Android Internals - Change Log
The Android Volume I Change Log
- Preface: (BTC is $59k, only a month and a half later..
- Chapter 1: Table 1/1-1 - Android versions, with %ages -
updated to March 2021 (previous was Feb 2021, though mistakenly said May
- Chapter 2:
- Table 2/4-5 (Samsung Exynos devices) - Added NPU device
(Thanks to my good friend _@bazad who wrote about the
Exynos NPU vulnerability before being taken by the spaceship)
||S21 Ultra: Ultra Wide Band (UWB)|
- Chapter 3:
- Table 3/4-1 - (Linux pseudo filesystems actively
used by Android 11) - Added BinderFS and filled in missing description for FunctionFS:
|Linux 5.0+: Dynamic Binder devices (q.v. II/8)|
|USB functions (Gadget driver)|
- Chapter 4:
- Table 4/2-2 (Qualcomm /vendor/bin) - Added spdaemon which eluded me
because it's not used in Google devices..
|spdaemon||Secure Processing Unit (SPU)
manager (on non-Google devices)|
- Table 4/2-5 (MTK /vendor/bin) - this was left woefully incomplete. Sorry
about that (versioning problem). Here's what it should look like:
… (will add this soon)
- Chapter 8:
init directive (new in
12.0), and that 'critical' (for services) now takes arguments
- Table 8/7-1 (cont):
- Added snapuserd.rc under "System & Volume Management" right after snapshotctl.rc (which it apparently replaces)
- Filled cppreopts.rc in the table (I had omitted that, sorry)
|cppreopts.rc||Copy preoptimized files|
- Update of Table 9/5-1 with
Android 12 adds the before Figure 9/4-3
system_server_dumper service. As its name implies, this is a
dumpsys only service with no clients, listing the properties of
SystemServer (start count and elapsed time),
SystemServiceManager (started service classes) and the
Chapter 13: Thanks to the wonder of writing in HTML,
the Google Pixel Powerstats coverage wasn't printed:
Table 10/3-6 had some missing fields. Here's all of it:
Table 10/3-6: The elements in
/etc/sysconfig/ and /etc/permissions/
|Global group IDs given to packages
|Built-in UID to permission mappings
targetSdk version (III/2)
| Built-in shared libraries |
|Indicate or hide a platform
feature (for |
package to operate even device is in different
continuous location updates|
| Override location
|Exempt broadcast from
8.0 background delivery restrictions|
|Android application link
|App may (or
may not) run as |
|Default VR Apps|
backup transport service components|
allowed access to full private API|
package to interact with
for data isolation|
to generate bug report
|Named actors (used by Overlay
service, q.v. II/3)|
|Package capable of
config_signature for overlays (q.v. II/3)
|Apps eligible for
to commit staged install (II/2)|
Google documents the
IPowerStats.hal in the Source
site[psh], and its AIDL is similar. The implementation of
the service for Pixel devices
firstname.lastname@example.org) can be found
open source.[psp] Rails data is collected from
/sys/bus/iio/devices/iio:device#, and the service
recognizes the following power entities:
Table 13/5-3:: The power entities defined by the
Google Pixel powerstats implementation
References: As an appendix (which somehow got omitted
from the first print batch). Now in print and also online at this link
|Pixel Visual Core
|Citadel (Titan M)||AIDL to Citadel
|(not yet)|| v2.0.2||
- Chapter 1:
- Added note: Bionic is also used outside Android (notably in the hardened GrapheneOS),
though Fuchsia's libc is derived from musl[musl].
