This document provides an overview of the Android embedded operating system, including its hardware, software ecosystem, and key characteristics and components. It discusses the Android Open Source Project, the layered architecture including the kernel, HAL, system services, and apps. It also covers the build system, filesystem structure, debugging and development tools like ADB and logcat.

1. Embedded Android
杜晓东
2017-03-31
lifesaver!

2. “for”
“compatible with”
“based on”
Android
why you need know
android
⽆无限多样化扩展、修改
not just another embedded Linux distribution
参考：https://zh.wikipedia.org/wiki/IBM_PC兼容机
产品考虑⽅方案时的优选

3. what you can get
Android Inside
打开⿊黑盒
not Android App

4. Android源码开发⼊入⻔门
Android测试
Android质量量
who need it

5. 只关注重点
往简单了了想
不不要记太多
how to read

6. Ecosystem
Hardware
Software

7. Entire Ecosystem
Silicon and System- on-Chip (SoC) manufacturers
ARM, TI, Qualcomm, Freescale, Nvidia, MTK
handset and tablet manufacturers
Motorola, Samsung, HTC, Sony, LG, Archos, Dell, and ASUS
application markets
Amazon, Verizon, Sprint, and Barnes & Noble
应⽤用宝、百度、360
3rd Android distributions
aftermarket images
CyanogenMod
MIUI

8. Hardware

10. SoC internal

11. Memory Layout and Mapping

13. AOSP
软件
Android Open Source Project
Linaro Android
CodeAurora
CyanogenMod
Android-x86

14. Features and Characteristics
Application framework app平台绑定 ⽆无可移植性
dxDalvik virtual machine replace jvm
Integrated browser WebKit WebView
SQLite
Media support StageFright
telephony support
wireless connection technologies Bluetooth WiFi 4G/3G/2G

15. Camera, GPS, compass, and accelerometer
Rich development environment
Key Characteristics
Broad app ecosystem
Consistent app APIs
Replaceable components
Extendable
Customizable

16. Android Compatibility Definition Document
minimum set
The only thing that's possible is working according to the
guidelines and then "test, test, and test"
Hardware and Compliance Requirements 约束

17. Compliance Test Suite
works as expected
1、manual testing
CTS Verifier
2、automated testing

18. 2、automated testing
Trade Federation
continuous test framework designed for
running tests on Android devices
Test cases Device Under Test (DUT)
Unit tests
smallest logical units of code
Functional tests
Robustness tests
Performance tests
Areas covered
Signature tests
Platform API Tests
Dalvik Tests
Platform Data Model
Platform Intents
Platform Permissions
Platform Resources

19. Android
Layer-based Architecture

20. Inside the AOSP

21. WorkFlow

22. Kernel
system calls
signals
start_kernel()
Mounts filesystem
Starts the init process

23. HAL https://www.zhihu.com/question/48992547
Android 的 HAL 层是否是在破坏 GPL？
http://www.ifanr.com/92261
Android ，在争议中逃离 Linux 内核的 GPL 约束

24. Binder Android最复杂的设计

25. System Services
Use “service list” to see current list

26. App
Activity
Life Circle

27. Basic AOSP Hacks
Adding a Device
Adding an App
Adding an App Overlay
Adding a Native Tool or Daemon
Adding a Native Library

28. Filesystem
http://www.pathname.com/fhs/
Filesystem Hierarchy Standard (FHS)
/system
contains the immutable components generated
by the AOSP build system
简单的说：了了解⼀一个OS，得从⽂文件系统开始
/data
contains all data and apps that can change over time
/sdcard
is world-writable, the specific contents will depend on the
apps
RedHat vs Debian

29. Filesystem http://www.pathname.com/fhs/
Android
/system
and
/data

31. The Build System and the Filesystem

33. Build templates and file locations

34. basic rights and ownership
UIDs/GIDs
chown/chmod
突破权限 第⼀一关
process level

35. system/core/include/ private/android_filesystem_config.h

36. ps

39. ueventd
/dev/<node> <mode> <user> <group>

41. Init

42. Configuration Files
Location *.rc
Semantics android/system/core/init/readme.txt

43. Global Properties
ro.* read-only
persist.* persistent storage
ctl.* property_set("ctl.start", “bootanim");
net.change Its value contains the last updated 'net.*' property

44. /system/build.prop
/default.prop
PRODUCT_PROPERTY_OVERRIDES +=
wifi.interface=eth0
Storage／default settings

