android8-0-0源码分析-应用安装2

前言

本篇介绍第三方apk安装的过程，重点放在dex的优化部分

分析

uml图：

1.触发安装部分

启动代码：

Intent intent = new Intent(Intent.ACTION_VIEW);
//设置intent的数据类型是应用程序application  
intent.setDataAndType(Uri.parse("file://" + apkfile.toString()), "application/vnd.android.package-archive");
//为这个新apk开启一个新的activity栈  
intent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
//开始安装  
startActivity(intent);

启动packageinstaller应用：InstallStart-Activity->PackageInstallerActivity-Activity->InstallInstalling-Activity

public class InstallInstalling extends Activity {
    private static final String LOG_TAG = InstallInstalling.class.getSimpleName();

    private static final String SESSION_ID = "com.android.packageinstaller.SESSION_ID";
    private static final String INSTALL_ID = "com.android.packageinstaller.INSTALL_ID";


    @Override
    protected void onCreate(@Nullable Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);

        setContentView(R.layout.install_installing);

        ApplicationInfo appInfo = getIntent()
                .getParcelableExtra(PackageUtil.INTENT_ATTR_APPLICATION_INFO);
        mPackageURI = getIntent().getData();

        if ("package".equals(mPackageURI.getScheme())) {//查看是否是package路径Uri，发现明显不是
            try {
                getPackageManager().installExistingPackage(appInfo.packageName);
                launchSuccess();
            } catch (PackageManager.NameNotFoundException e) {
                launchFailure(PackageManager.INSTALL_FAILED_INTERNAL_ERROR, null);
            }
        } else {
            final File sourceFile = new File(mPackageURI.getPath());
            PackageUtil.initSnippetForNewApp(this, PackageUtil.getAppSnippet(this, appInfo,
                    sourceFile), R.id.app_snippet);

            if (savedInstanceState != null) { //为null
                mSessionId = savedInstanceState.getInt(SESSION_ID);
                mInstallId = savedInstanceState.getInt(INSTALL_ID);

                // Reregister for result; might instantly call back if result was delivered while
                // activity was destroyed
                try {
                    InstallEventReceiver.addObserver(this, mInstallId,
                            this::launchFinishBasedOnResult);
                } catch (EventResultPersister.OutOfIdsException e) {
                    // Does not happen
                }
            } else {
                PackageInstaller.SessionParams params = new PackageInstaller.SessionParams(
                        PackageInstaller.SessionParams.MODE_FULL_INSTALL);
                params.referrerUri = getIntent().getParcelableExtra(Intent.EXTRA_REFERRER);
                params.originatingUri = getIntent()
                        .getParcelableExtra(Intent.EXTRA_ORIGINATING_URI);
                params.originatingUid = getIntent().getIntExtra(Intent.EXTRA_ORIGINATING_UID,
                        UID_UNKNOWN);

                File file = new File(mPackageURI.getPath());
                try {
                    PackageParser.PackageLite pkg = PackageParser.parsePackageLite(file, 0);
                    params.setAppPackageName(pkg.packageName);
                    params.setInstallLocation(pkg.installLocation);
                    params.setSize(
                            PackageHelper.calculateInstalledSize(pkg, false, params.abiOverride));
                } catch (PackageParser.PackageParserException e) {
                    Log.e(LOG_TAG, "Cannot parse package " + file + ". Assuming defaults.");
                    Log.e(LOG_TAG,
                            "Cannot calculate installed size " + file + ". Try only apk size.");
                    params.setSize(file.length());
                } catch (IOException e) {
                    Log.e(LOG_TAG,
                            "Cannot calculate installed size " + file + ". Try only apk size.");
                    params.setSize(file.length());
                }

                try {
                    mInstallId = InstallEventReceiver
                            .addObserver(this, EventResultPersister.GENERATE_NEW_ID,
                                    this::launchFinishBasedOnResult);
                } catch (EventResultPersister.OutOfIdsException e) {
                    launchFailure(PackageManager.INSTALL_FAILED_INTERNAL_ERROR, null);
                }

                try {//在PackageInstaller创建用于通信的session，关于创建Seeion过程这里不再做叙述
                    mSessionId = getPackageManager().getPackageInstaller().createSession(params);
                } catch (IOException e) {
                    launchFailure(PackageManager.INSTALL_FAILED_INTERNAL_ERROR, null);
                }
            }

            mCancelButton = (Button) findViewById(R.id.cancel_button);

            mCancelButton.setOnClickListener(view -> {
                if (mInstallingTask != null) {
                    mInstallingTask.cancel(true);
                }

                if (mSessionId > 0) {
                    getPackageManager().getPackageInstaller().abandonSession(mSessionId);
                    mSessionId = 0;
                }

                setResult(RESULT_CANCELED);
                finish();
            });

            mSessionCallback = new InstallSessionCallback();
        }
    }

    @Override
    protected void onResume() {
        super.onResume();

        // This is the first onResume in a single life of the activity
        if (mInstallingTask == null) {
            PackageInstaller installer = getPackageManager().getPackageInstaller(); //获取PackageInstaller
            PackageInstaller.SessionInfo sessionInfo = installer.getSessionInfo(mSessionId);//根据在onCreate中创建的SeesionID获取相应session信息

            if (sessionInfo != null && !sessionInfo.isActive()) {
                mInstallingTask = new InstallingAsyncTask(); //创建异步任务
                mInstallingTask.execute(); //执行异步任务
            } else {
                // we will receive a broadcast when the install is finished
                mCancelButton.setEnabled(false);
                setFinishOnTouchOutside(false);
            }
        }
    }

    private final class InstallingAsyncTask extends AsyncTask<Void, Void,
                PackageInstaller.Session> {
        volatile boolean isDone;

        @Override
        protected PackageInstaller.Session doInBackground(Void... params) {
            PackageInstaller.Session session;
            try {//根据SessionId打开PackageInstaller端Session
                session = getPackageManager().getPackageInstaller().openSession(mSessionId);
            } catch (IOException e) {
                return null;
            }

            session.setStagingProgress(0);

            try {
                File file = new File(mPackageURI.getPath());//获取APK安装包

                try (InputStream in = new FileInputStream(file)) {
                    long sizeBytes = file.length();
                    try (OutputStream out = session
                            .openWrite("PackageInstaller", 0, sizeBytes)) {
                        byte[] buffer = new byte[1024 * 1024];
                        while (true) {//读取APK，并通过Session传递APK安装包
                            int numRead = in.read(buffer);

                            if (numRead == -1) {
                                session.fsync(out);
                                break;
                            }

                            if (isCancelled()) {
                                session.close();
                                break;
                            }

                            out.write(buffer, 0, numRead);
                            if (sizeBytes > 0) {
                                float fraction = ((float) numRead / (float) sizeBytes);
                                session.addProgress(fraction);
                            }
                        }
                    }
                }

                return session;
            } catch (IOException | SecurityException e) {
                Log.e(LOG_TAG, "Could not write package", e);

                session.close();

                return null;
            } finally {
                synchronized (this) {
                    isDone = true;
                    notifyAll();
                }
            }
        }

        @Override
        protected void onPostExecute(PackageInstaller.Session session) {
            if (session != null) {
                Intent broadcastIntent = new Intent(BROADCAST_ACTION);
                broadcastIntent.setFlags(Intent.FLAG_RECEIVER_FOREGROUND);
                broadcastIntent.setPackage(
                        getPackageManager().getPermissionControllerPackageName());
                broadcastIntent.putExtra(EventResultPersister.EXTRA_ID, mInstallId);

                PendingIntent pendingIntent = PendingIntent.getBroadcast(
                        InstallInstalling.this,
                        mInstallId,
                        broadcastIntent,
                        PendingIntent.FLAG_UPDATE_CURRENT);

                session.commit(pendingIntent.getIntentSender());//托付给PackageInstaller.Session
                mCancelButton.setEnabled(false);
                setFinishOnTouchOutside(false);
            } else {
                getPackageManager().getPackageInstaller().abandonSession(mSessionId);

                if (!isCancelled()) {
                    launchFailure(PackageManager.INSTALL_FAILED_INVALID_APK, null);
                }
            }
        }
    }
}

