/services/java/com/android/server/BackupManagerService.java
Java | 6288 lines | 4725 code | 698 blank | 865 comment | 1000 complexity | 7a00f18c337f24c4bb4331b40a664d70 MD5 | raw file
- /*
- * Copyright (C) 2009 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
- package com.android.server;
- import android.app.ActivityManagerNative;
- import android.app.AlarmManager;
- import android.app.AppGlobals;
- import android.app.IActivityManager;
- import android.app.IApplicationThread;
- import android.app.IBackupAgent;
- import android.app.PendingIntent;
- import android.app.backup.BackupAgent;
- import android.app.backup.BackupDataOutput;
- import android.app.backup.FullBackup;
- import android.app.backup.RestoreSet;
- import android.app.backup.IBackupManager;
- import android.app.backup.IFullBackupRestoreObserver;
- import android.app.backup.IRestoreObserver;
- import android.app.backup.IRestoreSession;
- import android.content.ActivityNotFoundException;
- import android.content.BroadcastReceiver;
- import android.content.ComponentName;
- import android.content.ContentResolver;
- import android.content.Context;
- import android.content.Intent;
- import android.content.IntentFilter;
- import android.content.ServiceConnection;
- import android.content.pm.ApplicationInfo;
- import android.content.pm.IPackageDataObserver;
- import android.content.pm.IPackageDeleteObserver;
- import android.content.pm.IPackageInstallObserver;
- import android.content.pm.IPackageManager;
- import android.content.pm.PackageInfo;
- import android.content.pm.PackageManager;
- import android.content.pm.ResolveInfo;
- import android.content.pm.ServiceInfo;
- import android.content.pm.Signature;
- import android.content.pm.PackageManager.NameNotFoundException;
- import android.database.ContentObserver;
- import android.net.Uri;
- import android.os.Binder;
- import android.os.Build;
- import android.os.Bundle;
- import android.os.Environment;
- import android.os.Handler;
- import android.os.HandlerThread;
- import android.os.IBinder;
- import android.os.Looper;
- import android.os.Message;
- import android.os.ParcelFileDescriptor;
- import android.os.PowerManager;
- import android.os.Process;
- import android.os.RemoteException;
- import android.os.SELinux;
- import android.os.ServiceManager;
- import android.os.SystemClock;
- import android.os.UserHandle;
- import android.os.WorkSource;
- import android.os.Environment.UserEnvironment;
- import android.os.storage.IMountService;
- import android.provider.Settings;
- import android.util.EventLog;
- import android.util.Log;
- import android.util.Slog;
- import android.util.SparseArray;
- import android.util.StringBuilderPrinter;
- import com.android.internal.backup.BackupConstants;
- import com.android.internal.backup.IBackupTransport;
- import com.android.internal.backup.IObbBackupService;
- import com.android.server.EventLogTags;
- import com.android.server.PackageManagerBackupAgent.Metadata;
- import java.io.BufferedInputStream;
- import java.io.BufferedOutputStream;
- import java.io.ByteArrayOutputStream;
- import java.io.DataInputStream;
- import java.io.DataOutputStream;
- import java.io.EOFException;
- import java.io.File;
- import java.io.FileDescriptor;
- import java.io.FileInputStream;
- import java.io.FileNotFoundException;
- import java.io.FileOutputStream;
- import java.io.IOException;
- import java.io.InputStream;
- import java.io.OutputStream;
- import java.io.PrintWriter;
- import java.io.RandomAccessFile;
- import java.security.InvalidAlgorithmParameterException;
- import java.security.InvalidKeyException;
- import java.security.Key;
- import java.security.NoSuchAlgorithmException;
- import java.security.SecureRandom;
- import java.security.spec.InvalidKeySpecException;
- import java.security.spec.KeySpec;
- import java.text.SimpleDateFormat;
- import java.util.ArrayList;
- import java.util.Arrays;
- import java.util.Date;
- import java.util.HashMap;
- import java.util.HashSet;
- import java.util.List;
- import java.util.Map;
- import java.util.Random;
- import java.util.Set;
- import java.util.concurrent.atomic.AtomicBoolean;
- import java.util.zip.Deflater;
- import java.util.zip.DeflaterOutputStream;
- import java.util.zip.InflaterInputStream;
- import javax.crypto.BadPaddingException;
- import javax.crypto.Cipher;
- import javax.crypto.CipherInputStream;
- import javax.crypto.CipherOutputStream;
- import javax.crypto.IllegalBlockSizeException;
- import javax.crypto.NoSuchPaddingException;
- import javax.crypto.SecretKey;
- import javax.crypto.SecretKeyFactory;
- import javax.crypto.spec.IvParameterSpec;
- import javax.crypto.spec.PBEKeySpec;
- import javax.crypto.spec.SecretKeySpec;
- class BackupManagerService extends IBackupManager.Stub {
- private static final String TAG = "BackupManagerService";
- private static final boolean DEBUG = true;
- private static final boolean MORE_DEBUG = false;
- // Historical and current algorithm names
- static final String PBKDF_CURRENT = "PBKDF2WithHmacSHA1";
- static final String PBKDF_FALLBACK = "PBKDF2WithHmacSHA1And8bit";
- // Name and current contents version of the full-backup manifest file
- static final String BACKUP_MANIFEST_FILENAME = "_manifest";
- static final int BACKUP_MANIFEST_VERSION = 1;
- static final String BACKUP_FILE_HEADER_MAGIC = "ANDROID BACKUP\n";
- static final int BACKUP_FILE_VERSION = 2;
- static final int BACKUP_PW_FILE_VERSION = 2;
- static final boolean COMPRESS_FULL_BACKUPS = true; // should be true in production
- static final String SHARED_BACKUP_AGENT_PACKAGE = "com.android.sharedstoragebackup";
- static final String SERVICE_ACTION_TRANSPORT_HOST = "android.backup.TRANSPORT_HOST";
- // How often we perform a backup pass. Privileged external callers can
- // trigger an immediate pass.
- private static final long BACKUP_INTERVAL = AlarmManager.INTERVAL_HOUR;
- // Random variation in backup scheduling time to avoid server load spikes
- private static final int FUZZ_MILLIS = 5 * 60 * 1000;
- // The amount of time between the initial provisioning of the device and
- // the first backup pass.
- private static final long FIRST_BACKUP_INTERVAL = 12 * AlarmManager.INTERVAL_HOUR;
- // Retry interval for clear/init when the transport is unavailable
- private static final long TRANSPORT_RETRY_INTERVAL = 1 * AlarmManager.INTERVAL_HOUR;
- private static final String RUN_BACKUP_ACTION = "android.app.backup.intent.RUN";
- private static final String RUN_INITIALIZE_ACTION = "android.app.backup.intent.INIT";
- private static final String RUN_CLEAR_ACTION = "android.app.backup.intent.CLEAR";
- private static final int MSG_RUN_BACKUP = 1;
- private static final int MSG_RUN_FULL_BACKUP = 2;
- private static final int MSG_RUN_RESTORE = 3;
- private static final int MSG_RUN_CLEAR = 4;
- private static final int MSG_RUN_INITIALIZE = 5;
- private static final int MSG_RUN_GET_RESTORE_SETS = 6;
- private static final int MSG_TIMEOUT = 7;
- private static final int MSG_RESTORE_TIMEOUT = 8;
- private static final int MSG_FULL_CONFIRMATION_TIMEOUT = 9;
- private static final int MSG_RUN_FULL_RESTORE = 10;
- private static final int MSG_RETRY_INIT = 11;
- private static final int MSG_RETRY_CLEAR = 12;
- // backup task state machine tick
- static final int MSG_BACKUP_RESTORE_STEP = 20;
- static final int MSG_OP_COMPLETE = 21;
- // Timeout interval for deciding that a bind or clear-data has taken too long
- static final long TIMEOUT_INTERVAL = 10 * 1000;
- // Timeout intervals for agent backup & restore operations
- static final long TIMEOUT_BACKUP_INTERVAL = 30 * 1000;
- static final long TIMEOUT_FULL_BACKUP_INTERVAL = 5 * 60 * 1000;
- static final long TIMEOUT_SHARED_BACKUP_INTERVAL = 30 * 60 * 1000;
- static final long TIMEOUT_RESTORE_INTERVAL = 60 * 1000;
- // User confirmation timeout for a full backup/restore operation. It's this long in
- // order to give them time to enter the backup password.
- static final long TIMEOUT_FULL_CONFIRMATION = 60 * 1000;
- private Context mContext;
- private PackageManager mPackageManager;
- IPackageManager mPackageManagerBinder;
- private IActivityManager mActivityManager;
- private PowerManager mPowerManager;
- private AlarmManager mAlarmManager;
- private IMountService mMountService;
- IBackupManager mBackupManagerBinder;
- boolean mEnabled; // access to this is synchronized on 'this'
- boolean mProvisioned;
- boolean mAutoRestore;
- PowerManager.WakeLock mWakelock;
- HandlerThread mHandlerThread;
- BackupHandler mBackupHandler;
- PendingIntent mRunBackupIntent, mRunInitIntent;
- BroadcastReceiver mRunBackupReceiver, mRunInitReceiver;
- // map UIDs to the set of participating packages under that UID
- final SparseArray<HashSet<String>> mBackupParticipants
- = new SparseArray<HashSet<String>>();
- // set of backup services that have pending changes
- class BackupRequest {
- public String packageName;
- BackupRequest(String pkgName) {
- packageName = pkgName;
- }
- public String toString() {
- return "BackupRequest{pkg=" + packageName + "}";
- }
- }
- // Backups that we haven't started yet. Keys are package names.
- HashMap<String,BackupRequest> mPendingBackups
- = new HashMap<String,BackupRequest>();
- // Pseudoname that we use for the Package Manager metadata "package"
- static final String PACKAGE_MANAGER_SENTINEL = "@pm@";
- // locking around the pending-backup management
- final Object mQueueLock = new Object();
- // The thread performing the sequence of queued backups binds to each app's agent
- // in succession. Bind notifications are asynchronously delivered through the
- // Activity Manager; use this lock object to signal when a requested binding has
- // completed.
- final Object mAgentConnectLock = new Object();
- IBackupAgent mConnectedAgent;
- volatile boolean mBackupRunning;
- volatile boolean mConnecting;
- volatile long mLastBackupPass;
- volatile long mNextBackupPass;
- // For debugging, we maintain a progress trace of operations during backup
- static final boolean DEBUG_BACKUP_TRACE = true;
- final List<String> mBackupTrace = new ArrayList<String>();
- // A similar synchronization mechanism around clearing apps' data for restore
- final Object mClearDataLock = new Object();
- volatile boolean mClearingData;
- // Transport bookkeeping
- final HashMap<String,String> mTransportNames
- = new HashMap<String,String>(); // component name -> registration name
- final HashMap<String,IBackupTransport> mTransports
- = new HashMap<String,IBackupTransport>(); // registration name -> binder
- final ArrayList<TransportConnection> mTransportConnections
- = new ArrayList<TransportConnection>();
- String mCurrentTransport;
- ActiveRestoreSession mActiveRestoreSession;
- // Watch the device provisioning operation during setup
- ContentObserver mProvisionedObserver;
- class ProvisionedObserver extends ContentObserver {
- public ProvisionedObserver(Handler handler) {
- super(handler);
- }
- public void onChange(boolean selfChange) {
- final boolean wasProvisioned = mProvisioned;
- final boolean isProvisioned = deviceIsProvisioned();
- // latch: never unprovision
- mProvisioned = wasProvisioned || isProvisioned;
- if (MORE_DEBUG) {
- Slog.d(TAG, "Provisioning change: was=" + wasProvisioned
- + " is=" + isProvisioned + " now=" + mProvisioned);
- }
- synchronized (mQueueLock) {
- if (mProvisioned && !wasProvisioned && mEnabled) {
- // we're now good to go, so start the backup alarms
- if (MORE_DEBUG) Slog.d(TAG, "Now provisioned, so starting backups");
- startBackupAlarmsLocked(FIRST_BACKUP_INTERVAL);
- }
- }
- }
- }
- class RestoreGetSetsParams {
- public IBackupTransport transport;
- public ActiveRestoreSession session;
- public IRestoreObserver observer;
- RestoreGetSetsParams(IBackupTransport _transport, ActiveRestoreSession _session,
- IRestoreObserver _observer) {
- transport = _transport;
- session = _session;
- observer = _observer;
- }
- }
- class RestoreParams {
- public IBackupTransport transport;
- public String dirName;
- public IRestoreObserver observer;
- public long token;
- public PackageInfo pkgInfo;
- public int pmToken; // in post-install restore, the PM's token for this transaction
- public boolean needFullBackup;
- public String[] filterSet;
- RestoreParams(IBackupTransport _transport, String _dirName, IRestoreObserver _obs,
- long _token, PackageInfo _pkg, int _pmToken, boolean _needFullBackup) {
- transport = _transport;
- dirName = _dirName;
- observer = _obs;
- token = _token;
- pkgInfo = _pkg;
- pmToken = _pmToken;
- needFullBackup = _needFullBackup;
- filterSet = null;
- }
- RestoreParams(IBackupTransport _transport, String _dirName, IRestoreObserver _obs,
- long _token, boolean _needFullBackup) {
- transport = _transport;
- dirName = _dirName;
- observer = _obs;
- token = _token;
- pkgInfo = null;
- pmToken = 0;
- needFullBackup = _needFullBackup;
- filterSet = null;
- }
- RestoreParams(IBackupTransport _transport, String _dirName, IRestoreObserver _obs,
- long _token, String[] _filterSet, boolean _needFullBackup) {
- transport = _transport;
- dirName = _dirName;
- observer = _obs;
- token = _token;
- pkgInfo = null;
- pmToken = 0;
- needFullBackup = _needFullBackup;
- filterSet = _filterSet;
- }
- }
- class ClearParams {
- public IBackupTransport transport;
- public PackageInfo packageInfo;
- ClearParams(IBackupTransport _transport, PackageInfo _info) {
- transport = _transport;
- packageInfo = _info;
- }
- }
- class ClearRetryParams {
- public String transportName;
- public String packageName;
- ClearRetryParams(String transport, String pkg) {
- transportName = transport;
- packageName = pkg;
- }
- }
- class FullParams {
- public ParcelFileDescriptor fd;
- public final AtomicBoolean latch;
- public IFullBackupRestoreObserver observer;
- public String curPassword; // filled in by the confirmation step
- public String encryptPassword;
- FullParams() {
- latch = new AtomicBoolean(false);
- }
- }
- class FullBackupParams extends FullParams {
- public boolean includeApks;
- public boolean includeObbs;
- public boolean includeShared;
- public boolean allApps;
- public boolean includeSystem;
- public String[] packages;
- FullBackupParams(ParcelFileDescriptor output, boolean saveApks, boolean saveObbs,
- boolean saveShared, boolean doAllApps, boolean doSystem, String[] pkgList) {
- fd = output;
- includeApks = saveApks;
- includeObbs = saveObbs;
- includeShared = saveShared;
- allApps = doAllApps;
- includeSystem = doSystem;
- packages = pkgList;
- }
- }
- class FullRestoreParams extends FullParams {
- FullRestoreParams(ParcelFileDescriptor input) {
- fd = input;
- }
- }
- // Bookkeeping of in-flight operations for timeout etc. purposes. The operation
- // token is the index of the entry in the pending-operations list.
- static final int OP_PENDING = 0;
- static final int OP_ACKNOWLEDGED = 1;
- static final int OP_TIMEOUT = -1;
- class Operation {
- public int state;
- public BackupRestoreTask callback;
- Operation(int initialState, BackupRestoreTask callbackObj) {
- state = initialState;
- callback = callbackObj;
- }
- }
- final SparseArray<Operation> mCurrentOperations = new SparseArray<Operation>();
- final Object mCurrentOpLock = new Object();
- final Random mTokenGenerator = new Random();
- final SparseArray<FullParams> mFullConfirmations = new SparseArray<FullParams>();
- // Where we keep our journal files and other bookkeeping
- File mBaseStateDir;
- File mDataDir;
- File mJournalDir;
- File mJournal;
- // Backup password, if any, and the file where it's saved. What is stored is not the
- // password text itself; it's the result of a PBKDF2 hash with a randomly chosen (but
- // persisted) salt. Validation is performed by running the challenge text through the
- // same PBKDF2 cycle with the persisted salt; if the resulting derived key string matches
- // the saved hash string, then the challenge text matches the originally supplied
- // password text.
- private final SecureRandom mRng = new SecureRandom();
- private String mPasswordHash;
- private File mPasswordHashFile;
- private int mPasswordVersion;
- private File mPasswordVersionFile;
- private byte[] mPasswordSalt;
- // Configuration of PBKDF2 that we use for generating pw hashes and intermediate keys
- static final int PBKDF2_HASH_ROUNDS = 10000;
- static final int PBKDF2_KEY_SIZE = 256; // bits
- static final int PBKDF2_SALT_SIZE = 512; // bits
- static final String ENCRYPTION_ALGORITHM_NAME = "AES-256";
- // Keep a log of all the apps we've ever backed up, and what the
- // dataset tokens are for both the current backup dataset and
- // the ancestral dataset.
- private File mEverStored;
- HashSet<String> mEverStoredApps = new HashSet<String>();
- static final int CURRENT_ANCESTRAL_RECORD_VERSION = 1; // increment when the schema changes
- File mTokenFile;
- Set<String> mAncestralPackages = null;
- long mAncestralToken = 0;
- long mCurrentToken = 0;
- // Persistently track the need to do a full init
- static final String INIT_SENTINEL_FILE_NAME = "_need_init_";
- HashSet<String> mPendingInits = new HashSet<String>(); // transport names
- // Utility: build a new random integer token
- int generateToken() {
- int token;
- do {
- synchronized (mTokenGenerator) {
- token = mTokenGenerator.nextInt();
- }
- } while (token < 0);
- return token;
- }
- // ----- Asynchronous backup/restore handler thread -----
- private class BackupHandler extends Handler {
- public BackupHandler(Looper looper) {
- super(looper);
- }
- public void handleMessage(Message msg) {
- switch (msg.what) {
- case MSG_RUN_BACKUP:
- {
- mLastBackupPass = System.currentTimeMillis();
- mNextBackupPass = mLastBackupPass + BACKUP_INTERVAL;
- IBackupTransport transport = getTransport(mCurrentTransport);
- if (transport == null) {
- Slog.v(TAG, "Backup requested but no transport available");
- synchronized (mQueueLock) {
- mBackupRunning = false;
- }
- mWakelock.release();
- break;
- }
- // snapshot the pending-backup set and work on that
- ArrayList<BackupRequest> queue = new ArrayList<BackupRequest>();
- File oldJournal = mJournal;
- synchronized (mQueueLock) {
- // Do we have any work to do? Construct the work queue
- // then release the synchronization lock to actually run
- // the backup.
- if (mPendingBackups.size() > 0) {
- for (BackupRequest b: mPendingBackups.values()) {
- queue.add(b);
- }
- if (DEBUG) Slog.v(TAG, "clearing pending backups");
- mPendingBackups.clear();
- // Start a new backup-queue journal file too
- mJournal = null;
- }
- }
- // At this point, we have started a new journal file, and the old
- // file identity is being passed to the backup processing task.
- // When it completes successfully, that old journal file will be
- // deleted. If we crash prior to that, the old journal is parsed
- // at next boot and the journaled requests fulfilled.
- boolean staged = true;
- if (queue.size() > 0) {
- // Spin up a backup state sequence and set it running
- try {
- String dirName = transport.transportDirName();
- PerformBackupTask pbt = new PerformBackupTask(transport, dirName,
- queue, oldJournal);
- Message pbtMessage = obtainMessage(MSG_BACKUP_RESTORE_STEP, pbt);
- sendMessage(pbtMessage);
- } catch (RemoteException e) {
- // unable to ask the transport its dir name -- transient failure, since
- // the above check succeeded. Try again next time.
- Slog.e(TAG, "Transport became unavailable attempting backup");
- staged = false;
- }
- } else {
- Slog.v(TAG, "Backup requested but nothing pending");
- staged = false;
- }
- if (!staged) {
- // if we didn't actually hand off the wakelock, rewind until next time
- synchronized (mQueueLock) {
- mBackupRunning = false;
- }
- mWakelock.release();
- }
- break;
- }
- case MSG_BACKUP_RESTORE_STEP:
- {
- try {
- BackupRestoreTask task = (BackupRestoreTask) msg.obj;
- if (MORE_DEBUG) Slog.v(TAG, "Got next step for " + task + ", executing");
- task.execute();
- } catch (ClassCastException e) {
- Slog.e(TAG, "Invalid backup task in flight, obj=" + msg.obj);
- }
- break;
- }
- case MSG_OP_COMPLETE:
- {
- try {
- BackupRestoreTask task = (BackupRestoreTask) msg.obj;
- task.operationComplete();
- } catch (ClassCastException e) {
- Slog.e(TAG, "Invalid completion in flight, obj=" + msg.obj);
- }
- break;
- }
- case MSG_RUN_FULL_BACKUP:
- {
- // TODO: refactor full backup to be a looper-based state machine
- // similar to normal backup/restore.
- FullBackupParams params = (FullBackupParams)msg.obj;
- PerformFullBackupTask task = new PerformFullBackupTask(params.fd,
- params.observer, params.includeApks, params.includeObbs,
- params.includeShared, params.curPassword, params.encryptPassword,
- params.allApps, params.includeSystem, params.packages, params.latch);
- (new Thread(task)).start();
- break;
- }
- case MSG_RUN_RESTORE:
- {
- RestoreParams params = (RestoreParams)msg.obj;
- Slog.d(TAG, "MSG_RUN_RESTORE observer=" + params.observer);
- PerformRestoreTask task = new PerformRestoreTask(
- params.transport, params.dirName, params.observer,
- params.token, params.pkgInfo, params.pmToken,
- params.needFullBackup, params.filterSet);
- Message restoreMsg = obtainMessage(MSG_BACKUP_RESTORE_STEP, task);
- sendMessage(restoreMsg);
- break;
- }
- case MSG_RUN_FULL_RESTORE:
- {
- // TODO: refactor full restore to be a looper-based state machine
- // similar to normal backup/restore.
