In Depth: Android Package Manager and Package Installer

We are installing and uninstalling APK(s) every day, sometimes many in a day, but have you tried to get answers to the following questions ?

  1. What are Package Manager and Package Installer ?
  2. Where are APK files stored in Android ?
  3. What is the APK installation process in detail ?
  4. How does Package Manager store data ?
  5. Where I can find the source code of Package Manager and Package Installer ?

What are Package Manager and Package Installer?

PackageInstaller is the default application for Android to interactively install a normal package. PackageInstaller provide user interface to manage applications/packages. PackageInstaller calls InstallAppProgress activity to receive instructions from the user. InstallAppProgress will ask Package Manager Service to install package via installd. Source code is available at  <Android Source>/packages/apps/PackageInstaller.

Installd  daemon's primary role is to receive request from Package Manager Service via Linux domain socket / dev/ socket/ installed. installd executes a series of steps to install APK with root permission.

[Ref: https://github.com/android/platform_frameworks_base/blob/master/cmds/installd/commands.c]

Package Manage is an API that actually manages application install, uninstall, and upgrade. When we install the APK file, Package Manager parse the package (APK) file and displays confirmation. When the user presses the OK button, Package Manager calls the method named "installPackage" with these four parameters namely uri, installFlags, observer, installPackageName. Package Manager starts one service named "package", and now all fuzzy things happen in this service. You can check "PackageInstallerActivity.java" and "InstallAppProgress.java" in the PackageInstaller source code. Package Manager Service runs in system_service process and  install daemon (installd) runs as a native process. Both start at system boot time.

Where are APK Files Stored in Android?

a. Pre-Install (i.e. Camera, Calendar, Browser,etc.) APK is stored in /system/app/

b. User Install (ApiDemo, Any.do, etc.) APK is stored in /data/app/

c. Package Manager creates a data directory /data/data/<package name>/  to store the database, shared preference, native library and cache data.

You might see an apk file and *.odex file for the same APK. The ODEX file is totally a different discussion and purpose.

What is the APK Installation Process in Detail?

The following process executes in Package Manager Service.

Package Installer / Manager

How Does the Package Manager Store Data?

Package Manager stores application information in three files, located in  /data/system. The following sample is extracted from Android 4 ICS emulator image.

1. packages.xml :This file contain list of permissions and Packages/Applications.

<packages>
<last-platform-version external="15" internal="15">
<permission-trees>
<permissions>
<item name="android.permission.CHANGE_WIFI_MULTICAST_STATE" package="android" protection="1">
<item name="android.permission.CLEAR_APP_USER_DATA" package="android" protection="2">
.
.
.
. 
</item></item></permissions>




<package codepath="/system/app/Contacts.apk" flags="1" ft="136567b3990" it="136567b3990" name="com.android.contacts" nativelibrarypath="/data/data/com.android.contacts/lib" shareduserid="10001" ut="136567b3990" version="15">
<sigs count="1">
<cert index="2">
</cert></sigs>
</package>
.
.
.
.
<package codepath="/data/app/com.project.t2i-2.apk" flags="0" ft="13a837c2068" it="13a83704ea3" name="com.project.t2i" nativelibrarypath="/data/data/com.project.t2i/lib" userid="10040" ut="13a837c2ecb" version="1">
<sigs count="1">
<cert index="3" key="308201e53082014ea0030201020204506825ae300d06092a86
4886f70d01010505003037310b30090603550406130255533110300e060355040a13074
16e64726f6964311630140603550403130d416e64726f6964204465627567301e170d31
32303933303130353735305a170d3432303932333130353735305a3037310b300906035
50406130255533110300e060355040a1307416e64726f6964311630140603550403130d
416e64726f696420446562756730819f300d06092a864886f70d010101050003818d003
08189028181009ce1c5fd64db794fd787887e8a2dccf6798ddd2fd6e1d8ab04cd8cdd9e
bf721fb3ed6be1d67c55ce729b1e1d32b200cbcfc91c798ef056bc9b2cbc66a396aed6b
a3629a18e4839353314252811412202500f11a11c3bf4eb41b2a8747c3c791c89391443
39036345b15b5e080469ac5f536fd9edffcd52dcbdf88cf43c580abd0203010001300d0
6092a864886f70d01010505000381810071fa013b4560f16640ed261262f32085a51fca
63fa6c5c46fde9a862b56b6d6f17dd49643086a39a06314426ba9a38b784601197246f8
d568e349a93bc6af315455de7a8923f40d4051a51e1658ee34aca41494ab94ce978ae38
609803dfb3004806634e6e78dd0be26fe75843958711935ffc85f9fcf81523ce23c86bc
c5c7a">
</cert></sigs>
<perms>
<item name="android.permission.WRITE_EXTERNAL_STORAGE">
</item></perms>
</package>
.
.
.
.
.
</permission-trees></last-platform-version></packages>


This XML file stores two things 1. permissions 2. package (application), permission are store under <permissions> tag. Each Permission has three attributes namely name, package and protection. The name attribute has permission name, which we are using in AndroidManifest.xml, the package attribute indicates permission belonging to package. In most cases "android" is the value, because the <permission> tag contains default permissions and protection indicates level of security.


The package tag contain 10 attributes and a few sub tags.

Sr Attribute Name Description
1 name package name
2 codePath APK file installation location (/system/app/ or /data/app/)
3 nativeLibraryPath native library (*.so file) default path is /data/data/<package name>/lib/
4 flag Store ApplicationInfo Flags [http://developer.android.com/reference/android/content/pm/ApplicationInfo.html]
5 ft timestamp in hex format
6 lt timestamp in hex format of first time installation
7 ut timestamp in hex format of last update
8 version Version Code from AndroidManifest.xml file []http://developer.android.com/guide/topics/manifest/manifest-element.html#vcode]
9 sharedUserId The name of Linux user ID that will be shared with other applications, It is same parameter which we define in AndroidManifest.xml [http://developer.android.com/guide/topics/manifest/manifest-element.html#uid]
10 userId The name of a Linux user ID

Sub Tags

a. sigs signature information, count attribute represents the number of cert tag.

b. cert  contain certification key, index attribute represents the global index of certificate. I have found that it increments when new certificates are installed with the application.

c. perms contain permission which developer has set in AndroidManifest.xml

2. packages.list : It is simple text file containing package name, user id, flag and data directory. I can't find any perfect description, but I assume that the packages.list file may provide faster lookup of installed packages, because it keeps important information only.

com.android.launcher 10013 0 /data/data/com.android.launcher
com.android.quicksearchbox 10033 0 /data/data/com.android.quicksearchbox
com.android.contacts 10001 0 /data/data/com.android.contacts
com.android.inputmethod.latin 10006 0 /data/data/com.android.inputmethod.latin


3. packages-stoped.xml : This file contains the package list which has stopped state. Stopped state applications cannot receive any broadcast. Refer to this link for more information about stopped state applications.


<stopped-packages>
<pkg name="com.android.widgetpreview" nl="1"></pkg>
<pkg name="com.example.android.livecubes" nl="1"></pkg>
<pkg name="com.android.gesture.builder" nl="1"></pkg>
<pkg name="com.example.android.softkeyboard" nl="1"></pkg>
</stopped-packages>

Where I Can Find the Source Code of Package Manager and Package Installer?

Package Manager

Package Installer

 

 

 

 

Top