iPhone OS X Architecture: the BSD Unix Userland
July 15th, 2007
Daniel Eran Dilger
Continuing on the series looking at the architecture of the iPhone, here’s a look at the Unix underpinnings in the core OS of the iPhone.
[Leopard, Vista and the iPhone OS X Architecture]
[iPhone OS X Architecture: the Mach Kernel and RAM]
[iPhone OS X Architecture: Disk, Shell, and Password Security]
[iPhone OS X Architecture: Cocoa Frameworks and Mobile Mac Apps]
The iPhone’s Unix Userland.
Above the kernel, the iPhone uses Mac OS X’s BSD Unix environment, although it’s been ported to run on the ARM processor and stripped of any unnecessary utilities and services.
In Unix, processes that run outside of the privileged kernel are referred to as running in userland. On the Mac, the BSD Unix userland is mostly invisible to desktop users.
The more familiar Mac applications and utilities run in a separate environment that is quite different in its conventions compared to a typical desktop Unix environment such as Linux or Solaris. While technically also part of the userland, I’ll consider the Mac-like layer of the iPhone’s OS X separately.
While these Unix directories are hidden from view in the Mac OS X Finder, they are visible from the command line, and are very much critical to the operation of Mac OS X behind the scenes.
The Mac OS X Startup Overview.
In the Mac OS X boot process on an Intel Mac, the EFI bootloader built into the Mac firmware first loads the kernel from disk into RAM. The kernel then takes over loads its kexts, and sets up the Unix userland. In a normal boot, this includes rolling out a multiuser environment, and culminates in the login window. A specific user then logs in and their Mac desktop environment is set up based upon their user settings stored in the directory.
The iPhone follows a similar sequence of booting the kernel, userland, and Mac environment. The kernel article described how the iPhone loads OS X from a disk image into RAM, and how it loads its applications in a secured environment.
The iPhone has a multiuser environment just like the Mac, although there is no login window presented. Similar to a Mac with automatic login enabled, the iPhone simply logs in a set user and boots up to the point of a usable interface.
Single User Mode.
The Mac can also interrupt the normal boot sequence to start in single user mode. When this happens, Mac OS X doesn’t set up its multiuser environment with permissions and privilege based upon a directory of user accounts.
Instead, it boots to a simplified command line environment where the user is effectively given root access to the machine. This is useful for doing file system diagnostics or repairing the disk.
The Three Unix Domains.
Unix is partitioned into three domains. The iPhone’s OS X inherits this Unix convention from its Mac OS X sibling.
• machine level software, installed to work for all users.
• system level software, related to critical functions of the system.
• user level software, installed to only work for a specific user.
These three domains are used to partition the installed software to isolate permissions and privilege levels.
The Unix Directories.
There are five significant root level directories on the iPhone that share much in common with those found on a Mac. Again, these are commonly invisible on the Mac, but are critical to its operations. Here’s an overview of what they are and how the iPhone environment differs in certain ways from a desktop Unix or Mac installation.
In standard Unix distros and on the Mac, this is where the essential machine level Unix apps (binaries) live, things like bash (the terminal shell), cp (file copy), and rm (file delete), all of which need to be available in single user mode.
On the iPhone, this directory only contains launchctl, which is the program that commands launchd. That means there is no single user mode on the iPhone in the same sense as a desktop. No console shell, and no provision to boot the iPhone halfway and start mucking around.
Other utilities included in /bin are ln, mkdir, mv, rm, cat, and expr.
In standard Unix and on the Mac, this is where essential system level Unix apps (system binaries) live, things like fsck (disk check), ipfw and route (network firewall and routing), mount (disk filesystems), and on Mac OS X, launchd (the process launcher). These also need to be available in single user mode.
On the iPhone, this directory only contains tools to fix and read the HFS formatted drive, which in the iPhone world exists as a disk image in flash RAM:
• fsck, fsck_hfs (file system check)
• fstyp, fstyp_hfs (file system identifier)
• mount, mount_hfs (file system mounter)
as well as the processes that load kernel extensions and load and launch other processes:
Launchd: the Launch Daemon.
Launchd is the central mechanism Apple invented for Unix to replace a number of Unix processes that relate to:
• starting processes at launch or upon user login.
• starting processes at scheduled times.
• starting processes when files change at a watched path location.
• starting processes on demand by listening for requests.
• specifying launch arguments and logging levels.
• specifying launch environment variables and process working directories.
• specifying resource limits and priorities.
Mac OS X Tiger introduced launchd, but continued to provide existing Unix processes such as cron, init, rc scripts, inet, xinet, at, and watchdog. With Leopard, there will only be launchd. The iPhone, being based upon Apple’s latest Leopard OS technologies, only uses launchd.
Apple also opened up its launchd architecture for other Unix distributions to use, although Linux users seem to like things the way they are and have been.
In standard Unix, this is where configuration files are stored. On the Mac, this is where most Unix-related, core OS config files are saved, such as hostconfig, httpd (web server config files), and the soon to be extinct crontab (the timer launch system which is slated for replacement by launchd).
Mac-related config files are called preferences, and stored in one of the User/System/Machine Preferences folders in the separate Mac environment.
On the iPhone, this directory contains system configuration settings files:
• bluetool (BlueTooth settings)
• racoon (VPN key management settings)
• fstab (listings of file system info)
• master.passwd, passwd (password records)
• ttys (terminal settings)
• ppp (serial VPN tunneling)
• services (ports and the services that use them)
In standard Unix and on the Mac, and on the iPhone, this is where variables are stored, notably log and temp files. One thing missing from /var on the iPhone compared to the Mac is /var/db/netinfo.
Leopard no longer uses a NetInfo database to manage local user accounts and directory information. Instead, it uses a new directory system which Apple hasn’t publicly revealed yet.
The iPhone has no need for Leopard’s fancy new directory system, so all user accounts on the iPhone (root and user) are stored in simple BSD flat file records.
Apple made little effort to protect these passwords. That’s largely because knowing the user accounts on the iPhone is really immaterial to gaining access to the kernel or installing new software.
In standard BSD Unix, this is where user installed software and files go. In Mac OS X, it’s where user-level Unix software such as X11 gets installed. User files related to the Mac environment are installed in /Users/danieleran instead. That path is given the shorthand ~, so ~/Desktop is the same as /Users/danieleran/Desktop.
On the iPhone, there is only one common user, despite being a multiuser operating system. Unlike the Mac, there’s no need for a separate /Users folder, so all of the user software ends up in this one. Its contents include the stuff normally inside ~/Library combined with the Unix-related software normally inside the /usr directory.
Inside /usr are the familiar bin (containing just ditto and sed), lib (various dynamic libraries including libcrypto, libgcc, libobjc, libsqulite, libstdc++ and libz), local (imeisv phone serial number tool and firmwares), and sbin (which includes the asr Apple Software Recovery imaging tool, fdisk, and nvram utilities).
The Mac in the iPhone.
Above the Unix foundation of its core OS, the iPhone presents an environment very similar to the Macs, which obviously makes sense given that OS X is a direct descendant of Mac OS X. The next article takes a look.
Like reading RoughlyDrafted? Share articles with your friends, link from your blog, and subscribe to my podcast! Submit to Reddit or Slashdot, or consider making a small donation supporting this site. Thanks!