- FullRestoreParams params = (FullRestoreParams)msg.obj;
- PerformFullRestoreTask task = new PerformFullRestoreTask(params.fd,
- params.curPassword, params.encryptPassword,
- params.observer, params.latch);
- (new Thread(task)).start();
- break;
- }
- case MSG_RUN_CLEAR:
- {
- ClearParams params = (ClearParams)msg.obj;
- (new PerformClearTask(params.transport, params.packageInfo)).run();
- break;
- }
- case MSG_RETRY_CLEAR:
- {
- // reenqueues if the transport remains unavailable
- ClearRetryParams params = (ClearRetryParams)msg.obj;
- clearBackupData(params.transportName, params.packageName);
- break;
- }
- case MSG_RUN_INITIALIZE:
- {
- HashSet<String> queue;
- // Snapshot the pending-init queue and work on that
- synchronized (mQueueLock) {
- queue = new HashSet<String>(mPendingInits);
- mPendingInits.clear();
- }
- (new PerformInitializeTask(queue)).run();
- break;
- }
- case MSG_RETRY_INIT:
- {
- synchronized (mQueueLock) {
- recordInitPendingLocked(msg.arg1 != 0, (String)msg.obj);
- mAlarmManager.set(AlarmManager.RTC_WAKEUP, System.currentTimeMillis(),
- mRunInitIntent);
- }
- break;
- }
- case MSG_RUN_GET_RESTORE_SETS:
- {
- // Like other async operations, this is entered with the wakelock held
- RestoreSet[] sets = null;
- RestoreGetSetsParams params = (RestoreGetSetsParams)msg.obj;
- try {
- sets = params.transport.getAvailableRestoreSets();
- // cache the result in the active session
- synchronized (params.session) {
- params.session.mRestoreSets = sets;
- }
- if (sets == null) EventLog.writeEvent(EventLogTags.RESTORE_TRANSPORT_FAILURE);
- } catch (Exception e) {
- Slog.e(TAG, "Error from transport getting set list");
- } finally {
- if (params.observer != null) {
- try {
- params.observer.restoreSetsAvailable(sets);
- } catch (RemoteException re) {
- Slog.e(TAG, "Unable to report listing to observer");
- } catch (Exception e) {
- Slog.e(TAG, "Restore observer threw", e);
- }
- }
- // Done: reset the session timeout clock
- removeMessages(MSG_RESTORE_TIMEOUT);
- sendEmptyMessageDelayed(MSG_RESTORE_TIMEOUT, TIMEOUT_RESTORE_INTERVAL);
- mWakelock.release();
- }
- break;
- }
- case MSG_TIMEOUT:
- {
- handleTimeout(msg.arg1, msg.obj);
- break;
- }
- case MSG_RESTORE_TIMEOUT:
- {
- synchronized (BackupManagerService.this) {
- if (mActiveRestoreSession != null) {
- // Client app left the restore session dangling. We know that it
- // can't be in the middle of an actual restore operation because
- // the timeout is suspended while a restore is in progress. Clean
- // up now.
- Slog.w(TAG, "Restore session timed out; aborting");
- post(mActiveRestoreSession.new EndRestoreRunnable(
- BackupManagerService.this, mActiveRestoreSession));
- }
- }
- }
- case MSG_FULL_CONFIRMATION_TIMEOUT:
- {
- synchronized (mFullConfirmations) {
- FullParams params = mFullConfirmations.get(msg.arg1);
- if (params != null) {
- Slog.i(TAG, "Full backup/restore timed out waiting for user confirmation");
- // Release the waiter; timeout == completion
- signalFullBackupRestoreCompletion(params);
- // Remove the token from the set
- mFullConfirmations.delete(msg.arg1);
- // Report a timeout to the observer, if any
- if (params.observer != null) {
- try {
- params.observer.onTimeout();
- } catch (RemoteException e) {
- /* don't care if the app has gone away */
- }
- }
- } else {
- Slog.d(TAG, "couldn't find params for token " + msg.arg1);
- }
- }
- break;
- }
- }
- }
- }
- // ----- Debug-only backup operation trace -----
- void addBackupTrace(String s) {
- if (DEBUG_BACKUP_TRACE) {
- synchronized (mBackupTrace) {
- mBackupTrace.add(s);
- }
- }
- }
- void clearBackupTrace() {
- if (DEBUG_BACKUP_TRACE) {
- synchronized (mBackupTrace) {
- mBackupTrace.clear();
- }
- }
- }
- // ----- Main service implementation -----
- public BackupManagerService(Context context) {
- mContext = context;
- mPackageManager = context.getPackageManager();
- mPackageManagerBinder = AppGlobals.getPackageManager();
- mActivityManager = ActivityManagerNative.getDefault();
- mAlarmManager = (AlarmManager) context.getSystemService(Context.ALARM_SERVICE);
- mPowerManager = (PowerManager) context.getSystemService(Context.POWER_SERVICE);
- mMountService = IMountService.Stub.asInterface(ServiceManager.getService("mount"));
- mBackupManagerBinder = asInterface(asBinder());
- // spin up the backup/restore handler thread
- mHandlerThread = new HandlerThread("backup", Process.THREAD_PRIORITY_BACKGROUND);
- mHandlerThread.start();
- mBackupHandler = new BackupHandler(mHandlerThread.getLooper());
- // Set up our bookkeeping
- final ContentResolver resolver = context.getContentResolver();
- boolean areEnabled = Settings.Secure.getInt(resolver,
- Settings.Secure.BACKUP_ENABLED, 0) != 0;
- mProvisioned = Settings.Global.getInt(resolver,
- Settings.Global.DEVICE_PROVISIONED, 0) != 0;
- mAutoRestore = Settings.Secure.getInt(resolver,
- Settings.Secure.BACKUP_AUTO_RESTORE, 1) != 0;
- mProvisionedObserver = new ProvisionedObserver(mBackupHandler);
- resolver.registerContentObserver(
- Settings.Global.getUriFor(Settings.Global.DEVICE_PROVISIONED),
- false, mProvisionedObserver);
- // If Encrypted file systems is enabled or disabled, this call will return the
- // correct directory.
- mBaseStateDir = new File(Environment.getSecureDataDirectory(), "backup");
- mBaseStateDir.mkdirs();
- if (!SELinux.restorecon(mBaseStateDir)) {
- Slog.e(TAG, "SELinux restorecon failed on " + mBaseStateDir);
- }
- mDataDir = Environment.getDownloadCacheDirectory();
- mPasswordVersion = 1; // unless we hear otherwise
- mPasswordVersionFile = new File(mBaseStateDir, "pwversion");
- if (mPasswordVersionFile.exists()) {
- FileInputStream fin = null;
- DataInputStream in = null;
- try {
- fin = new FileInputStream(mPasswordVersionFile);
- in = new DataInputStream(fin);
- mPasswordVersion = in.readInt();
- } catch (IOException e) {
- Slog.e(TAG, "Unable to read backup pw version");
- } finally {
- try {
- if (in != null) in.close();
- if (fin != null) fin.close();
- } catch (IOException e) {
- Slog.w(TAG, "Error closing pw version files");
- }
- }
- }
- mPasswordHashFile = new File(mBaseStateDir, "pwhash");
- if (mPasswordHashFile.exists()) {
- FileInputStream fin = null;
- DataInputStream in = null;
- try {
- fin = new FileInputStream(mPasswordHashFile);
- in = new DataInputStream(new BufferedInputStream(fin));
- // integer length of the salt array, followed by the salt,
- // then the hex pw hash string
- int saltLen = in.readInt();
- byte[] salt = new byte[saltLen];
- in.readFully(salt);
- mPasswordHash = in.readUTF();
- mPasswordSalt = salt;
- } catch (IOException e) {
- Slog.e(TAG, "Unable to read saved backup pw hash");
- } finally {
- try {
- if (in != null) in.close();
- if (fin != null) fin.close();
- } catch (IOException e) {
- Slog.w(TAG, "Unable to close streams");
- }
- }
- }
- // Alarm receivers for scheduled backups & initialization operations
- mRunBackupReceiver = new RunBackupReceiver();
- IntentFilter filter = new IntentFilter();
- filter.addAction(RUN_BACKUP_ACTION);
- context.registerReceiver(mRunBackupReceiver, filter,
- android.Manifest.permission.BACKUP, null);
- mRunInitReceiver = new RunInitializeReceiver();
- filter = new IntentFilter();
- filter.addAction(RUN_INITIALIZE_ACTION);
- context.registerReceiver(mRunInitReceiver, filter,
- android.Manifest.permission.BACKUP, null);
- Intent backupIntent = new Intent(RUN_BACKUP_ACTION);
- backupIntent.addFlags(Intent.FLAG_RECEIVER_REGISTERED_ONLY);
- mRunBackupIntent = PendingIntent.getBroadcast(context, MSG_RUN_BACKUP, backupIntent, 0);
- Intent initIntent = new Intent(RUN_INITIALIZE_ACTION);
- backupIntent.addFlags(Intent.FLAG_RECEIVER_REGISTERED_ONLY);
- mRunInitIntent = PendingIntent.getBroadcast(context, MSG_RUN_INITIALIZE, initIntent, 0);
- // Set up the backup-request journaling
- mJournalDir = new File(mBaseStateDir, "pending");
- mJournalDir.mkdirs(); // creates mBaseStateDir along the way
- mJournal = null; // will be created on first use
- // Set up the various sorts of package tracking we do
- initPackageTracking();
- // Build our mapping of uid to backup client services. This implicitly
- // schedules a backup pass on the Package Manager metadata the first
- // time anything needs to be backed up.
- synchronized (mBackupParticipants) {
- addPackageParticipantsLocked(null);
- }
- // Set up our transport options and initialize the default transport
- // TODO: Don't create transports that we don't need to?
- mCurrentTransport = Settings.Secure.getString(context.getContentResolver(),
- Settings.Secure.BACKUP_TRANSPORT);
- if ("".equals(mCurrentTransport)) {
- mCurrentTransport = null;
- }
- if (DEBUG) Slog.v(TAG, "Starting with transport " + mCurrentTransport);
- // Find transport hosts and bind to their services
- Intent transportServiceIntent = new Intent(SERVICE_ACTION_TRANSPORT_HOST);
- List<ResolveInfo> hosts = mPackageManager.queryIntentServicesAsUser(
- transportServiceIntent, 0, UserHandle.USER_OWNER);
- if (DEBUG) {
- Slog.v(TAG, "Found transports: " + ((hosts == null) ? "null" : hosts.size()));
- }
- if (hosts != null) {
- if (MORE_DEBUG) {
- for (int i = 0; i < hosts.size(); i++) {
- ServiceInfo info = hosts.get(i).serviceInfo;
- Slog.v(TAG, " " + info.packageName + "/" + info.name);
- }
- }
- for (int i = 0; i < hosts.size(); i++) {
- try {
- ServiceInfo info = hosts.get(i).serviceInfo;
- PackageInfo packInfo = mPackageManager.getPackageInfo(info.packageName, 0);
- if ((packInfo.applicationInfo.flags & ApplicationInfo.FLAG_PRIVILEGED) != 0) {
- ComponentName svcName = new ComponentName(info.packageName, info.name);
- if (DEBUG) {
- Slog.i(TAG, "Binding to transport host " + svcName);
- }
- Intent intent = new Intent(transportServiceIntent);
- intent.setComponent(svcName);
- TransportConnection connection = new TransportConnection();
- mTransportConnections.add(connection);
- context.bindServiceAsUser(intent,
- connection, Context.BIND_AUTO_CREATE,
- UserHandle.OWNER);
- } else {
- Slog.w(TAG, "Transport package not privileged: " + info.packageName);
- }
- } catch (Exception e) {
- Slog.e(TAG, "Problem resolving transport service: " + e.getMessage());
- }
- }
- }
- // Now that we know about valid backup participants, parse any
- // leftover journal files into the pending backup set
- parseLeftoverJournals();
- // Power management
- mWakelock = mPowerManager.newWakeLock(PowerManager.PARTIAL_WAKE_LOCK, "*backup*");
- // Start the backup passes going
- setBackupEnabled(areEnabled);
- }
- private class RunBackupReceiver extends BroadcastReceiver {
- public void onReceive(Context context, Intent intent) {
- if (RUN_BACKUP_ACTION.equals(intent.getAction())) {
- synchronized (mQueueLock) {
- if (mPendingInits.size() > 0) {
- // If there are pending init operations, we process those
- // and then settle into the usual periodic backup schedule.
- if (DEBUG) Slog.v(TAG, "Init pending at scheduled backup");
- try {
- mAlarmManager.cancel(mRunInitIntent);
- mRunInitIntent.send();
- } catch (PendingIntent.CanceledException ce) {
- Slog.e(TAG, "Run init intent cancelled");
- // can't really do more than bail here
- }
- } else {
- // Don't run backups now if we're disabled or not yet
- // fully set up.
- if (mEnabled && mProvisioned) {
- if (!mBackupRunning) {
- if (DEBUG) Slog.v(TAG, "Running a backup pass");
- // Acquire the wakelock and pass it to the backup thread. it will
- // be released once backup concludes.
- mBackupRunning = true;
- mWakelock.acquire();
- Message msg = mBackupHandler.obtainMessage(MSG_RUN_BACKUP);
- mBackupHandler.sendMessage(msg);
- } else {
- Slog.i(TAG, "Backup time but one already running");
- }
- } else {
- Slog.w(TAG, "Backup pass but e=" + mEnabled + " p=" + mProvisioned);
- }
- }
- }
- }
- }
- }
- private class RunInitializeReceiver extends BroadcastReceiver {
- public void onReceive(Context context, Intent intent) {
- if (RUN_INITIALIZE_ACTION.equals(intent.getAction())) {
- synchronized (mQueueLock) {
- if (DEBUG) Slog.v(TAG, "Running a device init");
- // Acquire the wakelock and pass it to the init thread. it will
- // be released once init concludes.
- mWakelock.acquire();
- Message msg = mBackupHandler.obtainMessage(MSG_RUN_INITIALIZE);
- mBackupHandler.sendMessage(msg);
- }
- }
- }
- }
- private void initPackageTracking() {
- if (DEBUG) Slog.v(TAG, "Initializing package tracking");
- // Remember our ancestral dataset
- mTokenFile = new File(mBaseStateDir, "ancestral");
- try {
- RandomAccessFile tf = new RandomAccessFile(mTokenFile, "r");
- int version = tf.readInt();
- if (version == CURRENT_ANCESTRAL_RECORD_VERSION) {
- mAncestralToken = tf.readLong();
- mCurrentToken = tf.readLong();
- int numPackages = tf.readInt();
- if (numPackages >= 0) {
- mAncestralPackages = new HashSet<String>();
- for (int i = 0; i < numPackages; i++) {
- String pkgName = tf.readUTF();
- mAncestralPackages.add(pkgName);
- }
- }
- }
- tf.close();
- } catch (FileNotFoundException fnf) {
- // Probably innocuous
- Slog.v(TAG, "No ancestral data");
- } catch (IOException e) {
- Slog.w(TAG, "Unable to read token file", e);
- }
- // Keep a log of what apps we've ever backed up. Because we might have
- // rebooted in the middle of an operation that was removing something from
- // this log, we sanity-check its contents here and reconstruct it.
- mEverStored = new File(mBaseStateDir, "processed");
- File tempProcessedFile = new File(mBaseStateDir, "processed.new");
- // If we were in the middle of removing something from the ever-backed-up
- // file, there might be a transient "processed.new" file still present.
- // Ignore it -- we'll validate "processed" against the current package set.
- if (tempProcessedFile.exists()) {
- tempProcessedFile.delete();
- }
- // If there are previous contents, parse them out then start a new
- // file to continue the recordkeeping.
- if (mEverStored.exists()) {
- RandomAccessFile temp = null;
- RandomAccessFile in = null;
- try {
- temp = new RandomAccessFile(tempProcessedFile, "rws");
- in = new RandomAccessFile(mEverStored, "r");
- while (true) {
- PackageInfo info;
- String pkg = in.readUTF();
- try {
- info = mPackageManager.getPackageInfo(pkg, 0);
- mEverStoredApps.add(pkg);
- temp.writeUTF(pkg);
- if (MORE_DEBUG) Slog.v(TAG, " + " + pkg);
- } catch (NameNotFoundException e) {
- // nope, this package was uninstalled; don't include it
- if (MORE_DEBUG) Slog.v(TAG, " - " + pkg);
- }
- }
- } catch (EOFException e) {
- // Once we've rewritten the backup history log, atomically replace the
- // old one with the new one then reopen the file for continuing use.
- if (!tempProcessedFile.renameTo(mEverStored)) {
- Slog.e(TAG, "Error renaming " + tempProcessedFile + " to " + mEverStored);
- }
- } catch (IOException e) {
- Slog.e(TAG, "Error in processed file", e);
- } finally {
- try { if (temp != null) temp.close(); } catch (IOException e) {}
- try { if (in != null) in.close(); } catch (IOException e) {}
- }
- }
- // Register for broadcasts about package install, etc., so we can
- // update the provider list.
- IntentFilter filter = new IntentFilter();
- filter.addAction(Intent.ACTION_PACKAGE_ADDED);
- filter.addAction(Intent.ACTION_PACKAGE_REMOVED);
- filter.addDataScheme("package");
- mContext.registerReceiver(mBroadcastReceiver, filter);
- // Register for events related to sdcard installation.
- IntentFilter sdFilter = new IntentFilter();
- sdFilter.addAction(Intent.ACTION_EXTERNAL_APPLICATIONS_AVAILABLE);
- sdFilter.addAction(Intent.ACTION_EXTERNAL_APPLICATIONS_UNAVAILABLE);
- mContext.registerReceiver(mBroadcastReceiver, sdFilter);
- }
- private void parseLeftoverJournals() {
- for (File f : mJournalDir.listFiles()) {
- if (mJournal == null || f.compareTo(mJournal) != 0) {
- // This isn't the current journal, so it must be a leftover. Read
- // out the package names mentioned there and schedule them for
- // backup.
- RandomAccessFile in = null;
- try {
- Slog.i(TAG, "Found stale backup journal, scheduling");
- in = new RandomAccessFile(f, "r");
- while (true) {
- String packageName = in.readUTF();
- Slog.i(TAG, " " + packageName);
- dataChangedImpl(packageName);
- }
- } catch (EOFException e) {
- // no more data; we're done
- } catch (Exception e) {
- Slog.e(TAG, "Can't read " + f, e);
- } finally {
- // close/delete the file
- try { if (in != null) in.close(); } catch (IOException e) {}
- f.delete();
- }
- }
- }
- }
- private SecretKey buildPasswordKey(String algorithm, String pw, byte[] salt, int rounds) {
- return buildCharArrayKey(algorithm, pw.toCharArray(), salt, rounds);
- }
- private SecretKey buildCharArrayKey(String algorithm, char[] pwArray, byte[] salt, int rounds) {
- try {
- SecretKeyFactory keyFactory = SecretKeyFactory.getInstance(algorithm);
- KeySpec ks = new PBEKeySpec(pwArray, salt, rounds, PBKDF2_KEY_SIZE);
- return keyFactory.generateSecret(ks);
- } catch (InvalidKeySpecException e) {
- Slog.e(TAG, "Invalid key spec for PBKDF2!");
- } catch (NoSuchAlgorithmException e) {
- Slog.e(TAG, "PBKDF2 unavailable!");
- }
- return null;
- }
- private String buildPasswordHash(String algorithm, String pw, byte[] salt, int rounds) {
- SecretKey key = buildPasswordKey(algorithm, pw, salt, rounds);
- if (key != null) {
- return byteArrayToHex(key.getEncoded());
- }
- return null;
- }
- private String byteArrayToHex(byte[] data) {
- StringBuilder buf = new StringBuilder(data.length * 2);
- for (int i = 0; i < data.length; i++) {
- buf.append(Byte.toHexString(data[i], true));
- }
- return buf.toString();
- }
- private byte[] hexToByteArray(String digits) {
- final int bytes = digits.length() / 2;
- if (2*bytes != digits.length()) {
- throw new IllegalArgumentException("Hex string must have an even number of digits");
- }
- byte[] result = new byte[bytes];
- for (int i = 0; i < digits.length(); i += 2) {
- result[i/2] = (byte) Integer.parseInt(digits.substring(i, i+2), 16);
- }
- return result;
- }
- private byte[] makeKeyChecksum(String algorithm, byte[] pwBytes, byte[] salt, int rounds) {
- char[] mkAsChar = new char[pwBytes.length];
- for (int i = 0; i < pwBytes.length; i++) {
- mkAsChar[i] = (char) pwBytes[i];
- }
- Key checksum = buildCharArrayKey(algorithm, mkAsChar, salt, rounds);
- return checksum.getEncoded();
- }
- // Used for generating random salts or passwords
- private byte[] randomBytes(int bits) {
- byte[] array = new byte[bits / 8];
- mRng.nextBytes(array);
- return array;
- }
- // Backup password management
- boolean passwordMatchesSaved(String algorithm, String candidatePw, int rounds) {
- // First, on an encrypted device we require matching the device pw
- final boolean isEncrypted;
- try {
- isEncrypted = (mMountService.getEncryptionState() != MountService.ENCRYPTION_STATE_NONE);
- if (isEncrypted) {
- if (DEBUG) {
- Slog.i(TAG, "Device encrypted; verifying against device data pw");
- }
- // 0 means the password validated
- // -2 means device not encrypted
- // Any other result is either password failure or an error condition,
- // so we refuse the match
- final int result = mMountService.verifyEncryptionPassword(candidatePw);
- if (result == 0) {
- if (MORE_DEBUG) Slog.d(TAG, "Pw verifies");
- return true;
- } else if (result != -2) {
- if (MORE_DEBUG) Slog.d(TAG, "Pw mismatch");
- return false;
- } else {
- // ...else the device is supposedly not encrypted. HOWEVER, the
- // query about the encryption state said that the device *is*
- // encrypted, so ... we may have a problem. Log it and refuse
- // the backup.
- Slog.e(TAG, "verified encryption state mismatch against query; no match allowed");
- return false;
- }
- }
- } catch (Exception e) {
- // Something went wrong talking to the mount service. This is very bad;
- // assume that we fail password validation.
- return false;
- }
- if (mPasswordHash == null) {
- // no current password case -- require that 'currentPw' be null or empty
- if (candidatePw == null || "".equals(candidatePw)) {
- return true;
- } // else the non-empty candidate does not match the empty stored pw
- } else {
- // hash the stated current pw and compare to the stored one
- if (candidatePw != null && candidatePw.length() > 0) {
- String currentPwHash = buildPasswordHash(algorithm, candidatePw, mPasswordSalt, rounds);
- if (mPasswordHash.equalsIgnoreCase(currentPwHash)) {
- // candidate hash matches the stored hash -- the password matches
- return true;
- }
- } // else the stored pw is nonempty but the candidate is empty; no match
- }
- return false;
- }
- @Override
- public boolean setBackupPassword(String currentPw, String newPw) {
- mContext.enforceCallingOrSelfPermission(android.Manifest.permission.BACKUP,
- "setBackupPassword");
- // When processing v1 passwords we may need to try two different PBKDF2 checksum regimes
- final boolean pbkdf2Fallback = (mPasswordVersion < BACKUP_PW_FILE_VERSION);
- // If the supplied pw doesn't hash to the the saved one, fail. The password
- // might be caught in the legacy crypto mismatch; verify that too.
