APK的安装过程分析

Package管理服务PackageManagerService在安装一个应用程序的过程中，会对这个应用程序的配置文件AndroidManifest.xml进行解析，以便可以获得它的安装信息。

Android系统中每一个应用程序都有一个Linux用户ID，一个应用程序除了拥有一个linux用户ID之外，还可以拥有若干个Linux用户组ID，以便可以在系统中获得更多的资源访问权限，如读取联系人信息、使用摄像头等权限。

PMS在安装一个应用程序时，如果发现它没有与其他应用程序共享同一个Linux用户ID，那么就会为它分配一个唯一的Linux用户ID，以便它可以在系统中获得合适的运行权限。如果发现它申请了一个特定的资源访问权限，那么就会为它分配一个相应的Linux用户组ID。

分析应用程序的安装过程，主要是关注它的组件信息的解析过程，以及Linux用户ID和Linux用户组ID的分配过程。

System进程在启动时，会调用PMS类的静态成员函数main方法将系统的PMS启动起来。由于PMS在启动过程中会对系统中的应用程序进行安装，因此，接下来就从PMS类的main方法开始分析应用程序的安装过程：

 public static PackageManagerService main(Context context, Installer installer,
         boolean factoryTest, boolean onlyCore) {
     // 实例化PMS
     PackageManagerService m = new PackageManagerService(context, installer,
             factoryTest, onlyCore);
     // 把PMS添加到ServiceManager中
     ServiceManager.addService("package", m);
     return m;
 }

PMS的构造方法完成的主要功能是，扫描android系统中几个目标文件夹中的apk文件，从而建立合适的数据结构以管理诸如Package信息、四大组件信息、权限信息等各种信息。PMS的工作流程相对简单，复杂的是其中用于保存各种信息的数据结构和它们之间的关系，以及影响最终结果的策略控制。

由于代码量较大，采用分段的方法进行分析。

1.扫描目标文件夹之前的准备工作

先看下时序图：

 final int mSdkVersion = Build.VERSION.SDK_INT;
 final Context mContext;
 final boolean mFactoryTest;
 final boolean mOnlyCore;
 final boolean mLazyDexOpt;
 final DisplayMetrics mMetrics;
 final Settings mSettings;
 // Keys are String (package name), values are Package.  This also serves
 // as the lock for the global state.  Methods that must be called with
 // this lock held have the prefix "LP".
 @GuardedBy("mPackages")
 final ArrayMap<String, PackageParser.Package> mPackages =
         new ArrayMap<String, PackageParser.Package>();
 private static final int RADIO_UID = Process.PHONE_UID;
 private static final int LOG_UID = Process.LOG_UID;
 private static final int NFC_UID = Process.NFC_UID;
 private static final int BLUETOOTH_UID = Process.BLUETOOTH_UID;
 private static final int SHELL_UID = Process.SHELL_UID;

 public PackageManagerService(Context context, Installer installer,
         boolean factoryTest, boolean onlyCore) {

     // 编译的SDK版本，若没有定义则APK就无法知道自己运行在Android的哪个版本上
     if (mSdkVersion <= 0) {
         Slog.w(TAG, "**** ro.build.version.sdk not set!");
     }

     mContext = context;
     // 是否运行在工厂模式下
     mFactoryTest = factoryTest;
     // 用于判断是否只扫描系统目录
     mOnlyCore = onlyCore;
     // 如果此系统是eng版本，则扫描Package后，不对其做dex优化
     mLazyDexOpt = "eng".equals(SystemProperties.get("ro.build.type"));
     // 用于存储与显示屏相关的一些属性，如屏幕的宽高、分辨率等信息
     mMetrics = new DisplayMetrics();
     // Settings是用来管理应用程序的安装信息的
     mSettings = new Settings(mPackages);
     // 添加共享用户
     mSettings.addSharedUserLPw("android.uid.system", Process.SYSTEM_UID,
             ApplicationInfo.FLAG_SYSTEM, ApplicationInfo.PRIVATE_FLAG_PRIVILEGED);
     mSettings.addSharedUserLPw("android.uid.phone", RADIO_UID,
             ApplicationInfo.FLAG_SYSTEM, ApplicationInfo.PRIVATE_FLAG_PRIVILEGED);
     mSettings.addSharedUserLPw("android.uid.log", LOG_UID,
             ApplicationInfo.FLAG_SYSTEM, ApplicationInfo.PRIVATE_FLAG_PRIVILEGED);
     mSettings.addSharedUserLPw("android.uid.nfc", NFC_UID,
             ApplicationInfo.FLAG_SYSTEM, ApplicationInfo.PRIVATE_FLAG_PRIVILEGED);
     mSettings.addSharedUserLPw("android.uid.bluetooth", BLUETOOTH_UID,
             ApplicationInfo.FLAG_SYSTEM, ApplicationInfo.PRIVATE_FLAG_PRIVILEGED);
     mSettings.addSharedUserLPw("android.uid.shell", SHELL_UID,
             ApplicationInfo.FLAG_SYSTEM, ApplicationInfo.PRIVATE_FLAG_PRIVILEGED);
     . . .
 }

刚进入构造函数就会遇到第一个较为复杂的数据结构Settings以及它的addSharedUserLPw方法。先看Settings类的构造方法，主要是创建相关的文件夹并设置文件夹的读写权限：

 Settings(Object lock) {
     // Environment.getDataDirectory()获取到的是/data目录
     this(Environment.getDataDirectory(), lock);
 }

 private final Object mLock;
 private final RuntimePermissionPersistence mRuntimePermissionsPersistence;
 private final File mSystemDir;
 private final File mSettingsFilename;
 private final File mBackupSettingsFilename;
 private final File mPackageListFilename;
 private final File mStoppedPackagesFilename;
 private final File mBackupStoppedPackagesFilename;

 Settings(File dataDir, Object lock) {
     mLock = lock;

     mRuntimePermissionsPersistence = new RuntimePermissionPersistence(mLock);

     mSystemDir = new File(dataDir, "system");
     // 创建/data/system文件夹
     mSystemDir.mkdirs();
     // 设置/data/system文件夹的读写权限
     FileUtils.setPermissions(mSystemDir.toString(),
             FileUtils.S_IRWXU|FileUtils.S_IRWXG
             |FileUtils.S_IROTH|FileUtils.S_IXOTH,
             -1, -1);
     mSettingsFilename = new File(mSystemDir, "packages.xml");
     mBackupSettingsFilename = new File(mSystemDir, "packages-backup.xml");
     mPackageListFilename = new File(mSystemDir, "packages.list");
     FileUtils.setPermissions(mPackageListFilename, 0640, SYSTEM_UID, PACKAGE_INFO_GID);

     // Deprecated: Needed for migration
     mStoppedPackagesFilename = new File(mSystemDir, "packages-stopped.xml");
     mBackupStoppedPackagesFilename = new File(mSystemDir, "packages-stopped-backup.xml");
 }

Settings的构造方法会在data目录下创建system目录，用来保存多个系统文件。主要有：

packages.xml：记录系统中所有安装的应用信息，包括基本信息、签名和权限。

packages-backup.xml：packages.xml文件的备份。写文件之前会先备份，写成功后再删除掉备份文件，如果写的时候出现问题，则重启后再读取这两个文件时，如果发现备份文件存在，就会使用备份文件的内容，因为原文件可能已经损坏了。

packages.list：保存普通应用的数据目录和uid等信息。

packages-stopped.xml：记录系统中被强制停止运行的应用信息。系统在强制停止某个应用时，会将应用的信息记录在该文件中。

packages-stopped-backup.xml：packages-stopped.xml文件的备份文件。

 final ArrayMap<String, SharedUserSetting> mSharedUsers = new ArrayMap<String, SharedUserSetting>();

