Slide 1
Slide 1 text
Взгляд из песочницы
Кирилл Филимонов
Mail.Ru Group
Slide 2
Slide 2 text
Структура ОС
Apps
Application framework
Native Userspace
Linux kernel
System apps User apps
API
Java core
Android Framework Libraries
System services
Binder
Dalvik/Android runtime/Zygote
JNI
Slide 3
Slide 3 text
Linux kernel
•Binder
•Anonymous Shared Memory (ashmem)
•Wakelocks
•Low-Memory Killer
•Alarm
•Logger
Slide 4
Slide 4 text
Иерархия процессов
Kernel
init
installd servicemanager adbd zygote
. . .
Daemons
App1 App2
system_server phone
System process App process
Slide 5
Slide 5 text
Запуск ОС
BootLoader Kernel init
Native Daemons
Android Runtime
Zygote
Launcher Activity Manager System server
CPU
Slide 6
Slide 6 text
Запуск ОС
BootLoader
•Поддержка основного оборудования
•Поиск и загрузка ядра
•Загрузка в режиме восстановления
(основные драйверы)
Slide 7
Slide 7 text
Запуск ОС
Kernel
• Инициализация MMU и I/O
• Инициализация демонов и поток ядра
• Монтирование корневой файловой системы
• Инициализация драйверов
• Запуск пользовательского процесса init
Slide 8
Slide 8 text
Запуск ОС
init
• Ключевой процесс инициализации Android
• Выполнение app_process, запуск VM (Zygote)
• Запуск нативных демонов
• Запуск system_server
Slide 9
Slide 9 text
Запуск ОС
Zygote
• Запуск Android runtime
• запуск VM
• загрузка ресурсов
• запуск system_server (forkSystemServer)
• загрузка Java классов
• Запуск профилировщика
• Регистрация сокета
• Выполнение ZygoteInit
Slide 10
Slide 10 text
Запуск ОС
system_server
• инициализация сервисов
• регистрация в service manager
• запуск activity manager
• запуск package manager
• запуск window manager
• запуск power manager
Slide 11
Slide 11 text
Запуск приложения
Zygote
Launcher
Activity Manager
App
Slide 12
Slide 12 text
Запуск приложения
Zygote App
Dalvik/ART
Загруженные классы
Загруженные ресурсы
Dalvik/ART
Загруженные классы
Загруженные ресурсы
Ресурсы и классы
приложения
copy-on-write
Slide 13
Slide 13 text
Sandboxing
•Уникальные UID и GID
•Не изменяются
•Используется DAC
•Изолированное адресное пространство
Slide 14
Slide 14 text
IPC
•pipes
•shared memory
•message queue
Linux
Android
•binder
Slide 15
Slide 15 text
Binder
•Драйвер ядра для обеспечения IPC
•Легковесный RPC
•Пул потоков для обработки запросов
•Поддержка передачи файловых дескрипторов
•Синхронный и асинхронный вызов методов
•Синхронное взаимодействие между потоками
Slide 16
Slide 16 text
Package Manager
•Парсинг APK файлов
•Установка, обновление, удаление приложений
•Предоставляет информацию об установленных
приложениях и разрешениях
Slide 17
Slide 17 text
Взаимодействие со
службами
App proc system server
service manager
App
PackageManager PackageManagerService
package
Binder IPC
Slide 18
Slide 18 text
Взаимодействие со
службами
App proc system server
service manager
App
PackageManager PackageManagerService
package
Binder IPC
Binder IPC
Slide 19
Slide 19 text
Взаимодействие со
службами
App proc system server
service manager
App
PackageManager PackageManagerService
package
Binder IPC
Binder IPC
Binder IPC
Slide 20
Slide 20 text
Activity Manager
•Запуск activity и service
•Получение поставщиков данных
•Рассылка интентов
•Обслуживание OOM adj
•Управление жизненным циклом
•Управление тасками
•Обработка ANR
•Разрешения
Slide 21
Slide 21 text
Activity
ActivityManager
system_server proc
App1 proc
App1Activity
ActivityRecord
(App1Activity)
Resumed
Task: App1
Slide 22
Slide 22 text
Activity
ActivityManager
system_server proc
App1 proc
App1Activity
ActivityRecord
(App1Activity)
Stopped
Task: App1
App2 proc
App2Activity
ActivityRecord
(App2Activity)
Resumed
Task: App2
Saved state
Slide 23
Slide 23 text
Activity
ActivityManager
system_server proc
ActivityRecord
(App1Activity)
Stopped
Task: App1
App2 proc
App2Activity
ActivityRecord
(App2Activity)
Resumed
Task: App2
Saved state
Slide 24
Slide 24 text
ActivityManager
system_server proc
App1 proc
App1NewActivity
ActivityRecord
(App1Activity)
Stopped
Task: App1
App2 proc
App2Activity
ActivityRecord
(App1NewActivity)
Resumed
Task: App2
Saved state
ActivityRecord
(App2Activity)
Stopped
Saved state
Slide 25
Slide 25 text
ActivityManager
system_server proc
App1 proc
App1Activity
App2 proc
App2Activity
ActivityRecord
