Android4.4屬性系統(tǒng)-屬性設(shè)置

一、Android4.4屬性系統(tǒng)系列文章

Android4.4屬性系統(tǒng)-初始化
Android4.4屬性系統(tǒng)-系統(tǒng)服務(wù)
Android4.4屬性系統(tǒng)-內(nèi)存空間共享
Android4.4屬性系統(tǒng)-屬性獲取
Android4.4屬性系統(tǒng)-屬性設(shè)置
Android4.4-屬性的使用總結(jié)

二、寫在前面-如何閱讀本系列文章

本系列文章大部分是對(duì)源碼的解析和注釋,所以讀起來枯燥無味,并且雜亂,這是閱讀系統(tǒng)源碼無法避免的,如果你有條件,可以點(diǎn)擊下載Android4.4源碼,閱讀源碼可以使用eclise,AndroidStudio,vim等。

文章的章節(jié)安卓是按照代碼模塊區(qū)分的,例如init進(jìn)程代碼,libcutils代碼是按章節(jié)來區(qū)分,但不同模塊的代碼之間是有關(guān)聯(lián)的,閱讀時(shí)需要經(jīng)常跳轉(zhuǎn),通過搜索功能進(jìn)行頁內(nèi)搜索即可

三、屬性設(shè)置

Android 除了提供屬性獲取函數(shù)外,當(dāng)然還可以進(jìn)行屬性的設(shè)置操作,在 Java 層可以通過調(diào)用 SystemProperties.set(String key, String val)方法進(jìn)行屬性設(shè)置。

3.1 frameworks接口

源碼路徑frameworks/base/core/java/android/os/Build.java

/**
 * Set the value for the given key.
 * @throws IllegalArgumentException if the key exceeds 32 characters
 * @throws IllegalArgumentException if the value exceeds 92 characters
 */
public static void set(String key, String val) {
    if (key.length() > PROP_NAME_MAX) {
        throw new IllegalArgumentException("key.length > " + PROP_NAME_MAX);
    }
    if (val != null && val.length() > PROP_VALUE_MAX) {
        throw new IllegalArgumentException("val.length > " +
            PROP_VALUE_MAX);
    }
    native_set(key, val);
}

首先對(duì)需要設(shè)置的屬性的名稱以及值做長度檢查,再調(diào)用 Native函數(shù)native_set。native_set對(duì)應(yīng)的C++層函數(shù)為SystemProperties_set(/frameworks/base/core/jni/android_os_SystemProperties.cpp)

3.2 JNI接口

源碼 路徑frameworks/base/core/jni/android_os_SystemProperties.cpp
JNI代碼中,有方法映射表,native_get映射為SystemProperties_getS方法

#include "cutils/properties.h"
//方法映射表
static JNINativeMethod method_table[] = {
    { "native_get", "(Ljava/lang/String;)Ljava/lang/String;",
      (void*) SystemProperties_getS },
    { "native_get", "(Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String;",
      (void*) SystemProperties_getSS },
    { "native_get_int", "(Ljava/lang/String;I)I",
      (void*) SystemProperties_get_int },
    { "native_get_long", "(Ljava/lang/String;J)J",
      (void*) SystemProperties_get_long },
    { "native_get_boolean", "(Ljava/lang/String;Z)Z",
      (void*) SystemProperties_get_boolean },
    { "native_set", "(Ljava/lang/String;Ljava/lang/String;)V",
      (void*) SystemProperties_set },
    { "native_add_change_callback", "()V",
      (void*) SystemProperties_add_change_callback },
};

//native_set方法對(duì)應(yīng)SystemProperties_set
static void SystemProperties_set(JNIEnv *env, jobject clazz, jstring keyJ, jstring valJ)
{
    LOGD("SystemProperties_set,keyJ=%s,valJ=%s", keyJ, valJ);
    int err;
    const char* key;
    const char* val;

    if (keyJ == NULL) {
        jniThrowNullPointerException(env, "key must not be null.");
        return ;
    }
    //將jstring類型變成一個(gè)char *類型
    key = env->GetStringUTFChars(keyJ, NULL);

    if (valJ == NULL) {
        val = "";       /* NULL pointer not allowed here */
    } else {
        val = env->GetStringUTFChars(valJ, NULL);
    }
    //關(guān)鍵代碼:調(diào)用property_set,在properties.c中實(shí)現(xiàn)
    err = property_set(key, val);
    //調(diào)用ReleaseStringUTFChars函數(shù)通知JVM這塊內(nèi)存已經(jīng)不使用
    env->ReleaseStringUTFChars(keyJ, key);
    //一些錯(cuò)誤處理
    if (valJ != NULL) {
        env->ReleaseStringUTFChars(valJ, val);
    }

    if (err < 0) {
         jniThrowException(env, "java/lang/RuntimeException",
                           "failed to set system property");
     }
 }

