deprecated, DO NOT USE */
#define AID_MEDIA_RW 1023 /* internal media storage write access */
#define AID_MTP 1024 /* MTP USB driver access */
#define AID_UNUSED2 1025 /* deprecated, DO NOT USE */
#define AID_DRMRPC 1026 /* group for drm rpc */
#define AID_NFC 1027 /* nfc subsystem */
#define AID_SDCARD_R 1028 /* external storage read access */
#define AID_CLAT 1029 /* clat part of nat464 */
#define AID_LOOP_RADIO 1030 /* loop radio devices */
#define AID_MEDIA_DRM 1031 /* MediaDrm plugins */
#define AID_PACKAGE_INFO 1032 /* access to installed package details */
#define AID_SDCARD_PICS 1033 /* external storage photos access */
#define AID_SDCARD_AV 1034 /* external storage audio/video access */
#define AID_SDCARD_ALL 1035 /* access all users external storage */
/* SPRD: add for storage manager @{ */
#define AID_INTERNAL_WR 1051 /* write permission for internal storage */
#define AID_EXTERNAL_WR 1052 /* write permission for external storage */
/* @} */
#define AID_SHELL 2000 /* adb and debug shell user */
#define AID_CACHE 2001 /* cache access */
#define AID_DIAG 2002 /* access to diagnostic resources */
/* The 3000 series are intended for use as supplemental group id's only.
* They indicate special Android capabilities that the kernel is aware of. */
#define AID_NET_BT_ADMIN 3001 /* bluetooth: create any socket */
#define AID_NET_BT 3002 /* bluetooth: create sco, rfcomm or l2cap sockets */
#define AID_INET 3003 /* can create AF_INET and AF_INET6 sockets */
#define AID_NET_RAW 3004 /* can create raw INET sockets */
#define AID_NET_ADMIN 3005 /* can configure interfaces and routing tables. */
#define AID_NET_BW_STATS 3006 /* read bandwidth statistics */
#define AID_NET_BW_ACCT 3007 /* change bandwidth statistics accounting */
#define AID_NET_BT_STACK 3008 /* bluetooth: access config files */
#define AID_THEME 9001 /* SPRD: add for theme setting */
#define AID_MISC 9998 /* access to misc storage */
#define AID_NOBODY 9999
#define AID_APP 10000 /* first app user */
#define AID_ISOLATED_START 99000 /* start of uids for fully isolated sandboxed processes */
#define AID_ISOLATED_END 99999 /* end of uids for fully isolated sandboxed processes */
#define AID_USER 100000 /* offset for uid ranges for each user */
#define AID_SHARED_GID_START 50000 /* start of gids for apps in each user to share */
#define AID_SHARED_GID_END 59999 /* start of gids for apps in each user to share */
需要重点关注的几个:
#define AID_ROOT 0 /* traditional unix root user */
#define AID_SYSTEM 1000 /* system server */
#define AID_RADIO 1001 /* telephony subsystem, RIL */
#define AID_USER 100000 /* offset for uid ranges for each user */
#define AID_USER 100000 /* offset for uid ranges for each user */
通过上述分析可知,Android 属性设置最终需要通过 init 进程完成,同时还有严格的权限检查,一般用户进程无法对 Android 属性进行设置。
四、上图
五、参考
Android属性系统
Linux 内存映射函数 mmap
trie-特里结构
Linux 内存映射函数 mmap()函数详解