Move per-user state initialization (directories for bookkeeping data and
transport manager) from BMS to UserBMS.
The UserBMS constructor is now private and callers should use the static
helper to create a new instance. This is primarily for three reasons:
1) Allows for extracting logic out of the constructor into helpers.
2) Allows for performing necessary user-specific setup in the future
such as data migration.
3) Allows for writing unit tests without having setters/getters
exclusively for tests.
Bug: 120212806
Test: 1) atest RunFrameworksServicesRoboTests
2) boot -> unlock user -> service started and verify transports
registered
3) adb shell bmgr backupnow [package] -> writes to /data dir
adb shell bmgr enable false -> writes to /data dir
4) adb shell bmgr backupnow --all -> writes to /cache dir
Change-Id: If88d95059951dbae0abf691629db1a05d27f743d
Part of prep work to create a UserBMS instance per user.
Moves BMS state initialization to the BMS constructor. Most of this
state will then be moved to the UserBMS constructor since it's per-user
state.
Bug: 120212806
Test: 1) atest RunFrameworksServicesRoboTests
2) atest TrampolineTest
3) boot -> unlock user -> create service
4) adb shell bmgr flows
Change-Id: I140c4db3d5c147e3dd09e590eaf15a9f4d8b3da1
The backup enabled setting BACKUP_ENABLED was deprecated since Android
N and replaced by a file containing enabled state.
Stop migrating this setting for the system user to be able to
consolidate starting the backup service for system and non-system users.
There's been several Android versions since the deprecation that the
chance we need the setting is slim (as devices shouldn't OTA from N to
current). Without the setting, the default would be backup off (absence
of file) which can then be enabled again via SUW or Settings.
Bug: 120212806
Test: 1) boot and unlock system user
2) adb shell bmgr backup [package]; adb shell bmgr restore [package]
3) atest RunFrameworksServicesRoboTests
Change-Id: I6d2b375a9400dffa9f75528d42f36b4af2e14187
Whether the backup service supports multi-user is now configured in a
Global setting: backup_multi_user_enabled
This allows us to develop multi-user support hidden behind a flag. In a
future CL, we'll also gate the types of users we support.
Also create basic infrastructure for starting the service for a newly
unlocked user (currently a no-op).
Bug: 120212806
Test: 1) atest TrampolineTest
2) adb shell settings put global backup_multi_user_enabled 0;
unlock system user -> verify service started;
unlock user 10 -> verify service not started;
3) adb shell settings put global backup_multi_user_enabled 1;
unlock system user -> verify service started;
unlock user 10 -> verify service started;
Change-Id: I048e017cfa6148097cebe2eb2916d1b53c53d3b0
A few additional changes (apart from style and usual dependencies) were needed:
- Dependency on KeyStore was removed (see b/75771701).
- References to internal names were removed or renamed.
- ByteStringUtils is used as a replacement for the Guava bytes-to-hex-string conversions.
- Uses java's Optional rather than Guava's Optional.
- Change to Slog for logging.
- TertiaryKeyRotationTracker.MAX_BACKUPS_UNTIL_TERTIARY_KEY_ROTATION is now a constant rather than a flag.
Bug: 111386661
Test: atest RunFrameworksServicesRoboTests
Change-Id: If9bcfb1f73ba78c278947b8499236bb536e625eb
Restore original naming since UserBackupManagerService is now merged.
Just find and replace, no functionality changes in this CL.
Bug: 118520567
Test: 1) atest RunFrameworksServicesRoboTests
2) atest $(find \
frameworks/base/services/tests/servicestests/src/com/android/server/backup \
-name '*Test.java')
3) adb shell bmgr flows
Change-Id: Ia37997cec93fac9ebb5102edfff9000c9cff4eb1
This change removes remaining ASEC-related logic from the framework in
preparation for install refactoring.
Bug: 109941548
Test: install still works
Change-Id: Ic7322038e45c026bcc59800a5a9fafdbb461021f
BMS is split into GlobalBMS and UserBMS.
UserBMS:
- Core backup/restore implementations and bookkeeping.
- Will be per user in a future CL (only one instance in this CL to limit
scope of changes).
GlobalBMS:
- System service definition, interaction with Trampoline, user-aware
operations.
- Will be renamed back to BMS in a future CL (so BMS history can follow
UserBMS in this CL).
*** Reviewers, please pay attention to the patchset breakdown to better
understand what is a rename/move vs. new changes ***
* Base -> Patchset 2: BMS splits into GlobalBMS and UserBMS (MOVE ONLY)
Patchset 1: Rename BMS -> UserBMS
Patchset 2: Move parts of UserBMS to GlobalBMS
No new functionality, only moving existing code.
* Patchset 2 -> Patchset 3: New functionality for GlobalBMS
- Switch references from BMS to GlobalBMS in Trampoline.java.