 // 添加共享用户
 SharedUserSetting addSharedUserLPw(String name, int uid, int pkgFlags, int pkgPrivateFlags) {
     // 根据key从map中获取值
     SharedUserSetting s = mSharedUsers.get(name);
     // 如果值不为null并且保存的uid和传递过来的一致，就直接返回结果。uid不一致则返回null
     if (s != null) {
         if (s.userId == uid) {
             return s;
         }
         PackageManagerService.reportSettingsProblem(Log.ERROR,
                 "Adding duplicate shared user, keeping first: " + name);
         return null;
     }
     // 若s为null，则根据传递过来的参数新创建对象
     s = new SharedUserSetting(name, pkgFlags, pkgPrivateFlags);
     s.userId = uid;
     // 在系统中保存值为uid的Linux用户ID，成功返回true
     if (addUserIdLPw(uid, s, name)) {
         // 保存到map中
         mSharedUsers.put(name, s);
         return s;
     }
     return null;
 }

 private final ArrayList<Object> mUserIds = new ArrayList<Object>();
 private final SparseArray<Object> mOtherUserIds = new SparseArray<Object>();

 private boolean addUserIdLPw(int uid, Object obj, Object name) {
     // LAST_APPLICATION_UID = 19999
     if (uid > Process.LAST_APPLICATION_UID) {
         return false;
     }

     // FIRST_APPLICATION_UID = 10000
     if (uid >= Process.FIRST_APPLICATION_UID) {
         // 获取数组的长度
         int N = mUserIds.size();
         // 计算目标索引值
         final int index = uid - Process.FIRST_APPLICATION_UID;
         // 如果目标索引值大于数组长度，则在数组索引值之前的位置都添加null的元素
         while (index >= N) {
             mUserIds.add(null);
             N++;
         }
         // 如果数组的目标索引值位置有不为null的值，说明已经添加过
         if (mUserIds.get(index) != null) {
             PackageManagerService.reportSettingsProblem(Log.ERROR,
                     "Adding duplicate user id: " + uid
                     + " name=" + name);
             return false;
         }
         // 把值放在数组的目标索引位置
         mUserIds.set(index, obj);
     } else {
         // 如果uid < 10000,则把对应的值保存在mOtherUserIds变量中
         if (mOtherUserIds.get(uid) != null) {
             PackageManagerService.reportSettingsProblem(Log.ERROR,
                     "Adding duplicate shared id: " + uid
                             + " name=" + name);
             return false;
         }
         mOtherUserIds.put(uid, obj);
     }
     return true;
 }

至此，对Settings的分析就告一段落了。下面继续分析PMS的构造方法：

 private static final long WATCHDOG_TIMEOUT = 1000*60*10;

 public PackageManagerService(Context context, Installer installer,
         boolean factoryTest, boolean onlyCore) {

     . . .

     // 应用安装器
     mInstaller = installer;
     // 实例化类优化器
     mPackageDexOptimizer = new PackageDexOptimizer(this);
     mMoveCallbacks = new MoveCallbacks(FgThread.get().getLooper());

     mOnPermissionChangeListeners = new OnPermissionChangeListeners(
             FgThread.get().getLooper());

     // 获取当前显示屏信息
     getDefaultDisplayMetrics(context, mMetrics);

     // 获取系统的初始化变量
     SystemConfig systemConfig = SystemConfig.getInstance();
     mGlobalGids = systemConfig.getGlobalGids();
     mSystemPermissions = systemConfig.getSystemPermissions();
     mAvailableFeatures = systemConfig.getAvailableFeatures();

     // 创建一个HandlerThread子类的实例，主要处理应用的安装和卸载
     mHandlerThread = new ServiceThread(TAG,
             Process.THREAD_PRIORITY_BACKGROUND, true /*allowIo*/);
     mHandlerThread.start();
     // 以mHandlerThread线程的looper创建的Handler实例，该Handler运行在mHandlerThread线程
     mHandler = new PackageHandler(mHandlerThread.getLooper());
     // 把mHandler加入到watchdog中
     Watchdog.getInstance().addThread(mHandler, WATCHDOG_TIMEOUT);

     // /data目录
     File dataDir = Environment.getDataDirectory();
     // /data/data目录
     mAppDataDir = new File(dataDir, "data");
     // /data/app目录，保存的是用户自己安装的app
     mAppInstallDir = new File(dataDir, "app");
     mAppLib32InstallDir = new File(dataDir, "app-lib");
     mAsecInternalPath = new File(dataDir, "app-asec").getPath();
     mUserAppDataDir = new File(dataDir, "user");
     // /data/app-parivate目录，保存的是受DRM保护的私有app
     mDrmAppPrivateInstallDir = new File(dataDir, "app-private");
     mRegionalizationAppInstallDir = new File(dataDir, "app-regional");

     // 实例化用户管理服务，多用户时使用
     sUserManager = new UserManagerService(context, this,
             mInstallLock, mPackages);

     // 通过systemConfig获取系统中定义的权限，这些权限保存在/system/etc/permissions目录下的文件中
     ArrayMap<String, SystemConfig.PermissionEntry> permConfig
             = systemConfig.getPermissions();
     for (int i=0; i<permConfig.size(); i++) {
         SystemConfig.PermissionEntry perm = permConfig.valueAt(i);
         // 根据权限名获取基本权限信息
         BasePermission bp = mSettings.mPermissions.get(perm.name);
         if (bp == null) {
             bp = new BasePermission(perm.name, "android", BasePermission.TYPE_BUILTIN);
             // 如果基本权限信息为null，则根据权限名创建它并保存到mSettings.mPermissions中
             mSettings.mPermissions.put(perm.name, bp);
         }
         if (perm.gids != null) {
             bp.setGids(perm.gids, perm.perUser);
         }
     }

     // 通过systemConfig获取系统的共享库列表，并保存在mSharedLibraries中
     ArrayMap<String, String> libConfig = systemConfig.getSharedLibraries();
     for (int i=0; i<libConfig.size(); i++) {
         mSharedLibraries.put(libConfig.keyAt(i),
                 new SharedLibraryEntry(libConfig.valueAt(i), null));
     }

     // 解析SELinux的策略文件
     mFoundPolicyFile = SELinuxMMAC.readInstallPolicy();

     // 恢复上一次的应用程序安装信息，扫描package.xml文件
     mRestoredSettings = mSettings.readLPw(this, sUserManager.getUsers(false),
             mSdkVersion, mOnlyCore);

     // 这里获取的customResolverActivity为空字符串
     String customResolverActivity = Resources.getSystem().getString(
             R.string.config_customResolverActivity);
     if (TextUtils.isEmpty(customResolverActivity)) {
         customResolverActivity = null;
     } else {
         mCustomResolverComponentName = ComponentName.unflattenFromString(
                 customResolverActivity);
     }
     . . .

