Issuing “adb shell” and “ps” inside the adb shell, we get a list of running process – among them:
root 28 1 656 168 c01a65e8 afe0d40c S /system/bin/debuggerd
radio 29 1 5420 464 ffffffff afe0d0ec S /system/bin/rild
root 30 1 82016 13580 c009a694 afe0cba4 S zygote
media 31 1 20948 1004 ffffffff afe0ca7c S /system/bin/mediaserver
root 32 1 784 244 c02094ac afe0c7dc S /system/bin/installd
keystore 33 1 1616 196 c01a65e8 afe0d40c S /system/bin/keystore
root 34 1 728 188 c003d444 afe0d6ac S /system/bin/sh
root 35 1 824 260 c00b7dd0 afe0d7fc S /system/bin/qemud
root 37 1 4544 296 ffffffff 0000eca4 S /sbin/adbd
root 44 34 780 232 c02094ac afe0c7dc S /system/bin/qemu-props
system 52 30 149372 25184 ffffffff afe0ca7c S system_server
app_7 99 30 110548 17700 ffffffff afe0da04 S com.android.inputmethod.pinyin
radio 101 30 117988 15832 ffffffff afe0da04 S com.android.phone
app_7 105 30 125536 19760 ffffffff afe0da04 S android.process.acore
app_3 158 30 103656 15560 ffffffff afe0da04 S android.process.media
app_14 178 30 109528 19600 ffffffff afe0da04 S com.android.mms
app_17 202 30 102916 15388 ffffffff afe0da04 S com.android.alarmclock
app_23 212 30 106020 16392 ffffffff afe0da04 S com.android.email
app_25 220 30 102032 15980 ffffffff afe0da04 S com.example.android.BluetoothChat
app_12 231 30 101888 13912 ffffffff afe0da04 S com.svox.pico
root 244 37 728 324 c003d444 afe0d6ac S /system/bin/sh
root 245 244 668 328 c019ba10 afe0c7dc S logcat
root 1307 37 728 324 c003d444 afe0d6ac S /system/bin/sh
root 1341 37 728 324 c003d444 afe0d6ac S /system/bin/sh
root 1342 1341 55068 9396 ffffffff ad05892e R app_process
root 1346 1307 868 332 00000000 afe0c7dc R ps
Starting up the DDMS, and looking into logcat output, and comparing the output with the Android source code:
12-29 19:36:40.096: INFO/DEBUG(28): debuggerd: May 6 2010 09:07:51
12-29 19:36:40.196: INFO/vold(27): Android Volume Daemon version 2.0
12-29 19:36:40.246: DEBUG/qemud(35): entering main loop
12-29 19:36:40.286: INFO/vold(27): New MMC card ‘SU02G’ (serial 1012966) added @ /devices/platform/goldfish_mmc.0/mmc_host/mmc0/mmc0:e118
12-29 19:36:40.326: INFO/vold(27): Disk (blkdev 179:0), 4192256 secs (2047 MB) 0 partitions
12-29 19:36:40.326: INFO/vold(27): New blkdev 179.0 on media SU02G, media path /devices/platform/goldfish_mmc.0/mmc_host/mmc0/mmc0:e118, Dpp 0
12-29 19:36:40.326: INFO/vold(27): Evaluating dev ‘/devices/platform/goldfish_mmc.0/mmc_host/mmc0/mmc0:e118/block/mmcblk0’ for mountable filesystems for ‘/sd
card’
12-29 19:36:40.326: INFO/vold(27): Aborting start of /sdcard (bootstrap = 1)
12-29 19:36:40.326: INFO/vold(27): Volmgr not ready to handle device
And looking into debuggerd implementation (system/core/debuggerd/debuggerd.c):
int main()
{
int s;
struct sigaction act;
int logsocket = -1;
logsocket = socket_local_client(“logd”,
ANDROID_SOCKET_NAMESPACE_ABSTRACT, SOCK_DGRAM);
if(logsocket < 0) {
logsocket = -1;
} else {
fcntl(logsocket, F_SETFD, FD_CLOEXEC);
}
act.sa_handler = SIG_DFL;
sigemptyset(&act.sa_mask);
sigaddset(&act.sa_mask,SIGCHLD);
act.sa_flags = SA_NOCLDWAIT;
sigaction(SIGCHLD, &act, 0);
s = socket_local_server(“android:debuggerd”,
ANDROID_SOCKET_NAMESPACE_ABSTRACT, SOCK_STREAM);
if(s < 0) return -1;
fcntl(s, F_SETFD, FD_CLOEXEC);
LOG(“debuggerd: ” __DATE__ ” ” __TIME__ “\n”);
The last line above is the first line in the logcat output.