- if (!passwordMatchesSaved(PBKDF_CURRENT, currentPw, PBKDF2_HASH_ROUNDS)
- && !(pbkdf2Fallback && passwordMatchesSaved(PBKDF_FALLBACK,
- currentPw, PBKDF2_HASH_ROUNDS))) {
- return false;
- }
- // Snap up to current on the pw file version
- mPasswordVersion = BACKUP_PW_FILE_VERSION;
- FileOutputStream pwFout = null;
- DataOutputStream pwOut = null;
- try {
- pwFout = new FileOutputStream(mPasswordVersionFile);
- pwOut = new DataOutputStream(pwFout);
- pwOut.writeInt(mPasswordVersion);
- } catch (IOException e) {
- Slog.e(TAG, "Unable to write backup pw version; password not changed");
- return false;
- } finally {
- try {
- if (pwOut != null) pwOut.close();
- if (pwFout != null) pwFout.close();
- } catch (IOException e) {
- Slog.w(TAG, "Unable to close pw version record");
- }
- }
- // Clearing the password is okay
- if (newPw == null || newPw.isEmpty()) {
- if (mPasswordHashFile.exists()) {
- if (!mPasswordHashFile.delete()) {
- // Unable to delete the old pw file, so fail
- Slog.e(TAG, "Unable to clear backup password");
- return false;
- }
- }
- mPasswordHash = null;
- mPasswordSalt = null;
- return true;
- }
- try {
- // Okay, build the hash of the new backup password
- byte[] salt = randomBytes(PBKDF2_SALT_SIZE);
- String newPwHash = buildPasswordHash(PBKDF_CURRENT, newPw, salt, PBKDF2_HASH_ROUNDS);
- OutputStream pwf = null, buffer = null;
- DataOutputStream out = null;
- try {
- pwf = new FileOutputStream(mPasswordHashFile);
- buffer = new BufferedOutputStream(pwf);
- out = new DataOutputStream(buffer);
- // integer length of the salt array, followed by the salt,
- // then the hex pw hash string
- out.writeInt(salt.length);
- out.write(salt);
- out.writeUTF(newPwHash);
- out.flush();
- mPasswordHash = newPwHash;
- mPasswordSalt = salt;
- return true;
- } finally {
- if (out != null) out.close();
- if (buffer != null) buffer.close();
- if (pwf != null) pwf.close();
- }
- } catch (IOException e) {
- Slog.e(TAG, "Unable to set backup password");
- }
- return false;
- }
- @Override
- public boolean hasBackupPassword() {
- mContext.enforceCallingOrSelfPermission(android.Manifest.permission.BACKUP,
- "hasBackupPassword");
- try {
- return (mMountService.getEncryptionState() != IMountService.ENCRYPTION_STATE_NONE)
- || (mPasswordHash != null && mPasswordHash.length() > 0);
- } catch (Exception e) {
- // If we can't talk to the mount service we have a serious problem; fail
- // "secure" i.e. assuming that we require a password
- return true;
- }
- }
- private boolean backupPasswordMatches(String currentPw) {
- if (hasBackupPassword()) {
- final boolean pbkdf2Fallback = (mPasswordVersion < BACKUP_PW_FILE_VERSION);
- if (!passwordMatchesSaved(PBKDF_CURRENT, currentPw, PBKDF2_HASH_ROUNDS)
- && !(pbkdf2Fallback && passwordMatchesSaved(PBKDF_FALLBACK,
- currentPw, PBKDF2_HASH_ROUNDS))) {
- if (DEBUG) Slog.w(TAG, "Backup password mismatch; aborting");
- return false;
- }
- }
- return true;
- }
- // Maintain persistent state around whether need to do an initialize operation.
- // Must be called with the queue lock held.
- void recordInitPendingLocked(boolean isPending, String transportName) {
- if (DEBUG) Slog.i(TAG, "recordInitPendingLocked: " + isPending
- + " on transport " + transportName);
- mBackupHandler.removeMessages(MSG_RETRY_INIT);
- try {
- IBackupTransport transport = getTransport(transportName);
- if (transport != null) {
- String transportDirName = transport.transportDirName();
- File stateDir = new File(mBaseStateDir, transportDirName);
- File initPendingFile = new File(stateDir, INIT_SENTINEL_FILE_NAME);
- if (isPending) {
- // We need an init before we can proceed with sending backup data.
- // Record that with an entry in our set of pending inits, as well as
- // journaling it via creation of a sentinel file.
- mPendingInits.add(transportName);
- try {
- (new FileOutputStream(initPendingFile)).close();
- } catch (IOException ioe) {
- // Something is badly wrong with our permissions; just try to move on
- }
- } else {
- // No more initialization needed; wipe the journal and reset our state.
- initPendingFile.delete();
- mPendingInits.remove(transportName);
- }
- return; // done; don't fall through to the error case
- }
- } catch (RemoteException e) {
- // transport threw when asked its name; fall through to the lookup-failed case
- }
- // The named transport doesn't exist or threw. This operation is
- // important, so we record the need for a an init and post a message
- // to retry the init later.
- if (isPending) {
- mPendingInits.add(transportName);
- mBackupHandler.sendMessageDelayed(
- mBackupHandler.obtainMessage(MSG_RETRY_INIT,
- (isPending ? 1 : 0),
- 0,
- transportName),
- TRANSPORT_RETRY_INTERVAL);
- }
- }
- // Reset all of our bookkeeping, in response to having been told that
- // the backend data has been wiped [due to idle expiry, for example],
- // so we must re-upload all saved settings.
- void resetBackupState(File stateFileDir) {
- synchronized (mQueueLock) {
- // Wipe the "what we've ever backed up" tracking
- mEverStoredApps.clear();
- mEverStored.delete();
- mCurrentToken = 0;
- writeRestoreTokens();
- // Remove all the state files
- for (File sf : stateFileDir.listFiles()) {
- // ... but don't touch the needs-init sentinel
- if (!sf.getName().equals(INIT_SENTINEL_FILE_NAME)) {
- sf.delete();
- }
- }
- }
- // Enqueue a new backup of every participant
- synchronized (mBackupParticipants) {
- final int N = mBackupParticipants.size();
- for (int i=0; i<N; i++) {
- HashSet<String> participants = mBackupParticipants.valueAt(i);
- if (participants != null) {
- for (String packageName : participants) {
- dataChangedImpl(packageName);
- }
- }
- }
- }
- }
- // Add a transport to our set of available backends. If 'transport' is null, this
- // is an unregistration, and the transport's entry is removed from our bookkeeping.
- private void registerTransport(String name, String component, IBackupTransport transport) {
- synchronized (mTransports) {
- if (DEBUG) Slog.v(TAG, "Registering transport "
- + component + "::" + name + " = " + transport);
- if (transport != null) {
- mTransports.put(name, transport);
- mTransportNames.put(component, name);
- } else {
- mTransports.remove(mTransportNames.get(component));
- mTransportNames.remove(component);
- // Nothing further to do in the unregistration case
- return;
- }
- }
- // If the init sentinel file exists, we need to be sure to perform the init
- // as soon as practical. We also create the state directory at registration
- // time to ensure it's present from the outset.
- try {
- String transportName = transport.transportDirName();
- File stateDir = new File(mBaseStateDir, transportName);
- stateDir.mkdirs();
- File initSentinel = new File(stateDir, INIT_SENTINEL_FILE_NAME);
- if (initSentinel.exists()) {
- synchronized (mQueueLock) {
- mPendingInits.add(transportName);
- // TODO: pick a better starting time than now + 1 minute
- long delay = 1000 * 60; // one minute, in milliseconds
- mAlarmManager.set(AlarmManager.RTC_WAKEUP,
- System.currentTimeMillis() + delay, mRunInitIntent);
- }
- }
- } catch (RemoteException e) {
- // the transport threw when asked its file naming prefs; declare it invalid
- Slog.e(TAG, "Unable to register transport as " + name);
- mTransportNames.remove(component);
- mTransports.remove(name);
- }
- }
- // ----- Track installation/removal of packages -----
- BroadcastReceiver mBroadcastReceiver = new BroadcastReceiver() {
- public void onReceive(Context context, Intent intent) {
- if (DEBUG) Slog.d(TAG, "Received broadcast " + intent);
- String action = intent.getAction();
- boolean replacing = false;
- boolean added = false;
- Bundle extras = intent.getExtras();
- String pkgList[] = null;
- if (Intent.ACTION_PACKAGE_ADDED.equals(action) ||
- Intent.ACTION_PACKAGE_REMOVED.equals(action)) {
- Uri uri = intent.getData();
- if (uri == null) {
- return;
- }
- String pkgName = uri.getSchemeSpecificPart();
- if (pkgName != null) {
- pkgList = new String[] { pkgName };
- }
- added = Intent.ACTION_PACKAGE_ADDED.equals(action);
- replacing = extras.getBoolean(Intent.EXTRA_REPLACING, false);
- } else if (Intent.ACTION_EXTERNAL_APPLICATIONS_AVAILABLE.equals(action)) {
- added = true;
- pkgList = intent.getStringArrayExtra(Intent.EXTRA_CHANGED_PACKAGE_LIST);
- } else if (Intent.ACTION_EXTERNAL_APPLICATIONS_UNAVAILABLE.equals(action)) {
- added = false;
- pkgList = intent.getStringArrayExtra(Intent.EXTRA_CHANGED_PACKAGE_LIST);
- }
- if (pkgList == null || pkgList.length == 0) {
- return;
- }
- final int uid = extras.getInt(Intent.EXTRA_UID);
- if (added) {
- synchronized (mBackupParticipants) {
- if (replacing) {
- // This is the package-replaced case; we just remove the entry
- // under the old uid and fall through to re-add.
- removePackageParticipantsLocked(pkgList, uid);
- }
- addPackageParticipantsLocked(pkgList);
- }
- } else {
- if (replacing) {
- // The package is being updated. We'll receive a PACKAGE_ADDED shortly.
- } else {
- synchronized (mBackupParticipants) {
- removePackageParticipantsLocked(pkgList, uid);
- }
- }
- }
- }
- };
- // ----- Track connection to transports service -----
- class TransportConnection implements ServiceConnection {
- @Override
- public void onServiceConnected(ComponentName component, IBinder service) {
- if (DEBUG) Slog.v(TAG, "Connected to transport " + component);
- try {
- IBackupTransport transport = IBackupTransport.Stub.asInterface(service);
- registerTransport(transport.name(), component.flattenToShortString(), transport);
- } catch (RemoteException e) {
- Slog.e(TAG, "Unable to register transport " + component);
- }
- }
- @Override
- public void onServiceDisconnected(ComponentName component) {
- if (DEBUG) Slog.v(TAG, "Disconnected from transport " + component);
- registerTransport(null, component.flattenToShortString(), null);
- }
- };
- // Add the backup agents in the given packages to our set of known backup participants.
- // If 'packageNames' is null, adds all backup agents in the whole system.
- void addPackageParticipantsLocked(String[] packageNames) {
- // Look for apps that define the android:backupAgent attribute
- List<PackageInfo> targetApps = allAgentPackages();
- if (packageNames != null) {
- if (DEBUG) Slog.v(TAG, "addPackageParticipantsLocked: #" + packageNames.length);
- for (String packageName : packageNames) {
- addPackageParticipantsLockedInner(packageName, targetApps);
- }
- } else {
- if (DEBUG) Slog.v(TAG, "addPackageParticipantsLocked: all");
- addPackageParticipantsLockedInner(null, targetApps);
- }
- }
- private void addPackageParticipantsLockedInner(String packageName,
- List<PackageInfo> targetPkgs) {
- if (MORE_DEBUG) {
- Slog.v(TAG, "Examining " + packageName + " for backup agent");
- }
- for (PackageInfo pkg : targetPkgs) {
- if (packageName == null || pkg.packageName.equals(packageName)) {
- int uid = pkg.applicationInfo.uid;
- HashSet<String> set = mBackupParticipants.get(uid);
- if (set == null) {
- set = new HashSet<String>();
- mBackupParticipants.put(uid, set);
- }
- set.add(pkg.packageName);
- if (MORE_DEBUG) Slog.v(TAG, "Agent found; added");
- // Schedule a backup for it on general principles
- if (DEBUG) Slog.i(TAG, "Scheduling backup for new app " + pkg.packageName);
- dataChangedImpl(pkg.packageName);
- }
- }
- }
- // Remove the given packages' entries from our known active set.
- void removePackageParticipantsLocked(String[] packageNames, int oldUid) {
- if (packageNames == null) {
- Slog.w(TAG, "removePackageParticipants with null list");
- return;
- }
- if (DEBUG) Slog.v(TAG, "removePackageParticipantsLocked: uid=" + oldUid
- + " #" + packageNames.length);
- for (String pkg : packageNames) {
- // Known previous UID, so we know which package set to check
- HashSet<String> set = mBackupParticipants.get(oldUid);
- if (set != null && set.contains(pkg)) {
- removePackageFromSetLocked(set, pkg);
- if (set.isEmpty()) {
- if (MORE_DEBUG) Slog.v(TAG, " last one of this uid; purging set");
- mBackupParticipants.remove(oldUid);
- }
- }
- }
- }
- private void removePackageFromSetLocked(final HashSet<String> set,
- final String packageName) {
- if (set.contains(packageName)) {
- // Found it. Remove this one package from the bookkeeping, and
- // if it's the last participating app under this uid we drop the
- // (now-empty) set as well.
- // Note that we deliberately leave it 'known' in the "ever backed up"
- // bookkeeping so that its current-dataset data will be retrieved
- // if the app is subsequently reinstalled
- if (MORE_DEBUG) Slog.v(TAG, " removing participant " + packageName);
- set.remove(packageName);
- mPendingBackups.remove(packageName);
- }
- }
- // Returns the set of all applications that define an android:backupAgent attribute
- List<PackageInfo> allAgentPackages() {
- // !!! TODO: cache this and regenerate only when necessary
- int flags = PackageManager.GET_SIGNATURES;
- List<PackageInfo> packages = mPackageManager.getInstalledPackages(flags);
- int N = packages.size();
- for (int a = N-1; a >= 0; a--) {
- PackageInfo pkg = packages.get(a);
- try {
- ApplicationInfo app = pkg.applicationInfo;
- if (((app.flags&ApplicationInfo.FLAG_ALLOW_BACKUP) == 0)
- || app.backupAgentName == null) {
- packages.remove(a);
- }
- else {
- // we will need the shared library path, so look that up and store it here
- app = mPackageManager.getApplicationInfo(pkg.packageName,
- PackageManager.GET_SHARED_LIBRARY_FILES);
- pkg.applicationInfo.sharedLibraryFiles = app.sharedLibraryFiles;
- }
- } catch (NameNotFoundException e) {
- packages.remove(a);
- }
- }
- return packages;
- }
- // Called from the backup task: record that the given app has been successfully
- // backed up at least once
- void logBackupComplete(String packageName) {
- if (packageName.equals(PACKAGE_MANAGER_SENTINEL)) return;
- synchronized (mEverStoredApps) {
- if (!mEverStoredApps.add(packageName)) return;
- RandomAccessFile out = null;
- try {
- out = new RandomAccessFile(mEverStored, "rws");
- out.seek(out.length());
- out.writeUTF(packageName);
- } catch (IOException e) {
- Slog.e(TAG, "Can't log backup of " + packageName + " to " + mEverStored);
- } finally {
- try { if (out != null) out.close(); } catch (IOException e) {}
- }
- }
- }
- // Remove our awareness of having ever backed up the given package
- void removeEverBackedUp(String packageName) {
- if (DEBUG) Slog.v(TAG, "Removing backed-up knowledge of " + packageName);
- if (MORE_DEBUG) Slog.v(TAG, "New set:");
- synchronized (mEverStoredApps) {
- // Rewrite the file and rename to overwrite. If we reboot in the middle,
- // we'll recognize on initialization time that the package no longer
- // exists and fix it up then.
- File tempKnownFile = new File(mBaseStateDir, "processed.new");
- RandomAccessFile known = null;
- try {
- known = new RandomAccessFile(tempKnownFile, "rws");
- mEverStoredApps.remove(packageName);
- for (String s : mEverStoredApps) {
- known.writeUTF(s);
- if (MORE_DEBUG) Slog.v(TAG, " " + s);
- }
- known.close();
- known = null;
- if (!tempKnownFile.renameTo(mEverStored)) {
- throw new IOException("Can't rename " + tempKnownFile + " to " + mEverStored);
- }
- } catch (IOException e) {
- // Bad: we couldn't create the new copy. For safety's sake we
- // abandon the whole process and remove all what's-backed-up
- // state entirely, meaning we'll force a backup pass for every
- // participant on the next boot or [re]install.
- Slog.w(TAG, "Error rewriting " + mEverStored, e);
- mEverStoredApps.clear();
- tempKnownFile.delete();
- mEverStored.delete();
- } finally {
- try { if (known != null) known.close(); } catch (IOException e) {}
- }
- }
- }
- // Persistently record the current and ancestral backup tokens as well
- // as the set of packages with data [supposedly] available in the
- // ancestral dataset.
- void writeRestoreTokens() {
- try {
- RandomAccessFile af = new RandomAccessFile(mTokenFile, "rwd");
- // First, the version number of this record, for futureproofing
- af.writeInt(CURRENT_ANCESTRAL_RECORD_VERSION);
- // Write the ancestral and current tokens
- af.writeLong(mAncestralToken);
- af.writeLong(mCurrentToken);
- // Now write the set of ancestral packages
- if (mAncestralPackages == null) {
- af.writeInt(-1);
- } else {
- af.writeInt(mAncestralPackages.size());
- if (DEBUG) Slog.v(TAG, "Ancestral packages: " + mAncestralPackages.size());
- for (String pkgName : mAncestralPackages) {
- af.writeUTF(pkgName);
- if (MORE_DEBUG) Slog.v(TAG, " " + pkgName);
- }
- }
- af.close();
- } catch (IOException e) {
- Slog.w(TAG, "Unable to write token file:", e);
- }
- }
- // Return the given transport
- private IBackupTransport getTransport(String transportName) {
- synchronized (mTransports) {
- IBackupTransport transport = mTransports.get(transportName);
- if (transport == null) {
- Slog.w(TAG, "Requested unavailable transport: " + transportName);
- }
- return transport;
- }
- }
- // fire off a backup agent, blocking until it attaches or times out
- IBackupAgent bindToAgentSynchronous(ApplicationInfo app, int mode) {
- IBackupAgent agent = null;
- synchronized(mAgentConnectLock) {
- mConnecting = true;
- mConnectedAgent = null;
- try {
- if (mActivityManager.bindBackupAgent(app, mode)) {
- Slog.d(TAG, "awaiting agent for " + app);
- // success; wait for the agent to arrive
- // only wait 10 seconds for the bind to happen
- long timeoutMark = System.currentTimeMillis() + TIMEOUT_INTERVAL;
- while (mConnecting && mConnectedAgent == null
- && (System.currentTimeMillis() < timeoutMark)) {
- try {
- mAgentConnectLock.wait(5000);
- } catch (InterruptedException e) {
- // just bail
- if (DEBUG) Slog.w(TAG, "Interrupted: " + e);
- mActivityManager.clearPendingBackup();
- return null;
- }
- }
- // if we timed out with no connect, abort and move on
- if (mConnecting == true) {
- Slog.w(TAG, "Timeout waiting for agent " + app);
- mActivityManager.clearPendingBackup();
- return null;
- }
- if (DEBUG) Slog.i(TAG, "got agent " + mConnectedAgent);
- agent = mConnectedAgent;
- }
- } catch (RemoteException e) {
- // can't happen - ActivityManager is local
- }
- }
- return agent;
- }
- // clear an application's data, blocking until the operation completes or times out
- void clearApplicationDataSynchronous(String packageName) {
- // Don't wipe packages marked allowClearUserData=false
- try {
- PackageInfo info = mPackageManager.getPackageInfo(packageName, 0);
- if ((info.applicationInfo.flags & ApplicationInfo.FLAG_ALLOW_CLEAR_USER_DATA) == 0) {
- if (MORE_DEBUG) Slog.i(TAG, "allowClearUserData=false so not wiping "
- + packageName);
- return;
- }
- } catch (NameNotFoundException e) {
- Slog.w(TAG, "Tried to clear data for " + packageName + " but not found");
- return;
- }
- ClearDataObserver observer = new ClearDataObserver();
- synchronized(mClearDataLock) {
- mClearingData = true;
- try {
- mActivityManager.clearApplicationUserData(packageName, observer, 0);
- } catch (RemoteException e) {
- // can't happen because the activity manager is in this process
- }
- // only wait 10 seconds for the clear data to happen
- long timeoutMark = System.currentTimeMillis() + TIMEOUT_INTERVAL;
- while (mClearingData && (System.currentTimeMillis() < timeoutMark)) {
- try {
- mClearDataLock.wait(5000);
- } catch (InterruptedException e) {
- // won't happen, but still.
- mClearingData = false;
- }
- }
- }
- }
- class ClearDataObserver extends IPackageDataObserver.Stub {
- public void onRemoveCompleted(String packageName, boolean succeeded) {
- synchronized(mClearDataLock) {
- mClearingData = false;
- mClearDataLock.notifyAll();
- }
- }
- }
- // Get the restore-set token for the best-available restore set for this package:
- // the active set if possible, else the ancestral one. Returns zero if none available.