 }

下面分析下SystemConfig类的方法：

 static SystemConfig sInstance;

 public static SystemConfig getInstance() {
     synchronized (SystemConfig.class) {
         if (sInstance == null) {
             sInstance = new SystemConfig();
         }
         return sInstance;
     }
 }

 SystemConfig() {
     // Read configuration from system
     // Environment.getRootDirectory()获取到的是/system目录
     readPermissions(Environment.buildPath(
             Environment.getRootDirectory(), "etc", "sysconfig"), false);
     // Read configuration from the old permissions dir
     readPermissions(Environment.buildPath(
             Environment.getRootDirectory(), "etc", "permissions"), false);
     // Only read features from OEM config
     readPermissions(Environment.buildPath(
             Environment.getOemDirectory(), "etc", "sysconfig"), true);
     readPermissions(Environment.buildPath(
             Environment.getOemDirectory(), "etc", "permissions"), true);
 }

 void readPermissions(File libraryDir, boolean onlyFeatures) {
     // Read permissions from given directory.
     if (!libraryDir.exists() || !libraryDir.isDirectory()) {
         if (!onlyFeatures) {
             Slog.w(TAG, "No directory " + libraryDir + ", skipping");
         }
         return;
     }
     if (!libraryDir.canRead()) {
         Slog.w(TAG, "Directory " + libraryDir + " cannot be read");
         return;
     }

     // 遍历目标文件夹下所有的.xml文件
     File platformFile = null;
     for (File f : libraryDir.listFiles()) {
         // 最后解析platform.xml文件
         if (f.getPath().endsWith("etc/permissions/platform.xml")) {
             platformFile = f;
             continue;
         }

         if (!f.getPath().endsWith(".xml")) {
             Slog.i(TAG, "Non-xml file " + f + " in " + libraryDir + " directory, ignoring");
             continue;
         }
         if (!f.canRead()) {
             Slog.w(TAG, "Permissions library file " + f + " cannot be read");
             continue;
         }

         // 解析xml文件，保存到相应的变量中
         readPermissionsFromXml(f, onlyFeatures);
     }

     // 最后解析platform.xml文件，该文件的优先级最高
     if (platformFile != null) {
         readPermissionsFromXml(platformFile, onlyFeatures);
     }
 }


 public int[] getGlobalGids() {
     // 该变量保存xml中group标签定义的gid
     return mGlobalGids;
 }

 public SparseArray<ArraySet<String>> getSystemPermissions() {
     // uid为索引，存储一个字符串集合，用于描述指定UID所拥有的权限。解析assign-permission标签而来
     return mSystemPermissions;
 }

 public ArrayMap<String, String> getSharedLibraries() {
     // 解析library标签而来，key为库的名字，value为库文件的位置
     return mSharedLibraries;
 }

 public ArrayMap<String, FeatureInfo> getAvailableFeatures() {
     // 解析feature标签而来。key为feature的字符串描述，value为FeatureInfo对象
     return mAvailableFeatures;
 }

 public ArrayMap<String, PermissionEntry> getPermissions() {
     // 解析permission标签而来，key为权限名，value为PermissionEntry对象。
     return mPermissions;
 }

Android系统每次启动时，都会重新安装一遍系统中的应用程序，但是有些应用程序信息每次安装都是需要保持一致的，如应用程序的Linux用户ID等。否则应用程序每次在系统重启后表现可能不一致。因此PMS每次在安装完成应用程序之后，都需要将它们的信息保存下来，以便下次安装时可以恢复回来。恢复上一次的应用程序安装信息是通过Settings类的readLPw方法实现的。下面就分析下该方法扫描packages.xml文件或其备份文件的过程：

 // 读取应用程序的安装信息
 boolean readLPw(PackageManagerService service, List<UserInfo> users, int sdkVersion,
         boolean onlyCore) {
     FileInputStream str = null;
     // 先检查/data/system/packages-backup.xml文件是否存在，
     // 如果存在就将它的内容作为上一次的应用程序安装信息
     if (mBackupSettingsFilename.exists()) {
         try {
             str = new FileInputStream(mBackupSettingsFilename);
             mReadMessages.append("Reading from backup settings file\n");
             PackageManagerService.reportSettingsProblem(Log.INFO,
                     "Need to read from backup settings file");
             if (mSettingsFilename.exists()) {
                 // 备份文件和原文件都存在时，原文件可能已经损坏了，故这里要删除掉原文件
                 Slog.w(PackageManagerService.TAG, "Cleaning up settings file "
                         + mSettingsFilename);
                 mSettingsFilename.delete();
             }
         } catch (java.io.IOException e) {
             // We'll try for the normal settings file.
         }
     }

     mPendingPackages.clear();
     mPastSignatures.clear();
     mKeySetRefs.clear();

     try {
         // 如果str为null，说明没有读取备份文件，下面要读取原文件
         if (str == null) {
             if (!mSettingsFilename.exists()) {
                 mReadMessages.append("No settings file found\n");
                 PackageManagerService.reportSettingsProblem(Log.INFO,
                         "No settings file; creating initial state");
                 // 如果原文件不存在，根据默认值创建版本信息。
                 findOrCreateVersion(StorageManager.UUID_PRIVATE_INTERNAL);
                 findOrCreateVersion(StorageManager.UUID_PRIMARY_PHYSICAL);
                 return false;
             }
             str = new FileInputStream(mSettingsFilename);
         }
         // 创建解析器
         XmlPullParser parser = Xml.newPullParser();
         parser.setInput(str, StandardCharsets.UTF_8.name());

         int type;
         while ((type = parser.next()) != XmlPullParser.START_TAG
                 && type != XmlPullParser.END_DOCUMENT) {
             ;
         }

         if (type != XmlPullParser.START_TAG) {
             mReadMessages.append("No start tag found in settings file\n");
             PackageManagerService.reportSettingsProblem(Log.WARN,
                     "No start tag found in package manager settings");
             Slog.wtf(PackageManagerService.TAG,
                     "No start tag found in package manager settings");
             return false;
         }

         int outerDepth = parser.getDepth();
         // 开始解析xml文件
         while ((type = parser.next()) != XmlPullParser.END_DOCUMENT
                 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) {
             if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) {
                 continue;
             }

             String tagName = parser.getName();
             if (tagName.equals("package")) {
                 // 解析标签为package的元素，一个应用一个package标签.
                 // 获取上一次安装这个应用程序时所分配给它的Linux用户ID
                 readPackageLPw(parser);
             } else if (tagName.equals("permissions")) {
                 // 解析系统定义了哪些权限，由哪个包定义
                 readPermissionsLPw(mPermissions, parser);
             } else if (tagName.equals("permission-trees")) {
                 readPermissionsLPw(mPermissionTrees, parser);
             } else if (tagName.equals("shared-user")) {
                 // shared-user标签是以sharedUserId的名字为name属性，然后为它分配一个userId赋值给userId属性。
                 // 其他应用用到该sharedUserId的，userId都是shared-user标签中的userId属性值
                 // 解析上一次应用程序安装信息中的共享Linux用户信息
                 readSharedUserLPw(parser);
             }
             . . .
             else {
                 Slog.w(PackageManagerService.TAG, "Unknown element under <packages>: "
                         + parser.getName());
                 XmlUtils.skipCurrentTag(parser);
             }
         }

         str.close();

     } catch (XmlPullParserException e) {
         mReadMessages.append("Error reading: " + e.toString());
         PackageManagerService.reportSettingsProblem(Log.ERROR, "Error reading settings: " + e);
         Slog.wtf(PackageManagerService.TAG, "Error reading package manager settings", e);

     } catch (java.io.IOException e) {
         mReadMessages.append("Error reading: " + e.toString());
         PackageManagerService.reportSettingsProblem(Log.ERROR, "Error reading settings: " + e);
         Slog.wtf(PackageManagerService.TAG, "Error reading package manager settings", e);
     }

     . . .