1. 获取PackageManager，然后获取其中的PackageInstaller对象
2. 在PackageInstaller中创建用于传输APK安装包以及安装信息的Session，并返回SessionId
3. 创建异步任务，并在异步任务中根据之前返回的SessionId打开PackageInstaller端Session
4. 通过Session将APK安装包以及相关信息传递
5. 在异步任务中onPostExecute方法中执行session.commit(pendingIntent.getIntentSender())

PackageInstaller.Session是记录安装信息的，保证可以继续安装。

调用到PackageInstallerSession的commit。
mHandler.obtainMessage(MSG_COMMIT).sendToTarget();
commitLocked();

private void commitLocked()
        throws PackageManagerException {
    if (mDestroyed) {
        throw new PackageManagerException(INSTALL_FAILED_INTERNAL_ERROR, "Session destroyed");
    }
    if (!mSealed) {
        throw new PackageManagerException(INSTALL_FAILED_INTERNAL_ERROR, "Session not sealed");
    }
    Preconditions.checkNotNull(mPackageName);
    Preconditions.checkNotNull(mSignatures);
    Preconditions.checkNotNull(mResolvedBaseFile);
   .....
    mRelinquished = true;
    mPm.installStage(mPackageName, stageDir, stageCid, localObserver, params,
            mInstallerPackageName, mInstallerUid, user, mCertificates);
}

mPm.installStage(mPackageName, stageDir, stageCid, localObserver, params,mInstallerPackageName, mInstallerUid, user, mCertificates);

4.installStage

PackageManagerServices开始

frameworks\base\services\core\java\com\android\server\pm\PackageManagerService.java

PackageManagerServices.installStage：

void installStage(String packageName, File stagedDir, String stagedCid,
        IPackageInstallObserver2 observer, PackageInstaller.SessionParams sessionParams,
        String installerPackageName, int installerUid, UserHandle user,
        Certificate[][] certificates) {
    if (DEBUG_EPHEMERAL) {
        if ((sessionParams.installFlags & PackageManager.INSTALL_INSTANT_APP) != 0) {
            Slog.d(TAG, "Ephemeral install of " + packageName);
        }
    }
    final VerificationInfo verificationInfo = new VerificationInfo(
            sessionParams.originatingUri, sessionParams.referrerUri,
            sessionParams.originatingUid, installerUid);

    final OriginInfo origin;
    if (stagedDir != null) {
        origin = OriginInfo.fromStagedFile(stagedDir);
    } else {
        origin = OriginInfo.fromStagedContainer(stagedCid);
    }

    final Message msg = mHandler.obtainMessage(INIT_COPY);
    final int installReason = fixUpInstallReason(installerPackageName, installerUid,
            sessionParams.installReason);
    final InstallParams params = new InstallParams(origin, null, observer,
            sessionParams.installFlags, installerPackageName, sessionParams.volumeUuid,
            verificationInfo, user, sessionParams.abiOverride,
            sessionParams.grantedRuntimePermissions, certificates, installReason);
    params.setTraceMethod("installStage").setTraceCookie(System.identityHashCode(params));
    msg.obj = params;

    Trace.asyncTraceBegin(TRACE_TAG_PACKAGE_MANAGER, "installStage",
            System.identityHashCode(msg.obj));
    Trace.asyncTraceBegin(TRACE_TAG_PACKAGE_MANAGER, "queueInstall",
            System.identityHashCode(msg.obj));

    mHandler.sendMessage(msg);
}

发送INIT_COPY消息

5.INIT_COPY

PackageManagerServices.PackageHandler.doHandleMessage：

     void doHandleMessage(Message msg) {
         switch (msg.what) {
             case INIT_COPY: {
                 HandlerParams params = (HandlerParams) msg.obj;
                 int idx = mPendingInstalls.size();
                 if (DEBUG_INSTALL) Slog.i(TAG, "init_copy idx=" + idx + ": " + params);
                 // If a bind was already initiated we dont really
                 // need to do anything. The pending install
                 // will be processed later on.
                 if (!mBound) {
                     Trace.asyncTraceBegin(TRACE_TAG_PACKAGE_MANAGER, "bindingMCS",
                             System.identityHashCode(mHandler));
                     // If this is the only one pending we might
                     // have to bind to the service again.
			//连接服务
                     if (!connectToService()) {
                         Slog.e(TAG, "Failed to bind to media container service");
                         params.serviceError();
                         Trace.asyncTraceEnd(TRACE_TAG_PACKAGE_MANAGER, "bindingMCS",
                                 System.identityHashCode(mHandler));
                         if (params.traceMethod != null) {
                             Trace.asyncTraceEnd(TRACE_TAG_PACKAGE_MANAGER, params.traceMethod,
                                     params.traceCookie);
                         }
                         return;
                     } else {
                         // Once we bind to the service, the first
                         // pending request will be processed.
                         mPendingInstalls.add(idx, params);
                     }
                 } else {
                     mPendingInstalls.add(idx, params);
                     // Already bound to the service. Just make
                     // sure we trigger off processing the first request.
                     if (idx == 0) {
                         mHandler.sendEmptyMessage(MCS_BOUND);
                     }
                 }
                 break;
             }
	
......

最后发送了一个MCS_BOUND

6.MCS_BOUND

PackageManagerServices.PackageHandler.doHandleMessage：

case MCS_BOUND: {
    if (DEBUG_INSTALL) Slog.i(TAG, "mcs_bound");
    if (msg.obj != null) {
        mContainerService = (IMediaContainerService) msg.obj;
        Trace.asyncTraceEnd(TRACE_TAG_PACKAGE_MANAGER, "bindingMCS",
                System.identityHashCode(mHandler));
    }
    if (mContainerService == null) {
        if (!mBound) {
            // Something seriously wrong since we are not bound and we are not
            // waiting for connection. Bail out.
            Slog.e(TAG, "Cannot bind to media container service");
            for (HandlerParams params : mPendingInstalls) {
                // Indicate service bind error
                params.serviceError();
                Trace.asyncTraceEnd(TRACE_TAG_PACKAGE_MANAGER, "queueInstall",
                        System.identityHashCode(params));
                if (params.traceMethod != null) {
                    Trace.asyncTraceEnd(TRACE_TAG_PACKAGE_MANAGER,
                            params.traceMethod, params.traceCookie);
                }
                return;
            }
            mPendingInstalls.clear();
        } else {
            Slog.w(TAG, "Waiting to connect to media container service");
        }
    } else if (mPendingInstalls.size() > 0) {
        HandlerParams params = mPendingInstalls.get(0);
        if (params != null) {
            Trace.asyncTraceEnd(TRACE_TAG_PACKAGE_MANAGER, "queueInstall",
                    System.identityHashCode(params));
            Trace.traceBegin(TRACE_TAG_PACKAGE_MANAGER, "startCopy");
            if (params.startCopy()) {
                // We are done...  look for more work or to
                // go idle.
                if (DEBUG_SD_INSTALL) Log.i(TAG,
                        "Checking for more work or unbind...");
                // Delete pending install
                if (mPendingInstalls.size() > 0) {
                    mPendingInstalls.remove(0);
                }
                if (mPendingInstalls.size() == 0) {
                    if (mBound) {
                        if (DEBUG_SD_INSTALL) Log.i(TAG,
                                "Posting delayed MCS_UNBIND");
                        removeMessages(MCS_UNBIND);
                        Message ubmsg = obtainMessage(MCS_UNBIND);
                        // Unbind after a little delay, to avoid
                        // continual thrashing.
                        sendMessageDelayed(ubmsg, 10000);
                    }
                } else {
                    // There are more pending requests in queue.
                    // Just post MCS_BOUND message to trigger processing
                    // of next pending install.
                    if (DEBUG_SD_INSTALL) Log.i(TAG,
                            "Posting MCS_BOUND for next work");
                    mHandler.sendEmptyMessage(MCS_BOUND);
                }
            }
            Trace.traceEnd(TRACE_TAG_PACKAGE_MANAGER);
        }
    } else {
        // Should never happen ideally.
        Slog.w(TAG, "Empty queue");
    }
    break;
}