- long getAvailableRestoreToken(String packageName) {
- long token = mAncestralToken;
- synchronized (mQueueLock) {
- if (mEverStoredApps.contains(packageName)) {
- token = mCurrentToken;
- }
- }
- return token;
- }
- // -----
- // Interface and methods used by the asynchronous-with-timeout backup/restore operations
- interface BackupRestoreTask {
- // Execute one tick of whatever state machine the task implements
- void execute();
- // An operation that wanted a callback has completed
- void operationComplete();
- // An operation that wanted a callback has timed out
- void handleTimeout();
- }
- void prepareOperationTimeout(int token, long interval, BackupRestoreTask callback) {
- if (MORE_DEBUG) Slog.v(TAG, "starting timeout: token=" + Integer.toHexString(token)
- + " interval=" + interval);
- synchronized (mCurrentOpLock) {
- mCurrentOperations.put(token, new Operation(OP_PENDING, callback));
- Message msg = mBackupHandler.obtainMessage(MSG_TIMEOUT, token, 0, callback);
- mBackupHandler.sendMessageDelayed(msg, interval);
- }
- }
- // synchronous waiter case
- boolean waitUntilOperationComplete(int token) {
- if (MORE_DEBUG) Slog.i(TAG, "Blocking until operation complete for "
- + Integer.toHexString(token));
- int finalState = OP_PENDING;
- Operation op = null;
- synchronized (mCurrentOpLock) {
- while (true) {
- op = mCurrentOperations.get(token);
- if (op == null) {
- // mysterious disappearance: treat as success with no callback
- break;
- } else {
- if (op.state == OP_PENDING) {
- try {
- mCurrentOpLock.wait();
- } catch (InterruptedException e) {}
- // When the wait is notified we loop around and recheck the current state
- } else {
- // No longer pending; we're done
- finalState = op.state;
- break;
- }
- }
- }
- }
- mBackupHandler.removeMessages(MSG_TIMEOUT);
- if (MORE_DEBUG) Slog.v(TAG, "operation " + Integer.toHexString(token)
- + " complete: finalState=" + finalState);
- return finalState == OP_ACKNOWLEDGED;
- }
- void handleTimeout(int token, Object obj) {
- // Notify any synchronous waiters
- Operation op = null;
- synchronized (mCurrentOpLock) {
- op = mCurrentOperations.get(token);
- if (MORE_DEBUG) {
- if (op == null) Slog.w(TAG, "Timeout of token " + Integer.toHexString(token)
- + " but no op found");
- }
- int state = (op != null) ? op.state : OP_TIMEOUT;
- if (state == OP_PENDING) {
- if (DEBUG) Slog.v(TAG, "TIMEOUT: token=" + Integer.toHexString(token));
- op.state = OP_TIMEOUT;
- mCurrentOperations.put(token, op);
- }
- mCurrentOpLock.notifyAll();
- }
- // If there's a TimeoutHandler for this event, call it
- if (op != null && op.callback != null) {
- op.callback.handleTimeout();
- }
- }
- // ----- Back up a set of applications via a worker thread -----
- enum BackupState {
- INITIAL,
- RUNNING_QUEUE,
- FINAL
- }
- class PerformBackupTask implements BackupRestoreTask {
- private static final String TAG = "PerformBackupTask";
- IBackupTransport mTransport;
- ArrayList<BackupRequest> mQueue;
- ArrayList<BackupRequest> mOriginalQueue;
- File mStateDir;
- File mJournal;
- BackupState mCurrentState;
- // carried information about the current in-flight operation
- PackageInfo mCurrentPackage;
- File mSavedStateName;
- File mBackupDataName;
- File mNewStateName;
- ParcelFileDescriptor mSavedState;
- ParcelFileDescriptor mBackupData;
- ParcelFileDescriptor mNewState;
- int mStatus;
- boolean mFinished;
- public PerformBackupTask(IBackupTransport transport, String dirName,
- ArrayList<BackupRequest> queue, File journal) {
- mTransport = transport;
- mOriginalQueue = queue;
- mJournal = journal;
- mStateDir = new File(mBaseStateDir, dirName);
- mCurrentState = BackupState.INITIAL;
- mFinished = false;
- addBackupTrace("STATE => INITIAL");
- }
- // Main entry point: perform one chunk of work, updating the state as appropriate
- // and reposting the next chunk to the primary backup handler thread.
- @Override
- public void execute() {
- switch (mCurrentState) {
- case INITIAL:
- beginBackup();
- break;
- case RUNNING_QUEUE:
- invokeNextAgent();
- break;
- case FINAL:
- if (!mFinished) finalizeBackup();
- else {
- Slog.e(TAG, "Duplicate finish");
- }
- mFinished = true;
- break;
- }
- }
- // We're starting a backup pass. Initialize the transport and send
- // the PM metadata blob if we haven't already.
- void beginBackup() {
- if (DEBUG_BACKUP_TRACE) {
- clearBackupTrace();
- StringBuilder b = new StringBuilder(256);
- b.append("beginBackup: [");
- for (BackupRequest req : mOriginalQueue) {
- b.append(' ');
- b.append(req.packageName);
- }
- b.append(" ]");
- addBackupTrace(b.toString());
- }
- mStatus = BackupConstants.TRANSPORT_OK;
- // Sanity check: if the queue is empty we have no work to do.
- if (mOriginalQueue.isEmpty()) {
- Slog.w(TAG, "Backup begun with an empty queue - nothing to do.");
- addBackupTrace("queue empty at begin");
- executeNextState(BackupState.FINAL);
- return;
- }
- // We need to retain the original queue contents in case of transport
- // failure, but we want a working copy that we can manipulate along
- // the way.
- mQueue = (ArrayList<BackupRequest>) mOriginalQueue.clone();
- if (DEBUG) Slog.v(TAG, "Beginning backup of " + mQueue.size() + " targets");
- File pmState = new File(mStateDir, PACKAGE_MANAGER_SENTINEL);
- try {
- final String transportName = mTransport.transportDirName();
- EventLog.writeEvent(EventLogTags.BACKUP_START, transportName);
- // If we haven't stored package manager metadata yet, we must init the transport.
- if (mStatus == BackupConstants.TRANSPORT_OK && pmState.length() <= 0) {
- Slog.i(TAG, "Initializing (wiping) backup state and transport storage");
- addBackupTrace("initializing transport " + transportName);
- resetBackupState(mStateDir); // Just to make sure.
- mStatus = mTransport.initializeDevice();
- addBackupTrace("transport.initializeDevice() == " + mStatus);
- if (mStatus == BackupConstants.TRANSPORT_OK) {
- EventLog.writeEvent(EventLogTags.BACKUP_INITIALIZE);
- } else {
- EventLog.writeEvent(EventLogTags.BACKUP_TRANSPORT_FAILURE, "(initialize)");
- Slog.e(TAG, "Transport error in initializeDevice()");
- }
- }
- // The package manager doesn't have a proper <application> etc, but since
- // it's running here in the system process we can just set up its agent
- // directly and use a synthetic BackupRequest. We always run this pass
- // because it's cheap and this way we guarantee that we don't get out of
- // step even if we're selecting among various transports at run time.
- if (mStatus == BackupConstants.TRANSPORT_OK) {
- PackageManagerBackupAgent pmAgent = new PackageManagerBackupAgent(
- mPackageManager, allAgentPackages());
- mStatus = invokeAgentForBackup(PACKAGE_MANAGER_SENTINEL,
- IBackupAgent.Stub.asInterface(pmAgent.onBind()), mTransport);
- addBackupTrace("PMBA invoke: " + mStatus);
- }
- if (mStatus == BackupConstants.TRANSPORT_NOT_INITIALIZED) {
- // The backend reports that our dataset has been wiped. Note this in
- // the event log; the no-success code below will reset the backup
- // state as well.
- EventLog.writeEvent(EventLogTags.BACKUP_RESET, mTransport.transportDirName());
- }
- } catch (Exception e) {
- Slog.e(TAG, "Error in backup thread", e);
- addBackupTrace("Exception in backup thread: " + e);
- mStatus = BackupConstants.TRANSPORT_ERROR;
- } finally {
- // If we've succeeded so far, invokeAgentForBackup() will have run the PM
- // metadata and its completion/timeout callback will continue the state
- // machine chain. If it failed that won't happen; we handle that now.
- addBackupTrace("exiting prelim: " + mStatus);
- if (mStatus != BackupConstants.TRANSPORT_OK) {
- // if things went wrong at this point, we need to
- // restage everything and try again later.
- resetBackupState(mStateDir); // Just to make sure.
- executeNextState(BackupState.FINAL);
- }
- }
- }
- // Transport has been initialized and the PM metadata submitted successfully
- // if that was warranted. Now we process the single next thing in the queue.
- void invokeNextAgent() {
- mStatus = BackupConstants.TRANSPORT_OK;
- addBackupTrace("invoke q=" + mQueue.size());
- // Sanity check that we have work to do. If not, skip to the end where
- // we reestablish the wakelock invariants etc.
- if (mQueue.isEmpty()) {
- if (DEBUG) Slog.i(TAG, "queue now empty");
- executeNextState(BackupState.FINAL);
- return;
- }
- // pop the entry we're going to process on this step
- BackupRequest request = mQueue.get(0);
- mQueue.remove(0);
- Slog.d(TAG, "starting agent for backup of " + request);
- addBackupTrace("launch agent for " + request.packageName);
- // Verify that the requested app exists; it might be something that
- // requested a backup but was then uninstalled. The request was
- // journalled and rather than tamper with the journal it's safer
- // to sanity-check here. This also gives us the classname of the
- // package's backup agent.
- try {
- mCurrentPackage = mPackageManager.getPackageInfo(request.packageName,
- PackageManager.GET_SIGNATURES);
- if (mCurrentPackage.applicationInfo.backupAgentName == null) {
- // The manifest has changed but we had a stale backup request pending.
- // This won't happen again because the app won't be requesting further
- // backups.
- Slog.i(TAG, "Package " + request.packageName
- + " no longer supports backup; skipping");
- addBackupTrace("skipping - no agent, completion is noop");
- executeNextState(BackupState.RUNNING_QUEUE);
- return;
- }
- if ((mCurrentPackage.applicationInfo.flags & ApplicationInfo.FLAG_STOPPED) != 0) {
- // The app has been force-stopped or cleared or just installed,
- // and not yet launched out of that state, so just as it won't
- // receive broadcasts, we won't run it for backup.
- addBackupTrace("skipping - stopped");
- executeNextState(BackupState.RUNNING_QUEUE);
- return;
- }
- IBackupAgent agent = null;
- try {
- mWakelock.setWorkSource(new WorkSource(mCurrentPackage.applicationInfo.uid));
- agent = bindToAgentSynchronous(mCurrentPackage.applicationInfo,
- IApplicationThread.BACKUP_MODE_INCREMENTAL);
- addBackupTrace("agent bound; a? = " + (agent != null));
- if (agent != null) {
- mStatus = invokeAgentForBackup(request.packageName, agent, mTransport);
- // at this point we'll either get a completion callback from the
- // agent, or a timeout message on the main handler. either way, we're
- // done here as long as we're successful so far.
- } else {
- // Timeout waiting for the agent
- mStatus = BackupConstants.AGENT_ERROR;
- }
- } catch (SecurityException ex) {
- // Try for the next one.
- Slog.d(TAG, "error in bind/backup", ex);
- mStatus = BackupConstants.AGENT_ERROR;
- addBackupTrace("agent SE");
- }
- } catch (NameNotFoundException e) {
- Slog.d(TAG, "Package does not exist; skipping");
- addBackupTrace("no such package");
- mStatus = BackupConstants.AGENT_UNKNOWN;
- } finally {
- mWakelock.setWorkSource(null);
- // If there was an agent error, no timeout/completion handling will occur.
- // That means we need to direct to the next state ourselves.
- if (mStatus != BackupConstants.TRANSPORT_OK) {
- BackupState nextState = BackupState.RUNNING_QUEUE;
- // An agent-level failure means we reenqueue this one agent for
- // a later retry, but otherwise proceed normally.
- if (mStatus == BackupConstants.AGENT_ERROR) {
- if (MORE_DEBUG) Slog.i(TAG, "Agent failure for " + request.packageName
- + " - restaging");
- dataChangedImpl(request.packageName);
- mStatus = BackupConstants.TRANSPORT_OK;
- if (mQueue.isEmpty()) nextState = BackupState.FINAL;
- } else if (mStatus == BackupConstants.AGENT_UNKNOWN) {
- // Failed lookup of the app, so we couldn't bring up an agent, but
- // we're otherwise fine. Just drop it and go on to the next as usual.
- mStatus = BackupConstants.TRANSPORT_OK;
- } else {
- // Transport-level failure means we reenqueue everything
- revertAndEndBackup();
- nextState = BackupState.FINAL;
- }
- executeNextState(nextState);
- } else {
- addBackupTrace("expecting completion/timeout callback");
- }
- }
- }
- void finalizeBackup() {
- addBackupTrace("finishing");
- // Either backup was successful, in which case we of course do not need
- // this pass's journal any more; or it failed, in which case we just
- // re-enqueued all of these packages in the current active journal.
- // Either way, we no longer need this pass's journal.
- if (mJournal != null && !mJournal.delete()) {
- Slog.e(TAG, "Unable to remove backup journal file " + mJournal);
- }
- // If everything actually went through and this is the first time we've
- // done a backup, we can now record what the current backup dataset token
- // is.
- if ((mCurrentToken == 0) && (mStatus == BackupConstants.TRANSPORT_OK)) {
- addBackupTrace("success; recording token");
- try {
- mCurrentToken = mTransport.getCurrentRestoreSet();
- writeRestoreTokens();
- } catch (RemoteException e) {
- // nothing for it at this point, unfortunately, but this will be
- // recorded the next time we fully succeed.
- addBackupTrace("transport threw returning token");
- }
- }
- // Set up the next backup pass - at this point we can set mBackupRunning
- // to false to allow another pass to fire, because we're done with the
- // state machine sequence and the wakelock is refcounted.
- synchronized (mQueueLock) {
- mBackupRunning = false;
- if (mStatus == BackupConstants.TRANSPORT_NOT_INITIALIZED) {
- // Make sure we back up everything and perform the one-time init
- clearMetadata();
- if (DEBUG) Slog.d(TAG, "Server requires init; rerunning");
- addBackupTrace("init required; rerunning");
- backupNow();
- }
- }
- // Only once we're entirely finished do we release the wakelock
- clearBackupTrace();
- Slog.i(TAG, "Backup pass finished.");
- mWakelock.release();
- }
- // Remove the PM metadata state. This will generate an init on the next pass.
- void clearMetadata() {
- final File pmState = new File(mStateDir, PACKAGE_MANAGER_SENTINEL);
- if (pmState.exists()) pmState.delete();
- }
- // Invoke an agent's doBackup() and start a timeout message spinning on the main
- // handler in case it doesn't get back to us.
- int invokeAgentForBackup(String packageName, IBackupAgent agent,
- IBackupTransport transport) {
- if (DEBUG) Slog.d(TAG, "invokeAgentForBackup on " + packageName);
- addBackupTrace("invoking " + packageName);
- mSavedStateName = new File(mStateDir, packageName);
- mBackupDataName = new File(mDataDir, packageName + ".data");
- mNewStateName = new File(mStateDir, packageName + ".new");
- mSavedState = null;
- mBackupData = null;
- mNewState = null;
- final int token = generateToken();
- try {
- // Look up the package info & signatures. This is first so that if it
- // throws an exception, there's no file setup yet that would need to
- // be unraveled.
- if (packageName.equals(PACKAGE_MANAGER_SENTINEL)) {
- // The metadata 'package' is synthetic; construct one and make
- // sure our global state is pointed at it
- mCurrentPackage = new PackageInfo();
- mCurrentPackage.packageName = packageName;
- }
- // In a full backup, we pass a null ParcelFileDescriptor as
- // the saved-state "file". This is by definition an incremental,
- // so we build a saved state file to pass.
- mSavedState = ParcelFileDescriptor.open(mSavedStateName,
- ParcelFileDescriptor.MODE_READ_ONLY |
- ParcelFileDescriptor.MODE_CREATE); // Make an empty file if necessary
- mBackupData = ParcelFileDescriptor.open(mBackupDataName,
- ParcelFileDescriptor.MODE_READ_WRITE |
- ParcelFileDescriptor.MODE_CREATE |
- ParcelFileDescriptor.MODE_TRUNCATE);
- if (!SELinux.restorecon(mBackupDataName)) {
- Slog.e(TAG, "SELinux restorecon failed on " + mBackupDataName);
- }
- mNewState = ParcelFileDescriptor.open(mNewStateName,
- ParcelFileDescriptor.MODE_READ_WRITE |
- ParcelFileDescriptor.MODE_CREATE |
- ParcelFileDescriptor.MODE_TRUNCATE);
- // Initiate the target's backup pass
- addBackupTrace("setting timeout");
- prepareOperationTimeout(token, TIMEOUT_BACKUP_INTERVAL, this);
- addBackupTrace("calling agent doBackup()");
- agent.doBackup(mSavedState, mBackupData, mNewState, token, mBackupManagerBinder);
- } catch (Exception e) {
- Slog.e(TAG, "Error invoking for backup on " + packageName);
- addBackupTrace("exception: " + e);
- EventLog.writeEvent(EventLogTags.BACKUP_AGENT_FAILURE, packageName,
- e.toString());
- agentErrorCleanup();
- return BackupConstants.AGENT_ERROR;
- }
- // At this point the agent is off and running. The next thing to happen will
- // either be a callback from the agent, at which point we'll process its data
- // for transport, or a timeout. Either way the next phase will happen in
- // response to the TimeoutHandler interface callbacks.
- addBackupTrace("invoke success");
- return BackupConstants.TRANSPORT_OK;
- }
- @Override
- public void operationComplete() {
- // Okay, the agent successfully reported back to us. Spin the data off to the
- // transport and proceed with the next stage.
- if (MORE_DEBUG) Slog.v(TAG, "operationComplete(): sending data to transport for "
- + mCurrentPackage.packageName);
- mBackupHandler.removeMessages(MSG_TIMEOUT);
- clearAgentState();
- addBackupTrace("operation complete");
- ParcelFileDescriptor backupData = null;
- mStatus = BackupConstants.TRANSPORT_OK;
- try {
- int size = (int) mBackupDataName.length();
- if (size > 0) {
- if (mStatus == BackupConstants.TRANSPORT_OK) {
- backupData = ParcelFileDescriptor.open(mBackupDataName,
- ParcelFileDescriptor.MODE_READ_ONLY);
- addBackupTrace("sending data to transport");
- mStatus = mTransport.performBackup(mCurrentPackage, backupData);
- }
- // TODO - We call finishBackup() for each application backed up, because
- // we need to know now whether it succeeded or failed. Instead, we should
- // hold off on finishBackup() until the end, which implies holding off on
- // renaming *all* the output state files (see below) until that happens.
- addBackupTrace("data delivered: " + mStatus);
- if (mStatus == BackupConstants.TRANSPORT_OK) {
- addBackupTrace("finishing op on transport");
- mStatus = mTransport.finishBackup();
- addBackupTrace("finished: " + mStatus);
- }
- } else {
- if (DEBUG) Slog.i(TAG, "no backup data written; not calling transport");
- addBackupTrace("no data to send");
- }
- // After successful transport, delete the now-stale data
- // and juggle the files so that next time we supply the agent
- // with the new state file it just created.
- if (mStatus == BackupConstants.TRANSPORT_OK) {
- mBackupDataName.delete();
- mNewStateName.renameTo(mSavedStateName);
- EventLog.writeEvent(EventLogTags.BACKUP_PACKAGE,
- mCurrentPackage.packageName, size);
- logBackupComplete(mCurrentPackage.packageName);
- } else {
- EventLog.writeEvent(EventLogTags.BACKUP_TRANSPORT_FAILURE,
- mCurrentPackage.packageName);
- }
- } catch (Exception e) {
- Slog.e(TAG, "Transport error backing up " + mCurrentPackage.packageName, e);
- EventLog.writeEvent(EventLogTags.BACKUP_TRANSPORT_FAILURE,
- mCurrentPackage.packageName);
- mStatus = BackupConstants.TRANSPORT_ERROR;
- } finally {
- try { if (backupData != null) backupData.close(); } catch (IOException e) {}
- }
- // If we encountered an error here it's a transport-level failure. That
- // means we need to halt everything and reschedule everything for next time.
- final BackupState nextState;
- if (mStatus != BackupConstants.TRANSPORT_OK) {
- revertAndEndBackup();
- nextState = BackupState.FINAL;
- } else {
- // Success! Proceed with the next app if any, otherwise we're done.
- nextState = (mQueue.isEmpty()) ? BackupState.FINAL : BackupState.RUNNING_QUEUE;
- }
- executeNextState(nextState);
- }
- @Override
- public void handleTimeout() {
- // Whoops, the current agent timed out running doBackup(). Tidy up and restage
- // it for the next time we run a backup pass.
- // !!! TODO: keep track of failure counts per agent, and blacklist those which
- // fail repeatedly (i.e. have proved themselves to be buggy).
- Slog.e(TAG, "Timeout backing up " + mCurrentPackage.packageName);
- EventLog.writeEvent(EventLogTags.BACKUP_AGENT_FAILURE, mCurrentPackage.packageName,
- "timeout");
- addBackupTrace("timeout of " + mCurrentPackage.packageName);
- agentErrorCleanup();
- dataChangedImpl(mCurrentPackage.packageName);
- }
- void revertAndEndBackup() {
- if (MORE_DEBUG) Slog.i(TAG, "Reverting backup queue - restaging everything");
- addBackupTrace("transport error; reverting");
- for (BackupRequest request : mOriginalQueue) {
- dataChangedImpl(request.packageName);
- }
- // We also want to reset the backup schedule based on whatever
- // the transport suggests by way of retry/backoff time.
