Merge "Sysconfig define a whitelist of permitted backup transports" into nyc-dev
am: 11d9586117
* commit '11d9586117e983e36b2467bcb436200268cd0933':
Sysconfig define a whitelist of permitted backup transports
Change-Id: I5987e96ea1d2668037a7f924ad3ee6b5fa96bda8
This commit is contained in:
Christopher Tate
@@ -119,6 +119,9 @@ public class SystemConfig {
|
||||
// These are the components that are enabled by default as VR mode listener services.
|
||||
final ArraySet<ComponentName> mDefaultVrComponents = new ArraySet<>();
|
||||
|
||||
// These are the permitted backup transport service components
|
||||
final ArraySet<ComponentName> mBackupTransportWhitelist = new ArraySet<>();
|
||||
|
||||
public static SystemConfig getInstance() {
|
||||
synchronized (SystemConfig.class) {
|
||||
if (sInstance == null) {
|
||||
@@ -176,6 +179,10 @@ public class SystemConfig {
|
||||
return mDefaultVrComponents;
|
||||
}
|
||||
|
||||
public ArraySet<ComponentName> getBackupTransportWhitelist() {
|
||||
return mBackupTransportWhitelist;
|
||||
}
|
||||
|
||||
SystemConfig() {
|
||||
// Read configuration from system
|
||||
readPermissions(Environment.buildPath(
|
||||
@@ -452,6 +459,23 @@ public class SystemConfig {
|
||||
mDefaultVrComponents.add(new ComponentName(pkgname, clsname));
|
||||
}
|
||||
XmlUtils.skipCurrentTag(parser);
|
||||
} else if ("backup-transport-whitelisted-service".equals(name) && allowFeatures) {
|
||||
String serviceName = parser.getAttributeValue(null, "service");
|
||||
if (serviceName == null) {
|
||||
Slog.w(TAG, "<backup-transport-whitelisted-service> without service in "
|
||||
+ permFile + " at " + parser.getPositionDescription());
|
||||
} else {
|
||||
ComponentName cn = ComponentName.unflattenFromString(serviceName);
|
||||
if (cn == null) {
|
||||
Slog.w(TAG,
|
||||
"<backup-transport-whitelisted-service> with invalid service name "
|
||||
+ serviceName + " in "+ permFile
|
||||
+ " at " + parser.getPositionDescription());
|
||||
} else {
|
||||
mBackupTransportWhitelist.add(cn);
|
||||
}
|
||||
}
|
||||
XmlUtils.skipCurrentTag(parser);
|
||||
} else {
|
||||
XmlUtils.skipCurrentTag(parser);
|
||||
continue;
|
||||
|
||||
@@ -85,7 +85,9 @@ import android.os.storage.StorageManager;
|
||||
import android.provider.Settings;
|
||||
import android.system.ErrnoException;
|
||||
import android.system.Os;
|
||||
import android.text.TextUtils;
|
||||
import android.util.ArrayMap;
|
||||
import android.util.ArraySet;
|
||||
import android.util.AtomicFile;
|
||||
import android.util.EventLog;
|
||||
import android.util.Log;
|
||||
@@ -99,6 +101,7 @@ import com.android.internal.backup.IBackupTransport;
|
||||
import com.android.internal.backup.IObbBackupService;
|
||||
import com.android.server.AppWidgetBackupBridge;
|
||||
import com.android.server.EventLogTags;
|
||||
import com.android.server.SystemConfig;
|
||||
import com.android.server.SystemService;
|
||||
import com.android.server.backup.PackageManagerBackupAgent.Metadata;
|
||||
|
||||
@@ -318,6 +321,7 @@ public class BackupManagerService {
|
||||
volatile boolean mClearingData;
|
||||
|
||||
// Transport bookkeeping
|
||||
final ArraySet<ComponentName> mTransportWhitelist;
|
||||
final Intent mTransportServiceIntent = new Intent(SERVICE_ACTION_TRANSPORT_HOST);
|
||||
final ArrayMap<String,String> mTransportNames
|
||||
= new ArrayMap<String,String>(); // component name -> registration name
|
||||
@@ -1168,11 +1172,15 @@ public class BackupManagerService {
|
||||
|
||||
// Set up our transport options and initialize the default transport
|
||||
// TODO: Don't create transports that we don't need to?
|
||||
mCurrentTransport = Settings.Secure.getString(context.getContentResolver(),
|
||||
SystemConfig systemConfig = SystemConfig.getInstance();
|
||||
mTransportWhitelist = systemConfig.getBackupTransportWhitelist();
|
||||
|
||||
String transport = Settings.Secure.getString(context.getContentResolver(),
|
||||
Settings.Secure.BACKUP_TRANSPORT);
|
||||
if ("".equals(mCurrentTransport)) {
|
||||
mCurrentTransport = null;
|
||||
if (TextUtils.isEmpty(transport)) {
|
||||
transport = null;
|
||||
}
|
||||
mCurrentTransport = transport;
|
||||
if (DEBUG) Slog.v(TAG, "Starting with transport " + mCurrentTransport);
|
||||
|
||||
// Find all transport hosts and bind to their services
|
||||
@@ -1184,11 +1192,11 @@ public class BackupManagerService {
|
||||
}
|
||||
if (hosts != null) {
|
||||
for (int i = 0; i < hosts.size(); i++) {
|
||||
final ServiceInfo transport = hosts.get(i).serviceInfo;
|
||||
final ServiceInfo transportService = hosts.get(i).serviceInfo;
|
||||
if (MORE_DEBUG) {
|
||||
Slog.v(TAG, " " + transport.packageName + "/" + transport.name);
|
||||
Slog.v(TAG, " " + transportService.packageName + "/" + transportService.name);
|
||||
}
|
||||
tryBindTransport(transport);
|
||||
tryBindTransport(transportService);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -2082,6 +2090,11 @@ public class BackupManagerService {
|
||||
// Actually bind; presumes that we have already validated the transport service
|
||||
boolean bindTransport(ServiceInfo transport) {
|
||||
ComponentName svcName = new ComponentName(transport.packageName, transport.name);
|
||||
if (!mTransportWhitelist.contains(svcName)) {
|
||||
Slog.w(TAG, "Proposed transport " + svcName + " not whitelisted; ignoring");
|
||||
return false;
|
||||
}
|
||||
|
||||
if (MORE_DEBUG) {
|
||||
Slog.i(TAG, "Binding to transport host " + svcName);
|
||||
}
|
||||
@@ -10271,6 +10284,12 @@ if (MORE_DEBUG) Slog.v(TAG, " + got " + nRead + "; now wanting " + (size - soF
|
||||
+ " (now = " + System.currentTimeMillis() + ')');
|
||||
pw.println(" next scheduled: " + KeyValueBackupJob.nextScheduled());
|
||||
|
||||
pw.println("Transport whitelist:");
|
||||
for (ComponentName transport : mTransportWhitelist) {
|
||||
pw.print(" ");
|
||||
pw.println(transport.flattenToShortString());
|
||||
}
|
||||
|
||||
pw.println("Available transports:");
|
||||
final String[] transports = listAllTransports();
|
||||
if (transports != null) {
|
||||
|
||||
Reference in New Issue
Block a user