     // 先看readPackageLPw方法再往下面看
     final int N = mPendingPackages.size();

     // 循环遍历mPendingPackages中的PendingPackage对象，以便为它们所描述的应用程序保存上一次安装时所使用的Linux用户ID
     for (int i = 0; i < N; i++) {
         final PendingPackage pp = mPendingPackages.get(i);
         // 根据uid获取对应的对象，如果在mUserIds或mOtherUserIds中存在一个与userId对应的Object对象，
         // 且该对象是SharedUserSetting的类型，则说明pp所描述的应用程序上一次所使用的Linux用户ID是有效的
         Object idObj = getUserIdLPr(pp.sharedId);
         if (idObj != null && idObj instanceof SharedUserSetting) {
             // 为该应用程序分配一个Linux用户ID
             PackageSetting p = getPackageLPw(pp.name, null, pp.realName,
                     (SharedUserSetting) idObj, pp.codePath, pp.resourcePath,
                     pp.legacyNativeLibraryPathString, pp.primaryCpuAbiString,
                     pp.secondaryCpuAbiString, pp.versionCode, pp.pkgFlags, pp.pkgPrivateFlags,
                     null, true /* add */, false /* allowInstall */);
             if (p == null) {
                 PackageManagerService.reportSettingsProblem(Log.WARN,
                         "Unable to create application package for " + pp.name);
                 continue;
             }
             p.copyFrom(pp);
         } else if (idObj != null) {
             String msg = "Bad package setting: package " + pp.name + " has shared uid "
                     + pp.sharedId + " that is not a shared uid\n";
             mReadMessages.append(msg);
             PackageManagerService.reportSettingsProblem(Log.ERROR, msg);
         } else {
             String msg = "Bad package setting: package " + pp.name + " has shared uid "
                     + pp.sharedId + " that is not defined\n";
             mReadMessages.append(msg);
             PackageManagerService.reportSettingsProblem(Log.ERROR, msg);
         }
     }
     mPendingPackages.clear();
     . . .

     mReadMessages.append("Read completed successfully: " + mPackages.size() + " packages, "
             + mSharedUsers.size() + " shared uids\n");

     return true;
 }

 private static final String ATTR_NAME = "name";
 // 解析标签为package的元素，可以获取到上一次安装这个应用程序时所分配给它的Linux用户ID
 private void readPackageLPw(XmlPullParser parser) throws XmlPullParserException, IOException {
     String name = null;
     String idStr = null;
     String sharedIdStr = null;
     . . .
     try {
         // 应用程序的包名
         name = parser.getAttributeValue(null, ATTR_NAME);
         // 应用程序所使用的独立Linux用户ID
         idStr = parser.getAttributeValue(null, "userId");
         // 应用程序所使用的共享Linux用户ID
         sharedIdStr = parser.getAttributeValue(null, "sharedUserId");
         . . .

         int userId = idStr != null ? Integer.parseInt(idStr) : 0;
         . . .
         if (name == null) {
             // 安装的应用程序包名不能为null，否则上报错误信息
             PackageManagerService.reportSettingsProblem(Log.WARN,
                     "Error in package manager settings: <package> has no name at "
                             + parser.getPositionDescription());
         }
         . . .
         else if (userId > 0) {
             // 检查该应用是否被分配了一个独立的uid，如果是就在系统中保存值为userId的Linux用户ID
             packageSetting = addPackageLPw(name.intern(), realName, new File(codePathStr),
                     new File(resourcePathStr), legacyNativeLibraryPathStr, primaryCpuAbiString,
                     secondaryCpuAbiString, cpuAbiOverrideString, userId, versionCode, pkgFlags,
                     pkgPrivateFlags);
             . . .
         } else if (sharedIdStr != null) {
             // 如果sharedIdStr不为null，说明安装该应用时PMS给它分配了一个共享的uid。此时不能马上保存该uid，
             // 因为这个uid不属于它自己所有，等解析完shared-user节点之后，再为它保存上一次所使用的Linux用户ID
             userId = sharedIdStr != null ? Integer.parseInt(sharedIdStr) : 0;
             if (userId > 0) {
                 // 创建PendingPackage对象并保存在mPendingPackages中，用来描述一个Linux用户ID还未确定的应用程序
                 packageSetting = new PendingPackage(name.intern(), realName, new File(
                         codePathStr), new File(resourcePathStr), legacyNativeLibraryPathStr,
                         primaryCpuAbiString, secondaryCpuAbiString, cpuAbiOverrideString,
                         userId, versionCode, pkgFlags, pkgPrivateFlags);
                 . . .
                 mPendingPackages.add((PendingPackage) packageSetting);
                 . . .
             }
             . . .
         } else {
             PackageManagerService.reportSettingsProblem(Log.WARN,
                     "Error in package manager settings: package " + name + " has bad userId "
                             + idStr + " at " + parser.getPositionDescription());
         }
     } catch (NumberFormatException e) {
         PackageManagerService.reportSettingsProblem(Log.WARN,
                 "Error in package manager settings: package " + name + " has bad userId "
                         + idStr + " at " + parser.getPositionDescription());
     }
 }

 // 在系统中保存值为userId的Linux用户ID
 // 在PMS中，每一个应用程序的安装信息都是使用一个PackageSetting对象来描述的。这些对象保存在mPackages中。
 PackageSetting addPackageLPw(String name, String realName, File codePath, File resourcePath,
         String legacyNativeLibraryPathString, String primaryCpuAbiString, String secondaryCpuAbiString,
         String cpuAbiOverrideString, int uid, int vc, int pkgFlags, int pkgPrivateFlags) {
     // 根据包名获取应用程序的安装信息
     PackageSetting p = mPackages.get(name);
     if (p != null) {
         // 如果应用程序的安装信息不为null，并且uid和目标uid相同则说明PMS已经为该应用程序分配过uid了
         if (p.appId == uid) {
             return p;
         }
         PackageManagerService.reportSettingsProblem(Log.ERROR,
                 "Adding duplicate package, keeping first: " + name);
         return null;
     }
     // 如果mPackages中不存在与该包名对应的PackageSetting对象，则为该应用程序分配一个参数uid所描述的Linux用户ID
     p = new PackageSetting(name, realName, codePath, resourcePath,
             legacyNativeLibraryPathString, primaryCpuAbiString, secondaryCpuAbiString,
             cpuAbiOverrideString, vc, pkgFlags, pkgPrivateFlags);
     p.appId = uid;
     // 在系统中保存保存值为uid的Linux用户ID
     if (addUserIdLPw(uid, p, name)) {
         mPackages.put(name, p);
         return p;
     }
     return null;
 }