- restartBackupAlarm();
- }
- void agentErrorCleanup() {
- mBackupDataName.delete();
- mNewStateName.delete();
- clearAgentState();
- executeNextState(mQueue.isEmpty() ? BackupState.FINAL : BackupState.RUNNING_QUEUE);
- }
- // Cleanup common to both success and failure cases
- void clearAgentState() {
- try { if (mSavedState != null) mSavedState.close(); } catch (IOException e) {}
- try { if (mBackupData != null) mBackupData.close(); } catch (IOException e) {}
- try { if (mNewState != null) mNewState.close(); } catch (IOException e) {}
- mSavedState = mBackupData = mNewState = null;
- synchronized (mCurrentOpLock) {
- mCurrentOperations.clear();
- }
- // If this was a pseudopackage there's no associated Activity Manager state
- if (mCurrentPackage.applicationInfo != null) {
- addBackupTrace("unbinding " + mCurrentPackage.packageName);
- try { // unbind even on timeout, just in case
- mActivityManager.unbindBackupAgent(mCurrentPackage.applicationInfo);
- } catch (RemoteException e) { /* can't happen; activity manager is local */ }
- }
- }
- void restartBackupAlarm() {
- addBackupTrace("setting backup trigger");
- synchronized (mQueueLock) {
- try {
- startBackupAlarmsLocked(mTransport.requestBackupTime());
- } catch (RemoteException e) { /* cannot happen */ }
- }
- }
- void executeNextState(BackupState nextState) {
- if (MORE_DEBUG) Slog.i(TAG, " => executing next step on "
- + this + " nextState=" + nextState);
- addBackupTrace("executeNextState => " + nextState);
- mCurrentState = nextState;
- Message msg = mBackupHandler.obtainMessage(MSG_BACKUP_RESTORE_STEP, this);
- mBackupHandler.sendMessage(msg);
- }
- }
- // ----- Full backup/restore to a file/socket -----
- abstract class ObbServiceClient {
- public IObbBackupService mObbService;
- public void setObbBinder(IObbBackupService binder) {
- mObbService = binder;
- }
- }
- class FullBackupObbConnection implements ServiceConnection {
- volatile IObbBackupService mService;
- FullBackupObbConnection() {
- mService = null;
- }
- public void establish() {
- if (DEBUG) Slog.i(TAG, "Initiating bind of OBB service on " + this);
- Intent obbIntent = new Intent().setComponent(new ComponentName(
- "com.android.sharedstoragebackup",
- "com.android.sharedstoragebackup.ObbBackupService"));
- BackupManagerService.this.mContext.bindService(
- obbIntent, this, Context.BIND_AUTO_CREATE);
- }
- public void tearDown() {
- BackupManagerService.this.mContext.unbindService(this);
- }
- public boolean backupObbs(PackageInfo pkg, OutputStream out) {
- boolean success = false;
- waitForConnection();
- ParcelFileDescriptor[] pipes = null;
- try {
- pipes = ParcelFileDescriptor.createPipe();
- int token = generateToken();
- prepareOperationTimeout(token, TIMEOUT_FULL_BACKUP_INTERVAL, null);
- mService.backupObbs(pkg.packageName, pipes[1], token, mBackupManagerBinder);
- routeSocketDataToOutput(pipes[0], out);
- success = waitUntilOperationComplete(token);
- } catch (Exception e) {
- Slog.w(TAG, "Unable to back up OBBs for " + pkg, e);
- } finally {
- try {
- out.flush();
- if (pipes != null) {
- if (pipes[0] != null) pipes[0].close();
- if (pipes[1] != null) pipes[1].close();
- }
- } catch (IOException e) {
- Slog.w(TAG, "I/O error closing down OBB backup", e);
- }
- }
- return success;
- }
- public void restoreObbFile(String pkgName, ParcelFileDescriptor data,
- long fileSize, int type, String path, long mode, long mtime,
- int token, IBackupManager callbackBinder) {
- waitForConnection();
- try {
- mService.restoreObbFile(pkgName, data, fileSize, type, path, mode, mtime,
- token, callbackBinder);
- } catch (Exception e) {
- Slog.w(TAG, "Unable to restore OBBs for " + pkgName, e);
- }
- }
- private void waitForConnection() {
- synchronized (this) {
- while (mService == null) {
- if (DEBUG) Slog.i(TAG, "...waiting for OBB service binding...");
- try {
- this.wait();
- } catch (InterruptedException e) { /* never interrupted */ }
- }
- if (DEBUG) Slog.i(TAG, "Connected to OBB service; continuing");
- }
- }
- @Override
- public void onServiceConnected(ComponentName name, IBinder service) {
- synchronized (this) {
- mService = IObbBackupService.Stub.asInterface(service);
- if (DEBUG) Slog.i(TAG, "OBB service connection " + mService
- + " connected on " + this);
- this.notifyAll();
- }
- }
- @Override
- public void onServiceDisconnected(ComponentName name) {
- synchronized (this) {
- mService = null;
- if (DEBUG) Slog.i(TAG, "OBB service connection disconnected on " + this);
- this.notifyAll();
- }
- }
-
- }
- private void routeSocketDataToOutput(ParcelFileDescriptor inPipe, OutputStream out)
- throws IOException {
- FileInputStream raw = new FileInputStream(inPipe.getFileDescriptor());
- DataInputStream in = new DataInputStream(raw);
- byte[] buffer = new byte[32 * 1024];
- int chunkTotal;
- while ((chunkTotal = in.readInt()) > 0) {
- while (chunkTotal > 0) {
- int toRead = (chunkTotal > buffer.length) ? buffer.length : chunkTotal;
- int nRead = in.read(buffer, 0, toRead);
- out.write(buffer, 0, nRead);
- chunkTotal -= nRead;
- }
- }
- }
- class PerformFullBackupTask extends ObbServiceClient implements Runnable {
- ParcelFileDescriptor mOutputFile;
- DeflaterOutputStream mDeflater;
- IFullBackupRestoreObserver mObserver;
- boolean mIncludeApks;
- boolean mIncludeObbs;
- boolean mIncludeShared;
- boolean mAllApps;
- final boolean mIncludeSystem;
- String[] mPackages;
- String mCurrentPassword;
- String mEncryptPassword;
- AtomicBoolean mLatchObject;
- File mFilesDir;
- File mManifestFile;
-
- class FullBackupRunner implements Runnable {
- PackageInfo mPackage;
- IBackupAgent mAgent;
- ParcelFileDescriptor mPipe;
- int mToken;
- boolean mSendApk;
- boolean mWriteManifest;
- FullBackupRunner(PackageInfo pack, IBackupAgent agent, ParcelFileDescriptor pipe,
- int token, boolean sendApk, boolean writeManifest) throws IOException {
- mPackage = pack;
- mAgent = agent;
- mPipe = ParcelFileDescriptor.dup(pipe.getFileDescriptor());
- mToken = token;
- mSendApk = sendApk;
- mWriteManifest = writeManifest;
- }
- @Override
- public void run() {
- try {
- BackupDataOutput output = new BackupDataOutput(
- mPipe.getFileDescriptor());
- if (mWriteManifest) {
- if (MORE_DEBUG) Slog.d(TAG, "Writing manifest for " + mPackage.packageName);
- writeAppManifest(mPackage, mManifestFile, mSendApk);
- FullBackup.backupToTar(mPackage.packageName, null, null,
- mFilesDir.getAbsolutePath(),
- mManifestFile.getAbsolutePath(),
- output);
- }
- if (mSendApk) {
- writeApkToBackup(mPackage, output);
- }
- if (DEBUG) Slog.d(TAG, "Calling doFullBackup() on " + mPackage.packageName);
- prepareOperationTimeout(mToken, TIMEOUT_FULL_BACKUP_INTERVAL, null);
- mAgent.doFullBackup(mPipe, mToken, mBackupManagerBinder);
- } catch (IOException e) {
- Slog.e(TAG, "Error running full backup for " + mPackage.packageName);
- } catch (RemoteException e) {
- Slog.e(TAG, "Remote agent vanished during full backup of "
- + mPackage.packageName);
- } finally {
- try {
- mPipe.close();
- } catch (IOException e) {}
- }
- }
- }
- PerformFullBackupTask(ParcelFileDescriptor fd, IFullBackupRestoreObserver observer,
- boolean includeApks, boolean includeObbs, boolean includeShared,
- String curPassword, String encryptPassword, boolean doAllApps,
- boolean doSystem, String[] packages, AtomicBoolean latch) {
- mOutputFile = fd;
- mObserver = observer;
- mIncludeApks = includeApks;
- mIncludeObbs = includeObbs;
- mIncludeShared = includeShared;
- mAllApps = doAllApps;
- mIncludeSystem = doSystem;
- mPackages = packages;
- mCurrentPassword = curPassword;
- // when backing up, if there is a current backup password, we require that
- // the user use a nonempty encryption password as well. if one is supplied
- // in the UI we use that, but if the UI was left empty we fall back to the
- // current backup password (which was supplied by the user as well).
- if (encryptPassword == null || "".equals(encryptPassword)) {
- mEncryptPassword = curPassword;
- } else {
- mEncryptPassword = encryptPassword;
- }
- mLatchObject = latch;
- mFilesDir = new File("/data/system");
- mManifestFile = new File(mFilesDir, BACKUP_MANIFEST_FILENAME);
- }
- @Override
- public void run() {
- Slog.i(TAG, "--- Performing full-dataset backup ---");
- List<PackageInfo> packagesToBackup = new ArrayList<PackageInfo>();
- FullBackupObbConnection obbConnection = new FullBackupObbConnection();
- obbConnection.establish(); // we'll want this later
- sendStartBackup();
- // doAllApps supersedes the package set if any
- if (mAllApps) {
- packagesToBackup = mPackageManager.getInstalledPackages(
- PackageManager.GET_SIGNATURES);
- // Exclude system apps if we've been asked to do so
- if (mIncludeSystem == false) {
- for (int i = 0; i < packagesToBackup.size(); ) {
- PackageInfo pkg = packagesToBackup.get(i);
- if ((pkg.applicationInfo.flags & ApplicationInfo.FLAG_SYSTEM) != 0) {
- packagesToBackup.remove(i);
- } else {
- i++;
- }
- }
- }
- }
- // Now process the command line argument packages, if any. Note that explicitly-
- // named system-partition packages will be included even if includeSystem was
- // set to false.
- if (mPackages != null) {
- for (String pkgName : mPackages) {
- try {
- packagesToBackup.add(mPackageManager.getPackageInfo(pkgName,
- PackageManager.GET_SIGNATURES));
- } catch (NameNotFoundException e) {
- Slog.w(TAG, "Unknown package " + pkgName + ", skipping");
- }
- }
- }
- // Cull any packages that have indicated that backups are not permitted, as well
- // as any explicit mention of the 'special' shared-storage agent package (we
- // handle that one at the end).
- for (int i = 0; i < packagesToBackup.size(); ) {
- PackageInfo pkg = packagesToBackup.get(i);
- if ((pkg.applicationInfo.flags & ApplicationInfo.FLAG_ALLOW_BACKUP) == 0
- || pkg.packageName.equals(SHARED_BACKUP_AGENT_PACKAGE)) {
- packagesToBackup.remove(i);
- } else {
- i++;
- }
- }
- // Cull any packages that run as system-domain uids but do not define their
- // own backup agents
- for (int i = 0; i < packagesToBackup.size(); ) {
- PackageInfo pkg = packagesToBackup.get(i);
- if ((pkg.applicationInfo.uid < Process.FIRST_APPLICATION_UID)
- && (pkg.applicationInfo.backupAgentName == null)) {
- if (MORE_DEBUG) {
- Slog.i(TAG, "... ignoring non-agent system package " + pkg.packageName);
- }
- packagesToBackup.remove(i);
- } else {
- i++;
- }
- }
- FileOutputStream ofstream = new FileOutputStream(mOutputFile.getFileDescriptor());
- OutputStream out = null;
- PackageInfo pkg = null;
- try {
- boolean encrypting = (mEncryptPassword != null && mEncryptPassword.length() > 0);
- boolean compressing = COMPRESS_FULL_BACKUPS;
- OutputStream finalOutput = ofstream;
- // Verify that the given password matches the currently-active
- // backup password, if any
- if (!backupPasswordMatches(mCurrentPassword)) {
- if (DEBUG) Slog.w(TAG, "Backup password mismatch; aborting");
- return;
- }
- // Write the global file header. All strings are UTF-8 encoded; lines end
- // with a '\n' byte. Actual backup data begins immediately following the
- // final '\n'.
- //
- // line 1: "ANDROID BACKUP"
- // line 2: backup file format version, currently "2"
- // line 3: compressed? "0" if not compressed, "1" if compressed.
- // line 4: name of encryption algorithm [currently only "none" or "AES-256"]
- //
- // When line 4 is not "none", then additional header data follows:
- //
- // line 5: user password salt [hex]
- // line 6: master key checksum salt [hex]
- // line 7: number of PBKDF2 rounds to use (same for user & master) [decimal]
- // line 8: IV of the user key [hex]
- // line 9: master key blob [hex]
- // IV of the master key, master key itself, master key checksum hash
- //
- // The master key checksum is the master key plus its checksum salt, run through
- // 10k rounds of PBKDF2. This is used to verify that the user has supplied the
- // correct password for decrypting the archive: the master key decrypted from
- // the archive using the user-supplied password is also run through PBKDF2 in
- // this way, and if the result does not match the checksum as stored in the
- // archive, then we know that the user-supplied password does not match the
- // archive's.
- StringBuilder headerbuf = new StringBuilder(1024);
- headerbuf.append(BACKUP_FILE_HEADER_MAGIC);
- headerbuf.append(BACKUP_FILE_VERSION); // integer, no trailing \n
- headerbuf.append(compressing ? "\n1\n" : "\n0\n");
- try {
- // Set up the encryption stage if appropriate, and emit the correct header
- if (encrypting) {
- finalOutput = emitAesBackupHeader(headerbuf, finalOutput);
- } else {
- headerbuf.append("none\n");
- }
- byte[] header = headerbuf.toString().getBytes("UTF-8");
- ofstream.write(header);
- // Set up the compression stage feeding into the encryption stage (if any)
- if (compressing) {
- Deflater deflater = new Deflater(Deflater.BEST_COMPRESSION);
- finalOutput = new DeflaterOutputStream(finalOutput, deflater, true);
- }
- out = finalOutput;
- } catch (Exception e) {
- // Should never happen!
- Slog.e(TAG, "Unable to emit archive header", e);
- return;
- }
- // Shared storage if requested
- if (mIncludeShared) {
- try {
- pkg = mPackageManager.getPackageInfo(SHARED_BACKUP_AGENT_PACKAGE, 0);
- packagesToBackup.add(pkg);
- } catch (NameNotFoundException e) {
- Slog.e(TAG, "Unable to find shared-storage backup handler");
- }
- }
- // Now back up the app data via the agent mechanism
- int N = packagesToBackup.size();
- for (int i = 0; i < N; i++) {
- pkg = packagesToBackup.get(i);
- backupOnePackage(pkg, out);
- // after the app's agent runs to handle its private filesystem
- // contents, back up any OBB content it has on its behalf.
- if (mIncludeObbs) {
- boolean obbOkay = obbConnection.backupObbs(pkg, out);
- if (!obbOkay) {
- throw new RuntimeException("Failure writing OBB stack for " + pkg);
- }
- }
- }
- // Done!
- finalizeBackup(out);
- } catch (RemoteException e) {
- Slog.e(TAG, "App died during full backup");
- } catch (Exception e) {
- Slog.e(TAG, "Internal exception during full backup", e);
- } finally {
- tearDown(pkg);
- try {
- if (out != null) out.close();
- mOutputFile.close();
- } catch (IOException e) {
- /* nothing we can do about this */
- }
- synchronized (mCurrentOpLock) {
- mCurrentOperations.clear();
- }
- synchronized (mLatchObject) {
- mLatchObject.set(true);
- mLatchObject.notifyAll();
- }
- sendEndBackup();
- obbConnection.tearDown();
- if (DEBUG) Slog.d(TAG, "Full backup pass complete.");
- mWakelock.release();
- }
- }
- private OutputStream emitAesBackupHeader(StringBuilder headerbuf,
- OutputStream ofstream) throws Exception {
- // User key will be used to encrypt the master key.
- byte[] newUserSalt = randomBytes(PBKDF2_SALT_SIZE);
- SecretKey userKey = buildPasswordKey(PBKDF_CURRENT, mEncryptPassword, newUserSalt,
- PBKDF2_HASH_ROUNDS);
- // the master key is random for each backup
- byte[] masterPw = new byte[256 / 8];
- mRng.nextBytes(masterPw);
- byte[] checksumSalt = randomBytes(PBKDF2_SALT_SIZE);
- // primary encryption of the datastream with the random key
- Cipher c = Cipher.getInstance("AES/CBC/PKCS5Padding");
- SecretKeySpec masterKeySpec = new SecretKeySpec(masterPw, "AES");
- c.init(Cipher.ENCRYPT_MODE, masterKeySpec);
- OutputStream finalOutput = new CipherOutputStream(ofstream, c);
- // line 4: name of encryption algorithm
- headerbuf.append(ENCRYPTION_ALGORITHM_NAME);
- headerbuf.append('\n');
- // line 5: user password salt [hex]
- headerbuf.append(byteArrayToHex(newUserSalt));
- headerbuf.append('\n');
- // line 6: master key checksum salt [hex]
- headerbuf.append(byteArrayToHex(checksumSalt));
- headerbuf.append('\n');
- // line 7: number of PBKDF2 rounds used [decimal]
- headerbuf.append(PBKDF2_HASH_ROUNDS);
- headerbuf.append('\n');
- // line 8: IV of the user key [hex]
- Cipher mkC = Cipher.getInstance("AES/CBC/PKCS5Padding");
- mkC.init(Cipher.ENCRYPT_MODE, userKey);
- byte[] IV = mkC.getIV();
- headerbuf.append(byteArrayToHex(IV));
- headerbuf.append('\n');
- // line 9: master IV + key blob, encrypted by the user key [hex]. Blob format:
- // [byte] IV length = Niv
- // [array of Niv bytes] IV itself
- // [byte] master key length = Nmk
- // [array of Nmk bytes] master key itself
- // [byte] MK checksum hash length = Nck
- // [array of Nck bytes] master key checksum hash
- //
- // The checksum is the (master key + checksum salt), run through the
- // stated number of PBKDF2 rounds
- IV = c.getIV();
- byte[] mk = masterKeySpec.getEncoded();
- byte[] checksum = makeKeyChecksum(PBKDF_CURRENT, masterKeySpec.getEncoded(),
- checksumSalt, PBKDF2_HASH_ROUNDS);
- ByteArrayOutputStream blob = new ByteArrayOutputStream(IV.length + mk.length
- + checksum.length + 3);
- DataOutputStream mkOut = new DataOutputStream(blob);
- mkOut.writeByte(IV.length);
- mkOut.write(IV);
- mkOut.writeByte(mk.length);
- mkOut.write(mk);
- mkOut.writeByte(checksum.length);
- mkOut.write(checksum);
- mkOut.flush();
- byte[] encryptedMk = mkC.doFinal(blob.toByteArray());
- headerbuf.append(byteArrayToHex(encryptedMk));
- headerbuf.append('\n');
- return finalOutput;
- }
- private void backupOnePackage(PackageInfo pkg, OutputStream out)
- throws RemoteException {
- Slog.d(TAG, "Binding to full backup agent : " + pkg.packageName);
- IBackupAgent agent = bindToAgentSynchronous(pkg.applicationInfo,
- IApplicationThread.BACKUP_MODE_FULL);
- if (agent != null) {
- ParcelFileDescriptor[] pipes = null;
- try {
- pipes = ParcelFileDescriptor.createPipe();
- ApplicationInfo app = pkg.applicationInfo;
- final boolean isSharedStorage = pkg.packageName.equals(SHARED_BACKUP_AGENT_PACKAGE);
- final boolean sendApk = mIncludeApks
- && !isSharedStorage
- && ((app.flags & ApplicationInfo.FLAG_FORWARD_LOCK) == 0)
- && ((app.flags & ApplicationInfo.FLAG_SYSTEM) == 0 ||
- (app.flags & ApplicationInfo.FLAG_UPDATED_SYSTEM_APP) != 0);
- sendOnBackupPackage(isSharedStorage ? "Shared storage" : pkg.packageName);
- final int token = generateToken();
- FullBackupRunner runner = new FullBackupRunner(pkg, agent, pipes[1],
- token, sendApk, !isSharedStorage);
- pipes[1].close(); // the runner has dup'd it
- pipes[1] = null;
- Thread t = new Thread(runner);
- t.start();
- // Now pull data from the app and stuff it into the compressor
- try {
- routeSocketDataToOutput(pipes[0], out);
- } catch (IOException e) {
- Slog.i(TAG, "Caught exception reading from agent", e);
- }
- if (!waitUntilOperationComplete(token)) {
- Slog.e(TAG, "Full backup failed on package " + pkg.packageName);
- } else {
- if (DEBUG) Slog.d(TAG, "Full package backup success: " + pkg.packageName);
- }
- } catch (IOException e) {
- Slog.e(TAG, "Error backing up " + pkg.packageName, e);
- } finally {
- try {
- // flush after every package
- out.flush();
- if (pipes != null) {
- if (pipes[0] != null) pipes[0].close();
- if (pipes[1] != null) pipes[1].close();
- }
- } catch (IOException e) {
- Slog.w(TAG, "Error bringing down backup stack");
- }
- }
- } else {
- Slog.w(TAG, "Unable to bind to full agent for " + pkg.packageName);
- }
- tearDown(pkg);
- }
- private void writeApkToBackup(PackageInfo pkg, BackupDataOutput output) {
- // Forward-locked apps, system-bundled .apks, etc are filtered out before we get here
- final String appSourceDir = pkg.applicationInfo.sourceDir;
- final String apkDir = new File(appSourceDir).getParent();
- FullBackup.backupToTar(pkg.packageName, FullBackup.APK_TREE_TOKEN, null,
- apkDir, appSourceDir, output);
- // TODO: migrate this to SharedStorageBackup, since AID_SYSTEM
- // doesn't have access to external storage.
- // Save associated .obb content if it exists and we did save the apk
- // check for .obb and save those too
- final UserEnvironment userEnv = new UserEnvironment(UserHandle.USER_OWNER);
- final File obbDir = userEnv.buildExternalStorageAppObbDirs(pkg.packageName)[0];
- if (obbDir != null) {
- if (MORE_DEBUG) Log.i(TAG, "obb dir: " + obbDir.getAbsolutePath());
- File[] obbFiles = obbDir.listFiles();
- if (obbFiles != null) {
- final String obbDirName = obbDir.getAbsolutePath();
- for (File obb : obbFiles) {
- FullBackup.backupToTar(pkg.packageName, FullBackup.OBB_TREE_TOKEN, null,
- obbDirName, obb.getAbsolutePath(), output);
- }
- }
- }
- }
- private void finalizeBackup(OutputStream out) {
- try {
- // A standard 'tar' EOF sequence: two 512-byte blocks of all zeroes.
- byte[] eof = new byte[512 * 2]; // newly allocated == zero filled
- out.write(eof);
- } catch (IOException e) {
- Slog.w(TAG, "Error attempting to finalize backup stream");
- }
- }
- private void writeAppManifest(PackageInfo pkg, File manifestFile, boolean withApk)
- throws IOException {
- // Manifest format. All data are strings ending in LF:
- // BACKUP_MANIFEST_VERSION, currently 1
- //
- // Version 1:
- // package name
- // package's versionCode
- // platform versionCode
- // getInstallerPackageName() for this package (maybe empty)
- // boolean: "1" if archive includes .apk; any other string means not
- // number of signatures == N
- // N*: signature byte array in ascii format per Signature.toCharsString()
- StringBuilder builder = new StringBuilder(4096);
- StringBuilderPrinter printer = new StringBuilderPrinter(builder);
- printer.println(Integer.toString(BACKUP_MANIFEST_VERSION));
- printer.println(pkg.packageName);
- printer.println(Integer.toString(pkg.versionCode));
- printer.println(Integer.toString(Build.VERSION.SDK_INT));
- String installerName = mPackageManager.getInstallerPackageName(pkg.packageName);
- printer.println((installerName != null) ? installerName : "");
- printer.println(withApk ? "1" : "0");
- if (pkg.signatures == null) {
- printer.println("0");
- } else {
- printer.println(Integer.toString(pkg.signatures.length));
- for (Signature sig : pkg.signatures) {
- printer.println(sig.toCharsString());
- }
- }
- FileOutputStream outstream = new FileOutputStream(manifestFile);
- outstream.write(builder.toString().getBytes());
- outstream.close();
- }
- private void tearDown(PackageInfo pkg) {
- if (pkg != null) {
- final ApplicationInfo app = pkg.applicationInfo;
- if (app != null) {
- try {
- // unbind and tidy up even on timeout or failure, just in case
- mActivityManager.unbindBackupAgent(app);
- // The agent was running with a stub Application object, so shut it down.