調(diào)用了 property_set 函數(shù),該函數(shù)統(tǒng)一定義在/system/core/libcutils/properties.c 文件中

3.3 libc庫層

3.3.1 內(nèi)核c庫層

源碼路徑system/core/libcutils/properties.c

#include <cutils/properties.h>

//set方法,參數(shù)<key,value>
int property_set(const char *key, const char *value)
{   
    ALOGV("property_set, key=%s,value=%s", key, value);
    //關(guān)鍵調(diào)用,位于bionic/libc/bionic/system_properties.c
    return __system_property_set(key, value);
}

調(diào)用了__system_property_set 函數(shù),該函數(shù)位于/bionic/libc/bionic/system_properties.c 文件

3.3.2 bionic庫層

源碼路徑bionic/libc/bionic/system_properties.c
該函數(shù)通過__system_property_find 函數(shù)在系統(tǒng)屬性內(nèi)存區(qū)域查詢是否存在 name 參數(shù)指定的屬性,如果查詢到則會(huì)通過__system_property_read 讀取屬性信息。關(guān)于__system_property_find函數(shù),前文已經(jīng)分析過了。__system_property_read 通過獲取的內(nèi)存地址,從內(nèi)存中讀取屬性信息。

//set方法
int __system_property_set(const char *key, const char *value)
{
    printf("__system_property_set--bianjb,key=%s,value=%s", key, value);
    int err;
    //prop_msg為要發(fā)送給服務(wù)端的消息句柄
    prop_msg msg;
      
    if(key == 0) return -1;
    if(value == 0) value = "";
    //判斷key,value長度是否合法
    if(strlen(key) >= PROP_NAME_MAX) return -1;
    if(strlen(value) >= PROP_VALUE_MAX) return -1;

    memset(&msg, 0, sizeof msg);  //初始化內(nèi)存
    //設(shè)置Prop操作類型
    msg.cmd = PROP_MSG_SETPROP;
    //設(shè)置消息name字段
    strlcpy(msg.name, key, sizeof msg.name);
    //設(shè)置消息value字段
    strlcpy(msg.value, value, sizeof msg.value);
    //send_prop_msg 函數(shù)向?qū)傩韵到y(tǒng)服務(wù)的 socket發(fā)送屬性設(shè)置請(qǐng)求信息
    err = send_prop_msg(&msg);
    if(err < 0) {
        return err;
    }
    return 0;
}

//發(fā)送消息
static int send_prop_msg(prop_msg *msg)
{
    struct pollfd pollfds[1];
    struct sockaddr_un addr;
    socklen_t alen;
    size_t namelen;
    int s;
    int r;
    int result = -1;

    s = socket(AF_LOCAL, SOCK_STREAM, 0);
    if(s < 0) {
        return result;
    }

    memset(&addr, 0, sizeof(addr));
    // property_service_socket 值為”/dev/socket/property_service”
    //正是前文分析 Android 屬性系統(tǒng)服務(wù)所監(jiān)聽的 socket
    namelen = strlen(property_service_socket);
    strlcpy(addr.sun_path, property_service_socket, sizeof addr.sun_path);
    addr.sun_family = AF_LOCAL;
    alen = namelen + offsetof(struct sockaddr_un, sun_path) + 1;
    //connect嘗試連接這個(gè)服務(wù)端 socket
    if(TEMP_FAILURE_RETRY(connect(s, (struct sockaddr *) &addr, alen)) < 0) {
        close(s);
        return result;
    }
    //send向該 socket 發(fā)送消息
    r = TEMP_FAILURE_RETRY(send(s, msg, sizeof(prop_msg), 0));

    if(r == sizeof(prop_msg)) {
       //我們成功寫入了屬性服務(wù)器,但現(xiàn)在我們等待屬性服務(wù)器完成其工作。它通過關(guān)閉套接字來確認(rèn)它的完成,所以我們?cè)谶@里
       //輪詢(什么都沒有),等待套接字關(guān)閉。如果你'adb shell setprop foo bar',你會(huì)在套接字關(guān)閉后看到POLLHUP。出于偏
       //執(zhí),我們將調(diào)查結(jié)果限制在250毫秒。
        pollfds[0].fd = s;
        pollfds[0].events = 0;
        r = TEMP_FAILURE_RETRY(poll(pollfds, 1, 250 /* ms */));
        if (r == 1 && (pollfds[0].revents & POLLHUP) != 0) {
            result = 0;
        } else {
        //忽略超時(shí)并將其視為成功。 init進(jìn)程是單線程的,它的屬性服務(wù)有時(shí)響應(yīng)很慢(可能是關(guān)閉啟動(dòng)子進(jìn)程或其他東西),因此
        //這時(shí)超時(shí)并且調(diào)用者認(rèn)為它失敗了,即使它仍然可以解決它。所以我們?cè)谶@里偽造它,主要是為了ctl.*屬性,但是我們嘗
        //試等待250毫秒,因此大多數(shù)時(shí)候執(zhí)行read-after-write的調(diào)用者可以可靠地看到他們寫的內(nèi)容。
            result = 0;
        }
    }

