|Android| How was the Android system after power up?

This article will stand on high level to scan initialization modules.

User press power key ……

First, Boot ROM
 - Loads the BootLoader into RAM and starts executing.

Second, BootLoader
 - Start up and find the system kernel.
 - Bootloader is a place where manufacturers put their locks
  and restrictions.
 - Detects external RAM
 - Setups the network, memory … etc, which requires to run Kernel.

Third, Kernel
 - Setup cache
  Protected memory
  Scheduling
  Loads drivers
  Starts kernel daemons
  Mounts root file system
  Initializing Input/Output
  Starts interrupts
  Initializes process table ……
 - Looks for “init” in system files
 - Launch root process

Forth, Init (user space)
 - Mounts directories like /sys, /dev or/proc
 - Runs /init.rc script. The init.rc is responsible for the initial set up of the system.

Fifth, (Android) Zygote: 
 - VM process that starts as the system boots
 - app_process launces Zygote

Sixth, SystemServer
 - Load a native library called android_servers

ref. for Android: https://maoao530.github.io/2017/01/06/android-start/

refs.
https://blog.csdn.net/a4262562/article/details/76779236
https://danielmaker.github.io/blog/linux/start_kernel.html
https://cjworld1208.pixnet.net/blog/post/8014497
http://embeddedvenkatpari.blogspot.com/2016/05/how-to-load-firmware-using-pil.html?m=1
https://www.twblogs.net/a/5b8d19262b717718833b2c22
http://albert-oma.blogspot.com/2016/07/embedded-u-boot.html?m=1

|Telephony| Initialize com.android.phone

This article will focus on Telephony framework and Phone App initialization flows.
There are many key words arranged by initial steps.

Android Q.

First, you should know the role of “SystemServer” in Android.
 - ActivityManagerService up

Second, (Service) Telecom service
 - TelecomLoaderService loads Telecom service
 - path: /android/applications/sources/services/Telecomm/
     /android/frameworks/base/telecomm/

Third, (APP) Create PhoneAPP
 - (see AndroidManifest.xml, android:persistent=”true”)
  PhoneAPP will reborn after killed
 - path: /packages/services/Telephony/…/PhoneApp.java

Forth, (Framework) PhoneFactory brings up GsmCdmaPhone
 - onCreate() in PhoneApp, it will create PhoneGlobals
 - Initialize PhoneFactory.makeDefaultPhones
 - Create monitor service tracker, including ServiceStateTracker, CallTracker, …, and RIL

ref.
Telephony解析之整体架构简介
Telephony解析之Phone启动流程

|Jobs| How can operators detect tethering?

出國玩,買 SIM卡 一定要注意,這張卡是否能夠當作 WiFi hotspot 分享給別人,

有的卡是不行的哦!!

在某次出差 (2017),我發現,電信業者是有能力知道這張 SIM卡是否有能力 WiFi hotspot,並且禁止這張卡做分享。

我一直以為是 framework 的行為(軟體端去擋),但是我做了一些實驗,發現電信商是可以控制的。(最近的新案子也有談到類似的東西)

表示在卡號之外,你這張卡是否有分享給別人,或者,
別支手機是否透過分享上網的,這兩個一定有其中一個資訊會被電信商知道。

稍微上網查了一下,電信商可以偵測到以下資訊,推斷出
你是否正在分享給別人/你是否是透過不能分享的網路上網

How can phone companies detect tethering (incl. Wifi hotspot)

  1. Your phone tells your network that you are tethering
  2. Inspecting the network packets for their TTL (time to live)
  3. MAC address inspection
  4. TCP/IP Stack Fingerprinting
  5. Looking at the Destination IP/URL

(補充)

電信商可以利用Tether Guard的機制來得知。基本上,你要用APN:dun建立連線才能 tethering給別人,

如果成功,表示電信商允許你分享!

特別是去英國或美國,要查一下你的卡哦!

Tethering on UK Networks: Which Mobile Networks Allow You To Tether?

|Job| Application No Response Analysis

ANR 的發生情形,通常是時間到了還沒有回應!所以掌握這個想法,就比較好找 Code。

比較常見有三種情形:

  1. Service Timeout
  2. BroadcastQueue Timeout
  3. ContentProvider Timeout

 

Case 1. Service Timeout

 a. Service 啟動後,會發送 SERVICE_TIMEOUT_MSG 消息
 b. Service 刪除後,就會刪除 SERVICE_TIMEOUT_MSG 消息
 c. 如果 SERVICE_TIMEOUT_MSG 未删除,時間到後就會 ANR

 呼叫 ActiveServices 的 serviceTimeout 方法進行處理,
 serviceTimeout方法邏輯:

 if (anrMessage != null) {
  mAm.appNotResponding(proc, null, null, false, anrMessage);
 }

 

Case 2. BroadcastQueue Timeout

 BroadcastQueue 中的 mHandler 收到 BROADCAST_TIMEOUT_MSG 消息時會觸發

 // 正常要發送消息前
 broadcastTimeoutLocked(false);

 // 發送消息,鎖住
 case BROADCAST_TIMEOUT_MSG: {
  synchronized (mService) {
   broadcastTimeoutLocked(true);

 // ANR
 在 broadcastTimeoutLocked 方法中,首先取得 anrMessage 字串

 anrMessage = “Broadcast of ” + r.intent.toString();

 mHandler.post(new AppNotResponding(app, anrMessage));
 mService.appNotResponding(mApp, null, null, false, mAnnotation);

 

Case 3. ContentProvider Timeout

 MainHandler 的 handleMessage CONTENT_PROVIDER_PUBLISH_TIMEOUT_MSG

 private final void processContentProviderPublishTimedOutLocked(ProcessRecord app) {
cleanupAppInLaunchingProvidersLocked(app, true);
 removeProcessLocked(app, false, true, “timeout publishing content providers”);
 }

 app.kill(reason, true);

 

ref.

https://blog.csdn.net/u012439416/article/category/7261623