- if (app.uid != Process.SYSTEM_UID
- && app.uid != Process.PHONE_UID) {
- if (MORE_DEBUG) Slog.d(TAG, "Backup complete, killing host process");
- mActivityManager.killApplicationProcess(app.processName, app.uid);
- } else {
- if (MORE_DEBUG) Slog.d(TAG, "Not killing after restore: " + app.processName);
- }
- } catch (RemoteException e) {
- Slog.d(TAG, "Lost app trying to shut down");
- }
- }
- }
- }
- // wrappers for observer use
- void sendStartBackup() {
- if (mObserver != null) {
- try {
- mObserver.onStartBackup();
- } catch (RemoteException e) {
- Slog.w(TAG, "full backup observer went away: startBackup");
- mObserver = null;
- }
- }
- }
- void sendOnBackupPackage(String name) {
- if (mObserver != null) {
- try {
- // TODO: use a more user-friendly name string
- mObserver.onBackupPackage(name);
- } catch (RemoteException e) {
- Slog.w(TAG, "full backup observer went away: backupPackage");
- mObserver = null;
- }
- }
- }
- void sendEndBackup() {
- if (mObserver != null) {
- try {
- mObserver.onEndBackup();
- } catch (RemoteException e) {
- Slog.w(TAG, "full backup observer went away: endBackup");
- mObserver = null;
- }
- }
- }
- }
- // ----- Full restore from a file/socket -----
- // Description of a file in the restore datastream
- static class FileMetadata {
- String packageName; // name of the owning app
- String installerPackageName; // name of the market-type app that installed the owner
- int type; // e.g. BackupAgent.TYPE_DIRECTORY
- String domain; // e.g. FullBackup.DATABASE_TREE_TOKEN
- String path; // subpath within the semantic domain
- long mode; // e.g. 0666 (actually int)
- long mtime; // last mod time, UTC time_t (actually int)
- long size; // bytes of content
- @Override
- public String toString() {
- StringBuilder sb = new StringBuilder(128);
- sb.append("FileMetadata{");
- sb.append(packageName); sb.append(',');
- sb.append(type); sb.append(',');
- sb.append(domain); sb.append(':'); sb.append(path); sb.append(',');
- sb.append(size);
- sb.append('}');
- return sb.toString();
- }
- }
- enum RestorePolicy {
- IGNORE,
- ACCEPT,
- ACCEPT_IF_APK
- }
- class PerformFullRestoreTask extends ObbServiceClient implements Runnable {
- ParcelFileDescriptor mInputFile;
- String mCurrentPassword;
- String mDecryptPassword;
- IFullBackupRestoreObserver mObserver;
- AtomicBoolean mLatchObject;
- IBackupAgent mAgent;
- String mAgentPackage;
- ApplicationInfo mTargetApp;
- FullBackupObbConnection mObbConnection = null;
- ParcelFileDescriptor[] mPipes = null;
- long mBytes;
- // possible handling states for a given package in the restore dataset
- final HashMap<String, RestorePolicy> mPackagePolicies
- = new HashMap<String, RestorePolicy>();
- // installer package names for each encountered app, derived from the manifests
- final HashMap<String, String> mPackageInstallers = new HashMap<String, String>();
- // Signatures for a given package found in its manifest file
- final HashMap<String, Signature[]> mManifestSignatures
- = new HashMap<String, Signature[]>();
- // Packages we've already wiped data on when restoring their first file
- final HashSet<String> mClearedPackages = new HashSet<String>();
- PerformFullRestoreTask(ParcelFileDescriptor fd, String curPassword, String decryptPassword,
- IFullBackupRestoreObserver observer, AtomicBoolean latch) {
- mInputFile = fd;
- mCurrentPassword = curPassword;
- mDecryptPassword = decryptPassword;
- mObserver = observer;
- mLatchObject = latch;
- mAgent = null;
- mAgentPackage = null;
- mTargetApp = null;
- mObbConnection = new FullBackupObbConnection();
- // Which packages we've already wiped data on. We prepopulate this
- // with a whitelist of packages known to be unclearable.
- mClearedPackages.add("android");
- mClearedPackages.add("com.android.providers.settings");
- }
- class RestoreFileRunnable implements Runnable {
- IBackupAgent mAgent;
- FileMetadata mInfo;
- ParcelFileDescriptor mSocket;
- int mToken;
- RestoreFileRunnable(IBackupAgent agent, FileMetadata info,
- ParcelFileDescriptor socket, int token) throws IOException {
- mAgent = agent;
- mInfo = info;
- mToken = token;
- // This class is used strictly for process-local binder invocations. The
- // semantics of ParcelFileDescriptor differ in this case; in particular, we
- // do not automatically get a 'dup'ed descriptor that we can can continue
- // to use asynchronously from the caller. So, we make sure to dup it ourselves
- // before proceeding to do the restore.
- mSocket = ParcelFileDescriptor.dup(socket.getFileDescriptor());
- }
- @Override
- public void run() {
- try {
- mAgent.doRestoreFile(mSocket, mInfo.size, mInfo.type,
- mInfo.domain, mInfo.path, mInfo.mode, mInfo.mtime,
- mToken, mBackupManagerBinder);
- } catch (RemoteException e) {
- // never happens; this is used strictly for local binder calls
- }
- }
- }
- @Override
- public void run() {
- Slog.i(TAG, "--- Performing full-dataset restore ---");
- mObbConnection.establish();
- sendStartRestore();
- // Are we able to restore shared-storage data?
- if (Environment.getExternalStorageState().equals(Environment.MEDIA_MOUNTED)) {
- mPackagePolicies.put(SHARED_BACKUP_AGENT_PACKAGE, RestorePolicy.ACCEPT);
- }
- FileInputStream rawInStream = null;
- DataInputStream rawDataIn = null;
- try {
- if (!backupPasswordMatches(mCurrentPassword)) {
- if (DEBUG) Slog.w(TAG, "Backup password mismatch; aborting");
- return;
- }
- mBytes = 0;
- byte[] buffer = new byte[32 * 1024];
- rawInStream = new FileInputStream(mInputFile.getFileDescriptor());
- rawDataIn = new DataInputStream(rawInStream);
- // First, parse out the unencrypted/uncompressed header
- boolean compressed = false;
- InputStream preCompressStream = rawInStream;
- final InputStream in;
- boolean okay = false;
- final int headerLen = BACKUP_FILE_HEADER_MAGIC.length();
- byte[] streamHeader = new byte[headerLen];
- rawDataIn.readFully(streamHeader);
- byte[] magicBytes = BACKUP_FILE_HEADER_MAGIC.getBytes("UTF-8");
- if (Arrays.equals(magicBytes, streamHeader)) {
- // okay, header looks good. now parse out the rest of the fields.
- String s = readHeaderLine(rawInStream);
- final int archiveVersion = Integer.parseInt(s);
- if (archiveVersion <= BACKUP_FILE_VERSION) {
- // okay, it's a version we recognize. if it's version 1, we may need
- // to try two different PBKDF2 regimes to compare checksums.
- final boolean pbkdf2Fallback = (archiveVersion == 1);
- s = readHeaderLine(rawInStream);
- compressed = (Integer.parseInt(s) != 0);
- s = readHeaderLine(rawInStream);
- if (s.equals("none")) {
- // no more header to parse; we're good to go
- okay = true;
- } else if (mDecryptPassword != null && mDecryptPassword.length() > 0) {
- preCompressStream = decodeAesHeaderAndInitialize(s, pbkdf2Fallback,
- rawInStream);
- if (preCompressStream != null) {
- okay = true;
- }
- } else Slog.w(TAG, "Archive is encrypted but no password given");
- } else Slog.w(TAG, "Wrong header version: " + s);
- } else Slog.w(TAG, "Didn't read the right header magic");
- if (!okay) {
- Slog.w(TAG, "Invalid restore data; aborting.");
- return;
- }
- // okay, use the right stream layer based on compression
- in = (compressed) ? new InflaterInputStream(preCompressStream) : preCompressStream;
- boolean didRestore;
- do {
- didRestore = restoreOneFile(in, buffer);
- } while (didRestore);
- if (MORE_DEBUG) Slog.v(TAG, "Done consuming input tarfile, total bytes=" + mBytes);
- } catch (IOException e) {
- Slog.e(TAG, "Unable to read restore input");
- } finally {
- tearDownPipes();
- tearDownAgent(mTargetApp);
- try {
- if (rawDataIn != null) rawDataIn.close();
- if (rawInStream != null) rawInStream.close();
- mInputFile.close();
- } catch (IOException e) {
- Slog.w(TAG, "Close of restore data pipe threw", e);
- /* nothing we can do about this */
- }
- synchronized (mCurrentOpLock) {
- mCurrentOperations.clear();
- }
- synchronized (mLatchObject) {
- mLatchObject.set(true);
- mLatchObject.notifyAll();
- }
- mObbConnection.tearDown();
- sendEndRestore();
- Slog.d(TAG, "Full restore pass complete.");
- mWakelock.release();
- }
- }
- String readHeaderLine(InputStream in) throws IOException {
- int c;
- StringBuilder buffer = new StringBuilder(80);
- while ((c = in.read()) >= 0) {
- if (c == '\n') break; // consume and discard the newlines
- buffer.append((char)c);
- }
- return buffer.toString();
- }
- InputStream attemptMasterKeyDecryption(String algorithm, byte[] userSalt, byte[] ckSalt,
- int rounds, String userIvHex, String masterKeyBlobHex, InputStream rawInStream,
- boolean doLog) {
- InputStream result = null;
- try {
- Cipher c = Cipher.getInstance("AES/CBC/PKCS5Padding");
- SecretKey userKey = buildPasswordKey(algorithm, mDecryptPassword, userSalt,
- rounds);
- byte[] IV = hexToByteArray(userIvHex);
- IvParameterSpec ivSpec = new IvParameterSpec(IV);
- c.init(Cipher.DECRYPT_MODE,
- new SecretKeySpec(userKey.getEncoded(), "AES"),
- ivSpec);
- byte[] mkCipher = hexToByteArray(masterKeyBlobHex);
- byte[] mkBlob = c.doFinal(mkCipher);
- // first, the master key IV
- int offset = 0;
- int len = mkBlob[offset++];
- IV = Arrays.copyOfRange(mkBlob, offset, offset + len);
- offset += len;
- // then the master key itself
- len = mkBlob[offset++];
- byte[] mk = Arrays.copyOfRange(mkBlob,
- offset, offset + len);
- offset += len;
- // and finally the master key checksum hash
- len = mkBlob[offset++];
- byte[] mkChecksum = Arrays.copyOfRange(mkBlob,
- offset, offset + len);
- // now validate the decrypted master key against the checksum
- byte[] calculatedCk = makeKeyChecksum(algorithm, mk, ckSalt, rounds);
- if (Arrays.equals(calculatedCk, mkChecksum)) {
- ivSpec = new IvParameterSpec(IV);
- c.init(Cipher.DECRYPT_MODE,
- new SecretKeySpec(mk, "AES"),
- ivSpec);
- // Only if all of the above worked properly will 'result' be assigned
- result = new CipherInputStream(rawInStream, c);
- } else if (doLog) Slog.w(TAG, "Incorrect password");
- } catch (InvalidAlgorithmParameterException e) {
- if (doLog) Slog.e(TAG, "Needed parameter spec unavailable!", e);
- } catch (BadPaddingException e) {
- // This case frequently occurs when the wrong password is used to decrypt
- // the master key. Use the identical "incorrect password" log text as is
- // used in the checksum failure log in order to avoid providing additional
- // information to an attacker.
- if (doLog) Slog.w(TAG, "Incorrect password");
- } catch (IllegalBlockSizeException e) {
- if (doLog) Slog.w(TAG, "Invalid block size in master key");
- } catch (NoSuchAlgorithmException e) {
- if (doLog) Slog.e(TAG, "Needed decryption algorithm unavailable!");
- } catch (NoSuchPaddingException e) {
- if (doLog) Slog.e(TAG, "Needed padding mechanism unavailable!");
- } catch (InvalidKeyException e) {
- if (doLog) Slog.w(TAG, "Illegal password; aborting");
- }
- return result;
- }
- InputStream decodeAesHeaderAndInitialize(String encryptionName, boolean pbkdf2Fallback,
- InputStream rawInStream) {
- InputStream result = null;
- try {
- if (encryptionName.equals(ENCRYPTION_ALGORITHM_NAME)) {
- String userSaltHex = readHeaderLine(rawInStream); // 5
- byte[] userSalt = hexToByteArray(userSaltHex);
- String ckSaltHex = readHeaderLine(rawInStream); // 6
- byte[] ckSalt = hexToByteArray(ckSaltHex);
- int rounds = Integer.parseInt(readHeaderLine(rawInStream)); // 7
- String userIvHex = readHeaderLine(rawInStream); // 8
- String masterKeyBlobHex = readHeaderLine(rawInStream); // 9
- // decrypt the master key blob
- result = attemptMasterKeyDecryption(PBKDF_CURRENT, userSalt, ckSalt,
- rounds, userIvHex, masterKeyBlobHex, rawInStream, false);
- if (result == null && pbkdf2Fallback) {
- result = attemptMasterKeyDecryption(PBKDF_FALLBACK, userSalt, ckSalt,
- rounds, userIvHex, masterKeyBlobHex, rawInStream, true);
- }
- } else Slog.w(TAG, "Unsupported encryption method: " + encryptionName);
- } catch (NumberFormatException e) {
- Slog.w(TAG, "Can't parse restore data header");
- } catch (IOException e) {
- Slog.w(TAG, "Can't read input header");
- }
- return result;
- }
- boolean restoreOneFile(InputStream instream, byte[] buffer) {
- FileMetadata info;
- try {
- info = readTarHeaders(instream);
- if (info != null) {
- if (MORE_DEBUG) {
- dumpFileMetadata(info);
- }
- final String pkg = info.packageName;
- if (!pkg.equals(mAgentPackage)) {
- // okay, change in package; set up our various
- // bookkeeping if we haven't seen it yet
- if (!mPackagePolicies.containsKey(pkg)) {
- mPackagePolicies.put(pkg, RestorePolicy.IGNORE);
- }
- // Clean up the previous agent relationship if necessary,
- // and let the observer know we're considering a new app.
- if (mAgent != null) {
- if (DEBUG) Slog.d(TAG, "Saw new package; tearing down old one");
- tearDownPipes();
- tearDownAgent(mTargetApp);
- mTargetApp = null;
- mAgentPackage = null;
- }
- }
- if (info.path.equals(BACKUP_MANIFEST_FILENAME)) {
- mPackagePolicies.put(pkg, readAppManifest(info, instream));
- mPackageInstallers.put(pkg, info.installerPackageName);
- // We've read only the manifest content itself at this point,
- // so consume the footer before looping around to the next
- // input file
- skipTarPadding(info.size, instream);
- sendOnRestorePackage(pkg);
- } else {
- // Non-manifest, so it's actual file data. Is this a package
- // we're ignoring?
- boolean okay = true;
- RestorePolicy policy = mPackagePolicies.get(pkg);
- switch (policy) {
- case IGNORE:
- okay = false;
- break;
- case ACCEPT_IF_APK:
- // If we're in accept-if-apk state, then the first file we
- // see MUST be the apk.
- if (info.domain.equals(FullBackup.APK_TREE_TOKEN)) {
- if (DEBUG) Slog.d(TAG, "APK file; installing");
- // Try to install the app.
- String installerName = mPackageInstallers.get(pkg);
- okay = installApk(info, installerName, instream);
- // good to go; promote to ACCEPT
- mPackagePolicies.put(pkg, (okay)
- ? RestorePolicy.ACCEPT
- : RestorePolicy.IGNORE);
- // At this point we've consumed this file entry
- // ourselves, so just strip the tar footer and
- // go on to the next file in the input stream
- skipTarPadding(info.size, instream);
- return true;
- } else {
- // File data before (or without) the apk. We can't
- // handle it coherently in this case so ignore it.
- mPackagePolicies.put(pkg, RestorePolicy.IGNORE);
- okay = false;
- }
- break;
- case ACCEPT:
- if (info.domain.equals(FullBackup.APK_TREE_TOKEN)) {
- if (DEBUG) Slog.d(TAG, "apk present but ACCEPT");
- // we can take the data without the apk, so we
- // *want* to do so. skip the apk by declaring this
- // one file not-okay without changing the restore
- // policy for the package.
- okay = false;
- }
- break;
- default:
- // Something has gone dreadfully wrong when determining
- // the restore policy from the manifest. Ignore the
- // rest of this package's data.
- Slog.e(TAG, "Invalid policy from manifest");
- okay = false;
- mPackagePolicies.put(pkg, RestorePolicy.IGNORE);
- break;
- }
- // If the policy is satisfied, go ahead and set up to pipe the
- // data to the agent.
- if (DEBUG && okay && mAgent != null) {
- Slog.i(TAG, "Reusing existing agent instance");
- }
- if (okay && mAgent == null) {
- if (DEBUG) Slog.d(TAG, "Need to launch agent for " + pkg);
- try {
- mTargetApp = mPackageManager.getApplicationInfo(pkg, 0);
- // If we haven't sent any data to this app yet, we probably
- // need to clear it first. Check that.
- if (!mClearedPackages.contains(pkg)) {
- // apps with their own backup agents are
- // responsible for coherently managing a full
- // restore.
- if (mTargetApp.backupAgentName == null) {
- if (DEBUG) Slog.d(TAG, "Clearing app data preparatory to full restore");
- clearApplicationDataSynchronous(pkg);
- } else {
- if (DEBUG) Slog.d(TAG, "backup agent ("
- + mTargetApp.backupAgentName + ") => no clear");
- }
- mClearedPackages.add(pkg);
- } else {
- if (DEBUG) Slog.d(TAG, "We've initialized this app already; no clear required");
- }
- // All set; now set up the IPC and launch the agent
- setUpPipes();
- mAgent = bindToAgentSynchronous(mTargetApp,
- IApplicationThread.BACKUP_MODE_RESTORE_FULL);
- mAgentPackage = pkg;
- } catch (IOException e) {
- // fall through to error handling
- } catch (NameNotFoundException e) {
- // fall through to error handling
- }
- if (mAgent == null) {
- if (DEBUG) Slog.d(TAG, "Unable to create agent for " + pkg);
- okay = false;
- tearDownPipes();
- mPackagePolicies.put(pkg, RestorePolicy.IGNORE);
- }
- }
- // Sanity check: make sure we never give data to the wrong app. This
- // should never happen but a little paranoia here won't go amiss.
- if (okay && !pkg.equals(mAgentPackage)) {
- Slog.e(TAG, "Restoring data for " + pkg
- + " but agent is for " + mAgentPackage);
- okay = false;
- }
- // At this point we have an agent ready to handle the full
- // restore data as well as a pipe for sending data to
- // that agent. Tell the agent to start reading from the
- // pipe.
- if (okay) {
- boolean agentSuccess = true;
- long toCopy = info.size;
- final int token = generateToken();
- try {
- prepareOperationTimeout(token, TIMEOUT_FULL_BACKUP_INTERVAL, null);
- if (info.domain.equals(FullBackup.OBB_TREE_TOKEN)) {
- if (DEBUG) Slog.d(TAG, "Restoring OBB file for " + pkg
- + " : " + info.path);
- mObbConnection.restoreObbFile(pkg, mPipes[0],
- info.size, info.type, info.path, info.mode,
- info.mtime, token, mBackupManagerBinder);
- } else {
- if (DEBUG) Slog.d(TAG, "Invoking agent to restore file "
- + info.path);
- // fire up the app's agent listening on the socket. If
- // the agent is running in the system process we can't
- // just invoke it asynchronously, so we provide a thread
- // for it here.
- if (mTargetApp.processName.equals("system")) {
- Slog.d(TAG, "system process agent - spinning a thread");
- RestoreFileRunnable runner = new RestoreFileRunnable(
- mAgent, info, mPipes[0], token);
- new Thread(runner).start();
- } else {
- mAgent.doRestoreFile(mPipes[0], info.size, info.type,
- info.domain, info.path, info.mode, info.mtime,
- token, mBackupManagerBinder);
- }
- }
- } catch (IOException e) {
- // couldn't dup the socket for a process-local restore
- Slog.d(TAG, "Couldn't establish restore");
- agentSuccess = false;
- okay = false;
- } catch (RemoteException e) {
- // whoops, remote entity went away. We'll eat the content
- // ourselves, then, and not copy it over.
- Slog.e(TAG, "Agent crashed during full restore");
- agentSuccess = false;
- okay = false;
- }
- // Copy over the data if the agent is still good
- if (okay) {
- boolean pipeOkay = true;
- FileOutputStream pipe = new FileOutputStream(
- mPipes[1].getFileDescriptor());
- while (toCopy > 0) {
- int toRead = (toCopy > buffer.length)
- ? buffer.length : (int)toCopy;
- int nRead = instream.read(buffer, 0, toRead);
- if (nRead >= 0) mBytes += nRead;
- if (nRead <= 0) break;
- toCopy -= nRead;
- // send it to the output pipe as long as things
- // are still good
- if (pipeOkay) {
- try {
- pipe.write(buffer, 0, nRead);
- } catch (IOException e) {
- Slog.e(TAG, "Failed to write to restore pipe", e);
- pipeOkay = false;
- }
- }
- }
- // done sending that file! Now we just need to consume
- // the delta from info.size to the end of block.
- skipTarPadding(info.size, instream);
- // and now that we've sent it all, wait for the remote
- // side to acknowledge receipt
- agentSuccess = waitUntilOperationComplete(token);
- }
- // okay, if the remote end failed at any point, deal with
- // it by ignoring the rest of the restore on it
- if (!agentSuccess) {
- mBackupHandler.removeMessages(MSG_TIMEOUT);
- tearDownPipes();
- tearDownAgent(mTargetApp);
- mAgent = null;
- mPackagePolicies.put(pkg, RestorePolicy.IGNORE);
- }
- }
- // Problems setting up the agent communication, or an already-
- // ignored package: skip to the next tar stream entry by
- // reading and discarding this file.
- if (!okay) {
- if (DEBUG) Slog.d(TAG, "[discarding file content]");
- long bytesToConsume = (info.size + 511) & ~511;
- while (bytesToConsume > 0) {
- int toRead = (bytesToConsume > buffer.length)
- ? buffer.length : (int)bytesToConsume;
- long nRead = instream.read(buffer, 0, toRead);
- if (nRead >= 0) mBytes += nRead;
- if (nRead <= 0) break;
- bytesToConsume -= nRead;
- }
- }
- }
- }
- } catch (IOException e) {
- if (DEBUG) Slog.w(TAG, "io exception on restore socket read", e);
- // treat as EOF
- info = null;
- }
- return (info != null);
- }
- void setUpPipes() throws IOException {
- mPipes = ParcelFileDescriptor.createPipe();
- }
- void tearDownPipes() {
- if (mPipes != null) {
- try {
- mPipes[0].close();
- mPipes[0] = null;
- mPipes[1].close();
- mPipes[1] = null;
- } catch (IOException e) {
- Slog.w(TAG, "Couldn't close agent pipes", e);
- }
- mPipes = null;
- }
- }
- void tearDownAgent(ApplicationInfo app) {
- if (mAgent != null) {
- try {
- // unbind and tidy up even on timeout or failure, just in case
- mActivityManager.unbindBackupAgent(app);
- // The agent was running with a stub Application object, so shut it down.