7.startCopy

PackageManagerServices.HandlerParams.startCopy

final boolean startCopy() {
    boolean res;
    try {
        if (DEBUG_INSTALL) Slog.i(TAG, "startCopy " + mUser + ": " + this);

        if (++mRetries > MAX_RETRIES) {
            Slog.w(TAG, "Failed to invoke remote methods on default container service. Giving up");
            mHandler.sendEmptyMessage(MCS_GIVE_UP);
            handleServiceError();
            return false;
        } else {
            handleStartCopy();
            res = true;
        }
    } catch (RemoteException e) {
        if (DEBUG_INSTALL) Slog.i(TAG, "Posting install MCS_RECONNECT");
        mHandler.sendEmptyMessage(MCS_RECONNECT);
        res = false;
    }
    handleReturnCode();
    return res;
}

重点俩步操作handleStartCopy与handleReturnCode。

8.handleStartCopy

PackageManagerServices.InstallParams.handleStartCopy

     /*
      * Invoke remote method to get package information and install
      * location values. Override install location based on default
      * policy if needed and then create install arguments based
      * on the install location.
      */
     public void handleStartCopy() throws RemoteException {
         int ret = PackageManager.INSTALL_SUCCEEDED;

......

         final boolean onSd = (installFlags & PackageManager.INSTALL_EXTERNAL) != 0;
         final boolean onInt = (installFlags & PackageManager.INSTALL_INTERNAL) != 0;
         final boolean ephemeral = (installFlags & PackageManager.INSTALL_INSTANT_APP) != 0;
         PackageInfoLite pkgLite = null;

         if (onInt && onSd) {
             // Check if both bits are set.
             Slog.w(TAG, "Conflicting flags specified for installing on both internal and external");
             ret = PackageManager.INSTALL_FAILED_INVALID_INSTALL_LOCATION;
         } else if (onSd && ephemeral) {
             Slog.w(TAG,  "Conflicting flags specified for installing ephemeral on external");
             ret = PackageManager.INSTALL_FAILED_INVALID_INSTALL_LOCATION;
         } else {
             pkgLite = mContainerService.getMinimalPackageInfo(origin.resolvedPath, installFlags,
                     packageAbiOverride);

             if (DEBUG_EPHEMERAL && ephemeral) {
                 Slog.v(TAG, "pkgLite for install: " + pkgLite);
             }

             /*
              * If we have too little free space, try to free cache
              * before giving up.
              */
             if (!origin.staged && pkgLite.recommendedInstallLocation
                     == PackageHelper.RECOMMEND_FAILED_INSUFFICIENT_STORAGE) {
                 // TODO: focus freeing disk space on the target device
                 final StorageManager storage = StorageManager.from(mContext);
                 final long lowThreshold = storage.getStorageLowBytes(
                         Environment.getDataDirectory());

                 final long sizeBytes = mContainerService.calculateInstalledSize(
                         origin.resolvedPath, isForwardLocked(), packageAbiOverride);

                 try {
                     mInstaller.freeCache(null, sizeBytes + lowThreshold, 0, 0);
                     pkgLite = mContainerService.getMinimalPackageInfo(origin.resolvedPath,
                             installFlags, packageAbiOverride);
                 } catch (InstallerException e) {
                     Slog.w(TAG, "Failed to free cache", e);
                 }

                 /*
                  * The cache free must have deleted the file we
                  * downloaded to install.
                  *
                  * TODO: fix the "freeCache" call to not delete
                  *       the file we care about.
                  */
                 if (pkgLite.recommendedInstallLocation
                         == PackageHelper.RECOMMEND_FAILED_INVALID_URI) {
                     pkgLite.recommendedInstallLocation
                         = PackageHelper.RECOMMEND_FAILED_INSUFFICIENT_STORAGE;
                 }
             }
         }

......

                 /*
                  * No package verification is enabled, so immediately start
                  * the remote call to initiate copy using temporary file.
                  */
                 ret = args.copyApk(mContainerService, true);
             }
         }

         mRet = ret;
     }

handleStartCopy的核心是copyApk,其他的都是些存储空间检查,权限检查等等安全校验。

9.handleReturnCode

PackageManagerServices.InstallParams.handleReturnCode

@Override
void handleReturnCode() {
    // If mArgs is null, then MCS couldn't be reached. When it
    // reconnects, it will try again to install. At that point, this
    // will succeed.
    if (mArgs != null) {
        processPendingInstall(mArgs, mRet);
    }
}

调回PackageManagerServices

10.processPendingInstall

PackageManagerServices.processPendingInstall

private void processPendingInstall(final InstallArgs args, final int currentStatus) {
    // Queue up an async operation since the package installation may take a little while.
    mHandler.post(new Runnable() {
        public void run() {
            mHandler.removeCallbacks(this);
             // Result object to be returned
            PackageInstalledInfo res = new PackageInstalledInfo();
            res.setReturnCode(currentStatus);
            res.uid = -1;
            res.pkg = null;
            res.removedInfo = null;
            if (res.returnCode == PackageManager.INSTALL_SUCCEEDED) {
                args.doPreInstall(res.returnCode);//删除安装残留文件
                synchronized (mInstallLock) {
                    installPackageTracedLI(args, res);//安装apk
                }
                args.doPostInstall(res.returnCode, res.uid);
            }

            // A restore should be performed at this point if (a) the install
            // succeeded, (b) the operation is not an update, and (c) the new
            // package has not opted out of backup participation.
            final boolean update = res.removedInfo != null
                    && res.removedInfo.removedPackage != null;
            final int flags = (res.pkg == null) ? 0 : res.pkg.applicationInfo.flags;
            boolean doRestore = !update
                    && ((flags & ApplicationInfo.FLAG_ALLOW_BACKUP) != 0);

            // Set up the post-install work request bookkeeping.  This will be used
            // and cleaned up by the post-install event handling regardless of whether
            // there's a restore pass performed.  Token values are >= 1.
            int token;
            if (mNextInstallToken < 0) mNextInstallToken = 1;
            token = mNextInstallToken++;

            PostInstallData data = new PostInstallData(args, res);
            mRunningInstalls.put(token, data);
            if (DEBUG_INSTALL) Log.v(TAG, "+ starting restore round-trip " + token);

            if (res.returnCode == PackageManager.INSTALL_SUCCEEDED && doRestore) {
                // Pass responsibility to the Backup Manager.  It will perform a
                // restore if appropriate, then pass responsibility back to the
                // Package Manager to run the post-install observer callbacks
                // and broadcasts.
                IBackupManager bm = IBackupManager.Stub.asInterface(
                        ServiceManager.getService(Context.BACKUP_SERVICE));
                if (bm != null) {
                    if (DEBUG_INSTALL) Log.v(TAG, "token " + token
                            + " to BM for possible restore");
                    Trace.asyncTraceBegin(TRACE_TAG_PACKAGE_MANAGER, "restore", token);
                    try {
                        // TODO: http://b/22388012
                        if (bm.isBackupServiceActive(UserHandle.USER_SYSTEM)) {
                            bm.restoreAtInstall(res.pkg.applicationInfo.packageName, token);//完成安装
                        } else {
                            doRestore = false;
                        }
                    } catch (RemoteException e) {
                        // can't happen; the backup manager is local
                    } catch (Exception e) {
                        Slog.e(TAG, "Exception trying to enqueue restore", e);
                        doRestore = false;
                    }
                } else {
                    Slog.e(TAG, "Backup Manager not found!");
                    doRestore = false;
                }
            }

            if (!doRestore) {
                // No restore possible, or the Backup Manager was mysteriously not
                // available -- just fire the post-install work request directly.
                if (DEBUG_INSTALL) Log.v(TAG, "No restore - queue post-install for " + token);

                Trace.asyncTraceBegin(TRACE_TAG_PACKAGE_MANAGER, "postInstall", token);

                Message msg = mHandler.obtainMessage(POST_INSTALL, token, 0);
                mHandler.sendMessage(msg);
            }
        }
    });
}

