diff options
Diffstat (limited to 'services/java/com')
-rw-r--r-- | services/java/com/android/server/BackupManagerService.java | 23 |
1 files changed, 21 insertions, 2 deletions
diff --git a/services/java/com/android/server/BackupManagerService.java b/services/java/com/android/server/BackupManagerService.java index 36dca7d..4eed7fe 100644 --- a/services/java/com/android/server/BackupManagerService.java +++ b/services/java/com/android/server/BackupManagerService.java @@ -31,6 +31,7 @@ import android.content.ServiceConnection; import android.content.pm.ApplicationInfo; import android.content.pm.IPackageDataObserver; import android.content.pm.PackageInfo; +import android.content.pm.PermissionInfo; import android.content.pm.PackageManager.NameNotFoundException; import android.content.pm.PackageManager; import android.content.pm.Signature; @@ -642,9 +643,12 @@ class BackupManagerService extends IBackupManager.Stub { List<PackageInfo> packages = mPackageManager.getInstalledPackages(flags); int N = packages.size(); for (int a = N-1; a >= 0; a--) { - ApplicationInfo app = packages.get(a).applicationInfo; + PackageInfo pkg = packages.get(a); + ApplicationInfo app = pkg.applicationInfo; if (((app.flags&ApplicationInfo.FLAG_ALLOW_BACKUP) == 0) - || app.backupAgentName == null) { + || app.backupAgentName == null + || (mPackageManager.checkPermission(android.Manifest.permission.BACKUP_DATA, + pkg.packageName) != PackageManager.PERMISSION_GRANTED)) { packages.remove(a); } } @@ -899,6 +903,15 @@ class BackupManagerService extends IBackupManager.Stub { for (BackupRequest request : mQueue) { Log.d(TAG, "starting agent for backup of " + request); + // Don't run backup, even if requested, if the target app does not have + // the requisite permission + if (mPackageManager.checkPermission(android.Manifest.permission.BACKUP_DATA, + request.appInfo.packageName) != PackageManager.PERMISSION_GRANTED) { + Log.w(TAG, "Skipping backup of unprivileged package " + + request.appInfo.packageName); + continue; + } + IBackupAgent agent = null; int mode = (request.fullBackup) ? IApplicationThread.BACKUP_MODE_FULL @@ -1287,6 +1300,12 @@ class BackupManagerService extends IBackupManager.Stub { if (DEBUG) Log.d(TAG, "processOneRestore packageName=" + packageName); + // Don't restore to unprivileged packages + if (mPackageManager.checkPermission(android.Manifest.permission.BACKUP_DATA, + packageName) != PackageManager.PERMISSION_GRANTED) { + Log.d(TAG, "Skipping restore of unprivileged package " + packageName); + } + // !!! TODO: get the dirs from the transport File backupDataName = new File(mDataDir, packageName + ".restore"); File newStateName = new File(mStateDir, packageName + ".new"); |