 // 解析上一次的应用程序安装信息中的共享Linux用户信息
 private void readSharedUserLPw(XmlPullParser parser) throws XmlPullParserException,IOException {
     String name = null;
     String idStr = null;
     int pkgFlags = 0;
     int pkgPrivateFlags = 0;
     SharedUserSetting su = null;
     try {
         // 获取sharedUserId的名字
         name = parser.getAttributeValue(null, ATTR_NAME);
         // 所有共享该sharedUserId名字的应用程序uid
         idStr = parser.getAttributeValue(null, "userId");
         int userId = idStr != null ? Integer.parseInt(idStr) : 0;
         // system属性用来描述这个共享uid是分配给一个系统类型的应用程序使用的还是分配给一个用户类型的应用程序使用的。
         if ("true".equals(parser.getAttributeValue(null, "system"))) {
             pkgFlags |= ApplicationInfo.FLAG_SYSTEM;
         }
         if (name == null) {
             PackageManagerService.reportSettingsProblem(Log.WARN,
                     "Error in package manager settings: <shared-user> has no name at "
                             + parser.getPositionDescription());
         } else if (userId == 0) {
             PackageManagerService.reportSettingsProblem(Log.WARN,
                     "Error in package manager settings: shared-user " + name
                             + " has bad userId " + idStr + " at "
                             + parser.getPositionDescription());
         } else {
             // 调用addSharedUserLPw方法在系统中为名称为name的共享Linux用户保存一个值为userId的Linux用户
             if ((su = addSharedUserLPw(name.intern(), userId, pkgFlags, pkgPrivateFlags))
                     == null) {
                 PackageManagerService
                         .reportSettingsProblem(Log.ERROR, "Occurred while parsing settings at "
                                 + parser.getPositionDescription());
             }
         }
     } catch (NumberFormatException e) {
         PackageManagerService.reportSettingsProblem(Log.WARN,
                 "Error in package manager settings: package " + name + " has bad userId "
                         + idStr + " at " + parser.getPositionDescription());
     }

     . . .
 }

 // 在系统中为名称为name的共享Linux用户保存一个值为userId的Linux用户
 // 在PMS中，每一个共享Linux用户都是使用一个SharedUserSetting对象来描述的。这些对象保存在mSharedUsers中。
 SharedUserSetting addSharedUserLPw(String name, int uid, int pkgFlags, int pkgPrivateFlags) {
     // 根据包名获取共享应用程序的安装信息，如果存在并且userId等于参数uid的值，则说明PMS已经为该应用程序分配过uid了
     SharedUserSetting s = mSharedUsers.get(name);
     if (s != null) {
         if (s.userId == uid) {
             return s;
         }
         PackageManagerService.reportSettingsProblem(Log.ERROR,
                 "Adding duplicate shared user, keeping first: " + name);
         return null;
     }
     // 如果mSharedUsers中不存在与该包名对应的SharedUserSetting对象，则为该应用程序分配一个参数uid所描述的Linux用户ID
     s = new SharedUserSetting(name, pkgFlags, pkgPrivateFlags);
     s.userId = uid;
     // 在系统中保存保存值为uid的Linux用户ID
     if (addUserIdLPw(uid, s, name)) {
         mSharedUsers.put(name, s);
         return s;
     }
     return null;
 }

 // 为应用程序分配一个Linux用户ID
 private PackageSetting getPackageLPw(String name, PackageSetting origPackage,
         String realName, SharedUserSetting sharedUser, File codePath, File resourcePath,
         String legacyNativeLibraryPathString, String primaryCpuAbiString,
         String secondaryCpuAbiString, int vc, int pkgFlags, int pkgPrivateFlags,
         UserHandle installUser, boolean add, boolean allowInstall) {
     // 根据name从mPackages中获取PackageSetting对象
     PackageSetting p = mPackages.get(name);
     UserManagerService userManager = UserManagerService.getInstance();
     if (p != null) {
         . . .

         // 判断已经存在的p对象的sharedUser是否和传递来的一致，若不一致说明对象p已不能描述应用的安装信息，需要重新分配
         if (p.sharedUser != sharedUser) {
             PackageManagerService.reportSettingsProblem(Log.WARN,
                     "Package " + name + " shared user changed from "
                     + (p.sharedUser != null ? p.sharedUser.name : "<nothing>")
                     + " to "
                     + (sharedUser != null ? sharedUser.name : "<nothing>")
                     + "; replacing with new");
             p = null;
         } else {
             // 判断当前分配的应用是否是系统应用/私有特权应用
             p.pkgFlags |= pkgFlags & ApplicationInfo.FLAG_SYSTEM;
             p.pkgPrivateFlags |= pkgPrivateFlags & ApplicationInfo.PRIVATE_FLAG_PRIVILEGED;
         }
     }
     // p为null说明要重新分配Linux用户ID
     if (p == null) {
         if (origPackage != null) {
             // origPackage不为null说明该应用程序在系统中有一个旧版本
             // 根据旧版本的应用程序创建一个新的PackageSetting对象
             p = new PackageSetting(origPackage.name, name, codePath, resourcePath,
                     legacyNativeLibraryPathString, primaryCpuAbiString, secondaryCpuAbiString,
                     null /* cpuAbiOverrideString */, vc, pkgFlags, pkgPrivateFlags);
             . . .
             // 把旧安装包的userId分配给该应用程序
             p.appId = origPackage.appId;
             . . .
         } else {
             // origPackage为null，说明该应用是一个新安装的应用程序
             // 根据传递过来的参数新建一个PackageSetting对象
             p = new PackageSetting(name, realName, codePath, resourcePath,
                     legacyNativeLibraryPathString, primaryCpuAbiString, secondaryCpuAbiString,
                     null /* cpuAbiOverrideString */, vc, pkgFlags, pkgPrivateFlags);
             p.setTimeStamp(codePath.lastModified());
             p.sharedUser = sharedUser;
             // 如果该应用不是系统应用，则新安装后是停止运行状态
             if ((pkgFlags&ApplicationInfo.FLAG_SYSTEM) == 0) {
                 List<UserInfo> users = getAllUsers();
                 final int installUserId = installUser != null ? installUser.getIdentifier() : 0;
                 if (users != null && allowInstall) {
                     for (UserInfo user : users) {
                         final boolean installed = installUser == null
                                 || (installUserId == UserHandle.USER_ALL
                                     && !isAdbInstallDisallowed(userManager, user.id))
                                 || installUserId == user.id;
                         // 设置该应用是停止运行状态
                         p.setUserState(user.id, COMPONENT_ENABLED_STATE_DEFAULT,
                                 installed,
                                 true, // stopped,
                                 true, // notLaunched
                                 false, // hidden
                                 null, null, null,
                                 false, // blockUninstall
                                 INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_UNDEFINED, 0);
                         writePackageRestrictionsLPr(user.id);
                     }
                 }
             }
             if (sharedUser != null) {
                 // 如果sharedUser不为null，说明该新安装应用程序设置了sharedUserId属性，
                 // 则把sharedUserId的userId分配给该应用
                 p.appId = sharedUser.userId;
             } else {
                 // 如果该新安装应用程序没有设置sharedUserId属性，则需要为该应用程序分配新的Linux用户ID

                 // 根据name值从已经禁用的系统应用程序列表中获取PackageSetting对象
                 PackageSetting dis = mDisabledSysPackages.get(name);
                 if (dis != null) {
                     // 如果dis不为null，说明该应用程序是一个已经禁用的系统应用，此时
                     // 只需用把它原来的userId分配给它即可
                     . . .
                     // 把原来的userId分配给该应用程序
                     p.appId = dis.appId;
                     . . .
                     // 在系统中保存保存值为uid的Linux用户ID
                     addUserIdLPw(p.appId, p, name);
                 } else {
                     // 如果dis为null，说明需要为该新安装应用程序新分配一个Linux用户ID
                     p.appId = newUserIdLPw(p);
                 }
             }
         }
         if (p.appId < 0) {
             PackageManagerService.reportSettingsProblem(Log.WARN,
                     "Package " + name + " could not be assigned a valid uid");
             return null;
         }
         if (add) {
             // 调用addPackageSettingLPw方法把p保存到mPackages中，
             // 表示它所描述的应用程序已经成功地安装在系统中了
             addPackageSettingLPw(p, name, sharedUser);
         }
     } else {
         // p不为null说明不需要重新分配Linux用户ID
         if (installUser != null && allowInstall) {
             // The caller has explicitly specified the user they want this
             // package installed for, and the package already exists.
             // Make sure it conforms to the new request.
             List<UserInfo> users = getAllUsers();
             if (users != null) {
                 for (UserInfo user : users) {
                     if ((installUser.getIdentifier() == UserHandle.USER_ALL
                                 && !isAdbInstallDisallowed(userManager, user.id))
                             || installUser.getIdentifier() == user.id) {
                         boolean installed = p.getInstalled(user.id);
                         if (!installed) {
                             p.setInstalled(true, user.id);
                             writePackageRestrictionsLPr(user.id);
                         }
                     }
                 }
             }
         }
     }
     return p;
 }