Hm….who started debuggerd? Searching around, in the root directory there is a /init.rc file:
# cat /init.rc
on init
sysclktz 0
loglevel 3
# setup the global environment
export PATH /sbin:/system/sbin:/system/bin:/system/xbin
export LD_LIBRARY_PATH /system/lib
export ANDROID_BOOTLOGO 1
export ANDROID_ROOT /system
export ANDROID_ASSETS /system/app
export ANDROID_DATA /data
export EXTERNAL_STORAGE /sdcard
export BOOTCLASSPATH /system/framework/core.jar:/system/framework/ext.jar:/system/framework/framework.jar:/system/framework/android.policy.jar:/system/framework/services.jar
# Backward compatibility
symlink /system/etc /etc
symlink /sys/kernel/debug /d
# create mountpoints and mount tmpfs on sqlite_stmt_journals
mkdir /sdcard 0000 system system
mkdir /system
mkdir /data 0771 system system
mkdir /cache 0770 system cache
mkdir /config 0500 root root
mkdir /sqlite_stmt_journals 01777 root root
mount tmpfs tmpfs /sqlite_stmt_journals size=4m
mount rootfs rootfs / ro remount
write /proc/sys/kernel/panic_on_oops 1
write /proc/sys/kernel/hung_task_timeout_secs 0
write /proc/cpu/alignment 4
write /proc/sys/kernel/sched_latency_ns 10000000
write /proc/sys/kernel/sched_wakeup_granularity_ns 2000000
write /proc/sys/kernel/sched_compat_yield 1
write /proc/sys/kernel/sched_child_runs_first 0
# Create cgroup mount points for process groups
mkdir /dev/cpuctl
mount cgroup none /dev/cpuctl cpu
chown sytem system /dev/cpuctl
chown system system /dev/cpuctl/tasks
chmod 0777 /dev/cpuctl/tasks
write /dev/cpuctl/cpu.shares 1024
mkdir /dev/cpuctl/fg_boost
chown system system /dev/cpuctl/fg_boost/tasks
chmod 0777 /dev/cpuctl/fg_boost/tasks
write /dev/cpuctl/fg_boost/cpu.shares 1024
mkdir /dev/cpuctl/bg_non_interactive
chown system system /dev/cpuctl/bg_non_interactive/tasks
chmod 0777 /dev/cpuctl/bg_non_interactive/tasks
# 5.0 %
write /dev/cpuctl/bg_non_interactive/cpu.shares 52
# mount mtd partitions
# Mount /system rw first to give the filesystem a chance to save a checkpoint
mount yaffs2 mtd@system /system
mount yaffs2 mtd@system /system ro remount
# We chown/chmod /data again so because mount is run as root + defaults
mount yaffs2 mtd@userdata /data nosuid nodev
chown system system /data
chmod 0771 /data
# Create dump dir and collect dumps.
# Do this before we mount cache so eventually we can use cache for
# storing dumps on platforms which do not have a dedicated dump partition.
mkdir /data/dontpanic
chown root log /data/dontpanic
chmod 0750 /data/dontpanic
# Collect apanic data, free resources and re-arm trigger
copy /proc/apanic_console /data/dontpanic/apanic_console
chown root log /data/dontpanic/apanic_console
chmod 0640 /data/dontpanic/apanic_console
copy /proc/apanic_threads /data/dontpanic/apanic_threads
chown root log /data/dontpanic/apanic_threads
chmod 0640 /data/dontpanic/apanic_threads
write /proc/apanic_console 1
