Android 10 Internals (informal) UpdateAndroid 10 Internals (informal) Update
YouTube™ LivestreamYouTube™ Livestream
October 2October 2ndnd 20192019

CC-BY-SA 3.0 - Attribution requirements and misc., except 3rd party material,
PLEASE READ:
This slide must remain as-is in this specific location (slide #1), everything else you are free to change;
including the logo :-)
Use of figures in other documents must feature the below "Originals at" URL immediately under that
figure and the below copyright notice where appropriate.
You are FORBIDDEN from using the default "About" slide as-is or any of its contents.
Several diagrams taken from 3rd party material:
Attribution/citation made in every case
Refer to each original for redistribution/citation
Facts and data are not in principle copyrightable (ex: constants in header files), however if you
don't feel comfortable with our use of your material then let us know and we'll remove it:
courseware@opersys.com
Copyright (C) 2019, Opersys inc.
These slides created by: Karim Yaghmour
Originals at: http://www.opersys.com/training/

AboutAbout
Introduced Linux Trace Toolkit in 1999
Originated Adeos and relayfs (kernel/relay.c)
Training, Custom Dev, Consulting, ...

TopicsTopics
1. Architecture recap
2. Announced features
3. Overall AOSP changes
4. Changes of interest (preliminary)
5. System services
6. HIDL
7. Root filesystem
8. init
9. Processes
10. AOSP
11. Apex
12. Next?

Architecture recapArchitecture recap

Announced featuresAnnounced features
Security
Connectivity
Telephony
External file storage file creation improvements
Media and graphics
Thermal API
Camera and images
Accessibility services API
etc.
https://developer.android.com/about/versions/10/features

Overall AOSP changesOverall AOSP changes
AOSP 9:
Download size: 79GB
Build time: 2:15h
out/ (emulator): 113GB
Java system services LOC: 450K
AOSP 10:
Download size: 86GB
Build time: 3:30h
out/ (emulator): 86GB
Java system services LOC: 536K
Build system: 6 core Xeon, 32GB RAM, SSD (encrypted disk)

Changes of interest (preliminary)Changes of interest (preliminary)
This is a first pass ...
Apex
About 30 new system services
Init semantic additions
New hmm commands
BPF/BCC
Reworking/moving of some functionality
Several changes require some more work to look at

System servicesSystem services
activity_task: [android.app.IActivityTaskManager]
adb: [android.debug.IAdbManager]
apexservice: [android.apex.IApexService]
app_binding: []
app_prediction: [android.app.prediction.IPredictionManager]
ashmem_device_service: [android.ashmemd.IAshmemDeviceService]
biometric: [android.hardware.biometrics.IBiometricService]
bugreport: [android.os.IDumpstate]
color_display: [android.hardware.display.IColorDisplayManager]
content_suggestions: [android.app.contentsuggestions.IContentSuggestionsManager]
device_config: []
dnsresolver: [android.net.IDnsResolver]

dynamic_system: [android.os.image.IDynamicSystemService]
external_vibrator_service: [android.os.IExternalVibratorService]
gsiservice: []
incidentcompanion: [android.os.IIncidentCompanion]
inputflinger: [android.input.IInputFlinger]
ions: [com.android.internal.telephony.IOns]
ircs: [android.telephony.ims.aidl.IRcs]
looper_stats: []
rcs: [com.android.ims.internal.IRcsService]
role: [android.app.role.IRoleManager]
rollback: [android.content.rollback.IRollbackManager]
runtime: []
sensor_privacy: [android.hardware.ISensorPrivacyManager]

stats: [android.os.IStatsManager]
suspend_control: [android.system.suspend.ISuspendControlService]
testharness: []
time_detector: [android.app.timedetector.ITimeDetectorService]
uri_grants: [android.app.IUriGrantsManager]