 // 为该新安装应用程序新分配一个Linux用户ID
 private int newUserIdLPw(Object obj) {
     // 获取之前已经分配出去的Linux用户ID的数量
     final int N = mUserIds.size();
     for (int i = mFirstAvailableUid; i < N; i++) {
         // 如果第i个对象值为null，说明值为Process.FIRST_APPLICATION_UID + i
         // 的Linux用户ID还未分配出去，这里就将该值分配给新安装的应用程序使用
         if (mUserIds.get(i) == null) {
             mUserIds.set(i, obj);
             return Process.FIRST_APPLICATION_UID + i;
         }
     }

     // 如果已经没有值可分配时，则返回-1
     if (N > (Process.LAST_APPLICATION_UID-Process.FIRST_APPLICATION_UID)) {
         return -1;
     }

     mUserIds.add(obj);
     // 如果不能在mUserIds中找到空闲的Linux用户ID，且没有超过分配限制，则把
     // Process.FIRST_APPLICATION_UID + N分配给新安装应用程序使用
     return Process.FIRST_APPLICATION_UID + N;
 }

到这里，扫描目标文件夹之前的准备工作就介绍完了。主要是扫描并解析xml文件将上一次的应用程序安装信息恢复完成。

2.扫描目标文件夹

先看下时序图：

下面主要是扫描系统中的apk文件了。继续分析PMS的构造方法：

 private static final String VENDOR_OVERLAY_DIR = "/vendor/overlay";

 public PackageManagerService(Context context, Installer installer,
         boolean factoryTest, boolean onlyCore) {

     . . .
     // 记录开始扫描的时间
     long startTime = SystemClock.uptimeMillis();

     // 初始化扫描参数
     final int scanFlags = SCAN_NO_PATHS | SCAN_DEFER_DEX | SCAN_BOOTING | SCAN_INITIAL;

     // /system/framework目录保存的应用程序是资源型的。资源型的应用程序是用来打包资源文件的，不包含有执行代码
     File frameworkDir = new File(Environment.getRootDirectory(), "framework");
     . . .
     // Collect vendor overlay packages.
     // (Do this before scanning any apps.)
     // 收集供应商提供的覆盖应用程序
     File vendorOverlayDir = new File(VENDOR_OVERLAY_DIR);
     scanDirLI(vendorOverlayDir, PackageParser.PARSE_IS_SYSTEM
             | PackageParser.PARSE_IS_SYSTEM_DIR, scanFlags | SCAN_TRUSTED_OVERLAY, 0);

     // Find base frameworks (resource packages without code).
     scanDirLI(frameworkDir, PackageParser.PARSE_IS_SYSTEM
             | PackageParser.PARSE_IS_SYSTEM_DIR
             | PackageParser.PARSE_IS_PRIVILEGED,
             scanFlags | SCAN_NO_DEX, 0);

     // Collected privileged system packages./system/priv-app系统自带应用程序
     final File privilegedAppDir = new File(Environment.getRootDirectory(), "priv-app");
     scanDirLI(privilegedAppDir, PackageParser.PARSE_IS_SYSTEM
             | PackageParser.PARSE_IS_SYSTEM_DIR
             | PackageParser.PARSE_IS_PRIVILEGED, scanFlags, 0);

     // Collect ordinary system packages./system/app目录保存的是系统自带的应用程序
     final File systemAppDir = new File(Environment.getRootDirectory(), "app");
     scanDirLI(systemAppDir, PackageParser.PARSE_IS_SYSTEM
             | PackageParser.PARSE_IS_SYSTEM_DIR, scanFlags, 0);

     // Collect all vendor packages.供应商提供的应用程序
     File vendorAppDir = new File("/vendor/app");
     try {
         vendorAppDir = vendorAppDir.getCanonicalFile();
     } catch (IOException e) {
         // failed to look up canonical path, continue with original one
     }
     scanDirLI(vendorAppDir, PackageParser.PARSE_IS_SYSTEM
             | PackageParser.PARSE_IS_SYSTEM_DIR, scanFlags, 0);
     if (DEBUG_UPGRADE) Log.v(TAG, "Running installd update commands");
     mInstaller.moveFiles();

     // 删除各种无效安装包

     if (!mOnlyCore) {
         EventLog.writeEvent(EventLogTags.BOOT_PROGRESS_PMS_DATA_SCAN_START,
                 SystemClock.uptimeMillis());
         scanDirLI(mAppInstallDir, 0, scanFlags | SCAN_REQUIRE_KNOWN, 0);

         scanDirLI(mDrmAppPrivateInstallDir, PackageParser.PARSE_FORWARD_LOCK,
                 scanFlags | SCAN_REQUIRE_KNOWN, 0);
         . . .

     }

     // Now that we know all the packages we are keeping,
     // read and update their last usage times.
     mPackageUsage.readLP();// 更新各安装包的上次使用时间

     EventLog.writeEvent(EventLogTags.BOOT_PROGRESS_PMS_SCAN_END,
             SystemClock.uptimeMillis());
     // 输出扫描用的时间
     Slog.i(TAG, "Time to scan packages: "
             + ((SystemClock.uptimeMillis()-startTime)/1000f)
             + " seconds");
     . . .
 }

上面这段代码主要是扫描系统中各相关目录下的apk文件。

 // 扫描给定目录下的apk文件
 private void scanDirLI(File dir, int parseFlags, int scanFlags, long currentTime) {
     final File[] files = dir.listFiles();
     if (ArrayUtils.isEmpty(files)) {
         Log.d(TAG, "No files in app dir " + dir);
         return;
     }

     Log.d(TAG, "start scanDirLI:"+dir);
     // 使用多线程提高扫描速度
     int iMultitaskNum = SystemProperties.getInt("persist.pm.multitask", 6);
     Log.d(TAG, "max thread:" + iMultitaskNum);
     final MultiTaskDealer dealer = (iMultitaskNum > 1) ? MultiTaskDealer.startDealer(
             MultiTaskDealer.PACKAGEMANAGER_SCANER, iMultitaskNum) : null;

     for (File file : files) {
         final boolean isPackage = (isApkFile(file) || file.isDirectory())
                 && !PackageInstallerService.isStageName(file.getName());
         if (!isPackage) {
             continue;
         }

         final File ref_file = file;
         final int ref_parseFlags = parseFlags;
         final int ref_scanFlags = scanFlags;
         final long ref_currentTime = currentTime;
         Runnable scanTask = new Runnable() {
             public void run() {
                 try {
                     // 解析apk文件
                     scanPackageLI(ref_file, ref_parseFlags | PackageParser.PARSE_MUST_BE_APK,
                             ref_scanFlags, ref_currentTime, null);
                 } catch (PackageManagerException e) {
                     Slog.w(TAG, "Failed to parse " + ref_file + ": " + e.getMessage());