# Same reason as /data above
mount yaffs2 mtd@cache /cache nosuid nodev
chown system cache /cache
chmod 0770 /cache
# This may have been created by the recovery system with odd permissions
chown system system /cache/recovery
chmod 0770 /cache/recovery
#change permissions on vmallocinfo so we can grab it from bugreports
chown root log /proc/vmallocinfo
chmod 0440 /proc/vmallocinfo
# create basic filesystem structure
mkdir /data/misc 01771 system misc
mkdir /data/misc/bluetoothd 0770 bluetooth bluetooth
mkdir /data/misc/keystore 0700 keystore keystore
mkdir /data/misc/vpn 0770 system system
mkdir /data/misc/vpn/profiles 0770 system system
# give system access to wpa_supplicant.conf for backup and restore
mkdir /data/misc/wifi 0770 wifi wifi
chmod 0770 /data/misc/wifi
chmod 0660 /data/misc/wifi/wpa_supplicant.conf
mkdir /data/local 0771 shell shell
mkdir /data/local/tmp 0771 shell shell
mkdir /data/data 0771 system system
mkdir /data/app-private 0771 system system
mkdir /data/app 0771 system system
mkdir /data/property 0700 root root
# create dalvik-cache and double-check the perms
mkdir /data/dalvik-cache 0771 system system
chown system system /data/dalvik-cache
chmod 0771 /data/dalvik-cache
# create the lost+found directories, so as to enforce our permissions
mkdir /data/lost+found 0770
mkdir /cache/lost+found 0770
# double check the perms, in case lost+found already exists, and set owner
chown root root /data/lost+found
chmod 0770 /data/lost+found
chown root root /cache/lost+found
chmod 0770 /cache/lost+found
on boot
# basic network init
ifup lo
hostname localhost
domainname localdomain
# set RLIMIT_NICE to allow priorities from 19 to -20
setrlimit 13 40 40
# Define the oom_adj values for the classes of processes that can be
# killed by the kernel. These are used in ActivityManagerService.
setprop ro.FOREGROUND_APP_ADJ 0
setprop ro.VISIBLE_APP_ADJ 1
setprop ro.SECONDARY_SERVER_ADJ 2
setprop ro.BACKUP_APP_ADJ 2
setprop ro.HOME_APP_ADJ 4
setprop ro.HIDDEN_APP_MIN_ADJ 7
setprop ro.CONTENT_PROVIDER_ADJ 14
setprop ro.EMPTY_APP_ADJ 15
# Define the memory thresholds at which the above process classes will
# be killed. These numbers are in pages (4k).
setprop ro.FOREGROUND_APP_MEM 1536
setprop ro.VISIBLE_APP_MEM 2048
setprop ro.SECONDARY_SERVER_MEM 4096
setprop ro.BACKUP_APP_MEM 4096
setprop ro.HOME_APP_MEM 4096
setprop ro.HIDDEN_APP_MEM 5120
setprop ro.CONTENT_PROVIDER_MEM 5632
setprop ro.EMPTY_APP_MEM 6144
# Write value must be consistent with the above properties.
# Note that the driver only supports 6 slots, so we have HOME_APP at the
# same memory level as services.
write /sys/module/lowmemorykiller/parameters/adj 0,1,2,7,14,15
write /proc/sys/vm/overcommit_memory 1
write /proc/sys/vm/min_free_order_shift 4
write /sys/module/lowmemorykiller/parameters/minfree 1536,2048,4096,5120,5632,6144
