From ffe0a803f8e9546a0dbf6c82d6089ac0eee32ddb Mon Sep 17 00:00:00 2001 From: Christopher Tate Date: Sun, 8 Sep 2013 15:41:32 -0700 Subject: Fix permission checks around setBackupEnabled() ...by making sure to drop binder identity before writing our new state to secure settings etc. Bug 10506933 Change-Id: I00505cc5215c8fe5f30f2f35698b30645fe14c87 --- .../com/android/server/BackupManagerService.java | 68 ++++++++++++---------- 1 file changed, 37 insertions(+), 31 deletions(-) diff --git a/services/java/com/android/server/BackupManagerService.java b/services/java/com/android/server/BackupManagerService.java index ad9192a570ca..c4eb7a433d3a 100644 --- a/services/java/com/android/server/BackupManagerService.java +++ b/services/java/com/android/server/BackupManagerService.java @@ -5358,47 +5358,53 @@ class BackupManagerService extends IBackupManager.Stub { } // Enable/disable the backup service + @Override public void setBackupEnabled(boolean enable) { mContext.enforceCallingOrSelfPermission(android.Manifest.permission.BACKUP, "setBackupEnabled"); Slog.i(TAG, "Backup enabled => " + enable); - boolean wasEnabled = mEnabled; - synchronized (this) { - Settings.Secure.putInt(mContext.getContentResolver(), - Settings.Secure.BACKUP_ENABLED, enable ? 1 : 0); - mEnabled = enable; - } + long oldId = Binder.clearCallingIdentity(); + try { + boolean wasEnabled = mEnabled; + synchronized (this) { + Settings.Secure.putInt(mContext.getContentResolver(), + Settings.Secure.BACKUP_ENABLED, enable ? 1 : 0); + mEnabled = enable; + } - synchronized (mQueueLock) { - if (enable && !wasEnabled && mProvisioned) { - // if we've just been enabled, start scheduling backup passes - startBackupAlarmsLocked(BACKUP_INTERVAL); - } else if (!enable) { - // No longer enabled, so stop running backups - if (DEBUG) Slog.i(TAG, "Opting out of backup"); - - mAlarmManager.cancel(mRunBackupIntent); - - // This also constitutes an opt-out, so we wipe any data for - // this device from the backend. We start that process with - // an alarm in order to guarantee wakelock states. - if (wasEnabled && mProvisioned) { - // NOTE: we currently flush every registered transport, not just - // the currently-active one. - HashSet allTransports; - synchronized (mTransports) { - allTransports = new HashSet(mTransports.keySet()); - } - // build the set of transports for which we are posting an init - for (String transport : allTransports) { - recordInitPendingLocked(true, transport); + synchronized (mQueueLock) { + if (enable && !wasEnabled && mProvisioned) { + // if we've just been enabled, start scheduling backup passes + startBackupAlarmsLocked(BACKUP_INTERVAL); + } else if (!enable) { + // No longer enabled, so stop running backups + if (DEBUG) Slog.i(TAG, "Opting out of backup"); + + mAlarmManager.cancel(mRunBackupIntent); + + // This also constitutes an opt-out, so we wipe any data for + // this device from the backend. We start that process with + // an alarm in order to guarantee wakelock states. + if (wasEnabled && mProvisioned) { + // NOTE: we currently flush every registered transport, not just + // the currently-active one. + HashSet allTransports; + synchronized (mTransports) { + allTransports = new HashSet(mTransports.keySet()); + } + // build the set of transports for which we are posting an init + for (String transport : allTransports) { + recordInitPendingLocked(true, transport); + } + mAlarmManager.set(AlarmManager.RTC_WAKEUP, System.currentTimeMillis(), + mRunInitIntent); } - mAlarmManager.set(AlarmManager.RTC_WAKEUP, System.currentTimeMillis(), - mRunInitIntent); } } + } finally { + Binder.restoreCallingIdentity(oldId); } } -- cgit v1.2.3-59-g8ed1b