45. .rc files
Code
Java：SystemProperties.set(“net.hostname", name);
C／C++：property_get(“dalvik.vm.heapsize”, heapsizeOptsBuf+4, "16m");
Use

46. Zygote
start zygote
Disabling the Zygote for Debug

47. ADB
了了解Android的唯⼀一途径
adb help
Android伟⼤大的设计之⼀一

49. adb start-server
adb kill-server
偶尔出错时，重启⼀一下
adb -s 同时连了了很多设备，-s指定其中⼀一个
adb push／adb pull
adb install／adb uninstall

50. Port forwarding
adb -d forward tcp:8080 tcp:80
adb -d forward tcp:8000 dev:/dev/ttyUSB0
adb forward <local> <remote>
adb forward tcp:8000 jdwp:376
jdb -attach localhost:8000
Java Debug Wire Protocol (JDWP)

51. Android’s Command Line external/mksh/
/system/bin/mksh
man system/external/mksh/src/mksh.1
Toolbox
BusyBox

53. Global properties
getprop <key>
setprop <key> <value>
watchprops
monitor properties being changed in real-time
# watchprops
946709853 acme.birdradar.enable = '1'

54. Input events

55. Controlling services
start <servicename>
stop <servicename>

56. Logging
log [-p <prioritychar>] [-t <tag>] <message>
prioritychar should be one of:
v,d,i,w,e
log -p i -t ACME Initiating bird tracking sequence
# logcat
...
I/ACME ( 336): Initiating bird tracking sequence
shell scripts中使⽤用

57. ioctl
read()/write()
# cat /dev/birdlocator0
# echo "Fire" > /dev/birdlaser0
ioctl [-l <length>] [-a <argsize>] [-rdh] <device> <ioctlnr>
-l <length> Length of io buffer
-a <argsize> Size of each argument (1-8)
-r Open device in read only mode
-d Direct argument (no iobuffer)
-h Print help

58. Wiping the device
wipe <system|data|all>
# wipe data
Wiping /data
Done wiping /data

59. logwrapper
Usage: logwrapper [-a] [-d] [-k] BINARY [ARGS ...]
Forks and executes BINARY ARGS, redirecting stdout and stderr to
the Android logging system. Tag is set to BINARY, priority is
always LOG_INFO.
-a: Causes logwrapper to do abbreviated logging.
This logs up to the first 4K and last 4K of the command
being run, and logs the output when the command exits
-d: Causes logwrapper to SIGSEGV when BINARY terminates
fault address is set to the status of wait()
-k: Causes logwrapper to log to the kernel log instead of
the Android system log

60. run-as
run-as: Usage:
run-as <package-name> [--user <uid>] <command> [<args>]

61. service
Usage: service [-h|-?]
service list
service check SERVICE
service call SERVICE CODE [i32 N | i64 N | f N | d N | s16 STR ] ...
Options:
i32: Write the 32-bit integer N into the send parcel.
i64: Write the 64-bit integer N into the send parcel.
f: Write the 32-bit single-precision number N into the send parcel.
d: Write the 64-bit double-precision number N into the send parcel.
s16: Write the UTF-16 string STR into the send parcel.

62. dumpsys
usage: dumpsys
To dump all services.
or:
dumpsys [-t TIMEOUT] [--help | -l | --skip SERVICES | SERVICE [ARGS]]
--help: shows this help
-l: only list services, do not dump them
-t TIMEOUT: TIMEOUT to use in seconds instead of default 10 seconds
--skip SERVICES: dumps all services but SERVICES (comma-separated list)
SERVICE [ARGS]: dumps only service SERVICE, optionally passing ARGS to it
现场查看状态（Android服务）

63. dumpstate 事后分析-系统快照
usage: dumpstate [-h] [-b soundfile] [-e soundfile] [-o file [-d] [-p] [-z]] [-s] [-S] [-q] [-B] [-P] [-R] [-V version]
-h: display this help message
-b: play sound file instead of vibrate, at beginning of job
-e: play sound file instead of vibrate, at end of job
-o: write to file (instead of stdout)
-d: append date to filename (requires -o)
-p: capture screenshot to filename.png (requires -o)
-z: generate zipped file (requires -o)
-s: write output to control socket (for init)
-S: write file location to control socket (for init; requires -o and -z) -q: disable vibrate
-B: send broadcast when finished (requires -o)
-P: send broadcast when started and update system properties on progress (requires -o and -B)
-R: take bugreport in remote mode (requires -o, -z, -d and -B, shouldn't be used with -P)
-V: sets the bugreport format version (valid values: 1.0)