- Change the definition of the system service in SystemServer.java to
GlobalBMS.
- Instantiate one instance of UserBMS in GlobalBMS constructor.
- Add all IBackupManager methods, which for now just directly calls the
corresponding method in UserBMS.
* Patchset 3 -> Patchset 4: Migrate usages of BMS in code (RENAME ONLY)
Find and replace, no new functionality.
* Patchset 4 -> Patchset 5: Migrate usages of BMS in tests (RENAME ONLY)
Find and replace, no new functionality.
* Patchset 5 -> Patchset 6: New tests for GlobalBMS
Add tests for all the new IBackupManager methods added (just tests
straight redirection for now).
* Overall: View Patchset 2 -> [Latest Patchset] for new code.
TODO: Modify art-profile with rename
Bug: 118520567
Test: 1) atest RunFrameworksServicesRoboTests
2) atest $(find
frameworks/base/services/tests/servicestests/src/com/android/server/backup
-name '*Test.java')
3) atest GtsBackupHostTestCases
4) atest CtsBackupTestCases
5) atest CtsBackupHostTestCases
6) atest DeviceOwnerTest
7) 'Backup Now' in Settings
8) Cloud and d2d restore in SUW; deferred restore
9) All 'adb shell bmgr' flows
10) adb backup; adb restore
Change-Id: Ib5a5837375fe950bc7d33a5e31cca16b605541f9
Change 1/2. Change 2/2 will setup the class loader namespace for
shared libraries.
This change sets up shared libraries class loaders for applications
and for dexopt.
bug: 111174995
Test: DexoptUtilsTest, device boots
Change-Id: Ie9a2b4eaa85cda59951703433f7a2d03bc12095d
A few additional changes (apart from style and usual dependencies) were needed:
- BackupEncryptionDbHelper now extends SQLiteOpenHelper directly,
implementing relevant methods.
- Dependencies on Guava are replaced by their Java equivalents.
Bug: 111386661
Test: atest RunFrameworksServicesRoboTests
Change-Id: I4566980fc81d6cff5e7012184502e028980512ae
Now that checkstyle runs a preupload hook for frameworks/services, when
we move BMS -> UserBMS, checkstyle will complain of errors because it
sees it as a new file.
This CL just fixes checkstyle complaints (mostly adding javadocs,
variable naming, operand placement, etc.) for BMS so the CL that creates
UserBMS can have as little changes as possible to ease review.
There is no change in functionality in this CL.
Bug: 118520567
Test: atest RunFrameworksServicesRoboTests
Change-Id: I1118d6deef83d1abfbc8fd94883d7d162a4399cb
Part of preparation to extract out user BMS.
Remove unused components:
- Backup traces
- Unused fields
Clean-up work:
- Better organize BMS class structure to be able to separate global vs.
user state. This is purely a move and no functionality has changed:
> static fields, static methods, instance fields, constructor, methods,
private static methods, static inner class (system service definition).
- Add javadoc comments to comply with new checkstyle preupload hook.
Bug: 118520567
Test: 1) atest RunFrameworksServicesRoboTests
2) atest FrameworksServicesTests
Change-Id: I5ac868ff0df0ec007b64d686647d9a676e374e40
Some additional changes (apart from the regular style modifications)
were needed:
- Guava crypto methods are replaced by their javax equivalents.
- Preconditions checks now depend on com.android.util rather than Guava.
Bug: 111386661,116575321
Test: atest RunFrameworksServicesRoboTests
Change-Id: I43f92f1c0fb3acf62469712d8db212f94429116c
Bug: 119299848
Test:
1) atest KeyValueBackupTaskTest
2) Manual:
- Run 'adb shell bmgr init' for the active transport to wipe all backup data
- Run 'adb shell dumpsys backup' and verify string 'Current: 0', i.e. the current token is
set to 0
- Create a test app implementing a BackupAgent that writes no data in onBackup() and
install it on the device
- Run 'adb shell bmgr backupnow --non-incremental <test_app_package>' to initiate a backup,
where --non-incremental flag makes sure PM is not added to the backup queue
- Run 'adb shell dumpsys backup' and verify string 'Current: 0' again
Change-Id: I595bea9874fd84d0c81b32a509c970a1b142872c
Part of prep to make BMS multi-user aware.
Current disable logic:
- Trampoline is a proxy to BMS that enforces system- and policy-imposed
disabling of the backup service (user-configurable disabling is in BMS).
- Backup service can be disabled by system property = permanent disable.
- Backup service can be disabled by a privileged caller like Device
Policy Manager = temporary disable.
In multi-user context:
- The system user is the main actor in creation and disabling of the
backup service.
- BMS is only created when the system user is unlocked -> system user
will always be unlocked first and is always running.