调用installPackageTracedLI
最后发送POST_INSTALL消息表示安装成功。

11.installPackageTracedLI

  private void installPackageTracedLI(InstallArgs args, PackageInstalledInfo res) {
      try {
          Trace.traceBegin(TRACE_TAG_PACKAGE_MANAGER, "installPackage");
          installPackageLI(args, res);
      } finally {
          Trace.traceEnd(TRACE_TAG_PACKAGE_MANAGER);
      }
  }
	
	
  private void installPackageLI(InstallArgs args, PackageInstalledInfo res) {

	
......


      if (args.move != null) {
          // We did an in-place move, so dex is ready to roll
          scanFlags |= SCAN_NO_DEX;
          scanFlags |= SCAN_MOVE;

          synchronized (mPackages) {
              final PackageSetting ps = mSettings.mPackages.get(pkgName);
              if (ps == null) {
                  res.setError(INSTALL_FAILED_INTERNAL_ERROR,
                          "Missing settings for moved package " + pkgName);
              }

              // We moved the entire application as-is, so bring over the
              // previously derived ABI information.
              pkg.applicationInfo.primaryCpuAbi = ps.primaryCpuAbiString;
              pkg.applicationInfo.secondaryCpuAbi = ps.secondaryCpuAbiString;
          }

      } else if (!forwardLocked && !pkg.applicationInfo.isExternalAsec()) {
          // Enable SCAN_NO_DEX flag to skip dexopt at a later stage
          scanFlags |= SCAN_NO_DEX;

          try {
              String abiOverride = (TextUtils.isEmpty(pkg.cpuAbiOverride) ?
                  args.abiOverride : pkg.cpuAbiOverride);
              final boolean extractNativeLibs = !pkg.isLibrary();
              derivePackageAbi(pkg, new File(pkg.codePath), abiOverride,
                      extractNativeLibs, mAppLib32InstallDir);
          } catch (PackageManagerException pme) {
              Slog.e(TAG, "Error deriving application ABI", pme);
              res.setError(INSTALL_FAILED_INTERNAL_ERROR, "Error deriving application ABI");
              return;
          }

          // Shared libraries for the package need to be updated.
          synchronized (mPackages) {
              try {
                  updateSharedLibrariesLPr(pkg, null);
              } catch (PackageManagerException e) {
                  Slog.e(TAG, "updateAllSharedLibrariesLPw failed: " + e.getMessage());
              }
          }

          // dexopt can take some time to complete, so, for instant apps, we skip this
          // step during installation. Instead, we'll take extra time the first time the
          // instant app starts. It's preferred to do it this way to provide continuous
          // progress to the user instead of mysteriously blocking somewhere in the
          // middle of running an instant app. The default behaviour can be overridden
          // via gservices.
          if (!instantApp || Global.getInt(
                      mContext.getContentResolver(), Global.INSTANT_APP_DEXOPT_ENABLED, 0) != 0) {
              Trace.traceBegin(TRACE_TAG_PACKAGE_MANAGER, "dexopt");
              // Do not run PackageDexOptimizer through the local performDexOpt
              // method because `pkg` may not be in `mPackages` yet.
              //
              // Also, don't fail application installs if the dexopt step fails.
		//dexopt操作！！！！！！！！！！！！！！！！！！
              mPackageDexOptimizer.performDexOpt(pkg, pkg.usesLibraryFiles,
                      null /* instructionSets */, false /* checkProfiles */,
                      getCompilerFilterForReason(REASON_INSTALL),
                      getOrCreateCompilerPackageStats(pkg),
                      mDexManager.isUsedByOtherApps(pkg.packageName));
              Trace.traceEnd(TRACE_TAG_PACKAGE_MANAGER);
          }

          // Notify BackgroundDexOptService that the package has been changed.
          // If this is an update of a package which used to fail to compile,
          // BDOS will remove it from its blacklist.
          // TODO: Layering violation
          BackgroundDexOptService.notifyPackageChanged(pkg.packageName);
      }

      if (!args.doRename(res.returnCode, pkg, oldCodePath)) {
          res.setError(INSTALL_FAILED_INSUFFICIENT_STORAGE, "Failed rename");
          return;
      }

      startIntentFilterVerifications(args.user.getIdentifier(), replace, pkg);

      try (PackageFreezer freezer = freezePackageForInstall(pkgName, installFlags,
              "installPackageLI")) {
          if (replace) {
              if (pkg.applicationInfo.isStaticSharedLibrary()) {
                  // Static libs have a synthetic package name containing the version
                  // and cannot be updated as an update would get a new package name,
                  // unless this is the exact same version code which is useful for
                  // development.
                  PackageParser.Package existingPkg = mPackages.get(pkg.packageName);
                  if (existingPkg != null && existingPkg.mVersionCode != pkg.mVersionCode) {
                      res.setError(INSTALL_FAILED_DUPLICATE_PACKAGE, "Packages declaring "
                              + "static-shared libs cannot be updated");
                      return;
                  }
              }
		//更新已经存在的packages
              replacePackageLIF(pkg, parseFlags, scanFlags | SCAN_REPLACING, args.user,
                      installerPackageName, res, args.installReason);
          } else {
		//安装新的packages
              installNewPackageLIF(pkg, parseFlags, scanFlags | SCAN_DELETE_DATA_ON_FAILURES,
                      args.user, installerPackageName, volumeUuid, res, args.installReason);
          }
      }

      synchronized (mPackages) {
          final PackageSetting ps = mSettings.mPackages.get(pkgName);
          if (ps != null) {
              res.newUsers = ps.queryInstalledUsers(sUserManager.getUserIds(), true);
              ps.setUpdateAvailable(false /*updateAvailable*/);
          }

          final int childCount = (pkg.childPackages != null) ? pkg.childPackages.size() : 0;
          for (int i = 0; i < childCount; i++) {
              PackageParser.Package childPkg = pkg.childPackages.get(i);
              PackageInstalledInfo childRes = res.addedChildPackages.get(childPkg.packageName);
              PackageSetting childPs = mSettings.getPackageLPr(childPkg.packageName);
              if (childPs != null) {
                  childRes.newUsers = childPs.queryInstalledUsers(
                          sUserManager.getUserIds(), true);
              }
          }

          if (res.returnCode == PackageManager.INSTALL_SUCCEEDED) {
              updateSequenceNumberLP(ps, res.newUsers);
              updateInstantAppInstallerLocked(pkgName);
          }
      }
  }

installPackageTracedLI方法将apk进行解析，然后进行dex到opt文件操作，之后安装apk
这个方法先是解析了package包,然后做了大量签名和权限校验的工作。

12.installNewPackageLIF

PackageManagerServices.installNewPackageLIF：

/*
 * Install a non-existing package.
 */
private void installNewPackageLIF(PackageParser.Package pkg, final int policyFlags,
        int scanFlags, UserHandle user, String installerPackageName, String volumeUuid,
        PackageInstalledInfo res, int installReason) {
    Trace.traceBegin(TRACE_TAG_PACKAGE_MANAGER, "installNewPackage");

    // Remember this for later, in case we need to rollback this install
    String pkgName = pkg.packageName;

    if (DEBUG_INSTALL) Slog.d(TAG, "installNewPackageLI: " + pkg);

    synchronized(mPackages) {
        final String renamedPackage = mSettings.getRenamedPackageLPr(pkgName);
        if (renamedPackage != null) {
            // A package with the same name is already installed, though
            // it has been renamed to an older name.  The package we
            // are trying to install should be installed as an update to
            // the existing one, but that has not been requested, so bail.
            res.setError(INSTALL_FAILED_ALREADY_EXISTS, "Attempt to re-install " + pkgName
                    + " without first uninstalling package running as "
                    + renamedPackage);
            return;
        }
        if (mPackages.containsKey(pkgName)) {
            // Don't allow installation over an existing package with the same name.
            res.setError(INSTALL_FAILED_ALREADY_EXISTS, "Attempt to re-install " + pkgName
                    + " without first uninstalling.");
            return;
        }
    }

    try {
        PackageParser.Package newPackage = scanPackageTracedLI(pkg, policyFlags, scanFlags,
                System.currentTimeMillis(), user);  //调用到scanPackageLI(scanFile, parseFlags, scanFlags, currentTime, user);

        updateSettingsLI(newPackage, installerPackageName, null, res, user, installReason);

        if (res.returnCode == PackageManager.INSTALL_SUCCEEDED) {
            prepareAppDataAfterInstallLIF(newPackage);