                     // 解析失败则删除无效的apk文件
                     if ((ref_parseFlags & PackageParser.PARSE_IS_SYSTEM) == 0 &&
                             e.error == PackageManager.INSTALL_FAILED_INVALID_APK) {
                         logCriticalInfo(Log.WARN, "Deleting invalid package at " + ref_file);
                         if (ref_file.isDirectory()) {
                             mInstaller.rmPackageDir(ref_file.getAbsolutePath());
                         } else {
                             ref_file.delete();
                         }
                     }
                 }
             }
         };

         if (dealer != null)
             dealer.addTask(scanTask);
         else
             scanTask.run();
     }

     if (dealer != null)
         dealer.waitAll();
     Log.d(TAG, "end scanDirLI:"+dir);
 }

 // 解析apk文件
 private PackageParser.Package scanPackageLI(File scanFile, int parseFlags, int scanFlags,
         long currentTime, UserHandle user) throws PackageManagerException {
     if (DEBUG_INSTALL) Slog.d(TAG, "Parsing: " + scanFile);
     parseFlags |= mDefParseFlags;
     PackageParser pp = new PackageParser();
     . . .

     final PackageParser.Package pkg;
     try {
         // 解析apk文件后返回一个PackageParser.Package对象
         pkg = pp.parsePackage(scanFile, parseFlags);
     } catch (PackageParserException e) {
         throw PackageManagerException.from(e);
     }
     . . .

     // Set application objects path explicitly.
     pkg.applicationInfo.volumeUuid = pkg.volumeUuid;
     pkg.applicationInfo.setCodePath(pkg.codePath);
     pkg.applicationInfo.setBaseCodePath(pkg.baseCodePath);
     pkg.applicationInfo.setSplitCodePaths(pkg.splitCodePaths);
     pkg.applicationInfo.setResourcePath(resourcePath);
     pkg.applicationInfo.setBaseResourcePath(baseResourcePath);
     pkg.applicationInfo.setSplitResourcePaths(pkg.splitCodePaths);

     // 对刚解析apk文件返回的pkg对象所描述的apk文件进行安装，以便获取它的组件信息，以及为它分配Linux用户ID等。
     PackageParser.Package scannedPkg = scanPackageLI(pkg, parseFlags, scanFlags
             | SCAN_UPDATE_SIGNATURE, currentTime, user);

     return scannedPkg;
 }

接下来先看PackageParser类的parsePackage方法：

 // 解析apk文件
 public Package parsePackage(File packageFile, int flags) throws PackageParserException {
     if (packageFile.isDirectory()) {
         // 解析文件夹下的所有apk文件
         return parseClusterPackage(packageFile, flags);
     } else {
         // 解析独立apk文件
         return parseMonolithicPackage(packageFile, flags);
     }
 }

 // 解析独立apk文件
 public Package parseMonolithicPackage(File apkFile, int flags) throws PackageParserException {
     if (mOnlyCoreApps) {
         // 根据传递来的参数生成一个PackageLite对象，并对它进行是否为核心应用判断，若不是则抛异常
         final PackageLite lite = parseMonolithicPackageLite(apkFile, flags);
         if (!lite.coreApp) {
             throw new PackageParserException(INSTALL_PARSE_FAILED_MANIFEST_MALFORMED,
                     "Not a coreApp: " + apkFile);
         }
     }

     final AssetManager assets = new AssetManager();
     try {
         // 解析apk文件
         final Package pkg = parseBaseApk(apkFile, assets, flags);
         pkg.codePath = apkFile.getAbsolutePath();
         return pkg;
     } finally {
         IoUtils.closeQuietly(assets);
     }
 }

 private static final String ANDROID_MANIFEST_FILENAME = "AndroidManifest.xml";
 // 解析apk文件
 private Package parseBaseApk(File apkFile, AssetManager assets, int flags)
         throws PackageParserException {
     . . .

     Resources res = null;
     XmlResourceParser parser = null;
     try {
          res = new Resources(assets, mMetrics, null);

         assets.setConfiguration(0, 0, null, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
                 Build.VERSION.RESOURCES_SDK_INT);
         parser = assets.openXmlResourceParser(cookie, ANDROID_MANIFEST_FILENAME);

         final String[] outError = new String[1];
         // 解析AndroidManifest.xml文件
         final Package pkg = parseBaseApk(res, parser, flags, outError);
         if (pkg == null) {
             throw new PackageParserException(mParseError,
                     apkPath + " (at " + parser.getPositionDescription() + "): " + outError[0]);
         }
         . . .
         return pkg;

     } catch (PackageParserException e) {
         throw e;
     } catch (Exception e) {
         throw new PackageParserException(INSTALL_PARSE_FAILED_UNEXPECTED_EXCEPTION,
                 "Failed to read manifest from " + apkPath, e);
     } finally {
         IoUtils.closeQuietly(parser);
     }
 }

 // 解析AndroidManifest.xml文件
 private Package parseBaseApk(Resources res, XmlResourceParser parser, int flags,
         String[] outError) throws XmlPullParserException, IOException {
     . . .
     try {
         // 解析apk的包名
         Pair<String, String> packageSplit = parsePackageSplitNames(parser, attrs, flags);
         pkgName = packageSplit.first;
         splitName = packageSplit.second;
     } catch (PackageParserException e) {
         mParseError = PackageManager.INSTALL_PARSE_FAILED_BAD_PACKAGE_NAME;
         return null;
     }

     final Package pkg = new Package(pkgName);
     boolean foundApp = false;

     // 解析apk的版本号、versionName、等
     . . .
     // 解析manifest标签中的android:sharedUserId属性
     String str = sa.getNonConfigurationString(
             com.android.internal.R.styleable.AndroidManifest_sharedUserId, 0);
     if (str != null && str.length() > 0) {
         . . .
          // 把该属性值赋值给mSharedUserId
         pkg.mSharedUserId = str.intern();
         . . .
     }
     . . .
     sa.recycle();
     . . .

     // 循环解析manifest的各个子标签
     while ((type = parser.next()) != XmlPullParser.END_DOCUMENT
             && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) {
         if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) {
             continue;
         }

         String tagName = parser.getName();
         if (tagName.equals("application")) {
             . . .
             // 解析application标签，该标签用来描述与应用程序组件相关的信息
             if (!parseBaseApplication(pkg, res, parser, attrs, flags, outError)) {
                 return null;
             }
         } else if (tagName.equals("uses-permission")) {
             // 解析uses-permission标签，一个标签对应一个资源访问权限
             if (!parseUsesPermission(pkg, res, parser, attrs)) {
                 return null;
             }
         }
         . . .
         else {
             Slog.w(TAG, "Unknown element under <manifest>: " + parser.getName()
                     + " at " + mArchiveSourcePath + " "
                     + parser.getPositionDescription());
             XmlUtils.skipCurrentTag(parser);
             continue;
         }
     }
     . . .
     return pkg;
 }

 // 解析application标签
 private boolean parseBaseApplication(Package owner, Resources res,
         XmlPullParser parser, AttributeSet attrs, int flags, String[] outError)
     throws XmlPullParserException, IOException {
     // 解析application标签的基本信息，图标、应用名等
     . . .


     final int innerDepth = parser.getDepth();
     int type;
     // 解析application的子标签
     while ((type = parser.next()) != XmlPullParser.END_DOCUMENT
             && (type != XmlPullParser.END_TAG || parser.getDepth() > innerDepth)) {
         if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) {
             continue;
         }

