Backport of backup transport whitelist

Sysconfig define a whitelist of permitted backup transports Previously any apk bundled in priv-app could insert a backup transport. Reduce risk surface by giving the OEM explicit control over who is allowed to handle backup data. Bug 28406080 Backport of 494df791728f4d42d67e935c327910975993ad29 from N Change-Id: I9f90e324169a68720d608f74754d284a7e59cf87
author: Christopher Tate <ctate@google.com> 2016-05-20 15:29:31 -0700
committer: The Android Automerger <android-build@google.com> 2016-05-27 11:31:18 -0700
commit: 9b8c6d2df35455ce9e67907edded1e4a2ecb9e28 (patch)
tree: 215d78d9772cc725538bdbf4b69484f8a577572c /services/core
parent: d2ef34d04101da98be587dd5b0455b86de88ed70 (diff)
download: frameworks_base-9b8c6d2df35455ce9e67907edded1e4a2ecb9e28.zip
frameworks_base-9b8c6d2df35455ce9e67907edded1e4a2ecb9e28.tar.gz
frameworks_base-9b8c6d2df35455ce9e67907edded1e4a2ecb9e28.tar.bz2
1 files changed, 25 insertions, 0 deletions
diff --git a/services/core/java/com/android/server/SystemConfig.java b/services/core/java/com/android/server/SystemConfig.java
index cd61347..7ef3e12 100644
--- a/services/core/java/com/android/server/SystemConfig.java
+++ b/services/core/java/com/android/server/SystemConfig.java
@@ -17,6 +17,7 @@
 package com.android.server;
 
 import android.app.ActivityManager;
+import android.content.ComponentName;
 import android.content.pm.FeatureInfo;
 import android.os.*;
 import android.os.Process;
@@ -99,6 +100,9 @@ public class SystemConfig {
     // URL-handling state upon factory reset.
     final ArraySet<String> mLinkedApps = new ArraySet<>();
 
+    // These are the permitted backup transport service components
+    final ArraySet<ComponentName> mBackupTransportWhitelist = new ArraySet<>();
+
     public static SystemConfig getInstance() {
         synchronized (SystemConfig.class) {
             if (sInstance == null) {
@@ -144,6 +148,10 @@ public class SystemConfig {
         return mLinkedApps;
     }
 
+    public ArraySet<ComponentName> getBackupTransportWhitelist() {
+        return mBackupTransportWhitelist;
+    }
+
     SystemConfig() {
         // Read configuration from system
         readPermissions(Environment.buildPath(
@@ -380,6 +388,23 @@ public class SystemConfig {
                         mLinkedApps.add(pkgname);
                     }
                     XmlUtils.skipCurrentTag(parser);
+                } else if ("backup-transport-whitelisted-service".equals(name)) {
+                    String serviceName = parser.getAttributeValue(null, "service");
+                    if (serviceName == null) {
+                        Slog.w(TAG, "<backup-transport-whitelisted-service> without service in "
+                                + permFile + " at " + parser.getPositionDescription());
+                    } else {
+                        ComponentName cn = ComponentName.unflattenFromString(serviceName);
+                        if (cn == null) {
+                            Slog.w(TAG,
+                                    "<backup-transport-whitelisted-service> with invalid service name "
+                                    + serviceName + " in "+ permFile
+                                    + " at " + parser.getPositionDescription());
+                        } else {
+                            mBackupTransportWhitelist.add(cn);
+                        }
+                    }
+                    XmlUtils.skipCurrentTag(parser);
 
                 } else {
                     XmlUtils.skipCurrentTag(parser);
author	Christopher Tate <ctate@google.com>	2016-05-20 15:29:31 -0700
committer	The Android Automerger <android-build@google.com>	2016-05-27 11:31:18 -0700
commit	9b8c6d2df35455ce9e67907edded1e4a2ecb9e28 (patch)
tree	215d78d9772cc725538bdbf4b69484f8a577572c /services/core
parent	d2ef34d04101da98be587dd5b0455b86de88ed70 (diff)
download	frameworks_base-9b8c6d2df35455ce9e67907edded1e4a2ecb9e28.zip frameworks_base-9b8c6d2df35455ce9e67907edded1e4a2ecb9e28.tar.gz frameworks_base-9b8c6d2df35455ce9e67907edded1e4a2ecb9e28.tar.bz2