- // !!! We hardcode the confirmation UI's package name here rather than use a
- // manifest flag! TODO something less direct.
- if (app.uid != Process.SYSTEM_UID
- && !app.packageName.equals("com.android.backupconfirm")) {
- if (DEBUG) Slog.d(TAG, "Killing host process");
- mActivityManager.killApplicationProcess(app.processName, app.uid);
- } else {
- if (DEBUG) Slog.d(TAG, "Not killing after full restore");
- }
- } catch (RemoteException e) {
- Slog.d(TAG, "Lost app trying to shut down");
- }
- mAgent = null;
- }
- }
- class RestoreInstallObserver extends IPackageInstallObserver.Stub {
- final AtomicBoolean mDone = new AtomicBoolean();
- String mPackageName;
- int mResult;
- public void reset() {
- synchronized (mDone) {
- mDone.set(false);
- }
- }
- public void waitForCompletion() {
- synchronized (mDone) {
- while (mDone.get() == false) {
- try {
- mDone.wait();
- } catch (InterruptedException e) { }
- }
- }
- }
- int getResult() {
- return mResult;
- }
- @Override
- public void packageInstalled(String packageName, int returnCode)
- throws RemoteException {
- synchronized (mDone) {
- mResult = returnCode;
- mPackageName = packageName;
- mDone.set(true);
- mDone.notifyAll();
- }
- }
- }
- class RestoreDeleteObserver extends IPackageDeleteObserver.Stub {
- final AtomicBoolean mDone = new AtomicBoolean();
- int mResult;
- public void reset() {
- synchronized (mDone) {
- mDone.set(false);
- }
- }
- public void waitForCompletion() {
- synchronized (mDone) {
- while (mDone.get() == false) {
- try {
- mDone.wait();
- } catch (InterruptedException e) { }
- }
- }
- }
- @Override
- public void packageDeleted(String packageName, int returnCode) throws RemoteException {
- synchronized (mDone) {
- mResult = returnCode;
- mDone.set(true);
- mDone.notifyAll();
- }
- }
- }
- final RestoreInstallObserver mInstallObserver = new RestoreInstallObserver();
- final RestoreDeleteObserver mDeleteObserver = new RestoreDeleteObserver();
- boolean installApk(FileMetadata info, String installerPackage, InputStream instream) {
- boolean okay = true;
- if (DEBUG) Slog.d(TAG, "Installing from backup: " + info.packageName);
- // The file content is an .apk file. Copy it out to a staging location and
- // attempt to install it.
- File apkFile = new File(mDataDir, info.packageName);
- try {
- FileOutputStream apkStream = new FileOutputStream(apkFile);
- byte[] buffer = new byte[32 * 1024];
- long size = info.size;
- while (size > 0) {
- long toRead = (buffer.length < size) ? buffer.length : size;
- int didRead = instream.read(buffer, 0, (int)toRead);
- if (didRead >= 0) mBytes += didRead;
- apkStream.write(buffer, 0, didRead);
- size -= didRead;
- }
- apkStream.close();
- // make sure the installer can read it
- apkFile.setReadable(true, false);
- // Now install it
- Uri packageUri = Uri.fromFile(apkFile);
- mInstallObserver.reset();
- mPackageManager.installPackage(packageUri, mInstallObserver,
- PackageManager.INSTALL_REPLACE_EXISTING | PackageManager.INSTALL_FROM_ADB,
- installerPackage);
- mInstallObserver.waitForCompletion();
- if (mInstallObserver.getResult() != PackageManager.INSTALL_SUCCEEDED) {
- // The only time we continue to accept install of data even if the
- // apk install failed is if we had already determined that we could
- // accept the data regardless.
- if (mPackagePolicies.get(info.packageName) != RestorePolicy.ACCEPT) {
- okay = false;
- }
- } else {
- // Okay, the install succeeded. Make sure it was the right app.
- boolean uninstall = false;
- if (!mInstallObserver.mPackageName.equals(info.packageName)) {
- Slog.w(TAG, "Restore stream claimed to include apk for "
- + info.packageName + " but apk was really "
- + mInstallObserver.mPackageName);
- // delete the package we just put in place; it might be fraudulent
- okay = false;
- uninstall = true;
- } else {
- try {
- PackageInfo pkg = mPackageManager.getPackageInfo(info.packageName,
- PackageManager.GET_SIGNATURES);
- if ((pkg.applicationInfo.flags & ApplicationInfo.FLAG_ALLOW_BACKUP) == 0) {
- Slog.w(TAG, "Restore stream contains apk of package "
- + info.packageName + " but it disallows backup/restore");
- okay = false;
- } else {
- // So far so good -- do the signatures match the manifest?
- Signature[] sigs = mManifestSignatures.get(info.packageName);
- if (signaturesMatch(sigs, pkg)) {
- // If this is a system-uid app without a declared backup agent,
- // don't restore any of the file data.
- if ((pkg.applicationInfo.uid < Process.FIRST_APPLICATION_UID)
- && (pkg.applicationInfo.backupAgentName == null)) {
- Slog.w(TAG, "Installed app " + info.packageName
- + " has restricted uid and no agent");
- okay = false;
- }
- } else {
- Slog.w(TAG, "Installed app " + info.packageName
- + " signatures do not match restore manifest");
- okay = false;
- uninstall = true;
- }
- }
- } catch (NameNotFoundException e) {
- Slog.w(TAG, "Install of package " + info.packageName
- + " succeeded but now not found");
- okay = false;
- }
- }
- // If we're not okay at this point, we need to delete the package
- // that we just installed.
- if (uninstall) {
- mDeleteObserver.reset();
- mPackageManager.deletePackage(mInstallObserver.mPackageName,
- mDeleteObserver, 0);
- mDeleteObserver.waitForCompletion();
- }
- }
- } catch (IOException e) {
- Slog.e(TAG, "Unable to transcribe restored apk for install");
- okay = false;
- } finally {
- apkFile.delete();
- }
- return okay;
- }
- // Given an actual file content size, consume the post-content padding mandated
- // by the tar format.
- void skipTarPadding(long size, InputStream instream) throws IOException {
- long partial = (size + 512) % 512;
- if (partial > 0) {
- final int needed = 512 - (int)partial;
- byte[] buffer = new byte[needed];
- if (readExactly(instream, buffer, 0, needed) == needed) {
- mBytes += needed;
- } else throw new IOException("Unexpected EOF in padding");
- }
- }
- // Returns a policy constant; takes a buffer arg to reduce memory churn
- RestorePolicy readAppManifest(FileMetadata info, InputStream instream)
- throws IOException {
- // Fail on suspiciously large manifest files
- if (info.size > 64 * 1024) {
- throw new IOException("Restore manifest too big; corrupt? size=" + info.size);
- }
- byte[] buffer = new byte[(int) info.size];
- if (readExactly(instream, buffer, 0, (int)info.size) == info.size) {
- mBytes += info.size;
- } else throw new IOException("Unexpected EOF in manifest");
- RestorePolicy policy = RestorePolicy.IGNORE;
- String[] str = new String[1];
- int offset = 0;
- try {
- offset = extractLine(buffer, offset, str);
- int version = Integer.parseInt(str[0]);
- if (version == BACKUP_MANIFEST_VERSION) {
- offset = extractLine(buffer, offset, str);
- String manifestPackage = str[0];
- // TODO: handle <original-package>
- if (manifestPackage.equals(info.packageName)) {
- offset = extractLine(buffer, offset, str);
- version = Integer.parseInt(str[0]); // app version
- offset = extractLine(buffer, offset, str);
- int platformVersion = Integer.parseInt(str[0]);
- offset = extractLine(buffer, offset, str);
- info.installerPackageName = (str[0].length() > 0) ? str[0] : null;
- offset = extractLine(buffer, offset, str);
- boolean hasApk = str[0].equals("1");
- offset = extractLine(buffer, offset, str);
- int numSigs = Integer.parseInt(str[0]);
- if (numSigs > 0) {
- Signature[] sigs = new Signature[numSigs];
- for (int i = 0; i < numSigs; i++) {
- offset = extractLine(buffer, offset, str);
- sigs[i] = new Signature(str[0]);
- }
- mManifestSignatures.put(info.packageName, sigs);
- // Okay, got the manifest info we need...
- try {
- PackageInfo pkgInfo = mPackageManager.getPackageInfo(
- info.packageName, PackageManager.GET_SIGNATURES);
- // Fall through to IGNORE if the app explicitly disallows backup
- final int flags = pkgInfo.applicationInfo.flags;
- if ((flags & ApplicationInfo.FLAG_ALLOW_BACKUP) != 0) {
- // Restore system-uid-space packages only if they have
- // defined a custom backup agent
- if ((pkgInfo.applicationInfo.uid >= Process.FIRST_APPLICATION_UID)
- || (pkgInfo.applicationInfo.backupAgentName != null)) {
- // Verify signatures against any installed version; if they
- // don't match, then we fall though and ignore the data. The
- // signatureMatch() method explicitly ignores the signature
- // check for packages installed on the system partition, because
- // such packages are signed with the platform cert instead of
- // the app developer's cert, so they're different on every
- // device.
- if (signaturesMatch(sigs, pkgInfo)) {
- if (pkgInfo.versionCode >= version) {
- Slog.i(TAG, "Sig + version match; taking data");
- policy = RestorePolicy.ACCEPT;
- } else {
- // The data is from a newer version of the app than
- // is presently installed. That means we can only
- // use it if the matching apk is also supplied.
- Slog.d(TAG, "Data version " + version
- + " is newer than installed version "
- + pkgInfo.versionCode + " - requiring apk");
- policy = RestorePolicy.ACCEPT_IF_APK;
- }
- } else {
- Slog.w(TAG, "Restore manifest signatures do not match "
- + "installed application for " + info.packageName);
- }
- } else {
- Slog.w(TAG, "Package " + info.packageName
- + " is system level with no agent");
- }
- } else {
- if (DEBUG) Slog.i(TAG, "Restore manifest from "
- + info.packageName + " but allowBackup=false");
- }
- } catch (NameNotFoundException e) {
- // Okay, the target app isn't installed. We can process
- // the restore properly only if the dataset provides the
- // apk file and we can successfully install it.
- if (DEBUG) Slog.i(TAG, "Package " + info.packageName
- + " not installed; requiring apk in dataset");
- policy = RestorePolicy.ACCEPT_IF_APK;
- }
- if (policy == RestorePolicy.ACCEPT_IF_APK && !hasApk) {
- Slog.i(TAG, "Cannot restore package " + info.packageName
- + " without the matching .apk");
- }
- } else {
- Slog.i(TAG, "Missing signature on backed-up package "
- + info.packageName);
- }
- } else {
- Slog.i(TAG, "Expected package " + info.packageName
- + " but restore manifest claims " + manifestPackage);
- }
- } else {
- Slog.i(TAG, "Unknown restore manifest version " + version
- + " for package " + info.packageName);
- }
- } catch (NumberFormatException e) {
- Slog.w(TAG, "Corrupt restore manifest for package " + info.packageName);
- } catch (IllegalArgumentException e) {
- Slog.w(TAG, e.getMessage());
- }
- return policy;
- }
- // Builds a line from a byte buffer starting at 'offset', and returns
- // the index of the next unconsumed data in the buffer.
- int extractLine(byte[] buffer, int offset, String[] outStr) throws IOException {
- final int end = buffer.length;
- if (offset >= end) throw new IOException("Incomplete data");
- int pos;
- for (pos = offset; pos < end; pos++) {
- byte c = buffer[pos];
- // at LF we declare end of line, and return the next char as the
- // starting point for the next time through
- if (c == '\n') {
- break;
- }
- }
- outStr[0] = new String(buffer, offset, pos - offset);
- pos++; // may be pointing an extra byte past the end but that's okay
- return pos;
- }
- void dumpFileMetadata(FileMetadata info) {
- if (DEBUG) {
- StringBuilder b = new StringBuilder(128);
- // mode string
- b.append((info.type == BackupAgent.TYPE_DIRECTORY) ? 'd' : '-');
- b.append(((info.mode & 0400) != 0) ? 'r' : '-');
- b.append(((info.mode & 0200) != 0) ? 'w' : '-');
- b.append(((info.mode & 0100) != 0) ? 'x' : '-');
- b.append(((info.mode & 0040) != 0) ? 'r' : '-');
- b.append(((info.mode & 0020) != 0) ? 'w' : '-');
- b.append(((info.mode & 0010) != 0) ? 'x' : '-');
- b.append(((info.mode & 0004) != 0) ? 'r' : '-');
- b.append(((info.mode & 0002) != 0) ? 'w' : '-');
- b.append(((info.mode & 0001) != 0) ? 'x' : '-');
- b.append(String.format(" %9d ", info.size));
- Date stamp = new Date(info.mtime);
- b.append(new SimpleDateFormat("MMM dd HH:mm:ss ").format(stamp));
- b.append(info.packageName);
- b.append(" :: ");
- b.append(info.domain);
- b.append(" :: ");
- b.append(info.path);
- Slog.i(TAG, b.toString());
- }
- }
- // Consume a tar file header block [sequence] and accumulate the relevant metadata
- FileMetadata readTarHeaders(InputStream instream) throws IOException {
- byte[] block = new byte[512];
- FileMetadata info = null;
- boolean gotHeader = readTarHeader(instream, block);
- if (gotHeader) {
- try {
- // okay, presume we're okay, and extract the various metadata
- info = new FileMetadata();
- info.size = extractRadix(block, 124, 12, 8);
- info.mtime = extractRadix(block, 136, 12, 8);
- info.mode = extractRadix(block, 100, 8, 8);
- info.path = extractString(block, 345, 155); // prefix
- String path = extractString(block, 0, 100);
- if (path.length() > 0) {
- if (info.path.length() > 0) info.path += '/';
- info.path += path;
- }
- // tar link indicator field: 1 byte at offset 156 in the header.
- int typeChar = block[156];
- if (typeChar == 'x') {
- // pax extended header, so we need to read that
- gotHeader = readPaxExtendedHeader(instream, info);
- if (gotHeader) {
- // and after a pax extended header comes another real header -- read
- // that to find the real file type
- gotHeader = readTarHeader(instream, block);
- }
- if (!gotHeader) throw new IOException("Bad or missing pax header");
- typeChar = block[156];
- }
- switch (typeChar) {
- case '0': info.type = BackupAgent.TYPE_FILE; break;
- case '5': {
- info.type = BackupAgent.TYPE_DIRECTORY;
- if (info.size != 0) {
- Slog.w(TAG, "Directory entry with nonzero size in header");
- info.size = 0;
- }
- break;
- }
- case 0: {
- // presume EOF
- if (DEBUG) Slog.w(TAG, "Saw type=0 in tar header block, info=" + info);
- return null;
- }
- default: {
- Slog.e(TAG, "Unknown tar entity type: " + typeChar);
- throw new IOException("Unknown entity type " + typeChar);
- }
- }
- // Parse out the path
- //
- // first: apps/shared/unrecognized
- if (FullBackup.SHARED_PREFIX.regionMatches(0,
- info.path, 0, FullBackup.SHARED_PREFIX.length())) {
- // File in shared storage. !!! TODO: implement this.
- info.path = info.path.substring(FullBackup.SHARED_PREFIX.length());
- info.packageName = SHARED_BACKUP_AGENT_PACKAGE;
- info.domain = FullBackup.SHARED_STORAGE_TOKEN;
- if (DEBUG) Slog.i(TAG, "File in shared storage: " + info.path);
- } else if (FullBackup.APPS_PREFIX.regionMatches(0,
- info.path, 0, FullBackup.APPS_PREFIX.length())) {
- // App content! Parse out the package name and domain
- // strip the apps/ prefix
- info.path = info.path.substring(FullBackup.APPS_PREFIX.length());
- // extract the package name
- int slash = info.path.indexOf('/');
- if (slash < 0) throw new IOException("Illegal semantic path in " + info.path);
- info.packageName = info.path.substring(0, slash);
- info.path = info.path.substring(slash+1);
- // if it's a manifest we're done, otherwise parse out the domains
- if (!info.path.equals(BACKUP_MANIFEST_FILENAME)) {
- slash = info.path.indexOf('/');
- if (slash < 0) throw new IOException("Illegal semantic path in non-manifest " + info.path);
- info.domain = info.path.substring(0, slash);
- info.path = info.path.substring(slash + 1);
- }
- }
- } catch (IOException e) {
- if (DEBUG) {
- Slog.e(TAG, "Parse error in header: " + e.getMessage());
- HEXLOG(block);
- }
- throw e;
- }
- }
- return info;
- }
- private void HEXLOG(byte[] block) {
- int offset = 0;
- int todo = block.length;
- StringBuilder buf = new StringBuilder(64);
- while (todo > 0) {
- buf.append(String.format("%04x ", offset));
- int numThisLine = (todo > 16) ? 16 : todo;
- for (int i = 0; i < numThisLine; i++) {
- buf.append(String.format("%02x ", block[offset+i]));
- }
- Slog.i("hexdump", buf.toString());
- buf.setLength(0);
- todo -= numThisLine;
- offset += numThisLine;
- }
- }
- // Read exactly the given number of bytes into a buffer at the stated offset.
- // Returns false if EOF is encountered before the requested number of bytes
- // could be read.
- int readExactly(InputStream in, byte[] buffer, int offset, int size)
- throws IOException {
- if (size <= 0) throw new IllegalArgumentException("size must be > 0");
- int soFar = 0;
- while (soFar < size) {
- int nRead = in.read(buffer, offset + soFar, size - soFar);
- if (nRead <= 0) {
- if (MORE_DEBUG) Slog.w(TAG, "- wanted exactly " + size + " but got only " + soFar);
- break;
- }
- soFar += nRead;
- }
- return soFar;
- }
- boolean readTarHeader(InputStream instream, byte[] block) throws IOException {
- final int got = readExactly(instream, block, 0, 512);
- if (got == 0) return false; // Clean EOF
- if (got < 512) throw new IOException("Unable to read full block header");
- mBytes += 512;
- return true;
- }
- // overwrites 'info' fields based on the pax extended header
- boolean readPaxExtendedHeader(InputStream instream, FileMetadata info)
- throws IOException {
- // We should never see a pax extended header larger than this
- if (info.size > 32*1024) {
- Slog.w(TAG, "Suspiciously large pax header size " + info.size
- + " - aborting");
- throw new IOException("Sanity failure: pax header size " + info.size);
- }
- // read whole blocks, not just the content size
- int numBlocks = (int)((info.size + 511) >> 9);
- byte[] data = new byte[numBlocks * 512];
- if (readExactly(instream, data, 0, data.length) < data.length) {
- throw new IOException("Unable to read full pax header");
- }
- mBytes += data.length;
- final int contentSize = (int) info.size;
- int offset = 0;
- do {
- // extract the line at 'offset'
- int eol = offset+1;
- while (eol < contentSize && data[eol] != ' ') eol++;
- if (eol >= contentSize) {
- // error: we just hit EOD looking for the end of the size field
- throw new IOException("Invalid pax data");
- }
- // eol points to the space between the count and the key
- int linelen = (int) extractRadix(data, offset, eol - offset, 10);
- int key = eol + 1; // start of key=value
- eol = offset + linelen - 1; // trailing LF
- int value;
- for (value = key+1; data[value] != '=' && value <= eol; value++);
- if (value > eol) {
- throw new IOException("Invalid pax declaration");
- }
- // pax requires that key/value strings be in UTF-8
- String keyStr = new String(data, key, value-key, "UTF-8");
- // -1 to strip the trailing LF
- String valStr = new String(data, value+1, eol-value-1, "UTF-8");
- if ("path".equals(keyStr)) {
- info.path = valStr;
- } else if ("size".equals(keyStr)) {
- info.size = Long.parseLong(valStr);
- } else {
- if (DEBUG) Slog.i(TAG, "Unhandled pax key: " + key);
- }
- offset += linelen;
- } while (offset < contentSize);
- return true;
- }
- long extractRadix(byte[] data, int offset, int maxChars, int radix)
- throws IOException {
- long value = 0;
- final int end = offset + maxChars;
- for (int i = offset; i < end; i++) {
- final byte b = data[i];
- // Numeric fields in tar can terminate with either NUL or SPC
- if (b == 0 || b == ' ') break;
- if (b < '0' || b > ('0' + radix - 1)) {
- throw new IOException("Invalid number in header: '" + (char)b + "' for radix " + radix);
- }
- value = radix * value + (b - '0');
- }
- return value;
- }
- String extractString(byte[] data, int offset, int maxChars) throws IOException {
- final int end = offset + maxChars;
- int eos = offset;
- // tar string fields terminate early with a NUL
- while (eos < end && data[eos] != 0) eos++;
- return new String(data, offset, eos-offset, "US-ASCII");
- }
- void sendStartRestore() {
- if (mObserver != null) {
- try {
- mObserver.onStartRestore();
- } catch (RemoteException e) {
- Slog.w(TAG, "full restore observer went away: startRestore");
- mObserver = null;
- }
- }
- }
- void sendOnRestorePackage(String name) {
- if (mObserver != null) {
- try {
- // TODO: use a more user-friendly name string
- mObserver.onRestorePackage(name);
- } catch (RemoteException e) {
- Slog.w(TAG, "full restore observer went away: restorePackage");
- mObserver = null;
- }
- }
- }
- void sendEndRestore() {
- if (mObserver != null) {
- try {
- mObserver.onEndRestore();
- } catch (RemoteException e) {
- Slog.w(TAG, "full restore observer went away: endRestore");
- mObserver = null;
- }
- }
- }
- }
- // ----- Restore handling -----
- private boolean signaturesMatch(Signature[] storedSigs, PackageInfo target) {
- // If the target resides on the system partition, we allow it to restore
- // data from the like-named package in a restore set even if the signatures
- // do not match. (Unlike general applications, those flashed to the system
- // partition will be signed with the device's platform certificate, so on
- // different phones the same system app will have different signatures.)
- if ((target.applicationInfo.flags & ApplicationInfo.FLAG_SYSTEM) != 0) {
- if (DEBUG) Slog.v(TAG, "System app " + target.packageName + " - skipping sig check");
- return true;
- }
- // Allow unsigned apps, but not signed on one device and unsigned on the other
- // !!! TODO: is this the right policy?
- Signature[] deviceSigs = target.signatures;
- if (MORE_DEBUG) Slog.v(TAG, "signaturesMatch(): stored=" + storedSigs
- + " device=" + deviceSigs);
- if ((storedSigs == null || storedSigs.length == 0)
- && (deviceSigs == null || deviceSigs.length == 0)) {
- return true;
- }
- if (storedSigs == null || deviceSigs == null) {
- return false;
- }
- // !!! TODO: this demands that every stored signature match one
- // that is present on device, and does not demand the converse.
- // Is this this right policy?