(App1Activity)
Resumed
Task: App1
Task: App2
ActivityRecord
(App2Activity)
Stopped
Saved state
ActivityRecord
(App2Activity)
Stopped
Saved state
App1NewActivity
Slide 26
Slide 26 text
Service
ActivityManager
system_server proc
App1 proc
AppService
ServiceRecord
(AppService)
Stopped
Slide 27
Slide 27 text
Binding
ActivityManager
system_server proc
App1 proc
AppService
ServiceRecord
(AppService)
Stopped
App2 proc
IBinder
IBinder
IBinder
bind
Slide 28
Slide 28 text
Binding
ActivityManager
system_server proc
App1 proc
AppService
ServiceRecord
(AppService)
Stopped
App2 proc
IBinder
IBinder
IBinder
bind
create
Slide 29
Slide 29 text
Binding
ActivityManager
system_server proc
App1 proc
AppService
ServiceRecord
(AppService)
Stopped
App2 proc
IBinder
IBinder
IBinder
bind
create
IBinder
Slide 30
Slide 30 text
Binding
ActivityManager
system_server proc
App1 proc
AppService
ServiceRecord
(AppService)
Stopped
App2 proc
IBinder
IBinder
IBinder
bind
create
IBinder
IBinder
Slide 31
Slide 31 text
Binding
ActivityManager
system_server proc
App1 proc
AppService
ServiceRecord
(AppService)
Stopped
App2 proc
IBinder
IBinder
IBinder
bind
create
IBinder
IBinder
call
Slide 32
Slide 32 text
Broadcast Receiver
ActivityManager
system_server proc
App1Receiver
(App1)
BroadcastRecord
ACTION_AIRPLANE_MODE_CHANGED
App2Receiver
(App2)
App3Receiver
(App3)
App1 proc
App1Receiver
App2 proc
App2Receiver
App3 proc
App3Receiver
Slide 33
Slide 33 text
Content Provider
ActivityManager
system_server proc
ProviderRecord
(DataProvider)
App2 proc
IBinder
ContentResolver
IContentProvider.Proxy
query
App1 proc
DataProvider
IContentProvider.Stub
Slide 34
Slide 34 text
Content Provider
ActivityManager
system_server proc
ProviderRecord
(DataProvider)
App2 proc
IBinder
ContentResolver
IContentProvider.Proxy
query
lookup authority
App1 proc
DataProvider
IContentProvider.Stub
Slide 35
Slide 35 text
Content Provider
ActivityManager
system_server proc
App1 proc
DataProvider
ProviderRecord
(DataProvider)
App2 proc
IBinder
IContentProvider.Stub
ContentResolver
IContentProvider.Proxy
query
lookup authority
create
Slide 36
Slide 36 text
Content Provider
ActivityManager
system_server proc
App1 proc
DataProvider
ProviderRecord
(DataProvider)
App2 proc
IBinder
IContentProvider.Stub
ContentResolver
IContentProvider.Proxy
query
lookup authority
create
IBinder
Slide 37
Slide 37 text
Content Provider
ActivityManager
system_server proc
App1 proc
DataProvider
ProviderRecord
(DataProvider)
App2 proc
IBinder
IContentProvider.Stub
ContentResolver
IContentProvider.Proxy
query
lookup authority
create
IBinder
IBinder
Slide 38
Slide 38 text
Content Provider
ActivityManager
system_server proc
App1 proc
DataProvider
ProviderRecord
(DataProvider)
App2 proc
IBinder
IContentProvider.Stub
ContentResolver
IContentProvider.Proxy
query
lookup authority
create
IBinder
IBinder
query
Slide 39
Slide 39 text
Android Permissions
Реализованы на разных уровнях
•Kernel
•Native service
•Framework
Paranoid networking
Filesystem permissions
Проверки на уровне UID и GID
PackageManager
ActivityManager
Slide 40
Slide 40 text
Android Permissions
PackageManager
system_server proc
App proc
AppActivity
Gallery App proc
PicturesProvider
UID App2
granted permissions
READ_PICTURES
Authority: “pics”
content://pics/1
Slide 41
Slide 41 text
Android Permissions
PackageManager
system_server proc
App proc
AppActivity
Gallery App proc
PicturesProvider
UID App2
granted permissions
READ_PICTURES
Authority: “pics”
content://pics/1
checkPermission
Slide 42
Slide 42 text
Android Permissions
PackageManager
system_server proc
App proc
AppActivity
Gallery App proc
PicturesProvider
UID App2
granted permissions
READ_PICTURES
Authority: “pics”
content://pics/1
checkPermission
granted
Slide 43
Slide 43 text
Android Permissions
PackageManager
system_server proc
App proc
AppActivity
Gallery App proc
PicturesProvider
UID App2
granted permissions
READ_PICTURES
Authority: “pics”
content://pics/1
checkPermission
granted
data
Slide 44
Slide 44 text
Безопасность
•DAC (UID и GID)
•MAC (SELinux)
•Code signing
Slide 45
Slide 45 text
Android O
Slide 46
Slide 46 text
–Francis Bacon
“Knowledge is power.”
Slide 47
Slide 47 text
–Andrew Tanenbaum
“Linux is obsolete.”