diff options
author | Chris Tate <ctate@google.com> | 2010-11-16 15:10:49 -0800 |
---|---|---|
committer | Chris Tate <ctate@google.com> | 2010-11-16 16:57:29 -0800 |
commit | 44ab8453e1c4c46790f792a46d026fa1017d8cfe (patch) | |
tree | 9c499e6c6c1c894bd00c203e8ce6f815cf580187 /cmds | |
parent | 64f1163084433952766eed31dbd26df420ba6cfb (diff) | |
download | frameworks_base-44ab8453e1c4c46790f792a46d026fa1017d8cfe.zip frameworks_base-44ab8453e1c4c46790f792a46d026fa1017d8cfe.tar.gz frameworks_base-44ab8453e1c4c46790f792a46d026fa1017d8cfe.tar.bz2 |
Permission fix: don't require BACKUP perm for self-restores
The public API is not supposed to require the BACKUP permission in order
for an application to restore its own last-known-good backup data. However,
as currently implemented, BackupManager.requestRestore() [the public API
in question] depends on private Backup Manager methods that *do* enforce
that permission. The net result is that the method cannot be successfully
used by third party applications: it will throw an exception if attempted.
This CL restructures the permission checking involved.
First, the underlying beginRestoreSession() operation can now be passed a
'null' transport name; if this is done, then the restore session is begun
on whatever the currently-active transport is. Looking up the name of the
active transport is one of the permission-guarded actions that was required
with the initial implementation.
Second, a package name can now be passed to beginRestoreSession(). If
this is done, then the restore session can only be used to perform a
single-package restore of that one application. The BACKUP permission is
not required if the caller is tying the restore to its own package name.
In combination, these changes permit BackupManager.requestRestore() to
function without the calling app needing to hold any special permission.
The no-permission case is intentionally quite narrow: the caller must
hold the permission unless they both (a) pass 'null' for the transport
name, thereby accepting whatever the currently active transport is, and
(b) pass their own package name to restrict the restore session only
to their own app.
External bug http://code.google.com/p/android/issues/detail?id=10094
Internal bug 3197202
Change-Id: Ibc9d652323f2da03727d850f991b4096af6520d2
Diffstat (limited to 'cmds')
-rw-r--r-- | cmds/bmgr/src/com/android/commands/bmgr/Bmgr.java | 9 |
1 files changed, 3 insertions, 6 deletions
diff --git a/cmds/bmgr/src/com/android/commands/bmgr/Bmgr.java b/cmds/bmgr/src/com/android/commands/bmgr/Bmgr.java index b5fddfa..ac0e410 100644 --- a/cmds/bmgr/src/com/android/commands/bmgr/Bmgr.java +++ b/cmds/bmgr/src/com/android/commands/bmgr/Bmgr.java @@ -217,8 +217,7 @@ public final class Bmgr { // The rest of the 'list' options work with a restore session on the current transport try { - String curTransport = mBmgr.getCurrentTransport(); - mRestore = mBmgr.beginRestoreSession(curTransport); + mRestore = mBmgr.beginRestoreSession(null, null); if (mRestore == null) { System.err.println(BMGR_NOT_RUNNING_ERR); return; @@ -349,8 +348,7 @@ public final class Bmgr { private void doRestorePackage(String pkg) { try { - String curTransport = mBmgr.getCurrentTransport(); - mRestore = mBmgr.beginRestoreSession(curTransport); + mRestore = mBmgr.beginRestoreSession(pkg, null); if (mRestore == null) { System.err.println(BMGR_NOT_RUNNING_ERR); return; @@ -378,8 +376,7 @@ public final class Bmgr { try { boolean didRestore = false; - String curTransport = mBmgr.getCurrentTransport(); - mRestore = mBmgr.beginRestoreSession(curTransport); + mRestore = mBmgr.beginRestoreSession(null, null); if (mRestore == null) { System.err.println(BMGR_NOT_RUNNING_ERR); return; |