1. Shutting Down and charging is actually a fast way to enter adb shell!
2. When the mobile phone is shut down, the USB is inserted, and the mobile phone enters the shutdown and charging mode. How does this mode work? The analysis here is as follows!
(1) uboot: the code here is probably browsed: u-boot \ arch \ arm \ lib \ board. the last few lines of the function board_init_r in c: do_cboot (NULL, 0, 1, NULL); Select Start Mode
Else if (charger_connected () {DBG ("% s: charger connected \ n", _ FUNCTION _); charge_mode ();
Here we enter the charge mode: vlx_nand_boot (BOOT_PART, "androidboot. mode = charge", BACKLIGHT_ON );
"Androidboot. mode = charge", this is very important and will be passed to the kernel !!!!!!!! 1
Kernel: kernel startup.
System/core/init. c: After the kernel is started, this program will run. The analysis has been analyzed by our predecessors!
Here we mainly focus on the following points:
A. init_parse_config_file ("/init. rc"); it involves the charge mode and provides a service
Service charge/bin/charge
User root
Oneshot
That is, enter the charge. c file.
B. import_kernel_cmdline (0); obtain some parameters from the kernel. The obtained parameters are as follows:
/# Cat/proc/cmdline
Initrd = 0x4c00000, 0xf9dfe lpj = 3350528 mtdparts = sprd-nand: 256 k (spl), 512 k (2 ndbl), 256 k (params), 512 k (vmjaluna ), 10 m (modem), 3840 k (fixnv), 3840 k (backupfixnv), 5120 k (dsp), 3840 k (runtimenv), 10 m (boot ), 10 m (recovery), 200 m (system), 190 m (userdata), 60 m (cache), 256 k (misc), 1 m (boot_logo ), 1 m (fastboot_logo), 3840 k (productinfo), 512 k (kpanic) androidboot. mode = charge video = sprdfb: fb0_id = 0x9486, fb1_id = 0x0 factory ram = 256 M nandflash = nandid (0xad, 0xbc, 0x90,0x55,0x56 ), pagesize (2048), oobsize (64), eccsize (512), eccbit (4) show-guest-banks = 0x4 no_console_suspend console = ttyNK vimem = * linux-timer = virtual root =/dev/ram0 rw init =/init
The parameter androidboot. mode = charge !!!!!!!
C. The import_kernel_cmdline function calls import_kernel_nv: else if (! Strcmp (name, "androidboot. mode ")){
Strlcpy (bootmode, value, sizeof (bootmode ));
Here bootmode = charge
D. Enter the for loop mode.
1. execute_one_command (); -- "do_class_start (1, args); Call service_start_if_not_disabled () in do_class_start (), call service_start (), and use fork () + execve () to create a sub-process and execute the executable file specified by the service to finally start the service. This process determines whether to start the service based on service attributes, such as SVC_DISABLED.
2. restart_processes ();!! This is very important! Restart_service_if_needed -- "service_start (svc, NULL );
If (strcmp (svc-> name, "zygote") = 0 ){
If (calibration [0]) |
(Fastsleep_enable) |
(! Strncmp (bootmode, "charge", 6 ))){//!!!!!!!!!!!!!! We can see that the input mode in pipeline line is charge mode. Therefore, if zygote is not started, it is charge mode !!
PRINT ("##: Don't start 'zygote '! \ N ");
PRINT ("##: Don't start 'zygote '! \ N ");
PRINT ("##: Don't start 'zygote '! \ N ");
PRINT ("##: Don't start 'zygote '! \ N ");
Return;
}
Else {
PRINT ("#####: Start [zygote] services normally. \ n ");
}
}
Execve (svc-> args [0], (char **) arg_ptrs, (char **) ENV ); // is it a/root/bin/charge binary execution file ???
This will continue to judge whether the charging mode is in progress !!!