HIDLHIDL
New HIDLs toplevel dirs:
atrace
fastboot
input
New in lshal:
android.frameworks.cameraservice.service@2.0::ICameraService/default
android.frameworks.stats@1.0::IStats/default
android.hardware.cas@1.1::IMediaCasService/default
android.hardware.drm@1.2::ICryptoFactory/clearkey
android.hardware.drm@1.2::IDrmFactory/clearkey
android.hardware.media.c2@1.0::IComponentStore/software

android.hardware.thermal@1.0::IThermal/default
android.hardware.thermal@2.0::IThermal/default
android.hardware.wifi.supplicant@1.2::ISupplicant/default
android.hardware.wifi@1.3::IWifi/default
android.hidl.base@1.0::IBase/software
android.hidl.manager@1.2::IServiceManager/default
android.system.suspend@1.0::ISystemSuspend/default

Root filesystemRoot filesystem
/
apex
debug_ramdisk
product_services
res
/system
apex
/data
apex
gsi
local.prop
preloads

/data (cntd)
rollback
rollback-observer
server_configurable_flags
unencrypted

initinit
Useful: diff old and new "main" init.rc
Service options:
interface:
Associates this service with a list of the HIDL services that it provides.
keycodes
Sets the keycodes that will trigger this service.
override:
Indicates that this service definition is meant to override a previous definition for a service
with the same name.
restart_period :
If a non-oneshot service exits, it will be restarted at its start time plus this period.

Sevice options (cntd):
sigstop:
Send SIGSTOP to the service immediately before exec is called.
timeout_period
Provide a timeout after which point the service will be killed.
updatable:
Mark that the service can be overridden (via the 'override' option) later in the boot sequence
by APEXes.
Commands
class_start_post_data
class_reset_post_data
mark_post_data
parse_apex_configs

New way to debug init services:
stop logd
setprop ctl.sigstop_on logd
start logd
ps -e | grep logd
> logd 4343 1 18156 1684 do_signal_stop 538280 T init
gdbclient.py -p 4343
b main
c
c
c
> Breakpoint 1, main (argc=1, argv=0x7ff8c9a488) at system/core/logd/main.cpp:427
stop logd
setprop ctl.sigstop_on logd
start logd
ps -e | grep logd
> logd 4343 1 18156 1684 do_signal_stop 538280 T init
strace -p 4343
(From a different shell)
kill -SIGCONT 4343
> strace runs

ProcessesProcesses
Daemons:
apexd
ashmemd
gpuservice
idmap2d
llkd
mdnsd
mediaserver
qemu-props
statsd
traced
traced_probes

HIDLs:
android.hardware.thermal@2.0-service.mock
android.system.suspend@1.0-service
Apps:
com.android.ims.rcsservice
com.android.networkstack
com.android.permissioncontroller

AOSPAOSP
system:
apex
ashmemd
bpf
bpfprogs
gsid
iorap
libsysprop
linkerconfig
server_configurable_flags
testing
ucontainer

external:
adeb
apache-commons-bcel
apache-commons-compress
ARMComputeLibrary
arm-optimized-routines
bcc
catch2
cldr
deqp-deps
dexmaker
dokka
dynamic_depth

external (cntd):
epid-sdk
fsverity-utils
google-fruit
grpc-grpc
grpc-grpc-java
image_io
iperf3
javapoet
jemalloc_new
libaom
libkmsxx
libprotobuf-mutator

external (cntd):
libutf
lua
minigbm
neon_2_sse
newfs_msdos
opencensus-java
openssh
protobuf-javalite
rapidjson
Reactive-Extensions
setupcompat
setupdesign

external (cntd):
syzkaller
u-boot
ukey2
virglrenderer
vulkan-headers
xz-java
yapf
hmm:
allmod: List all modules.
gomod: Go to the directory containing a module.
pathmod: Get the directory containing a module.
refreshmod: Refresh list of modules for allmod/gomod.

ApexApex
Dynamically update core system components
Official doc:
Alernatives considered (and rejected):
Regular package management systems
dm-crypt for integrity
Redirecting paths from /system to /apex
Based on APK format (uses AndroidManifest.xml)
Packaged as filesystem image
Mounted on loopback at next reboot
Apex "clients" must use apex path
https://android.googlesource.com/platform/system/apex/+/refs/heads/master/docs/RE

Thoughts:
Hey Google, what about "dm-integrity"?
Why not just use a real package management system?
https://archive.fosdem.org/2018/schedule/event/cryptsetup/

Next?Next?
Generic Kernel Image

Thank You!Thank You!
karim.yaghmour@opersys.com