    close(s);
    return result;
}

prop_msg消息結(jié)構(gòu)體定義在bionic/libc/include/sys/_system_properties.h,源碼如下:

#define PROP_MSG_SETPROP 1

struct prop_msg
{
    unsigned cmd;
    char name[PROP_NAME_MAX];
    char value[PROP_VALUE_MAX];
};

上面的分析完成了向socket服務(wù)器發(fā)送請(qǐng)求消息的過程,那么服務(wù)器端是如何接收并處理的呢。

3.3 socket服務(wù)端接收請(qǐng)求消息并處理

在 init.c 文件中 main 函數(shù)的無限 for 循環(huán)中有對(duì)上述 socket 事件的處理,關(guān)鍵代碼如下
源碼位置system/core/init/init.c

int main(int argc, char **argv)
{
    ....
    for(;;) {
        int nr, i, timeout = -1;

        execute_one_command();
        restart_processes();

        //設(shè)置需要監(jiān)聽的 socket 文件描述符以及 socket 請(qǐng)求的事件
        if (!property_set_fd_init && get_property_set_fd() > 0) {
            ufds[fd_count].fd = get_property_set_fd();
            ufds[fd_count].events = POLLIN;
            ufds[fd_count].revents = 0;
            fd_count++;
            property_set_fd_init = 1;
        }
        ....
        //調(diào)用 poll 檢查是否有期望的 soket 事件發(fā)生
        nr = poll(ufds, fd_count, timeout);
        if (nr <= 0)
            continue;

        for (i = 0; i < fd_count; i++) {
            if (ufds[i].revents == POLLIN) { //兩個(gè)if判斷所發(fā)生的的 socket 事件是否是來自于屬性服務(wù)的socket
                if (ufds[i].fd == get_property_set_fd())
                    handle_property_set_fd();  //處理相應(yīng)的 socket 請(qǐng)求,定義在property_service.c
                else if (ufds[i].fd == get_keychord_fd())
                    handle_keychord();
                else if (ufds[i].fd == get_signal_fd())
                    handle_signal();
            }
        }
}
//處理控制消息,handle_control_message 根據(jù)屬性名稱來啟動(dòng)、停止或者重啟服務(wù)
void handle_control_message(const char *msg, const char *arg)
{
    if (!strcmp(msg,"start")) {
        msg_start(arg);
    } else if (!strcmp(msg,"stop")) {
        msg_stop(arg);
    } else if (!strcmp(msg,"restart")) {
        msg_restart(arg);
    } else {
        ERROR("unknown control msg '%s'\n", msg);
    }
}

//prop發(fā)生改變
void property_changed(const char *name, const char *value)
{
    if (property_triggers_enabled) //是否開啟了prop觸發(fā)器
        queue_property_triggers(name, value);
}

static int queue_property_triggers_action(int nargs, char **args)
{
    queue_all_property_triggers();  //定義在init_parser.c
    /* enable property triggers */
    property_triggers_enabled = 1;
    return 0;
}

源碼路徑system/core/init/init_parser.c

void queue_all_property_triggers()
{
    struct listnode *node;
    struct action *act;
    list_for_each(node, &action_list) {
        act = node_to_item(node, struct action, alist);
        if (!strncmp(act->name, "property:", strlen("property:"))) {
            /* parse property name and value
               syntax is property:<name>=<value> */
            const char* name = act->name + strlen("property:");
            const char* equals = strchr(name, '=');
            if (equals) {
                char prop_name[PROP_NAME_MAX + 1];
                char value[PROP_VALUE_MAX];
                int length = equals - name;
                if (length > PROP_NAME_MAX) {
                    ERROR("property name too long in trigger %s", act->name);
                } else {
                    memcpy(prop_name, name, length);
                    prop_name[length] = 0;

                    /* does the property exist, and match the trigger value? */
                    property_get(prop_name, value);
                    if (!strcmp(equals + 1, value) ||!strcmp(equals + 1, "*")) {
                        action_add_queue_tail(act);
                    }
                }
            }
        }
    }
}