        } else {
            // Remove package from internal structures, but keep around any
            // data that might have already existed
            deletePackageLIF(pkgName, UserHandle.ALL, false, null,
                    PackageManager.DELETE_KEEP_DATA, res.removedInfo, true, null);
        }
    } catch (PackageManagerException e) {
        res.setError("Package couldn't be installed in " + pkg.codePath, e);
    }

    Trace.traceEnd(TRACE_TAG_PACKAGE_MANAGER);
}

scanPackageTracedLI调用到参数为5且首为package的scanPackageLI。
scanPackageLI负责安装,而updateSettingLI则是完成安装后的设置信息更新

private PackageParser.Package scanPackageTracedLI(PackageParser.Package pkg,
        final int policyFlags, int scanFlags, long currentTime, @Nullable UserHandle user)
                throws PackageManagerException {
    Trace.traceBegin(TRACE_TAG_PACKAGE_MANAGER, "scanPackage");
    // If the package has children and this is the first dive in the function
    // we recursively scan the package with the SCAN_CHECK_ONLY flag set to see
    // whether all packages (parent and children) would be successfully scanned
    // before the actual scan since scanning mutates internal state and we want
    // to atomically install the package and its children.
    if ((scanFlags & SCAN_CHECK_ONLY) == 0) {
        if (pkg.childPackages != null && pkg.childPackages.size() > 0) {
            scanFlags |= SCAN_CHECK_ONLY;
        }
    } else {
        scanFlags &= ~SCAN_CHECK_ONLY;
    }

    final PackageParser.Package scannedPkg;
    try {
        // Scan the parent
        scannedPkg = scanPackageLI(pkg, policyFlags, scanFlags, currentTime, user);
        // Scan the children
        final int childCount = (pkg.childPackages != null) ? pkg.childPackages.size() : 0;
        for (int i = 0; i < childCount; i++) {
            PackageParser.Package childPkg = pkg.childPackages.get(i);
            scanPackageLI(childPkg, policyFlags,
                    scanFlags, currentTime, user);
        }
    } finally {
        Trace.traceEnd(TRACE_TAG_PACKAGE_MANAGER);
    }

    if ((scanFlags & SCAN_CHECK_ONLY) != 0) {
        return scanPackageTracedLI(pkg, policyFlags, scanFlags, currentTime, user);
    }

    return scannedPkg;
}

这里与系统安装一样了。

13.performDexOpt

接下来到看installPackageLI内的
mPackageDexOptimizer.performDexOpt()调用。这里与系统扫描时的优化相同了。
注意PackageDexOptimizer.performDexOpt->performDexOptLI->dexOptPath->Installer.dexopt->InstalldNativeService.dexopt->dexopt.dexopt

在frameworks\base\services\core\java\com\android\server\pm\PackageDexOptimizer.java类中。

   int performDexOpt(PackageParser.Package pkg, String[] sharedLibraries,
           String[] instructionSets, boolean checkProfiles, String targetCompilationFilter,
           CompilerStats.PackageStats packageStats, boolean isUsedByOtherApps) {
       if (!canOptimizePackage(pkg)) {
           return DEX_OPT_SKIPPED;
       }
       synchronized (mInstallLock) {
           final long acquireTime = acquireWakeLockLI(pkg.applicationInfo.uid);
           try {
               return performDexOptLI(pkg, sharedLibraries, instructionSets, checkProfiles,
                       targetCompilationFilter, packageStats, isUsedByOtherApps);
           } finally {
               releaseWakeLockLI(acquireTime);
           }
       }
   }


private int performDexOptLI(PackageParser.Package pkg, String[] sharedLibraries,
           String[] targetInstructionSets, boolean checkForProfileUpdates,
           String targetCompilerFilter, CompilerStats.PackageStats packageStats,
           boolean isUsedByOtherApps) {
      ......
       final String[] dexCodeInstructionSets = getDexCodeInstructionSets(instructionSets);
	//获取dexcode路径
       final List<String> paths = pkg.getAllCodePaths(); 
       final int sharedGid = UserHandle.getSharedAppGid(pkg.applicationInfo.uid);

       final String compilerFilter = getRealCompilerFilter(pkg.applicationInfo,
               targetCompilerFilter, isUsedByOtherApps);
       final boolean profileUpdated = checkForProfileUpdates &&
               isProfileUpdated(pkg, sharedGid, compilerFilter);

       final String sharedLibrariesPath = getSharedLibrariesPath(sharedLibraries);
       // Get the dexopt flags after getRealCompilerFilter to make sure we get the correct flags.
       final int dexoptFlags = getDexFlags(pkg, compilerFilter);
       // Get the dependencies of each split in the package. For each code path in the package,
       // this array contains the relative paths of each split it depends on, separated by colons.
       String[] splitDependencies = getSplitDependencies(pkg);

       int result = DEX_OPT_SKIPPED;
	
	//取每个路径
       for (int i = 0; i < paths.size(); i++) {
           // Skip paths that have no code.
           if ((i == 0 && (pkg.applicationInfo.flags & ApplicationInfo.FLAG_HAS_CODE) == 0) ||
                   (i != 0 && (pkg.splitFlags[i - 1] & ApplicationInfo.FLAG_HAS_CODE) == 0)) {
               continue;
           }
           // Append shared libraries with split dependencies for this split.
           String path = paths.get(i);
           String sharedLibrariesPathWithSplits;
           if (sharedLibrariesPath != null && splitDependencies[i] != null) {
               sharedLibrariesPathWithSplits = sharedLibrariesPath + ":" + splitDependencies[i];
           } else {
               sharedLibrariesPathWithSplits =
                       splitDependencies[i] != null ? splitDependencies[i] : sharedLibrariesPath;
           }
		
		//对每个指令集
           for (String dexCodeIsa : dexCodeInstructionSets) {
               int newResult = dexOptPath(pkg, path, dexCodeIsa, compilerFilter, profileUpdated,
                       sharedLibrariesPathWithSplits, dexoptFlags, sharedGid, packageStats);
               // The end result is:
               //  - FAILED if any path failed,
               //  - PERFORMED if at least one path needed compilation,
               //  - SKIPPED when all paths are up to date
               if ((result != DEX_OPT_FAILED) && (newResult != DEX_OPT_SKIPPED)) {
                   result = newResult;
               }
           }
       }
       return result;
   }

performDexOptLI调用dexOptPath传入每个dex文件与指令集。

14.dexOptPath

/**
 * Performs dexopt on the {@code path} belonging to the package {@code pkg}.
 *
 * @return
 *      DEX_OPT_FAILED if there was any exception during dexopt
 *      DEX_OPT_PERFORMED if dexopt was performed successfully on the given path.
 *      DEX_OPT_SKIPPED if the path does not need to be deopt-ed.
 */
@GuardedBy("mInstallLock")
private int dexOptPath(PackageParser.Package pkg, String path, String isa,
        String compilerFilter, boolean profileUpdated, String sharedLibrariesPath,
        int dexoptFlags, int uid, CompilerStats.PackageStats packageStats) {
    int dexoptNeeded = getDexoptNeeded(path, isa, compilerFilter, profileUpdated);

    // TODO(calin): there's no need to try to create the oat dir over and over again,
    //              especially since it involve an extra installd call. We should create
    //              if (if supported) on the fly during the dexopt call.
    String oatDir = createOatDirIfSupported(pkg, isa);

    try {
        long startTime = System.currentTimeMillis();

        mInstaller.dexopt(path, uid, pkg.packageName, isa, dexoptNeeded, oatDir, dexoptFlags,
                compilerFilter, pkg.volumeUuid, sharedLibrariesPath, pkg.applicationInfo.seInfo);

        if (packageStats != null) {
            long endTime = System.currentTimeMillis();
            packageStats.setCompileTime(path, (int)(endTime - startTime));
        }
        return DEX_OPT_PERFORMED;
    } catch (InstallerException e) {
        Slog.w(TAG, "Failed to dexopt", e);
        return DEX_OPT_FAILED;
    }
}