# Set init its forked children’s oom_adj.
write /proc/1/oom_adj -16
# Tweak background writeout
write /proc/sys/vm/dirty_expire_centisecs 200
write /proc/sys/vm/dirty_background_ratio 5
# Permissions for System Server and daemons.
chown radio system /sys/android_power/state
chown radio system /sys/android_power/request_state
chown radio system /sys/android_power/acquire_full_wake_lock
chown radio system /sys/android_power/acquire_partial_wake_lock
chown radio system /sys/android_power/release_wake_lock
chown radio system /sys/power/state
chown radio system /sys/power/wake_lock
chown radio system /sys/power/wake_unlock
chmod 0660 /sys/power/state
chmod 0660 /sys/power/wake_lock
chmod 0660 /sys/power/wake_unlock
chown system system /sys/class/timed_output/vibrator/enable
chown system system /sys/class/leds/keyboard-backlight/brightness
chown system system /sys/class/leds/lcd-backlight/brightness
chown system system /sys/class/leds/button-backlight/brightness
chown system system /sys/class/leds/jogball-backlight/brightness
chown system system /sys/class/leds/red/brightness
chown system system /sys/class/leds/green/brightness
chown system system /sys/class/leds/blue/brightness
chown system system /sys/class/leds/red/device/grpfreq
chown system system /sys/class/leds/red/device/grppwm
chown system system /sys/class/leds/red/device/blink
chown system system /sys/class/leds/red/brightness
chown system system /sys/class/leds/green/brightness
chown system system /sys/class/leds/blue/brightness
chown system system /sys/class/leds/red/device/grpfreq
chown system system /sys/class/leds/red/device/grppwm
chown system system /sys/class/leds/red/device/blink
chown system system /sys/class/timed_output/vibrator/enable
chown system system /sys/module/sco/parameters/disable_esco
chown system system /sys/kernel/ipv4/tcp_wmem_min
chown system system /sys/kernel/ipv4/tcp_wmem_def
chown system system /sys/kernel/ipv4/tcp_wmem_max
chown system system /sys/kernel/ipv4/tcp_rmem_min
chown system system /sys/kernel/ipv4/tcp_rmem_def
chown system system /sys/kernel/ipv4/tcp_rmem_max
chown root radio /proc/cmdline
# Define TCP buffer sizes for various networks
# ReadMin, ReadInitial, ReadMax, WriteMin, WriteInitial, WriteMax,
setprop net.tcp.buffersize.default 4096,87380,110208,4096,16384,110208
setprop net.tcp.buffersize.wifi 4095,87380,110208,4096,16384,110208
setprop net.tcp.buffersize.umts 4094,87380,110208,4096,16384,110208
setprop net.tcp.buffersize.edge 4093,26280,35040,4096,16384,35040
setprop net.tcp.buffersize.gprs 4092,8760,11680,4096,8760,11680
class_start default
## Daemon processes to be run by init.
##
service console /system/bin/sh
console
# adbd is controlled by the persist.service.adb.enable system property
service adbd /sbin/adbd
disabled
# adbd on at boot in emulator
on property:ro.kernel.qemu=1
start adbd
on property:persist.service.adb.enable=1
start adbd
on property:persist.service.adb.enable=0
stop adbd
service servicemanager /system/bin/servicemanager
user system
critical
onrestart restart zygote
onrestart restart media
service vold /system/bin/vold
socket vold stream 0660 root mount
service nexus /system/bin/nexus
socket nexus stream 0660 root system
disabled
#service mountd /system/bin/mountd
# socket mountd stream 0660 root mount
service debuggerd /system/bin/debuggerd
service ril-daemon /system/bin/rild
socket rild stream 660 root radio
socket rild-debug stream 660 radio system
user root
group radio cache inet misc audio
service zygote /system/bin/app_process -Xzygote /system/bin –zygote –start-system-server
socket zygote stream 666
onrestart write /sys/android_power/request_state wake
onrestart write /sys/power/state on
onrestart restart media