源碼路徑system/core/init/property_service.c

//處理客戶端的連接請(qǐng)求
void handle_property_set_fd()
{
    prop_msg msg;
    int s;
    int r;
    int res;
    struct ucred cr;
    struct sockaddr_un addr;
    socklen_t addr_size = sizeof(addr);
    socklen_t cr_size = sizeof(cr);
    char * source_ctx = NULL;

    //accept接受連接請(qǐng)求
    if ((s = accept(property_set_fd, (struct sockaddr *) &addr, &addr_size)) < 0) {
        return;
    }

    /* Check socket options here */
    if (getsockopt(s, SOL_SOCKET, SO_PEERCRED, &cr, &cr_size) < 0) {
        close(s);
        ERROR("Unable to receive socket options\n");
        return;
    }
    //recv從 socket 中獲取數(shù)據(jù),由于 send_prop_msg 發(fā)送的數(shù)據(jù)位 prop_msg,因此此處獲得的數(shù)據(jù)便是一個(gè) prop_msg 結(jié)構(gòu)體
    r = TEMP_FAILURE_RETRY(recv(s, &msg, sizeof(msg), 0));
    if(r != sizeof(prop_msg)) {
        ERROR("sys_prop: mis-match msg size received: %d expected: %d errno: %d\n",
              r, sizeof(prop_msg), errno);
        close(s);
        return;
    }
    //根據(jù) prop_msg 成員cmd 值做相應(yīng)操作,對(duì)于屬性設(shè)置請(qǐng)求來說,cmd 值為 PROP_MSG_SETPROP,而實(shí)際上
    //handle_property_set_fd 函數(shù)也只是處理屬性設(shè)置請(qǐng)求
    switch(msg.cmd) {
    case PROP_MSG_SETPROP:
        msg.name[PROP_NAME_MAX-1] = 0;
        msg.value[PROP_VALUE_MAX-1] = 0;

        if (!is_legal_property_name(msg.name, strlen(msg.name))) {
            ERROR("sys_prop: illegal property name. Got: \"%s\"\n", msg.name);
            close(s);
            return;
        }

        getpeercon(s, &source_ctx);

        /*判斷需要設(shè)置的屬性名稱是否以”ctl.”開頭,
         *ctl.start 可以用來啟動(dòng)服務(wù),
         *ctl.stop 用來停止服務(wù),  
         *ctl.restart 可以用來重啟服務(wù)
         */
        if(memcmp(msg.name,"ctl.",4) == 0) {
            // Keep the old close-socket-early behavior when handling ctl.* properties.
            close(s);
            //檢查控制權(quán)限,通過后就可以控制屬性服務(wù)的啟動(dòng)和停止
            if (check_control_perms(msg.value, cr.uid, cr.gid, source_ctx)) {
                //處理控制消息
                handle_control_message((char*) msg.name + 4, (char*) msg.value);
            } else {
                ERROR("sys_prop: Unable to %s service ctl [%s] uid:%d gid:%d pid:%d\n",
                        msg.name + 4, msg.value, cr.uid, cr.gid, cr.pid);
            }
        } else {
             //如果不是控制指令,檢查權(quán)限
             if (check_perms(msg.name, cr.uid, cr.gid, source_ctx)) {
                 property_set((char*) msg.name, (char*) msg.value);
             } else {
                 ERROR("sys_prop: permission denied uid:%d  name:%s\n",
                       cr.uid, msg.name);
             }
 
             // Note: bionic's property client code assumes that the
             // property server will not close the socket until *AFTER*
             // the property is written to memory.
             close(s);
         }
         freecon(source_ctx);
         break;
 
     default:
         close(s);
         break;
     }
 }

/* 白名單一
 * White list of UID that are allowed to start/stop services.
 * Currently there are no user apps that require.
 */
struct {
    const char *service;
    unsigned int uid;
    unsigned int gid;
} control_perms[] = {
    { "dumpstate",AID_SHELL, AID_LOG },
    { "ril-daemon",AID_RADIO, AID_RADIO },
     {NULL, 0, 0 }
};

/*
 * Checks permissions for starting/stoping system services.
 * AID_SYSTEM and AID_ROOT are always allowed.
 *
 * Returns 1 if uid allowed, 0 otherwise.
 *權(quán)限檢查的基本思路是:若進(jìn)程的 uid 屬于 system 或者 root,則通過;若進(jìn)程在 control_perms
 *白名單中,也可以通過檢查,但是目前為止,沒有用戶應(yīng)用程序存在于該白名單中。因此只
 *有具有 system 或者 root 權(quán)限才可以啟動(dòng)、停止以及重啟服務(wù)。
 */

static int check_control_perms(const char *name, unsigned int uid, unsigned int gid, char *sctx) {

    int i;
    if (uid == AID_SYSTEM || uid == AID_ROOT)
      return check_control_mac_perms(name, sctx);