- Device Policy Manager acts on the system user and shuts down backup
mechanism for the whole device -> disable for system user disables for
all users.
- Non-system users have no impact on the creation/disabling of the
backup service.
This CL:
- Clean up and document the above logic.
- Move synchronization on backup suppress file from 'this' to private
lock.
Bug: 118520567
Test: 1) atest TrampolineTest
2) atest DevicePolicyManagerTest
3) Manual:
- Before unlocking system user > service not started
- Unlock system user > service started
Change-Id: I207858bcfd1e0b9de43291bec178066b59c3a7cb
remove unused boolean and make private where possible
Bug: 118605476
Test: 1) atest RunFrameworksServicesRoboTests
2) atest TrampolineTest
3) flashed device and ran:adb shell bmgr backupnow --all
Ended with "Backup finished with result: Success". in logcat, there were
a few Scotty exceptions but those are known and ignorable as they come
from the server
Change-Id: I08fbe494f9268e80e8f16a8f66405ee8a743e9c3
To avoid NPEs. Added tests. This design is not optimal but left any
re-design to be done when we move applyStateTransition() to more upper
levels, which is going to happen when we extract package-backup.
Bug: 117269444
Test: atest FrameworksServicesRoboTests
Test: 1. Set BackupApp to time-out on agent onCreate()
2. adb shell bmgr backupnow --non-incremental
com.google.android.apps.backupapp
3. Verify it doesn't crash
Change-Id: I7a3fd3d3d5a4b5931206564c197edd86b6321933
Some additional changes (apart from style) were needed:
- ChunkOrderingType.java is an @IntDef referencing the possible values
for the ChunkOrderingType enum in the proto.
- EncryptedChunk.java is no longer an AutoValue class.
- Inlined some constants from Guava.
Bug: 111386661,116575321
Test: atest RunFrameworksServicesRoboTests
Change-Id: I7656cae13de0bd918be5016ffb155de4b8fd5f71
Added 2 exceptions:
* TaskException: For what we used to call transport-level failures,
these bring queue processing to a halt.
* AgentException: For failures that happen due to the backup agent, these
only prevent the backup of the current package, still allowing backup
for the remaining packages in the queue.
These are usually thrown deep in the call stack and caught in backupPackage()
(and similarly backupPm()) and run(), the former for clean-up, where
they are re-thrown and the latter for further processing where they are
finally swallowed. The clean-up is more explicit now.
This enabled further refactoring of backupPackage()/backupPm(),
extractAgentData() and sendDataToTransport().
One change that I intend to revisit is reporting to the observer.
Previously we used to detect some exceptional cases and set mStatus
(which doesn't exist anymore) to other more general exceptional case and
then in this general case handling report the success/failure to the observer.
With the new exception-throwing model I changed this and the leaves are
actually responsible for reporting success/failure to the observer (see
changes in the reporter). This is to avoid too many changes in this CL.
I'm entertaining the idea of extracting out package backup as a separate
class and leave only queue-processing and generic bookkeeping to this
class.
Test: atest FrameworksServicesRoboTests
Test: adb shell bmgr backupnow <kv_package>
Change-Id: If3b1da7a5eb939e453f94fad76f5790696d1265a
Includes the proto definition of ChunksMetadata and related classes.
Some additional changes (apart from style) were needed:
- EncryptedChunkOrdering was modified to be a non-AutoValue class, and
tests were added.
- Protos are now read from an InputStream manually, as any protos should not
be used directly in the platform.
- Helper classes are added for reading from ProtoInputStream.
Bug: 111386661,116575321
Test: atest RunFrameworksServicesRoboTests
Change-Id: I8b74ad059d72e305be7817f79f8c61aa50f7b268
Forgot this one in the CL. Also added tests to catch this in presubmit.
Test: atest FrameworksServicesRoboTests
Test: adb shell bmgr backupnow <kv_package> and verify no MORE_DEBUG
logs
Change-Id: I14affca28609bcd855e13fdcc160994c71ed9695
Some changes were needed to the original code:
- Guava's EqualsTester tests are replaced by regular equals tests.
- Guava's primitives.UnsignedBytes.LexicographicalComparator needed to
be copied over, as no corresponding comparator exists in the framework.
Bug: 111386661
Test: atest RunFrameworksServicesRoboTests
Change-Id: I24fef4b47f7777b9be0c2e51f0be48e45b323987
In full backup, we backup additional metadata about the app
(manifest, widget, apk, obb) not specified by the app's backup agent.
This CL extracts these methods out to their own helper (AppMetadataBackupWriter)
and adds unit tests for these methods.
** Note: The backup behavior is the same, only the structure has changed.
Behavioral changes will be done in future CLs. **
What this CL covers:
- Move the backup of this extra app data out of the FullBackupEngine to
separate agent data backup and non-agent data backup.
