Android misc
Android misc
解压boot.img里的ramdisk
ramdisk包含在boot.img里,想要解压ramdisk,首先需要解包boot.img
unpack boot.img(AN 11)
使用/system/tools/mkbootimg/unpack_bootimg.py来unpack
unpack_bootimg -i boot.img -o ./unpack_bootimg/
unpack完后在unpack_bootimg目录下将会有如下三个文件:
dtb kernel ramdisk
解压ramdisk
使用file cmd查看ramdisk文件的信息,如下:
ramdisk: gzip compressed data, from Unix
#mv ramdisk ramdisk.gz
#gunzip ramdisk.gz
#file ramdisk #结果如下
rmadisk: ASCII cpio archive (SVR4 with no CRC)
#mkdir unzip_ramdisk
#cd unzip_ramdisk
#cpio -i -F ../ramdisk #执行完后ramdisk即被解压在unzip_ramdisk目录下
上述cpio两个option的含义如下:
-i, --extract 从包中提取文件 (运行 copy-in 模式)
-F, --file=文件名 要解压的文件名
boot.img header info
boot_magic: ANDROID! kernel_size: 38003200 kernel load address: 0x20280000 ramdisk size: 906316 ramdisk load address: 0x21280000 second bootloader size: 0 second bootloader load address: 0x0 kernel tags load address: 0x20280100 page size: 2048 os version: 11.0.0 os patch level: 2022-04 boot image header version: 2 product name: command line args: androidboot.boot_devices=1c660000.vendor-mmc-xxx buildvariant=userdebug additional command line args: recovery dtbo size: 0 recovery dtbo offset: 0x0 boot header size: 1660 dtb size: 135889 dtb address: 0x22180000
boot.img里的ramdisk.img生成
$(call dist-for-goals, sdk win_sdk sdk_addon, $(INSTALLED_FILES_FILE_RAMDISK)) 1150 BUILT_RAMDISK_TARGET := $(PRODUCT_OUT)/ramdisk.img 1151 1152 ifeq ($(BOARD_RAMDISK_USE_LZ4),true) 1153 # -l enables the legacy format used by the Linux kernel 1154 COMPRESSION_COMMAND_DEPS := $(LZ4) 1155 COMPRESSION_COMMAND := $(LZ4) -l -12 --favor-decSpeed 1156 RAMDISK_EXT := .lz4 1157 else 1158 COMPRESSION_COMMAND_DEPS := $(MINIGZIP) 1159 COMPRESSION_COMMAND := $(MINIGZIP) 1160 RAMDISK_EXT := .gz 1161 endif 1162 1163 # We just build this directly to the install location. 1164 INSTALLED_RAMDISK_TARGET := $(BUILT_RAMDISK_TARGET) 1165 $(INSTALLED_RAMDISK_TARGET): $(MKBOOTFS) $(INTERNAL_RAMDISK_FILES) $(INSTALLED_FILES_FILE_RAMDISK) | $(COMPRESSION_COMMAND_DEPS) 1166 $(call pretty,"Target ram disk: $@") 1167 $(hide) $(MKBOOTFS) -d $(TARGET_OUT) $(TARGET_RAMDISK_OUT) | $(COMPRESSION_COMMAND) > $@
mkbootfs -d选项表示指定config文件(具体参考此link:https://blog.csdn.net/weixin_42524945/article/details/117578659)
TARGET_RAMDISK_OUT是要制作的bootfs的源目录,这个目录一般是$PRODUCT_OUT/ramdisk/
执行mkbootfs后会执行一个压缩cmd,所以最终会在$PRODUCT_OUT下生成ramdisk.img
android init_first_stage/init_second_stage可执行程序generation
first stage init的编译makefile是system/core/init/Android.mk
LOCAL_MODULE_STEM表示编译链接后的目标文件的文件名,不带后缀
50 LOCAL_SRC_FILES := \ 51 block_dev_initializer.cpp \ 52 devices.cpp \ 53 first_stage_console.cpp \ 54 first_stage_init.cpp \ 55 first_stage_main.cpp \ 56 first_stage_mount.cpp \ 57 reboot_utils.cpp \ 58 selabel.cpp \ 59 selinux.cpp \ 60 switch_root.cpp \ 61 uevent_listener.cpp \ 62 util.cpp \ 63 64 LOCAL_MODULE := init_first_stage 65 LOCAL_MODULE_STEM := init
编译first_stage_init的log:
444615:[ 75% 92600/123054] target C++: init_first_stage <= system/core/init/first_stage_main.cpp 444620:[ 75% 92605/123054] target C++: init_first_stage <= system/core/init/first_stage_console.cpp 444621:[ 75% 92606/123054] target C++: init_first_stage <= system/core/init/selabel.cpp 444655:[ 75% 92640/123054] target C++: init_first_stage <= system/core/init/reboot_utils.cpp 444778:[ 75% 92763/123054] target C++: init_first_stage <= system/core/init/uevent_listener.cpp 444796:[ 75% 92781/123054] target C++: init_first_stage <= system/core/init/switch_root.cpp 444875:[ 75% 92860/123054] target C++: init_first_stage <= system/core/init/devices.cpp 444877:[ 75% 92862/123054] target C++: init_first_stage <= system/core/init/block_dev_initializer.cpp 444878:[ 75% 92863/123054] target C++: init_first_stage <= system/core/init/first_stage_init.cpp 444888:[ 75% 92873/123054] target C++: init_first_stage <= system/core/init/selinux.cpp 444890:[ 75% 92875/123054] target C++: init_first_stage <= system/core/init/first_stage_mount.cpp 444891:[ 75% 92876/123054] target C++: init_first_stage <= system/core/init/util.cpp 459572:[ 80% 98676/123054] target StaticExecutable: init_first_stage (out/target/product/xxx_device/obj/EXECUTABLES/init_first_stage_intermediates/LINKED/init) 459609:[ 80% 98713/123054] target Symbolic: init_first_stage (out/target/product/xxx_device/symbols/init) 459669:[ 80% 98773/123054] target Strip: init_first_stage (out/target/product/xxx_device/obj/EXECUTABLES/init_first_stage_intermediates/init)
编译完成后first_stage_init(init)将会被copy到$PRODUCT_OUT/ramdisk下,用md5sum检查这个路径下的init和init_first_stage (out/target/product/xxx_device/obj/EXECUTABLES/init_first_stage_intermediates/init)是一样的
second stage init的编译makefile是system/core/init/Android.bp
195 cc_binary { 196 name: "init_second_stage", 197 recovery_available: true, 198 stem: "init", 199 defaults: ["init_defaults"], 200 static_libs: ["libinit"], 201 required: [ 202 "e2fsdroid", 203 "init.rc", 204 "mke2fs", 205 "sload_f2fs", 206 "make_f2fs", 207 "ueventd.rc", 208 ], 209 srcs: ["main.cpp"], 210 symlinks: ["ueventd"], 211 target: { 212 recovery: { 213 cflags: ["-DRECOVERY"], 214 exclude_shared_libs: [ 215 "libbinder", 216 "libutils", 217 ], 218 }, 219 }, 220 }
init_second_stage编译log如下:
444886:[ 75% 92871/123054] //system/core/init:init_second_stage clang++ main.cpp
444897:[ 75% 92882/123054] //system/core/init:init_second_stage clang++ main.cpp
445166:[ 75% 93151/123054] //system/core/init:init_second_stage link init
445177:[ 75% 93162/123054] //system/core/init:init_second_stage strip init
445178:[ 75% 93163/123054] target Prebuilt: init_second_stage.recovery (out/target/product/xxx_device/obj/EXECUTABLES/init_second_stage.recovery_intermediates/init)
472456:[ 90% 111547/123054] //system/core/init:init_second_stage link init
472520:[ 90% 111611/123054] //system/core/init:init_second_stage strip init
472529:[ 90% 111620/123054] target Prebuilt: init_second_stage (out/target/product/xxx_device/obj/EXECUTABLES/init_second_stage_intermediates/init)
init_second_stage(init)编译完后会被copy到$PRODUCT_OUT/system/bin下,用md5sum检查这个目录下的init和init_second_stage (out/target/product/xxx_device/obj/EXECUTABLES/init_second_stage_intermediates/init)的是一样的
Fstab在哪里define
在如下位置define,它是被define为一个FstabEntry vector
system\core\fs_mgr\include_fstab\fstab\fstab.h
struct FstabEntry {
using Fstab = std::vector<FstabEntry>;
查看super分区里包含哪些logical partition
lpdump -s /dev/block/mmcblk0p20 #mmcblk0p20对应super分区
console:/dev/block # lpdump -s mmcblk0p20
Metadata version: 10.0
Metadata size: 440 bytes
Metadata max size: 65536 bytes
Metadata slot count: 2
Header flags: none
Partition table:
------------------------
Name: system
Group: group_oem
Attributes: readonly
Extents:
0 .. 2539711 linear super 2048
------------------------
Name: vendor
Group: group_oem
Attributes: readonly
Extents:
0 .. 892159 linear super 2543616
------------------------
Super partition layout:
------------------------
super: 2048 .. 2541760: system (2539712 sectors)
super: 2543616 .. 3435776: vendor (892160 sectors)
------------------------
Block device table:
------------------------
Partition name: super
First sector: 2048
Size: 2225078272 bytes
Flags: none
------------------------
Group table:
------------------------
Name: default
Maximum size: 0 bytes
Flags: none
------------------------
Name: group_oem
Maximum size: 2220883968 bytes
Flags: none
------------------------
lpdump -j /dev/block/mmcblk0p20
console:/dev/block # lpdump -j mmcblk0p20
{
"enabled": true,
"partitions": [
{
"name": "system",
"fs_size": "1299177472",
"fs_used": "1263763456"
},
{
"name": "vendor",
"fs_size": "456335360",
"fs_used": "393580544"
}
]
}