    /* Search the ACL */
    for (i = 0; control_perms[i].service; i++) {
        if (strcmp(control_perms[i].service, name) == 0) {
            if ((uid && control_perms[i].uid == uid) ||
                (gid && control_perms[i].gid == gid)) {
                return check_control_mac_perms(name, sctx);
            }
        }
    }
    return 0;
}

//白名單二,AID定義在`system/core/include/private/android_filesystem_config.h`
/* White list of permissions for setting property services. */
struct {
    const char *prefix;
    unsigned int uid;
    unsigned int gid;
} property_perms[] = {
    { "net.rmnet0.",      AID_RADIO,    0 },
    { "net.gprs.",        AID_RADIO,    0 },
    { "net.ppp",          AID_RADIO,    0 },
    { "net.qmi",          AID_RADIO,    0 },
    { "net.lte",          AID_RADIO,    0 },
    { "net.cdma",         AID_RADIO,    0 },
    { "ril.",             AID_RADIO,    0 },
    { "gsm.",             AID_RADIO,    0 },
    { "persist.radio",    AID_RADIO,    0 },
    { "persist.radio",    AID_SYSTEM,   0 },
    { "net.dns",          AID_RADIO,    0 },
    { "sys.usb.config",   AID_RADIO,    0 },
    { "net.",             AID_SYSTEM,   0 },
    { "dev.",             AID_SYSTEM,   0 },
    { "runtime.",         AID_SYSTEM,   0 },
    { "hw.",              AID_SYSTEM,   0 },
    { "sys.",             AID_SYSTEM,   0 },
    { "sys.powerctl",     AID_SHELL,    0 },
    { "service.",         AID_SYSTEM,   0 },
    { "wlan.",            AID_SYSTEM,   0 },
    { "bluetooth.",       AID_BLUETOOTH,   0 },
    { "dhcp.",            AID_SYSTEM,   0 },
    { "dhcp.",            AID_DHCP,     0 },
    { "debug.",           AID_SYSTEM,   0 },
    { "debug.",           AID_SHELL,    0 },
    { "log.",             AID_SHELL,    0 },
    { "service.adb.root", AID_SHELL,    0 },
    { "service.adb.tcp.port", AID_SHELL,    0 },
    { "persist.sys.",     AID_SYSTEM,   0 },
    { "persist.msms.",    AID_RADIO,   0 },//SPRD: add for dsds
    { "persist.msms.",    AID_SYSTEM,   0 },
    { "persist.service.", AID_SYSTEM,   0 },
    { "persist.security.", AID_SYSTEM,   0 },
    { "media.", AID_MEDIA,   0 },
    { "persist.service.bdroid.", AID_BLUETOOTH,   0 },
    { "selinux."         , AID_SYSTEM,   0 },
    { "persist.modem.",    AID_RADIO,    0 },//SPRD: add for lte
    { NULL, 0, 0 }
};

/*
 * Checks permissions for setting system properties.
 * Returns 1 if uid allowed, 0 otherwise.
 */
static int check_perms(const char *name, unsigned int uid, unsigned int gid, char *sctx)
{
    int i;
    unsigned int app_id;

    if(!strncmp(name, "ro.", 3))
        name +=3;
    //斷是否具有 root 權(quán)限,若有通過檢查
    if (uid == 0)
        return check_mac_perms(name, sctx);

    app_id = multiuser_get_app_id(uid);
    if (app_id == AID_BLUETOOTH) {
        uid = app_id;
    }
    //與 check_control_perms 一樣,property_perms 也是一個(gè)可以進(jìn)行屬性設(shè)置的白名單。若通過權(quán)限檢查,則會(huì)調(diào)用
    //property_set來進(jìn)行屬性設(shè)置操作,該函數(shù)在前文已有分析,此處略去
    for (i = 0; property_perms[i].prefix; i++) {
        if (strncmp(property_perms[i].prefix, name,
                    strlen(property_perms[i].prefix)) == 0) {
            if ((uid && property_perms[i].uid == uid) ||
                (gid && property_perms[i].gid == gid)) {

                return check_mac_perms(name, sctx);
            }
            }   
        }   
    }   
    
    return 0;
}   

//最終真正的設(shè)置屬性的函數(shù)
int property_set(const char *name, const char *value)
{
    prop_info *pi;
    int ret;

    size_t namelen = strlen(name);  //計(jì)算key長度值 
    size_t valuelen = strlen(value);  //計(jì)算value長度值 

    if (!is_legal_property_name(name, namelen)) return -1;  //判斷prop name是否合法
    if (valuelen >= PROP_VALUE_MAX) return -1;

    pi = (prop_info*) __system_property_find(name);  //獲取系統(tǒng)中的prop

    if(pi != 0) {  //如果已經(jīng)存在該prop
        /* ro.* properties may NEVER be modified once set */
        if(!strncmp(name, "ro.", 3)) return -1;  //ro.開頭的不允許修改,read only