         String tagName = parser.getName();
         // 解析四大组件的标签，把相应配置信息都存放在owner的相应列表中
         if (tagName.equals("activity")) {
             Activity a = parseActivity(owner, res, parser, attrs, flags, outError, false,
                     owner.baseHardwareAccelerated);
             . . .
             owner.activities.add(a);
         } else if (tagName.equals("receiver")) {
             Activity a = parseActivity(owner, res, parser, attrs, flags, outError, true, false);
             . . .
             owner.receivers.add(a);
         } else if (tagName.equals("service")) {
             Service s = parseService(owner, res, parser, attrs, flags, outError);
             . . .
             owner.services.add(s);
         } else if (tagName.equals("provider")) {
             Provider p = parseProvider(owner, res, parser, attrs, flags, outError);
             . . .
             owner.providers.add(p);
         }
         . . .
         else {
             . . .
         }
     }
     . . .
     return true;
 }

到这里，PMS就解析完一个应用程序了，下面调用PMS类的scanPackageLI方法以便可以获得前面所解析的应用程序的组件配置信息，以及为这个应用程序分配Linux用户ID：

 // 获得前面所解析的应用程序的组件配置信息，以及为这个应用程序分配Linux用户ID
 private PackageParser.Package scanPackageLI(PackageParser.Package pkg, int parseFlags,
         int scanFlags, long currentTime, UserHandle user) throws PackageManagerException {
     boolean success = false;
     try {
         final PackageParser.Package res = scanPackageDirtyLI(pkg, parseFlags, scanFlags,
                 currentTime, user);
         success = true;
         return res;
     } finally {
         if (!success && (scanFlags & SCAN_DELETE_DATA_ON_FAILURES) != 0) {
             removeDataDirsLI(pkg.volumeUuid, pkg.packageName);
         }
     }
 }

 // 获得前面所解析的应用程序的组件配置信息，以及为这个应用程序分配Linux用户ID
 private PackageParser.Package scanPackageDirtyLI(PackageParser.Package pkg, int parseFlags,
         int scanFlags, long currentTime, UserHandle user) throws PackageManagerException {
     final File scanFile = new File(pkg.codePath);
     . . .

     SharedUserSetting suid = null;
     PackageSetting pkgSetting = null;

     // 为参数pkg所描述的应用程序分配Linux用户ID
     // writer
     synchronized (mPackages) {
         if (pkg.mSharedUserId != null) {
             // 如果该应用有sharedUserId属性，则从mSettings中获取要为它分配的共享uid
             suid = mSettings.getSharedUserLPw(pkg.mSharedUserId, 0, 0, true);
             // 判断该共享uid是否合法
             . . .
         }
         . . .

         // 为应用程序分配一个Linux用户ID
         pkgSetting = mSettings.getPackageLPw(pkg, origPackage, realName, suid, destCodeFile,
                 destResourceFile, pkg.applicationInfo.nativeLibraryRootDir,
                 pkg.applicationInfo.primaryCpuAbi,
                 pkg.applicationInfo.secondaryCpuAbi,
                 pkg.applicationInfo.flags, pkg.applicationInfo.privateFlags,
                 user, false);
         . . .
     }
     . . .

     // writer
     synchronized (mPackages) {
         . . .
         // 把pkg所指向的一个Package对象保存在mSettings中
         mPackages.put(pkg.applicationInfo.packageName, pkg);
         . . .

         // 把参数pkg所描述的应用程序的Content Provider组件配置信息保存在mProviders中
         int N = pkg.providers.size();
         StringBuilder r = null;
         int i;
         for (i=0; i<N; i++) {
             PackageParser.Provider p = pkg.providers.get(i);
             p.info.processName = fixProcessName(pkg.applicationInfo.processName,
                     p.info.processName, pkg.applicationInfo.uid);
             mProviders.addProvider(p);
             . . .
         }

         // 把参数pkg所描述的应用程序的Service组件配置信息保存在mServices中
         N = pkg.services.size();
         r = null;
         for (i=0; i<N; i++) {
             PackageParser.Service s = pkg.services.get(i);
             s.info.processName = fixProcessName(pkg.applicationInfo.processName,
                     s.info.processName, pkg.applicationInfo.uid);
             mServices.addService(s);
             . . .
         }

         // 把参数pkg所描述的应用程序的广播接收者组件配置信息保存在mReceivers中
         N = pkg.receivers.size();
         r = null;
         for (i=0; i<N; i++) {
             PackageParser.Activity a = pkg.receivers.get(i);
             a.info.processName = fixProcessName(pkg.applicationInfo.processName,
                     a.info.processName, pkg.applicationInfo.uid);
             mReceivers.addActivity(a, "receiver");
             . . .
         }

         // 把参数pkg所描述的应用程序的Activity组件配置信息保存在mActivities中
         N = pkg.activities.size();
         r = null;
         for (i=0; i<N; i++) {
             PackageParser.Activity a = pkg.activities.get(i);
             a.info.processName = fixProcessName(pkg.applicationInfo.processName,
                     a.info.processName, pkg.applicationInfo.uid);
             mActivities.addActivity(a, "activity");
             . . .
         }

         . . .
     }

     return pkg;
 }

通过调用getPackageLPw方法为该应用程序分配uid后，一个应用程序就成功地安装到系统中了。到这里PMS构造方法的扫描目标文件夹的工作就完成了。

3.扫描之后的工作

先看下时序图：

当系统安装完所有应用程序后，PMS的构造方法就会调用updatePermissionsLPw方法为前面所安装的应用程序分配Linux用户组ID，即授予它们所申请的资源访问权限，以及调用Settings类的writeLPr方法将这些应用程序的安装信息保持到本地文件中：

 public PackageManagerService(Context context, Installer installer,
         boolean factoryTest, boolean onlyCore) {

     . . .
     // 为申请了特定的资源访问权限的应用程序分配相应的Linux用户组ID
     updatePermissionsLPw(null, null, StorageManager.UUID_PRIVATE_INTERNAL, updateFlags);
     . . .

     // 将前面获取到的应用程序安装信息保存在本地的一个配置文件中，以便下一次再安装这些应用程序时
     // 可以将需要保持一致的应用程序信息恢复回来
     mSettings.writeLPr();
     . . .
     // Now after opening every single application zip, make sure they
     // are all flushed.  Not really needed, but keeps things nice and
     // tidy.
     Runtime.getRuntime().gc();

     // Expose private service for system components to use.
     LocalServices.addService(PackageManagerInternal.class, new PackageManagerInternalImpl());


     // are all flushed.  Not really needed, but keeps things nice and
     // tidy.
     Runtime.getRuntime().gc();

     // Expose private service for system components to use.
     LocalServices.addService(PackageManagerInternal.class, new PackageManagerInternalImpl());

 }

 // 为前面所安装的应用程序分配Linux用户组ID
 private void updatePermissionsLPw(String changingPkg,
         PackageParser.Package pkgInfo, String replaceVolumeUuid, int flags) {
     . . .

     // Now update the permissions for all packages, in particular  bold">new PackageManagerInternalImpl());

 }

 // 为前面所安装的应用程序分配Linux用户组ID
 private void updatePermissionsLPw(String changingPkg,
         PackageParser.Package pkgInfo, String replaceVolumeUuid, int flags) {
     . . .

     // Now update the permissions for all packages, in particular
     // replace the granted permissions of the system packages.
     if ((flags&UPDATE_PERMISSIONS_ALL) != 0) {
         for (PackageParser.Package pkg : mPackages.values()) {
             if}