调用核心 mInstaller.dexopt(path, uid, pkg.packageName, isa, dexoptNeeded, oatDir, dexoptFlags,compilerFilter, pkg.volumeUuid, sharedLibrariesPath, pkg.applicationInfo.seInfo);

15.Installer.dexopt

加下来进入frameworks\base\services\core\java\com\android\server\pm\Installer.java类。

public void dexopt(String apkPath, int uid, @Nullable String pkgName, String instructionSet,
        int dexoptNeeded, @Nullable String outputPath, int dexFlags,
        String compilerFilter, @Nullable String volumeUuid, @Nullable String sharedLibraries,
        @Nullable String seInfo)
        throws InstallerException {
    assertValidInstructionSet(instructionSet);
    if (!checkBeforeRemote()) return;
    try {
        mInstalld.dexopt(apkPath, uid, pkgName, instructionSet, dexoptNeeded, outputPath,
                dexFlags, compilerFilter, volumeUuid, sharedLibraries, seInfo);
    } catch (Exception e) {
        throw InstallerException.from(e);
    }
}

调用了mInstalld的dexopt。
PackageManagerServcie负责应用的安装，卸载等相关工作。但是installd才是负责干活的，通过PackageManagerService来访问的installd服务来执行程序包的安装与卸载。
PackageManagerService只有system权限。installd却是具有root权限，installd启动是在init进程解析init.rc时。

service installd /system/bin/installd
    class main

在：
frameworks\native\cmds\installd\installd.cpp

int main(const int argc, char *argv[]) {
    return android::installd::installd_main(argc, argv);
}

static int installd_main(const int argc ATTRIBUTE_UNUSED, char *argv[]) {
    int ret;
    int selinux_enabled = (is_selinux_enabled() > 0);

	......

    if ((ret = InstalldNativeService::start()) != android::OK) {
        SLOGE("Unable to start InstalldNativeService: %d", ret);
        exit(1);
    }

    IPCThreadState::self()->joinThreadPool();

    LOG(INFO) << "installd shutting down";

    return 0;
}

InstalldNativeService是通过binder实现的nativeserver

其在frameworks\native\cmds\installd\InstalldNativeService.cpp

status_t InstalldNativeService::start() {
    IPCThreadState::self()->disableBackgroundScheduling(true);
    status_t ret = BinderService<InstalldNativeService>::publish();
    if (ret != android::OK) {
        return ret;
    }
    sp<ProcessState> ps(ProcessState::self());
    ps->startThreadPool();
    ps->giveThreadPoolName();
    return android::OK;
}

BinderService在frameworks\native\libs\binder\include\binder\BinderService.h

   static status_t publish(bool allowIsolated = false) {
       sp<IServiceManager> sm(defaultServiceManager());
       return sm->addService(
               String16(SERVICE::getServiceName()),
               new SERVICE(), allowIsolated);
   }

InstalldNativeService内：
static char const* getServiceName() { return "installd"; }

可见InstalldNativeService将自己注册到servicemanager。用的是BinderService的模板类方法。加入到ServiceManager中的名字正是installd。

16.InstalldNativeService.dexopt

因此最后dex优化调用到：InstalldNativeService.dexopt

binder::Status InstalldNativeService::dexopt(const std::string& apkPath, int32_t uid,
        const std::unique_ptr<std::string>& packageName, const std::string& instructionSet,
        int32_t dexoptNeeded, const std::unique_ptr<std::string>& outputPath, int32_t dexFlags,
        const std::string& compilerFilter, const std::unique_ptr<std::string>& uuid,
        const std::unique_ptr<std::string>& sharedLibraries,
        const std::unique_ptr<std::string>& seInfo) {
    ENFORCE_UID(AID_SYSTEM);
    CHECK_ARGUMENT_UUID(uuid);
    if (packageName && *packageName != "*") {
        CHECK_ARGUMENT_PACKAGE_NAME(*packageName);
    }
    std::lock_guard<std::recursive_mutex> lock(mLock);

    const char* apk_path = apkPath.c_str();
    const char* pkgname = packageName ? packageName->c_str() : "*";
    const char* instruction_set = instructionSet.c_str();
    const char* oat_dir = outputPath ? outputPath->c_str() : nullptr;
    const char* compiler_filter = compilerFilter.c_str();
    const char* volume_uuid = uuid ? uuid->c_str() : nullptr;
    const char* shared_libraries = sharedLibraries ? sharedLibraries->c_str() : nullptr;
    const char* se_info = seInfo ? seInfo->c_str() : nullptr;
    int res = android::installd::dexopt(apk_path, uid, pkgname, instruction_set, dexoptNeeded,
            oat_dir, dexFlags, compiler_filter, volume_uuid, shared_libraries, se_info);
    return res ? error(res, "Failed to dexopt") : ok();
}

17.dexopt

android::installd::dexopt的实现在：frameworks\native\cmds\installd\dexopt.cpp

int dexopt(const char* dex_path, uid_t uid, const char* pkgname, const char* instruction_set,
        int dexopt_needed, const char* oat_dir, int dexopt_flags, const char* compiler_filter,
        const char* volume_uuid, const char* shared_libraries, const char* se_info) {
    CHECK(pkgname != nullptr);
    CHECK(pkgname[0] != 0);
    if ((dexopt_flags & ~DEXOPT_MASK) != 0) {
        LOG_FATAL("dexopt flags contains unknown fields\n");
    }

    bool is_public = (dexopt_flags & DEXOPT_PUBLIC) != 0;
    bool debuggable = (dexopt_flags & DEXOPT_DEBUGGABLE) != 0;
    bool boot_complete = (dexopt_flags & DEXOPT_BOOTCOMPLETE) != 0;
    bool profile_guided = (dexopt_flags & DEXOPT_PROFILE_GUIDED) != 0;
    bool is_secondary_dex = (dexopt_flags & DEXOPT_SECONDARY_DEX) != 0;

    // Check if we're dealing with a secondary dex file and if we need to compile it.
    std::string oat_dir_str;
    std::string dex_real_path;

	......
	
    // Open the input file.
	//打开dex输入文件
    unique_fd input_fd(open(dex_path, O_RDONLY, 0));
    if (input_fd.get() < 0) {
        ALOGE("installd cannot open '%s' for input during dexopt\n", dex_path);
        return -1;
    }

    // Create the output OAT file.
	//创建输出的oat文件
    char out_oat_path[PKG_PATH_MAX];
    Dex2oatFileWrapper out_oat_fd = open_oat_out_file(dex_path, oat_dir, is_public, uid,
            instruction_set, is_secondary_dex, out_oat_path);
    if (out_oat_fd.get() < 0) {
        return -1;
    }

    // Open vdex files.
	//创建vdex文件
    Dex2oatFileWrapper in_vdex_fd;
    Dex2oatFileWrapper out_vdex_fd;
    if (!open_vdex_files(dex_path, out_oat_path, dexopt_needed, instruction_set, is_public, uid,
            is_secondary_dex, profile_guided, &in_vdex_fd, &out_vdex_fd)) {
        return -1;
    }

    // Ensure that the oat dir and the compiler artifacts of secondary dex files have the correct
    // selinux context (we generate them on the fly during the dexopt invocation and they don't
    // fully inherit their parent context).
    // Note that for primary apk the oat files are created before, in a separate installd
    // call which also does the restorecon. TODO(calin): unify the paths.
    if (is_secondary_dex) {
        if (selinux_android_restorecon_pkgdir(oat_dir, se_info, uid,
                SELINUX_ANDROID_RESTORECON_RECURSE)) {
            LOG(ERROR) << "Failed to restorecon " << oat_dir;
            return -1;
        }
    }

    // Create a swap file if necessary.
    unique_fd swap_fd = maybe_open_dexopt_swap_file(out_oat_path);