        __system_property_update(pi, value, valuelen);  //更新prop
    } else {  //如果不存在,則添加
        ret = __system_property_add(name, namelen, value, valuelen);  //添加prop
        if (ret < 0) {
            ERROR("Failed to set '%s'='%s'\n", name, value);
            return ret;
        }
    }
    /* If name starts with "net." treat as a DNS property. */
    //如果key是以net.開關(guān)的,當(dāng)作DNS屬性處理
    if (strncmp("net.", name, strlen("net.")) == 0)  {
        if (strcmp("net.change", name) == 0) {  //如果是net.change屬性,直接返回
            return 0;
        }
       /*
        * The 'net.change' property is a special property used track when any
        * 'net.*' property name is updated. It is _ONLY_ updated here. Its value
        * contains the last updated 'net.*' property.
        */
        //'net.change'屬性是一個(gè)特殊屬性,用于跟蹤任何'net.*'屬性名稱的更新。它只能在這里被更新。
        //其值包含最后更新的'net.*'屬性。
        property_set("net.change", name);
    } else if (persistent_properties_loaded &&strncmp("persist.", name, strlen("persist.")) == 0) {    
        /*
         * Don't write properties to disk until after we have read all default properties
         * to prevent them from being overwritten by default values.
         */
        //如果持久化屬性已經(jīng)加載完畢并且屬性以persist.開頭
        write_persistent_property(name, value);
    } else if (strcmp("selinux.reload_policy", name) == 0 && strcmp("1", value) == 0) {
        //如果是selinux.reload_policy=1
        selinux_reload_policy();
    }
    property_changed(name, value);  //prop改變,發(fā)出通知,定義在init.c中
    return 0;
}

//判斷prop name是否含有非法字符
static bool is_legal_property_name(const char* name, size_t namelen)
{
    size_t i;
    bool previous_was_dot = false;
    if (namelen >= PROP_NAME_MAX) return false;  //超過最大長度,非法
    if (namelen < 1) return false;  //長度小于1非法
    if (name[0] == '.') return false;  //以'.'開頭,非法
    if (name[namelen - 1] == '.') return false;  //以'.'結(jié)尾,非法

    /* Only allow alphanumeric, plus '.', '-', or '_' */  
    /* Don't allow ".." to appear in a property name */
    //只允許字母和數(shù)字,以及'.' '-' '_',并且不允許”..“
    for (i = 0; i < namelen; i++) {
        if (name[i] == '.') {
            if (previous_was_dot == true) return false;
            previous_was_dot = true;
            continue;
        }
        previous_was_dot = false;
        if (name[i] == '_' || name[i] == '-') continue;
        if (name[i] >= 'a' && name[i] <= 'z') continue;
        if (name[i] >= 'A' && name[i] <= 'Z') continue;
        if (name[i] >= '0' && name[i] <= '9') continue;
        return false;
    }

    return true;
}

//寫入持久化prop,persist類型的prop要生成對(duì)應(yīng)的文件,路徑為/data/property
static void write_persistent_property(const char *name, const char *value)
{
    char tempPath[PATH_MAX];
    char path[PATH_MAX];
    int fd;

    snprintf(tempPath, sizeof(tempPath), "%s/.temp.XXXXXX", PERSISTENT_PROPERTY_DIR);
    fd = mkstemp(tempPath);  //建立 臨時(shí)文件
    if (fd < 0) {
        ERROR("Unable to write persistent property to temp file %s errno: %d\n", tempPath, errno);
        return;
    }
    write(fd, value, strlen(value));
    close(fd);

    snprintf(path, sizeof(path), "%s/%s", PERSISTENT_PROPERTY_DIR, name);
    if (rename(tempPath, path)) {
        unlink(tempPath);
        ERROR("Unable to rename persistent property file %s to %s\n", tempPath, path);
    }
}

可以看到property_set函數(shù)又調(diào)用了__system_property_update,__system_property_add等函數(shù),它們定義在
bionic/libc/bionic/system_properties.c
源碼如下:

//更新屬性
int __system_property_update(prop_info *pi, const char *value, unsigned int len)
 {
     prop_area *pa = __system_property_area__; //獲取靜態(tài)成員__system_property_area__,拿到共享內(nèi)存區(qū)的地址
 
     if (len >= PROP_VALUE_MAX)
         return -1;
 
     //prop_info->serial,其高8位表示該prop_info中name的長度,而低24位表示該prop_info被更新的次數(shù)
     pi->serial = pi->serial | 1;
     ANDROID_MEMBAR_FULL();
     memcpy(pi->value, value, len + 1);  //賦值value
     ANDROID_MEMBAR_FULL();
     pi->serial = (len << 24) | ((pi->serial + 1) & 0xffffff);
     __futex_wake(&pi->serial, INT32_MAX);
 
     pa->serial++;  //訪問次數(shù)加+,pa->serial表示該屬性訪問次數(shù)
     __futex_wake(&pa->serial, INT32_MAX);
 
     return 0;
}
 
//添加prop
int __system_property_add(const char *name, unsigned int namelen,
            const char *value, unsigned int valuelen)
{
    prop_area *pa = __system_property_area__;
    const prop_info *pi;

    if (namelen >= PROP_NAME_MAX)  //檢查name長度
        return -1;
    if (valuelen >= PROP_VALUE_MAX)  //檢查value長度
        return -1;
    if (namelen < 1)
        return -1;
    //查詢prop應(yīng)該存儲(chǔ)的內(nèi)存位置
    pi = find_property(root_node(), name, namelen, value, valuelen, true);
    if (!pi)
        return -1;

    pa->serial++;  //訪問次數(shù)加+,pa->serial表示該屬性訪問次數(shù)
    __futex_wake(&pa->serial, INT32_MAX);
    return 0;
}

//前面介紹過了,屬性的存儲(chǔ)結(jié)構(gòu)為特里結(jié)構(gòu)+二叉樹結(jié)構(gòu),所以查找屬性其實(shí)就是
//特里結(jié)構(gòu)+二叉樹結(jié)構(gòu)的遍歷 
static const prop_info *find_property(prop_bt *trie, const char *name,
        uint8_t namelen, const char *value, uint8_t valuelen,
        bool alloc_if_needed)
{
    const char *remaining_name = name;

    while (true) {
        char *sep = strchr(remaining_name, '.');
        bool want_subtree = (sep != NULL);
        uint8_t substr_size;

        prop_bt *root;

        if (want_subtree) {
            substr_size = sep - remaining_name;
        } else {
            substr_size = strlen(remaining_name);
        }

        if (!substr_size)
            return NULL;

        if (trie->children) {
            root = to_prop_obj(trie->children);
        } else if (alloc_if_needed) {
            root = new_prop_bt(remaining_name, substr_size, &trie->children);
        } else {                                                                               
            root = NULL;
        }

        if (!root)
            return NULL;

        trie = find_prop_bt(root, remaining_name, substr_size, alloc_if_needed);
        if (!trie)
            return NULL;

        if (!want_subtree)
            break;

        remaining_name = sep + 1;
    }
    if (trie->prop) {
        return to_prop_obj(trie->prop);
    } else if (alloc_if_needed) {
        return new_prop_info(name, namelen, value, valuelen, &trie->prop);
    } else {
        return NULL;
    }
}

AID用戶定義
system/core/include/private/android_filesystem_config.h

/* This is the master Users and Groups config for the platform.
 * DO NOT EVER RENUMBER
 */

