Ensure install-during-restore is like install-then-restore
When we've installed an apk from the archive, recheck whether
to apply the system-uid policy restrictions around file system
restores.
Bug 8833099
(cherry picked from commit 2baf6dcfcf7fc1705db25e64dc0cb11fa3509d39)
Change-Id: I972fe1543f2234aa76baf562d6f806175ac0248e
diff --git a/services/java/com/android/server/BackupManagerService.java b/services/java/com/android/server/BackupManagerService.java
index 1f3f172b..5fff8fd 100644
--- a/services/java/com/android/server/BackupManagerService.java
+++ b/services/java/com/android/server/BackupManagerService.java
@@ -3583,7 +3583,16 @@
} else {
// So far so good -- do the signatures match the manifest?
Signature[] sigs = mManifestSignatures.get(info.packageName);
- if (!signaturesMatch(sigs, pkg)) {
+ if (signaturesMatch(sigs, pkg)) {
+ // If this is a system-uid app without a declared backup agent,
+ // don't restore any of the file data.
+ if ((pkg.applicationInfo.uid < Process.FIRST_APPLICATION_UID)
+ && (pkg.applicationInfo.backupAgentName == null)) {
+ Slog.w(TAG, "Installed app " + info.packageName
+ + " has restricted uid and no agent");
+ okay = false;
+ }
+ } else {
Slog.w(TAG, "Installed app " + info.packageName
+ " signatures do not match restore manifest");
okay = false;