    // Create the app image file if needed.
    Dex2oatFileWrapper image_fd =
            maybe_open_app_image(out_oat_path, profile_guided, is_public, uid, is_secondary_dex);

    // Open the reference profile if needed.
    Dex2oatFileWrapper reference_profile_fd = maybe_open_reference_profile(
            pkgname, dex_path, profile_guided, is_public, uid, is_secondary_dex);

    ALOGV("DexInv: --- BEGIN '%s' ---\n", dex_path);

    pid_t pid = fork();
    if (pid == 0) {
        /* child -- drop privileges before continuing */
        drop_capabilities(uid);

        SetDex2OatScheduling(boot_complete);
        if (flock(out_oat_fd.get(), LOCK_EX | LOCK_NB) != 0) {
            ALOGE("flock(%s) failed: %s\n", out_oat_path, strerror(errno));
            _exit(67);
        }

        run_dex2oat(input_fd.get(),
                    out_oat_fd.get(),
                    in_vdex_fd.get(),
                    out_vdex_fd.get(),
                    image_fd.get(),
                    dex_path,
                    out_oat_path,
                    swap_fd.get(),
                    instruction_set,
                    compiler_filter,
                    debuggable,
                    boot_complete,
                    reference_profile_fd.get(),
                    shared_libraries);
        _exit(68);   /* only get here on exec failure */
    } else {
        int res = wait_child(pid);
        if (res == 0) {
            ALOGV("DexInv: --- END '%s' (success) ---\n", dex_path);
        } else {
            ALOGE("DexInv: --- END '%s' --- status=0x%04x, process failed\n", dex_path, res);
            return res;
        }
    }

    update_out_oat_access_times(dex_path, out_oat_path);

    // We've been successful, don't delete output.
    out_oat_fd.SetCleanup(false);
    out_vdex_fd.SetCleanup(false);
    image_fd.SetCleanup(false);
    reference_profile_fd.SetCleanup(false);

    return 0;
}

创建输出文件，调用run_dex2oat执行优化。
跟踪发现第三方安装的生成位置并不在delvik-cache，该目录下仅有系统自带文件的优化。
自己的优化应该是放在了data/app下。

static void run_dex2oat(int zip_fd, int oat_fd, int input_vdex_fd, int output_vdex_fd, int image_fd,
        const char* input_file_name, const char* output_file_name, int swap_fd,
        const char* instruction_set, const char* compiler_filter,
        bool debuggable, bool post_bootcomplete, int profile_fd, const char* shared_libraries) {
    static const unsigned int MAX_INSTRUCTION_SET_LEN = 7;

    if (strlen(instruction_set) >= MAX_INSTRUCTION_SET_LEN) {
        ALOGE("Instruction set %s longer than max length of %d",
              instruction_set, MAX_INSTRUCTION_SET_LEN);
        return;
    }

    // Get the relative path to the input file.
    const char* relative_input_file_name = get_location_from_path(input_file_name);

    char dex2oat_Xms_flag[kPropertyValueMax];
    bool have_dex2oat_Xms_flag = get_property("dalvik.vm.dex2oat-Xms", dex2oat_Xms_flag, NULL) > 0;

    char dex2oat_Xmx_flag[kPropertyValueMax];
    bool have_dex2oat_Xmx_flag = get_property("dalvik.vm.dex2oat-Xmx", dex2oat_Xmx_flag, NULL) > 0;

    char dex2oat_threads_buf[kPropertyValueMax];
    bool have_dex2oat_threads_flag = get_property(post_bootcomplete
                                                      ? "dalvik.vm.dex2oat-threads"
                                                      : "dalvik.vm.boot-dex2oat-threads",
                                                  dex2oat_threads_buf,
                                                  NULL) > 0;
    char dex2oat_threads_arg[kPropertyValueMax + 2];
    if (have_dex2oat_threads_flag) {
        sprintf(dex2oat_threads_arg, "-j%s", dex2oat_threads_buf);
    }

    char dex2oat_isa_features_key[kPropertyKeyMax];
    sprintf(dex2oat_isa_features_key, "dalvik.vm.isa.%s.features", instruction_set);
    char dex2oat_isa_features[kPropertyValueMax];
    bool have_dex2oat_isa_features = get_property(dex2oat_isa_features_key,
                                                  dex2oat_isa_features, NULL) > 0;

    char dex2oat_isa_variant_key[kPropertyKeyMax];
    sprintf(dex2oat_isa_variant_key, "dalvik.vm.isa.%s.variant", instruction_set);
    char dex2oat_isa_variant[kPropertyValueMax];
    bool have_dex2oat_isa_variant = get_property(dex2oat_isa_variant_key,
                                                 dex2oat_isa_variant, NULL) > 0;

    const char *dex2oat_norelocation = "-Xnorelocate";
    bool have_dex2oat_relocation_skip_flag = false;

    char dex2oat_flags[kPropertyValueMax];
    int dex2oat_flags_count = get_property("dalvik.vm.dex2oat-flags",
                                 dex2oat_flags, NULL) <= 0 ? 0 : split_count(dex2oat_flags);
    ALOGV("dalvik.vm.dex2oat-flags=%s\n", dex2oat_flags);

    // If we are booting without the real /data, don't spend time compiling.
    char vold_decrypt[kPropertyValueMax];
    bool have_vold_decrypt = get_property("vold.decrypt", vold_decrypt, "") > 0;
    bool skip_compilation = (have_vold_decrypt &&
                             (strcmp(vold_decrypt, "trigger_restart_min_framework") == 0 ||
                             (strcmp(vold_decrypt, "1") == 0)));

    bool generate_debug_info = property_get_bool("debug.generate-debug-info", false);

    char app_image_format[kPropertyValueMax];
    char image_format_arg[strlen("--image-format=") + kPropertyValueMax];
    bool have_app_image_format =
            image_fd >= 0 && get_property("dalvik.vm.appimageformat", app_image_format, NULL) > 0;
    if (have_app_image_format) {
        sprintf(image_format_arg, "--image-format=%s", app_image_format);
    }

    char dex2oat_large_app_threshold[kPropertyValueMax];
    bool have_dex2oat_large_app_threshold =
            get_property("dalvik.vm.dex2oat-very-large", dex2oat_large_app_threshold, NULL) > 0;
    char dex2oat_large_app_threshold_arg[strlen("--very-large-app-threshold=") + kPropertyValueMax];
    if (have_dex2oat_large_app_threshold) {
        sprintf(dex2oat_large_app_threshold_arg,
                "--very-large-app-threshold=%s",
                dex2oat_large_app_threshold);
    }

    static const char* DEX2OAT_BIN = "/system/bin/dex2oat";

    static const char* RUNTIME_ARG = "--runtime-arg";

    static const int MAX_INT_LEN = 12;      // '-'+10dig+'\0' -OR- 0x+8dig

    // clang FORTIFY doesn't let us use strlen in constant array bounds, so we
    // use arraysize instead.
    char zip_fd_arg[arraysize("--zip-fd=") + MAX_INT_LEN];
    char zip_location_arg[arraysize("--zip-location=") + PKG_PATH_MAX];
    char input_vdex_fd_arg[arraysize("--input-vdex-fd=") + MAX_INT_LEN];
    char output_vdex_fd_arg[arraysize("--output-vdex-fd=") + MAX_INT_LEN];
    char oat_fd_arg[arraysize("--oat-fd=") + MAX_INT_LEN];
    char oat_location_arg[arraysize("--oat-location=") + PKG_PATH_MAX];
    char instruction_set_arg[arraysize("--instruction-set=") + MAX_INSTRUCTION_SET_LEN];
    char instruction_set_variant_arg[arraysize("--instruction-set-variant=") + kPropertyValueMax];
    char instruction_set_features_arg[arraysize("--instruction-set-features=") + kPropertyValueMax];
    char dex2oat_Xms_arg[arraysize("-Xms") + kPropertyValueMax];
    char dex2oat_Xmx_arg[arraysize("-Xmx") + kPropertyValueMax];
    char dex2oat_compiler_filter_arg[arraysize("--compiler-filter=") + kPropertyValueMax];
    bool have_dex2oat_swap_fd = false;
    char dex2oat_swap_fd[arraysize("--swap-fd=") + MAX_INT_LEN];
    bool have_dex2oat_image_fd = false;
    char dex2oat_image_fd[arraysize("--app-image-fd=") + MAX_INT_LEN];