- Move logic of deciding what data to backup from FullBackupEngine to
FullBackupRunner (where the writer is used).
- Add unit tests for metadata backup.
- Some style fixes/clean up.
Not covered (future CLs):
- Refactoring FullBackupEngine/FullBackupRunner mechanism.
- Streaming backup data directly instead of writing to temporary files.
- Separating out and fixing apk and obb backup.
Bug: 110081582
Test: 1) atest AppDataBackupWriterTest
2) atest RunFrameworksServicesRoboTests
3) atest GtsBackupHostTestCases
4) Verify success for:
- adb shell bmgr backupnow <full backup package>; adb restore 1 <full
backup package>
- adb backup <full backup package>; adb restore
- cloud backup and restore
5) Use local transport and adb backup to inspect manifest and widget data
written and file metadata consistent between runs.
6) Verify compatibility with adb backup -keyvalue manifest
Change-Id: Icb43fd2e0505c2416738ee3ef370b206363fac68
For both key-value and full-backup. This makes the tasks wait for the
quota exceeded call, allowing the agent to complete before being torn
down (as described in bug). Also added a short time-out (3s) in case of
misbehaving agents.
Bug: 68762178
Bug: 110082831
Test: atest FrameworksServicesRoboTests
Test: 1. while true; do atest FullBackupQuotaTest; done
2. Stop after ~50 executions, verify all succeeded.
Test: 1. while true; do atest KeyValueQuotaTest; done
2. Stop after ~50 executions, verify all succeeded.
Test: CtsBackupTestCases
Change-Id: Ib582e75a4d317ab53a6df8cb261966a04ef085fb
And not a success as it used to be.
Bug: 111051813
Bug: 110082831
Test: atest KeyValueBackupTaskTest
Test: 1. BackupApp throwing in onBackup.
2. adb shell bmgr backupnow com.google.android.apps.backupapp
3. Verify logs and that it threw and we did not save backup data for it.
Test: 1. BackupApp not throwing.
2. adb shell bmgr backupnow com.google.android.apps.backupapp
3. Verify logs and that data was sent to transport.
Change-Id: Idb7fe298f64786668989c30cdce53355aeef7277
To do so, had to:
* Remove PM state and put it back into the queue.
* Introduce 'active' boolean in the queue loop, which when false breaks
out of the loop. (This is because the states collapsed into 'keep
going' and 'finish' states.)
* Renamed extractNextAgentData() to backupPackage().
* Queue handling from backupPackage() to run().
* Agent result handling from run to backupPackage().
Bug: 110082831
Test: atest KeyValueBackupTaskTest
Test: adb shell bmgr backupnow <kv_package>
Change-Id: If6efcbf91f10426d3c955b83deb1ecd8e714f79a
Refactor sendDataToTransport():
* Instead of truncating backup data when reading backup data / writing widget
data, consider the IOException a transport-level failure. Added tests for
this.
* Extracted a few methods: validateBackupData(), updateFiles(),
handleTransportStatus().
* Put the if (size > 0) check outside try-catch block.
* Used try-with-resources.
* Clean files in case of transport error, quota exceeded.
Refactor finishTask():
* Extracted triggerTransportInitializationLocked(), assigned queue lock
to private final var in ctor.
* In triggerTransportInitializationLocked() set the status to T_ERROR if
we failed to query the name of the transport.
* Tests for TRANSPORT_NOT_INITIALIZED.
General:
* Small refactors in KVBT.
* Small refactors in test.
Bug: 110082831
Bug: 113311470
Test: adb shell bmgr backupnow <kv_package>
Test: 1. adb shell bmgr backupnow <kv_package>
2. Transport returns T_NOT_INITIALIZED
3. Make sure PM metadata state file is deleted.
Test: atest KeyValueBackupTaskTest
Change-Id: I8d85c24cba6da4fbaf14234e2ce6d8e0699a3eed
Created KeyValueBackupReporter, which includes:
* Logcat (main and event buffers).
* Backup observer.
* Backup manager monitor.
Also removed traces since they weren't very useful. Hopefully this will clear
KVBT of noise and help spot refactor opportunities. Did some small refactors
along w/ it.
Methods are starting to fit in one (big) screen :)
Bug: 110082831
Test: atest KeyValueBackupTaskTest
Test: adb shell bmgr backupnow <kv_package> and verify logs
Test: Kicked-off KV in different scenarios to check logs, this is
tracked in https://docs.google.com/spreadsheets/d/1EcZ61qapj2cW_Yr99gIlQz0QVJ_BQfVc_1dHBor2cOo/edit?usp=sharing
Test: adb shell bmgr backupnow <kv_package> <fb_package>
Verify PFTBT is kicked-off and logs
Change-Id: I1486049861543b5ad558b45cf0e0206532e20632