service media /system/bin/mediaserver
user media
group system audio camera graphics inet net_bt net_bt_admin
service bootsound /system/bin/playmp3
user media
group audio
oneshot
service bootanim /system/bin/bootanimation
user graphics
group graphics
disabled
oneshot
service dbus /system/bin/dbus-daemon –system –nofork
socket dbus stream 660 bluetooth bluetooth
user bluetooth
group bluetooth net_bt_admin
service bluetoothd /system/bin/bluetoothd -n
socket bluetooth stream 660 bluetooth bluetooth
socket dbus_bluetooth stream 660 bluetooth bluetooth
# init.rc does not yet support applying capabilities, so run as root and
# let bluetoothd drop uid to bluetooth with the right linux capabilities
group bluetooth net_bt_admin misc
disabled
service hfag /system/bin/sdptool add –channel=10 HFAG
user bluetooth
group bluetooth net_bt_admin
disabled
oneshot
service hsag /system/bin/sdptool add –channel=11 HSAG
user bluetooth
group bluetooth net_bt_admin
disabled
oneshot
service opush /system/bin/sdptool add –channel=12 OPUSH
user bluetooth
group bluetooth net_bt_admin
disabled
oneshot
service pbap /system/bin/sdptool add –channel=19 PBAP
user bluetooth
group bluetooth net_bt_admin
disabled
oneshot
service installd /system/bin/installd
socket installd stream 600 system system
service flash_recovery /system/etc/install-recovery.sh
oneshot
service racoon /system/bin/racoon
socket racoon stream 600 system system
# racoon will setuid to vpn after getting necessary resources.
group net_admin
disabled
oneshot
service mtpd /system/bin/mtpd
socket mtpd stream 600 system system
user vpn
group vpn net_admin net_raw
disabled
oneshot
service keystore /system/bin/keystore /data/misc/keystore
user keystore
group keystore
socket keystore stream 666
service dumpstate /system/bin/dumpstate -s
socket dumpstate stream 0660 shell log
disabled
oneshot
Among the line is “service debuggerd /system/bin/debuggerd” which clearly indicate the stage at which debuggerd is started.
Next line in the logcat output indicated vold started up. The directory implementing the vold daemon is located in system/vold. What is its purpose?
According to:
http://www.91linux.com/html/article/qianrushiyingyong/google_android/20101204/21332.html
vold served to replace udevd. In a way, yes.
Taking a peep into the source of vold’s main.c:
int main() {
VolumeManager *vm;
CommandListener *cl;
NetlinkManager *nm;
SLOGI(“Vold 2.1 (the revenge) firing up”);
mkdir(“/dev/block/vold”, 0755);
/* Create our singleton managers */
if (!(vm = VolumeManager::Instance())) {
SLOGE(“Unable to create VolumeManager”);
exit(1);
};
if (!(nm = NetlinkManager::Instance())) {
SLOGE(“Unable to create NetlinkManager”);
exit(1);
};
cl = new CommandListener();
vm->setBroadcaster((SocketListener *) cl);
nm->setBroadcaster((SocketListener *) cl);
if (vm->start()) {
SLOGE(“Unable to start VolumeManager (%s)”, strerror(errno));
exit(1);
}
if (process_config(vm)) {
SLOGE(“Error reading configuration (%s)… continuing anyways”, strerror(errno));
}
if (nm->start()) {
SLOGE(“Unable to start NetlinkManager (%s)”, strerror(errno));
exit(1);
}
coldboot(“/sys/block”);
// coldboot(“/sys/class/switch”);
/*
* Now that we’re up, we can respond to commands
*/
if (cl->startListener()) {
SLOGE(“Unable to start CommandListener (%s)”, strerror(errno));
exit(1);
}
From above we can see that its role is mainly to startup the volume manager and netlink manager.
And next is the coldboot(“/sys/block”);
Inside the /sys/block directory are the following files (on the3 Android device itself):
ram0 ram1 ram2 ram3 ram4 ram5 ram6 ram7 ram8 xxxxxxx……
mtdblock0 mtdblock1 mtdblock2 mmcblk0
which correspond to the various next messages in the logcat.
