diff options
author | Christopher Tate <ctate@google.com> | 2016-05-20 15:29:31 -0700 |
---|---|---|
committer | The Android Automerger <android-build@google.com> | 2016-05-27 11:31:18 -0700 |
commit | 9b8c6d2df35455ce9e67907edded1e4a2ecb9e28 (patch) | |
tree | 215d78d9772cc725538bdbf4b69484f8a577572c /services/backup | |
parent | d2ef34d04101da98be587dd5b0455b86de88ed70 (diff) | |
download | frameworks_base-9b8c6d2df35455ce9e67907edded1e4a2ecb9e28.zip frameworks_base-9b8c6d2df35455ce9e67907edded1e4a2ecb9e28.tar.gz frameworks_base-9b8c6d2df35455ce9e67907edded1e4a2ecb9e28.tar.bz2 |
Backport of backup transport whitelist
Sysconfig define a whitelist of permitted backup transports
Previously any apk bundled in priv-app could insert a backup transport.
Reduce risk surface by giving the OEM explicit control over who is
allowed to handle backup data.
Bug 28406080
Backport of 494df791728f4d42d67e935c327910975993ad29 from N
Change-Id: I9f90e324169a68720d608f74754d284a7e59cf87
Diffstat (limited to 'services/backup')
-rw-r--r-- | services/backup/java/com/android/server/backup/BackupManagerService.java | 33 |
1 files changed, 26 insertions, 7 deletions
diff --git a/services/backup/java/com/android/server/backup/BackupManagerService.java b/services/backup/java/com/android/server/backup/BackupManagerService.java index 12003e2..30d90af 100644 --- a/services/backup/java/com/android/server/backup/BackupManagerService.java +++ b/services/backup/java/com/android/server/backup/BackupManagerService.java @@ -80,7 +80,9 @@ import android.os.storage.StorageManager; import android.provider.Settings; import android.system.ErrnoException; import android.system.Os; +import android.text.TextUtils; import android.util.ArrayMap; +import android.util.ArraySet; import android.util.AtomicFile; import android.util.EventLog; import android.util.Log; @@ -93,6 +95,7 @@ import com.android.internal.backup.IBackupTransport; import com.android.internal.backup.IObbBackupService; import com.android.server.AppWidgetBackupBridge; import com.android.server.EventLogTags; +import com.android.server.SystemConfig; import com.android.server.SystemService; import com.android.server.backup.PackageManagerBackupAgent.Metadata; @@ -300,6 +303,7 @@ public class BackupManagerService { volatile boolean mClearingData; // Transport bookkeeping + final ArraySet<ComponentName> mTransportWhitelist; final Intent mTransportServiceIntent = new Intent(SERVICE_ACTION_TRANSPORT_HOST); final ArrayMap<String,String> mTransportNames = new ArrayMap<String,String>(); // component name -> registration name @@ -1084,11 +1088,15 @@ public class BackupManagerService { // Set up our transport options and initialize the default transport // TODO: Don't create transports that we don't need to? - mCurrentTransport = Settings.Secure.getString(context.getContentResolver(), + SystemConfig systemConfig = SystemConfig.getInstance(); + mTransportWhitelist = systemConfig.getBackupTransportWhitelist(); + + String transport = Settings.Secure.getString(context.getContentResolver(), Settings.Secure.BACKUP_TRANSPORT); - if ("".equals(mCurrentTransport)) { - mCurrentTransport = null; + if (TextUtils.isEmpty(transport)) { + transport = null; } + mCurrentTransport = transport; if (DEBUG) Slog.v(TAG, "Starting with transport " + mCurrentTransport); // Find all transport hosts and bind to their services @@ -1099,11 +1107,11 @@ public class BackupManagerService { } if (hosts != null) { for (int i = 0; i < hosts.size(); i++) { - final ServiceInfo transport = hosts.get(i).serviceInfo; + final ServiceInfo transportService = hosts.get(i).serviceInfo; if (MORE_DEBUG) { - Slog.v(TAG, " " + transport.packageName + "/" + transport.name); + Slog.v(TAG, " " + transportService.packageName + "/" + transportService.name); } - tryBindTransport(transport); + tryBindTransport(transportService); } } @@ -1983,7 +1991,12 @@ public class BackupManagerService { // Actually bind; presumes that we have already validated the transport service boolean bindTransport(ServiceInfo transport) { ComponentName svcName = new ComponentName(transport.packageName, transport.name); - if (MORE_DEBUG) { + if (!mTransportWhitelist.contains(svcName)) { + Slog.w(TAG, "Proposed transport " + svcName + " not whitelisted; ignoring"); + return false; + } + + if (DEBUG) { Slog.i(TAG, "Binding to transport host " + svcName); } Intent intent = new Intent(mTransportServiceIntent); @@ -9636,6 +9649,12 @@ if (MORE_DEBUG) Slog.v(TAG, " + got " + nRead + "; now wanting " + (size - soF + " (now = " + System.currentTimeMillis() + ')'); pw.println(" next scheduled: " + KeyValueBackupJob.nextScheduled()); + pw.println("Transport whitelist:"); + for (ComponentName transport : mTransportWhitelist) { + pw.print(" "); + pw.println(transport.flattenToShortString()); + } + pw.println("Available transports:"); final String[] transports = listAllTransports(); if (transports != null) { |