64. rawbu
Usage: rawbu COMMAND [options] [backup-file-path]
commands are:
help Show this help text.
backup Perform a backup of /data.
restore Perform a restore of /data.
options include:
-h Show this help text.
-a Backup all files.
backup-file-path Defaults to /sdcard/backup.dat .
On devices that emulate the sdcard, you will need to
explicitly specify the directory it is mapped to,
to avoid recursive backup or deletion of the backup file
during restore.
Eg. /data/media/0/backup.dat
The rawbu command allows you to perform low-level
backup and restore of the /data partition. This is
where all user data is kept, allowing for a fairly
complete restore of a device's state. Note that
because this is low-level, it will only work across
builds of the same (or very similar) device software.
⽤用户数据备份、还原 ⽅方便便测试，bug复现

65. am
usage: am [subcommand] [options]
usage: am start [-D] [-N] [-W] [-P <FILE>] [--start-profiler <FILE>]
[--sampling INTERVAL] [-R COUNT] [-S]
[--track-allocation] [--user <USER_ID> | current] <INTENT>
am startservice [--user <USER_ID> | current] <INTENT>
am stopservice [--user <USER_ID> | current] <INTENT>
am force-stop [--user <USER_ID> | all | current] <PACKAGE>
am kill [--user <USER_ID> | all | current] <PACKAGE>
am kill-all
am broadcast [--user <USER_ID> | all | current] <INTENT>
am instrument [-r] [-e <NAME> <VALUE>] [-p <FILE>] [-w]
[--user <USER_ID> | current]
[--no-window-animation] [--abi <ABI>] <COMPONENT>
am profile start [--user <USER_ID> current] [--sampling INTERVAL] <PROCESS> <FILE>
am profile stop [--user <USER_ID> current] [<PROCESS>]
am dumpheap [--user <USER_ID> current] [-n] <PROCESS> <FILE>
am set-debug-app [-w] [--persistent] <PACKAGE>
am clear-debug-app
am set-watch-heap <PROCESS> <MEM-LIMIT>
am clear-watch-heap
am bug-report [--progress]
am monitor [--gdb <port>]
am hang [--allow-restart]
am restart
am idle-maintenance
am screen-compat [on|off] <PACKAGE>
am package-importance <PACKAGE>
am to-uri [INTENT]
am to-intent-uri [INTENT]
am to-app-uri [INTENT]
am switch-user <USER_ID>
am start-user <USER_ID>
am unlock-user <USER_ID> [TOKEN_HEX]
am stop-user [-w] [-f] <USER_ID>
am stack start <DISPLAY_ID> <INTENT>
am stack movetask <TASK_ID> <STACK_ID> [true|false]
am stack resize <STACK_ID> <LEFT,TOP,RIGHT,BOTTOM>
am stack resize-animated <STACK_ID> <LEFT,TOP,RIGHT,BOTTOM>
am stack resize-docked-stack <LEFT,TOP,RIGHT,BOTTOM> [<TASK_LEFT,TASK_TOP,TASK_RIGHT,TASK_BOTTOM>]
am stack size-docked-stack-test: <STEP_SIZE> <l|t|r|b> [DELAY_MS]
am stack move-top-activity-to-pinned-stack: <STACK_ID> <LEFT,TOP,RIGHT,BOTTOM>
am stack positiontask <TASK_ID> <STACK_ID> <POSITION>
am stack list
am stack info <STACK_ID>
am stack remove <STACK_ID>
am task lock <TASK_ID>
am task lock stop
am task resizeable <TASK_ID> [0 (unresizeable) | 1 (crop_windows) | 2 (resizeable) | 3 (resizeable_and_pipable)]
am task resize <TASK_ID> <LEFT,TOP,RIGHT,BOTTOM>
am task drag-task-test <TASK_ID> <STEP_SIZE> [DELAY_MS]
am task size-task-test <TASK_ID> <STEP_SIZE> [DELAY_MS]
am get-config
am suppress-resize-config-changes <true|false>
am set-inactive [--user <USER_ID>] <PACKAGE> true|false
am get-inactive [--user <USER_ID>] <PACKAGE>
am send-trim-memory [--user <USER_ID>] <PROCESS>
[HIDDEN|RUNNING_MODERATE|BACKGROUND|RUNNING_LOW|MODERATE|RUNNING_CRITICAL|COMPLETE]
am get-current-user
Activity Manager

66. End