diff options
| -rw-r--r-- | services/java/com/android/server/BackupManagerService.java | 22 |
1 files changed, 20 insertions, 2 deletions
diff --git a/services/java/com/android/server/BackupManagerService.java b/services/java/com/android/server/BackupManagerService.java index 47426368e6df..0d2590c58e12 100644 --- a/services/java/com/android/server/BackupManagerService.java +++ b/services/java/com/android/server/BackupManagerService.java @@ -850,8 +850,26 @@ class BackupManagerService extends IBackupManager.Stub { // a backup pass for each of them. Log.d(TAG, "dataChanged packageName=" + packageName); - - HashSet<ApplicationInfo> targets = mBackupParticipants.get(Binder.getCallingUid()); + + // If the caller does not hold the BACKUP permission, it can only request a + // backup of its own data. + HashSet<ApplicationInfo> targets; + if ((mContext.checkPermission("android.permission.BACKUP", Binder.getCallingPid(), + Binder.getCallingUid())) == PackageManager.PERMISSION_DENIED) { + targets = mBackupParticipants.get(Binder.getCallingUid()); + } else { + // a caller with full permission can ask to back up any participating app + // !!! TODO: allow backup of ANY app? + if (DEBUG) Log.v(TAG, "Privileged caller, allowing backup of other apps"); + targets = new HashSet<ApplicationInfo>(); + int N = mBackupParticipants.size(); + for (int i = 0; i < N; i++) { + HashSet<ApplicationInfo> s = mBackupParticipants.valueAt(i); + if (s != null) { + targets.addAll(s); + } + } + } if (targets != null) { synchronized (mQueueLock) { // Note that this client has made data changes that need to be backed up |