- Chapter 2:
- Updated Mediatek chipset table: Dimensity 1000 is UFS 2.2,
1200 is UFS 3.1 and now has Realme devices:
|Dimensity 1000/L/+ (MT6887/9)||CPU: 4xA77@2.6Ghz +
GPU: ARM Mali-G77 MC9@800Mhz (UFS 2.2)
6-core APU 3.0
|Oppo Reno3 5G, |
Vivo IQOO Z1
|Dimensity 1200 (MT6893) ||CPU: 1x A78 3x A77@2.6Ghz +
GPU: ARM Mali-G77 MC9@800Mhz (UFS 3.1)
6-core APU 3.0
|Realme GT Neo, X9 Pro|
- Also adding
/dev/rpmsg_ctrl# - for Linux Remote Processor
Messaging, used by QCom
- Chapter 3: Android 11 mandates kernels not support
debugfs. Somehow I missed that in the A11 release notes, but learned this the hard way trying to run bindump on a redfin
(Pixel 5), which comes with A11 as stock. This breaks my
- Chapter 5: Added Google's APEX link:
Google maintains a comprehensive list for these "modular
- Chapter 9:
- Added NativeTombstoneManager to LocalServices table (9/5-4)
(realized I had missed it earlier since it came into 11.0 but I now discuss tombstones now in II/1):
Manage tombstones and parse protobuf (.pb) tombstone|
- (thankfully very few) typos found by James H (thank you! - see below)
- on page 291 paragraph 3, it is stated that "ps -t" on Android will list
Thread. Should be "-T"... (Thanks, John Zou!)
*Sigh* Typos: (These don't get you the BTC bounty, but I still
- Fixed in v2.0.2 (thanks to James H!):
Page 24, 3.9.2 (Androidisms), ASHMem bullet, second sentence, 'created' to 'create'
Page 24. 3.9.2 (Androidisms), ASHMem bullet, third sentence, 'require' to 'required'
page 87, 4.4 (debugfs), First paragraph, second sentence, sentence terminates without a complete thought: which (as with the other pseudo-filesystems)
page 113, 3 (/data), third bullet point, first sentence, 'but would greatly mitigating' to 'but would greatly mitigate'
page 164, 1 (Android Device Images), second paragraph, second sentence, 'OTA images are arrive at' to 'OTA images arrive at' page 165, 1.1 (Factory Images), first paragraph, second sentence, 'All are all Qualcomm' to 'All are Qualcomm'
page 197, 1.3 (TrustZone/Hypervisor), second paragraph, first sentence, 'ennvironment' to 'environment'
page 198, 1.4.1 (Little Kernel), Apps bullet, first sentence, 'in a full kernel-drive OS' to 'in a full kernel driven OS'
page 214, 1 (The roles and responsibilities of init), first paragraph, second sentence, 'which read' to 'which reads'
page 236, 6 (Zygote), third paragraph, second sentence, 'suchlrequests' to 'such requests'
page 239, 7 (Android Daemons, at a glance), third paragraph, last sentence, 'so that the daemon be able to connect' to 'so that the daemon is able to connect'
page 250, 3 (The servicemanager), fourth paragraph, third sentence, 'to establishes' to 'to establish'
page 259, 5 (A bird's eye view of framework services), last paragraph, 'aims to tackles' to 'aims to tackle'
page 268, 1.2 (The user service), second paragraph, first line, 'inintially' to 'initially'
page 278, 3.3 (The settings service), last paragraph, first line, missing a parethesis
page 280, 3.5 (Server Configurable Flags), first paragraph, first line, 'especciallyl' to 'especially'
page 286, 1.2 (The cmdline and comm), second to last paragraph in experiment, second line, Mentions /lib64 for 32-bit apps.
page 293, 1.5.2 (Thread states and context switches), last paragraph, last
sentence, 'The Zombies are also find peace' to 'The Zombies also find peace' [Aside: your description of Zombies
was rather amusing] page 339, 1.2 (DropBox), first paragraph, last sentence, extra comma at
beginning of sentence and 'logs' to 'log' later in the sentence.
page 343, 2.13 (The shell interface), second paragraph, last sentence, 'manny' to 'many'
page 345, 2.16 (Output files), table 12/2-9, first row, @TODO entry? Intentional?
page 347, 2.4 (dumpstate/bugreport), second paragraph, second sentence, 'onsists' to 'consists'
page 391, 4.4 (Idle Governers), first paragraph of experiment section, missing a parenthesis