#define AID_ROOT             0  /* traditional unix root user */

#define AID_SYSTEM        1000  /* system server */

#define AID_RADIO         1001  /* telephony subsystem, RIL */
#define AID_BLUETOOTH     1002  /* bluetooth subsystem */
#define AID_GRAPHICS      1003  /* graphics devices */
#define AID_INPUT         1004  /* input devices */
#define AID_AUDIO         1005  /* audio devices */
#define AID_CAMERA        1006  /* camera devices */
#define AID_LOG           1007  /* log devices */
#define AID_COMPASS       1008  /* compass device */
#define AID_MOUNT         1009  /* mountd socket */
#define AID_WIFI          1010  /* wifi subsystem */
#define AID_ADB           1011  /* android debug bridge (adbd) */
#define AID_INSTALL       1012  /* group for installing packages */
#define AID_MEDIA         1013  /* mediaserver process */
#define AID_DHCP          1014  /* dhcp client */
#define AID_SDCARD_RW     1015  /* external storage write access */
#define AID_VPN           1016  /* vpn system */
#define AID_KEYSTORE      1017  /* keystore subsystem */
#define AID_USB           1018  /* USB devices */
#define AID_DRM           1019  /* DRM server */
#define AID_MDNSR         1020  /* MulticastDNSResponder (service discovery) */
#define AID_GPS           1021  /* GPS daemon */
#define AID_UNUSED1       1022  /* deprecated, DO NOT USE */
#define AID_MEDIA_RW      1023  /* internal media storage write access */
#define AID_MTP           1024  /* MTP USB driver access */
#define AID_UNUSED2       1025  /* deprecated, DO NOT USE */
#define AID_DRMRPC        1026  /* group for drm rpc */
#define AID_NFC           1027  /* nfc subsystem */
#define AID_SDCARD_R      1028  /* external storage read access */
#define AID_CLAT          1029  /* clat part of nat464 */
#define AID_LOOP_RADIO    1030  /* loop radio devices */
#define AID_MEDIA_DRM     1031  /* MediaDrm plugins */
#define AID_PACKAGE_INFO  1032  /* access to installed package details */
#define AID_SDCARD_PICS   1033  /* external storage photos access */
#define AID_SDCARD_AV     1034  /* external storage audio/video access */
#define AID_SDCARD_ALL    1035  /* access all users external storage */
/* SPRD: add for storage manager @{ */
#define AID_INTERNAL_WR   1051  /* write permission for internal storage */
#define AID_EXTERNAL_WR   1052  /* write permission for external storage */
/* @} */

#define AID_SHELL         2000  /* adb and debug shell user */
#define AID_CACHE         2001  /* cache access */
#define AID_DIAG          2002  /* access to diagnostic resources */

/* The 3000 series are intended for use as supplemental group id's only.
 * They indicate special Android capabilities that the kernel is aware of. */
#define AID_NET_BT_ADMIN  3001  /* bluetooth: create any socket */
#define AID_NET_BT        3002  /* bluetooth: create sco, rfcomm or l2cap sockets */
#define AID_INET          3003  /* can create AF_INET and AF_INET6 sockets */
#define AID_NET_RAW       3004  /* can create raw INET sockets */
#define AID_NET_ADMIN     3005  /* can configure interfaces and routing tables. */
#define AID_NET_BW_STATS  3006  /* read bandwidth statistics */
#define AID_NET_BW_ACCT   3007  /* change bandwidth statistics accounting */
#define AID_NET_BT_STACK  3008  /* bluetooth: access config files */

#define AID_THEME         9001  /* SPRD: add for theme setting */

#define AID_MISC          9998  /* access to misc storage */
#define AID_NOBODY        9999

#define AID_APP          10000  /* first app user */
#define AID_ISOLATED_START 99000 /* start of uids for fully isolated sandboxed processes */
#define AID_ISOLATED_END   99999 /* end of uids for fully isolated sandboxed processes */

#define AID_USER        100000  /* offset for uid ranges for each user */

#define AID_SHARED_GID_START 50000 /* start of gids for apps in each user to share */
#define AID_SHARED_GID_END   59999 /* start of gids for apps in each user to share */

需要重點(diǎn)關(guān)注的幾個(gè):

#define AID_ROOT             0  /* traditional unix root user */

#define AID_SYSTEM        1000  /* system server */
#define AID_RADIO         1001  /* telephony subsystem, RIL */
#define AID_USER        100000  /* offset for uid ranges for each user */
#define AID_USER        100000  /* offset for uid ranges for each user */

通過上述分析可知,Android 屬性設(shè)置最終需要通過 init 進(jìn)程完成,同時(shí)還有嚴(yán)格的權(quán)限檢查,一般用戶進(jìn)程無法對(duì) Android 屬性進(jìn)行設(shè)置。

四、上圖

屬性設(shè)置.png

五、參考

Android屬性系統(tǒng)
Linux 內(nèi)存映射函數(shù) mmap
trie-特里結(jié)構(gòu)
Linux 內(nèi)存映射函數(shù) mmap()函數(shù)詳解

最后編輯于
?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請(qǐng)聯(lián)系作者
【社區(qū)內(nèi)容提示】社區(qū)部分內(nèi)容疑似由AI輔助生成,瀏覽時(shí)請(qǐng)結(jié)合常識(shí)與多方信息審慎甄別。
平臺(tái)聲明:文章內(nèi)容(如有圖片或視頻亦包括在內(nèi))由作者上傳并發(fā)布,文章內(nèi)容僅代表作者本人觀點(diǎn),簡(jiǎn)書系信息發(fā)布平臺(tái),僅提供信息存儲(chǔ)服務(wù)。

友情鏈接更多精彩內(nèi)容