    sprintf(zip_fd_arg, "--zip-fd=%d", zip_fd);
    sprintf(zip_location_arg, "--zip-location=%s", relative_input_file_name);
    sprintf(input_vdex_fd_arg, "--input-vdex-fd=%d", input_vdex_fd);
    sprintf(output_vdex_fd_arg, "--output-vdex-fd=%d", output_vdex_fd);
    sprintf(oat_fd_arg, "--oat-fd=%d", oat_fd);
    sprintf(oat_location_arg, "--oat-location=%s", output_file_name);
    sprintf(instruction_set_arg, "--instruction-set=%s", instruction_set);
    sprintf(instruction_set_variant_arg, "--instruction-set-variant=%s", dex2oat_isa_variant);
    sprintf(instruction_set_features_arg, "--instruction-set-features=%s", dex2oat_isa_features);
    if (swap_fd >= 0) {
        have_dex2oat_swap_fd = true;
        sprintf(dex2oat_swap_fd, "--swap-fd=%d", swap_fd);
    }
    if (image_fd >= 0) {
        have_dex2oat_image_fd = true;
        sprintf(dex2oat_image_fd, "--app-image-fd=%d", image_fd);
    }

    if (have_dex2oat_Xms_flag) {
        sprintf(dex2oat_Xms_arg, "-Xms%s", dex2oat_Xms_flag);
    }
    if (have_dex2oat_Xmx_flag) {
        sprintf(dex2oat_Xmx_arg, "-Xmx%s", dex2oat_Xmx_flag);
    }

    // Compute compiler filter.

    bool have_dex2oat_compiler_filter_flag = false;
    if (skip_compilation) {
        strcpy(dex2oat_compiler_filter_arg, "--compiler-filter=extract");
        have_dex2oat_compiler_filter_flag = true;
        have_dex2oat_relocation_skip_flag = true;
    } else if (compiler_filter != nullptr) {
        if (strlen(compiler_filter) + strlen("--compiler-filter=") <
                    arraysize(dex2oat_compiler_filter_arg)) {
            sprintf(dex2oat_compiler_filter_arg, "--compiler-filter=%s", compiler_filter);
            have_dex2oat_compiler_filter_flag = true;
        } else {
            ALOGW("Compiler filter name '%s' is too large (max characters is %zu)",
                  compiler_filter,
                  kPropertyValueMax);
        }
    }

    if (!have_dex2oat_compiler_filter_flag) {
        char dex2oat_compiler_filter_flag[kPropertyValueMax];
        have_dex2oat_compiler_filter_flag = get_property("dalvik.vm.dex2oat-filter",
                                                         dex2oat_compiler_filter_flag, NULL) > 0;
        if (have_dex2oat_compiler_filter_flag) {
            sprintf(dex2oat_compiler_filter_arg,
                    "--compiler-filter=%s",
                    dex2oat_compiler_filter_flag);
        }
    }

    // Check whether all apps should be compiled debuggable.
    if (!debuggable) {
        char prop_buf[kPropertyValueMax];
        debuggable =
                (get_property("dalvik.vm.always_debuggable", prop_buf, "0") > 0) &&
                (prop_buf[0] == '1');
    }
    char profile_arg[strlen("--profile-file-fd=") + MAX_INT_LEN];
    if (profile_fd != -1) {
        sprintf(profile_arg, "--profile-file-fd=%d", profile_fd);
    }

    // Get the directory of the apk to pass as a base classpath directory.
    char base_dir[arraysize("--classpath-dir=") + PKG_PATH_MAX];
    std::string apk_dir(input_file_name);
    unsigned long dir_index = apk_dir.rfind('/');
    bool has_base_dir = dir_index != std::string::npos;
    if (has_base_dir) {
        apk_dir = apk_dir.substr(0, dir_index);
        sprintf(base_dir, "--classpath-dir=%s", apk_dir.c_str());
    }


    ALOGV("Running %s in=%s out=%s\n", DEX2OAT_BIN, relative_input_file_name, output_file_name);

    const char* argv[9  // program name, mandatory arguments and the final NULL
                     + (have_dex2oat_isa_variant ? 1 : 0)
                     + (have_dex2oat_isa_features ? 1 : 0)
                     + (have_dex2oat_Xms_flag ? 2 : 0)
                     + (have_dex2oat_Xmx_flag ? 2 : 0)
                     + (have_dex2oat_compiler_filter_flag ? 1 : 0)
                     + (have_dex2oat_threads_flag ? 1 : 0)
                     + (have_dex2oat_swap_fd ? 1 : 0)
                     + (have_dex2oat_image_fd ? 1 : 0)
                     + (have_dex2oat_relocation_skip_flag ? 2 : 0)
                     + (generate_debug_info ? 1 : 0)
                     + (debuggable ? 1 : 0)
                     + (have_app_image_format ? 1 : 0)
                     + dex2oat_flags_count
                     + (profile_fd == -1 ? 0 : 1)
                     + (shared_libraries != nullptr ? 4 : 0)
                     + (has_base_dir ? 1 : 0)
                     + (have_dex2oat_large_app_threshold ? 1 : 0)];
    int i = 0;
    argv[i++] = DEX2OAT_BIN;
    argv[i++] = zip_fd_arg;
    argv[i++] = zip_location_arg;
    argv[i++] = input_vdex_fd_arg;
    argv[i++] = output_vdex_fd_arg;
    argv[i++] = oat_fd_arg;
    argv[i++] = oat_location_arg;
    argv[i++] = instruction_set_arg;
    if (have_dex2oat_isa_variant) {
        argv[i++] = instruction_set_variant_arg;
    }
    if (have_dex2oat_isa_features) {
        argv[i++] = instruction_set_features_arg;
    }
    if (have_dex2oat_Xms_flag) {
        argv[i++] = RUNTIME_ARG;
        argv[i++] = dex2oat_Xms_arg;
    }
    if (have_dex2oat_Xmx_flag) {
        argv[i++] = RUNTIME_ARG;
        argv[i++] = dex2oat_Xmx_arg;
    }
    if (have_dex2oat_compiler_filter_flag) {
        argv[i++] = dex2oat_compiler_filter_arg;
    }
    if (have_dex2oat_threads_flag) {
        argv[i++] = dex2oat_threads_arg;
    }
    if (have_dex2oat_swap_fd) {
        argv[i++] = dex2oat_swap_fd;
    }
    if (have_dex2oat_image_fd) {
        argv[i++] = dex2oat_image_fd;
    }
    if (generate_debug_info) {
        argv[i++] = "--generate-debug-info";
    }
    if (debuggable) {
        argv[i++] = "--debuggable";
    }
    if (have_app_image_format) {
        argv[i++] = image_format_arg;
    }
    if (have_dex2oat_large_app_threshold) {
        argv[i++] = dex2oat_large_app_threshold_arg;
    }
    if (dex2oat_flags_count) {
        i += split(dex2oat_flags, argv + i);
    }
    if (have_dex2oat_relocation_skip_flag) {
        argv[i++] = RUNTIME_ARG;
        argv[i++] = dex2oat_norelocation;
    }
    if (profile_fd != -1) {
        argv[i++] = profile_arg;
    }
    if (shared_libraries != nullptr) {
        argv[i++] = RUNTIME_ARG;
        argv[i++] = "-classpath";
        argv[i++] = RUNTIME_ARG;
        argv[i++] = shared_libraries;
    }
    if (has_base_dir) {
        argv[i++] = base_dir;
    }
    // Do not add after dex2oat_flags, they should override others for debugging.
    argv[i] = NULL;

    execv(DEX2OAT_BIN, (char * const *)argv);
    ALOGE("execv(%s) failed: %s\n", DEX2OAT_BIN, strerror(errno));
}

最后通过execv执行/system/bin/dex2oat 完成oat

有关oat的具体生成研究加固时再分析。