Further device drivers setup information can be found here:
http://source.android.com/porting/bring_up.html
Some of the Volume Manager APIs:
void VolumeManager::readInitialState() {
char *VolumeManager::asecHash(const char *id, char *buffer, size_t len) {
void VolumeManager::setDebug(bool enable) {
int VolumeManager::start() {
int VolumeManager::stop() {
int VolumeManager::addVolume(Volume *v) {
void VolumeManager::notifyUmsAvailable(bool available) {
void VolumeManager::handleSwitchEvent(NetlinkEvent *evt) {
void VolumeManager::handleUsbCompositeEvent(NetlinkEvent *evt) {
void VolumeManager::handleBlockEvent(NetlinkEvent *evt) {
int VolumeManager::listVolumes(SocketClient *cli) {
int VolumeManager::formatVolume(const char *label) {
int VolumeManager::getObbMountPath(const char *sourceFile, char *mountPath, int mountPathLen) {
int VolumeManager::getAsecMountPath(const char *id, char *buffer, int maxlen) {
int VolumeManager::createAsec(const char *id, unsigned int numSectors,
int VolumeManager::finalizeAsec(const char *id) {
int VolumeManager::renameAsec(const char *id1, const char *id2) {
int VolumeManager::unmountAsec(const char *id, bool force) {
int VolumeManager::unmountObb(const char *fileName, bool force) {
int VolumeManager::unmountLoopImage(const char *id, const char *idHash,
int VolumeManager::destroyAsec(const char *id, bool force) {
int VolumeManager::mountAsec(const char *id, const char *key, int ownerUid) {
int VolumeManager::mountObb(const char *img, const char *key, int ownerUid) {
int VolumeManager::mountVolume(const char *label) {
int VolumeManager::listMountedObbs(SocketClient* cli) {
int VolumeManager::shareAvailable(const char *method, bool *avail) {
int VolumeManager::shareEnabled(const char *label, const char *method, bool *enabled) {
int VolumeManager::simulate(const char *cmd, const char *arg) {
int VolumeManager::shareVolume(const char *label, const char *method) {
int VolumeManager::unshareVolume(const char *label, const char *method) {
int VolumeManager::unmountVolume(const char *label, bool force) {
bool VolumeManager::isMountpointMounted(const char *mp)
int VolumeManager::cleanupAsec(Volume *v, bool force) {
extern “C” void dos_partition_dec(void const *pp, struct dos_partition *d);
extern “C” void dos_partition_enc(void *pp, struct dos_partition *d);
extern “C” void dos_partition_dec(void const *pp, struct dos_partition *d);
extern “C” void dos_partition_enc(void *pp, struct dos_partition *d);
const char *Volume::SECDIR = “/mnt/secure”;
const char *Volume::SEC_STGDIR = “/mnt/secure/staging”;
const char *Volume::SEC_STG_SECIMGDIR = “/mnt/secure/staging/.android_secure”;
const char *Volume::SEC_ASECDIR = “/mnt/secure/asec”;
const char *Volume::ASECDIR = “/mnt/asec”;
const char *Volume::LOOPDIR = “/mnt/obb”;
static const char *stateToStr(int state) {
void Volume::protectFromAutorunStupidity() {
void Volume::setDebug(bool enable) {
dev_t Volume::getDiskDevice() {
dev_t Volume::getShareDevice() {
void Volume::handleVolumeShared() {
void Volume::handleVolumeUnshared() {
int Volume::handleBlockEvent(NetlinkEvent *evt) {
void Volume::setState(int state) {
int Volume::createDeviceNode(const char *path, int major, int minor) {
int Volume::formatVol() {
bool Volume::isMountpointMounted(const char *path) {
int Volume::mountVol() {
int Volume::createBindMounts() {
int Volume::doMoveMount(const char *src, const char *dst, bool force) {
int Volume::doUnmount(const char *path, bool force) {
int Volume::unmountVol(bool force) {
int Volume::initializeMbr(const char *deviceNode) {
More info next time….