- int nStored = storedSigs.length;
- int nDevice = deviceSigs.length;
- for (int i=0; i < nStored; i++) {
- boolean match = false;
- for (int j=0; j < nDevice; j++) {
- if (storedSigs[i].equals(deviceSigs[j])) {
- match = true;
- break;
- }
- }
- if (!match) {
- return false;
- }
- }
- return true;
- }
- enum RestoreState {
- INITIAL,
- DOWNLOAD_DATA,
- PM_METADATA,
- RUNNING_QUEUE,
- FINAL
- }
- class PerformRestoreTask implements BackupRestoreTask {
- private IBackupTransport mTransport;
- private IRestoreObserver mObserver;
- private long mToken;
- private PackageInfo mTargetPackage;
- private File mStateDir;
- private int mPmToken;
- private boolean mNeedFullBackup;
- private HashSet<String> mFilterSet;
- private long mStartRealtime;
- private PackageManagerBackupAgent mPmAgent;
- private List<PackageInfo> mAgentPackages;
- private ArrayList<PackageInfo> mRestorePackages;
- private RestoreState mCurrentState;
- private int mCount;
- private boolean mFinished;
- private int mStatus;
- private File mBackupDataName;
- private File mNewStateName;
- private File mSavedStateName;
- private ParcelFileDescriptor mBackupData;
- private ParcelFileDescriptor mNewState;
- private PackageInfo mCurrentPackage;
- class RestoreRequest {
- public PackageInfo app;
- public int storedAppVersion;
- RestoreRequest(PackageInfo _app, int _version) {
- app = _app;
- storedAppVersion = _version;
- }
- }
- PerformRestoreTask(IBackupTransport transport, String dirName, IRestoreObserver observer,
- long restoreSetToken, PackageInfo targetPackage, int pmToken,
- boolean needFullBackup, String[] filterSet) {
- mCurrentState = RestoreState.INITIAL;
- mFinished = false;
- mPmAgent = null;
- mTransport = transport;
- mObserver = observer;
- mToken = restoreSetToken;
- mTargetPackage = targetPackage;
- mPmToken = pmToken;
- mNeedFullBackup = needFullBackup;
- if (filterSet != null) {
- mFilterSet = new HashSet<String>();
- for (String pkg : filterSet) {
- mFilterSet.add(pkg);
- }
- } else {
- mFilterSet = null;
- }
- mStateDir = new File(mBaseStateDir, dirName);
- }
- // Execute one tick of whatever state machine the task implements
- @Override
- public void execute() {
- if (MORE_DEBUG) Slog.v(TAG, "*** Executing restore step: " + mCurrentState);
- switch (mCurrentState) {
- case INITIAL:
- beginRestore();
- break;
- case DOWNLOAD_DATA:
- downloadRestoreData();
- break;
- case PM_METADATA:
- restorePmMetadata();
- break;
- case RUNNING_QUEUE:
- restoreNextAgent();
- break;
- case FINAL:
- if (!mFinished) finalizeRestore();
- else {
- Slog.e(TAG, "Duplicate finish");
- }
- mFinished = true;
- break;
- }
- }
- // Initialize and set up for the PM metadata restore, which comes first
- void beginRestore() {
- // Don't account time doing the restore as inactivity of the app
- // that has opened a restore session.
- mBackupHandler.removeMessages(MSG_RESTORE_TIMEOUT);
- // Assume error until we successfully init everything
- mStatus = BackupConstants.TRANSPORT_ERROR;
- try {
- // TODO: Log this before getAvailableRestoreSets, somehow
- EventLog.writeEvent(EventLogTags.RESTORE_START, mTransport.transportDirName(), mToken);
- // Get the list of all packages which have backup enabled.
- // (Include the Package Manager metadata pseudo-package first.)
- mRestorePackages = new ArrayList<PackageInfo>();
- PackageInfo omPackage = new PackageInfo();
- omPackage.packageName = PACKAGE_MANAGER_SENTINEL;
- mRestorePackages.add(omPackage);
- mAgentPackages = allAgentPackages();
- if (mTargetPackage == null) {
- // if there's a filter set, strip out anything that isn't
- // present before proceeding
- if (mFilterSet != null) {
- for (int i = mAgentPackages.size() - 1; i >= 0; i--) {
- final PackageInfo pkg = mAgentPackages.get(i);
- if (! mFilterSet.contains(pkg.packageName)) {
- mAgentPackages.remove(i);
- }
- }
- if (MORE_DEBUG) {
- Slog.i(TAG, "Post-filter package set for restore:");
- for (PackageInfo p : mAgentPackages) {
- Slog.i(TAG, " " + p);
- }
- }
- }
- mRestorePackages.addAll(mAgentPackages);
- } else {
- // Just one package to attempt restore of
- mRestorePackages.add(mTargetPackage);
- }
- // let the observer know that we're running
- if (mObserver != null) {
- try {
- // !!! TODO: get an actual count from the transport after
- // its startRestore() runs?
- mObserver.restoreStarting(mRestorePackages.size());
- } catch (RemoteException e) {
- Slog.d(TAG, "Restore observer died at restoreStarting");
- mObserver = null;
- }
- }
- } catch (RemoteException e) {
- // Something has gone catastrophically wrong with the transport
- Slog.e(TAG, "Error communicating with transport for restore");
- executeNextState(RestoreState.FINAL);
- return;
- }
- mStatus = BackupConstants.TRANSPORT_OK;
- executeNextState(RestoreState.DOWNLOAD_DATA);
- }
- void downloadRestoreData() {
- // Note that the download phase can be very time consuming, but we're executing
- // it inline here on the looper. This is "okay" because it is not calling out to
- // third party code; the transport is "trusted," and so we assume it is being a
- // good citizen and timing out etc when appropriate.
- //
- // TODO: when appropriate, move the download off the looper and rearrange the
- // error handling around that.
- try {
- mStatus = mTransport.startRestore(mToken,
- mRestorePackages.toArray(new PackageInfo[0]));
- if (mStatus != BackupConstants.TRANSPORT_OK) {
- Slog.e(TAG, "Error starting restore operation");
- EventLog.writeEvent(EventLogTags.RESTORE_TRANSPORT_FAILURE);
- executeNextState(RestoreState.FINAL);
- return;
- }
- } catch (RemoteException e) {
- Slog.e(TAG, "Error communicating with transport for restore");
- EventLog.writeEvent(EventLogTags.RESTORE_TRANSPORT_FAILURE);
- mStatus = BackupConstants.TRANSPORT_ERROR;
- executeNextState(RestoreState.FINAL);
- return;
- }
- // Successful download of the data to be parceled out to the apps, so off we go.
- executeNextState(RestoreState.PM_METADATA);
- }
- void restorePmMetadata() {
- try {
- String packageName = mTransport.nextRestorePackage();
- if (packageName == null) {
- Slog.e(TAG, "Error getting first restore package");
- EventLog.writeEvent(EventLogTags.RESTORE_TRANSPORT_FAILURE);
- mStatus = BackupConstants.TRANSPORT_ERROR;
- executeNextState(RestoreState.FINAL);
- return;
- } else if (packageName.equals("")) {
- Slog.i(TAG, "No restore data available");
- int millis = (int) (SystemClock.elapsedRealtime() - mStartRealtime);
- EventLog.writeEvent(EventLogTags.RESTORE_SUCCESS, 0, millis);
- mStatus = BackupConstants.TRANSPORT_OK;
- executeNextState(RestoreState.FINAL);
- return;
- } else if (!packageName.equals(PACKAGE_MANAGER_SENTINEL)) {
- Slog.e(TAG, "Expected restore data for \"" + PACKAGE_MANAGER_SENTINEL
- + "\", found only \"" + packageName + "\"");
- EventLog.writeEvent(EventLogTags.RESTORE_AGENT_FAILURE, PACKAGE_MANAGER_SENTINEL,
- "Package manager data missing");
- executeNextState(RestoreState.FINAL);
- return;
- }
- // Pull the Package Manager metadata from the restore set first
- PackageInfo omPackage = new PackageInfo();
- omPackage.packageName = PACKAGE_MANAGER_SENTINEL;
- mPmAgent = new PackageManagerBackupAgent(
- mPackageManager, mAgentPackages);
- initiateOneRestore(omPackage, 0, IBackupAgent.Stub.asInterface(mPmAgent.onBind()),
- mNeedFullBackup);
- // The PM agent called operationComplete() already, because our invocation
- // of it is process-local and therefore synchronous. That means that a
- // RUNNING_QUEUE message is already enqueued. Only if we're unable to
- // proceed with running the queue do we remove that pending message and
- // jump straight to the FINAL state.
- // Verify that the backup set includes metadata. If not, we can't do
- // signature/version verification etc, so we simply do not proceed with
- // the restore operation.
- if (!mPmAgent.hasMetadata()) {
- Slog.e(TAG, "No restore metadata available, so not restoring settings");
- EventLog.writeEvent(EventLogTags.RESTORE_AGENT_FAILURE, PACKAGE_MANAGER_SENTINEL,
- "Package manager restore metadata missing");
- mStatus = BackupConstants.TRANSPORT_ERROR;
- mBackupHandler.removeMessages(MSG_BACKUP_RESTORE_STEP, this);
- executeNextState(RestoreState.FINAL);
- return;
- }
- } catch (RemoteException e) {
- Slog.e(TAG, "Error communicating with transport for restore");
- EventLog.writeEvent(EventLogTags.RESTORE_TRANSPORT_FAILURE);
- mStatus = BackupConstants.TRANSPORT_ERROR;
- mBackupHandler.removeMessages(MSG_BACKUP_RESTORE_STEP, this);
- executeNextState(RestoreState.FINAL);
- return;
- }
- // Metadata is intact, so we can now run the restore queue. If we get here,
- // we have already enqueued the necessary next-step message on the looper.
- }
- void restoreNextAgent() {
- try {
- String packageName = mTransport.nextRestorePackage();
- if (packageName == null) {
- Slog.e(TAG, "Error getting next restore package");
- EventLog.writeEvent(EventLogTags.RESTORE_TRANSPORT_FAILURE);
- executeNextState(RestoreState.FINAL);
- return;
- } else if (packageName.equals("")) {
- if (DEBUG) Slog.v(TAG, "No next package, finishing restore");
- int millis = (int) (SystemClock.elapsedRealtime() - mStartRealtime);
- EventLog.writeEvent(EventLogTags.RESTORE_SUCCESS, mCount, millis);
- executeNextState(RestoreState.FINAL);
- return;
- }
- if (mObserver != null) {
- try {
- mObserver.onUpdate(mCount, packageName);
- } catch (RemoteException e) {
- Slog.d(TAG, "Restore observer died in onUpdate");
- mObserver = null;
- }
- }
- Metadata metaInfo = mPmAgent.getRestoredMetadata(packageName);
- if (metaInfo == null) {
- Slog.e(TAG, "Missing metadata for " + packageName);
- EventLog.writeEvent(EventLogTags.RESTORE_AGENT_FAILURE, packageName,
- "Package metadata missing");
- executeNextState(RestoreState.RUNNING_QUEUE);
- return;
- }
- PackageInfo packageInfo;
- try {
- int flags = PackageManager.GET_SIGNATURES;
- packageInfo = mPackageManager.getPackageInfo(packageName, flags);
- } catch (NameNotFoundException e) {
- Slog.e(TAG, "Invalid package restoring data", e);
- EventLog.writeEvent(EventLogTags.RESTORE_AGENT_FAILURE, packageName,
- "Package missing on device");
- executeNextState(RestoreState.RUNNING_QUEUE);
- return;
- }
- if (packageInfo.applicationInfo.backupAgentName == null
- || "".equals(packageInfo.applicationInfo.backupAgentName)) {
- if (DEBUG) {
- Slog.i(TAG, "Data exists for package " + packageName
- + " but app has no agent; skipping");
- }
- EventLog.writeEvent(EventLogTags.RESTORE_AGENT_FAILURE, packageName,
- "Package has no agent");
- executeNextState(RestoreState.RUNNING_QUEUE);
- return;
- }
- if (metaInfo.versionCode > packageInfo.versionCode) {
- // Data is from a "newer" version of the app than we have currently
- // installed. If the app has not declared that it is prepared to
- // handle this case, we do not attempt the restore.
- if ((packageInfo.applicationInfo.flags
- & ApplicationInfo.FLAG_RESTORE_ANY_VERSION) == 0) {
- String message = "Version " + metaInfo.versionCode
- + " > installed version " + packageInfo.versionCode;
- Slog.w(TAG, "Package " + packageName + ": " + message);
- EventLog.writeEvent(EventLogTags.RESTORE_AGENT_FAILURE,
- packageName, message);
- executeNextState(RestoreState.RUNNING_QUEUE);
- return;
- } else {
- if (DEBUG) Slog.v(TAG, "Version " + metaInfo.versionCode
- + " > installed " + packageInfo.versionCode
- + " but restoreAnyVersion");
- }
- }
- if (!signaturesMatch(metaInfo.signatures, packageInfo)) {
- Slog.w(TAG, "Signature mismatch restoring " + packageName);
- EventLog.writeEvent(EventLogTags.RESTORE_AGENT_FAILURE, packageName,
- "Signature mismatch");
- executeNextState(RestoreState.RUNNING_QUEUE);
- return;
- }
- if (DEBUG) Slog.v(TAG, "Package " + packageName
- + " restore version [" + metaInfo.versionCode
- + "] is compatible with installed version ["
- + packageInfo.versionCode + "]");
- // Then set up and bind the agent
- IBackupAgent agent = bindToAgentSynchronous(
- packageInfo.applicationInfo,
- IApplicationThread.BACKUP_MODE_INCREMENTAL);
- if (agent == null) {
- Slog.w(TAG, "Can't find backup agent for " + packageName);
- EventLog.writeEvent(EventLogTags.RESTORE_AGENT_FAILURE, packageName,
- "Restore agent missing");
- executeNextState(RestoreState.RUNNING_QUEUE);
- return;
- }
- // And then finally start the restore on this agent
- try {
- initiateOneRestore(packageInfo, metaInfo.versionCode, agent, mNeedFullBackup);
- ++mCount;
- } catch (Exception e) {
- Slog.e(TAG, "Error when attempting restore: " + e.toString());
- agentErrorCleanup();
- executeNextState(RestoreState.RUNNING_QUEUE);
- }
- } catch (RemoteException e) {
- Slog.e(TAG, "Unable to fetch restore data from transport");
- mStatus = BackupConstants.TRANSPORT_ERROR;
- executeNextState(RestoreState.FINAL);
- }
- }
- void finalizeRestore() {
- if (MORE_DEBUG) Slog.d(TAG, "finishing restore mObserver=" + mObserver);
- try {
- mTransport.finishRestore();
- } catch (RemoteException e) {
- Slog.e(TAG, "Error finishing restore", e);
- }
- if (mObserver != null) {
- try {
- mObserver.restoreFinished(mStatus);
- } catch (RemoteException e) {
- Slog.d(TAG, "Restore observer died at restoreFinished");
- }
- }
- // If this was a restoreAll operation, record that this was our
- // ancestral dataset, as well as the set of apps that are possibly
- // restoreable from the dataset
- if (mTargetPackage == null && mPmAgent != null) {
- mAncestralPackages = mPmAgent.getRestoredPackages();
- mAncestralToken = mToken;
- writeRestoreTokens();
- }
- // We must under all circumstances tell the Package Manager to
- // proceed with install notifications if it's waiting for us.
- if (mPmToken > 0) {
- if (MORE_DEBUG) Slog.v(TAG, "finishing PM token " + mPmToken);
- try {
- mPackageManagerBinder.finishPackageInstall(mPmToken);
- } catch (RemoteException e) { /* can't happen */ }
- }
- // Furthermore we need to reset the session timeout clock
- mBackupHandler.removeMessages(MSG_RESTORE_TIMEOUT);
- mBackupHandler.sendEmptyMessageDelayed(MSG_RESTORE_TIMEOUT,
- TIMEOUT_RESTORE_INTERVAL);
- // done; we can finally release the wakelock
- Slog.i(TAG, "Restore complete.");
- mWakelock.release();
- }
- // Call asynchronously into the app, passing it the restore data. The next step
- // after this is always a callback, either operationComplete() or handleTimeout().
- void initiateOneRestore(PackageInfo app, int appVersionCode, IBackupAgent agent,
- boolean needFullBackup) {
- mCurrentPackage = app;
- final String packageName = app.packageName;
- if (DEBUG) Slog.d(TAG, "initiateOneRestore packageName=" + packageName);
- // !!! TODO: get the dirs from the transport
- mBackupDataName = new File(mDataDir, packageName + ".restore");
- mNewStateName = new File(mStateDir, packageName + ".new");
- mSavedStateName = new File(mStateDir, packageName);
- final int token = generateToken();
- try {
- // Run the transport's restore pass
- mBackupData = ParcelFileDescriptor.open(mBackupDataName,
- ParcelFileDescriptor.MODE_READ_WRITE |
- ParcelFileDescriptor.MODE_CREATE |
- ParcelFileDescriptor.MODE_TRUNCATE);
- if (!SELinux.restorecon(mBackupDataName)) {
- Slog.e(TAG, "SElinux restorecon failed for " + mBackupDataName);
- }
- if (mTransport.getRestoreData(mBackupData) != BackupConstants.TRANSPORT_OK) {
- // Transport-level failure, so we wind everything up and
- // terminate the restore operation.
- Slog.e(TAG, "Error getting restore data for " + packageName);
- EventLog.writeEvent(EventLogTags.RESTORE_TRANSPORT_FAILURE);
- mBackupData.close();
- mBackupDataName.delete();
- executeNextState(RestoreState.FINAL);
- return;
- }
- // Okay, we have the data. Now have the agent do the restore.
- mBackupData.close();
- mBackupData = ParcelFileDescriptor.open(mBackupDataName,
- ParcelFileDescriptor.MODE_READ_ONLY);
- mNewState = ParcelFileDescriptor.open(mNewStateName,
- ParcelFileDescriptor.MODE_READ_WRITE |
- ParcelFileDescriptor.MODE_CREATE |
- ParcelFileDescriptor.MODE_TRUNCATE);
- // Kick off the restore, checking for hung agents
- prepareOperationTimeout(token, TIMEOUT_RESTORE_INTERVAL, this);
- agent.doRestore(mBackupData, appVersionCode, mNewState, token, mBackupManagerBinder);
- } catch (Exception e) {
- Slog.e(TAG, "Unable to call app for restore: " + packageName, e);
- EventLog.writeEvent(EventLogTags.RESTORE_AGENT_FAILURE, packageName, e.toString());
- agentErrorCleanup(); // clears any pending timeout messages as well
- // After a restore failure we go back to running the queue. If there
- // are no more packages to be restored that will be handled by the
- // next step.
- executeNextState(RestoreState.RUNNING_QUEUE);
- }
- }
- void agentErrorCleanup() {
- // If the agent fails restore, it might have put the app's data
- // into an incoherent state. For consistency we wipe its data
- // again in this case before continuing with normal teardown
- clearApplicationDataSynchronous(mCurrentPackage.packageName);
- agentCleanup();
- }
- void agentCleanup() {
- mBackupDataName.delete();
- try { if (mBackupData != null) mBackupData.close(); } catch (IOException e) {}
- try { if (mNewState != null) mNewState.close(); } catch (IOException e) {}
- mBackupData = mNewState = null;
- // if everything went okay, remember the recorded state now
- //
- // !!! TODO: the restored data should be migrated on the server
- // side into the current dataset. In that case the new state file
- // we just created would reflect the data already extant in the
- // backend, so there'd be nothing more to do. Until that happens,
- // however, we need to make sure that we record the data to the
- // current backend dataset. (Yes, this means shipping the data over
- // the wire in both directions. That's bad, but consistency comes
- // first, then efficiency.) Once we introduce server-side data
- // migration to the newly-restored device's dataset, we will change
- // the following from a discard of the newly-written state to the
- // "correct" operation of renaming into the canonical state blob.
- mNewStateName.delete(); // TODO: remove; see above comment
- //mNewStateName.renameTo(mSavedStateName); // TODO: replace with this
- // If this wasn't the PM pseudopackage, tear down the agent side
- if (mCurrentPackage.applicationInfo != null) {
- // unbind and tidy up even on timeout or failure
- try {
- mActivityManager.unbindBackupAgent(mCurrentPackage.applicationInfo);
- // The agent was probably running with a stub Application object,
- // which isn't a valid run mode for the main app logic. Shut
- // down the app so that next time it's launched, it gets the
- // usual full initialization. Note that this is only done for
- // full-system restores: when a single app has requested a restore,
- // it is explicitly not killed following that operation.
- if (mTargetPackage == null && (mCurrentPackage.applicationInfo.flags
- & ApplicationInfo.FLAG_KILL_AFTER_RESTORE) != 0) {
- if (DEBUG) Slog.d(TAG, "Restore complete, killing host process of "
- + mCurrentPackage.applicationInfo.processName);
- mActivityManager.killApplicationProcess(
- mCurrentPackage.applicationInfo.processName,
- mCurrentPackage.applicationInfo.uid);
- }
- } catch (RemoteException e) {
- // can't happen; we run in the same process as the activity manager
- }
- }
- // The caller is responsible for reestablishing the state machine; our
- // responsibility here is to clear the decks for whatever comes next.
- mBackupHandler.removeMessages(MSG_TIMEOUT, this);
- synchronized (mCurrentOpLock) {
- mCurrentOperations.clear();
- }
- }
- // A call to agent.doRestore() has been positively acknowledged as complete
- @Override
- public void operationComplete() {
- int size = (int) mBackupDataName.length();
- EventLog.writeEvent(EventLogTags.RESTORE_PACKAGE, mCurrentPackage.packageName, size);
- // Just go back to running the restore queue
- agentCleanup();
- executeNextState(RestoreState.RUNNING_QUEUE);
- }
- // A call to agent.doRestore() has timed out
- @Override
- public void handleTimeout() {
- Slog.e(TAG, "Timeout restoring application " + mCurrentPackage.packageName);
- EventLog.writeEvent(EventLogTags.RESTORE_AGENT_FAILURE,
- mCurrentPackage.packageName, "restore timeout");
- // Handle like an agent that threw on invocation: wipe it and go on to the next
- agentErrorCleanup();
- executeNextState(RestoreState.RUNNING_QUEUE);
- }
- void executeNextState(RestoreState nextState) {
- if (MORE_DEBUG) Slog.i(TAG, " => executing next step on "
- + this + " nextState=" + nextState);
- mCurrentState = nextState;
- Message msg = mBackupHandler.obtainMessage(MSG_BACKUP_RESTORE_STEP, this);
- mBackupHandler.sendMessage(msg);
- }
- }
- class PerformClearTask implements Runnable {
- IBackupTransport mTransport;
- PackageInfo mPackage;
- PerformClearTask(IBackupTransport transport, PackageInfo packageInfo) {
- mTransport = transport;
- mPackage = packageInfo;
- }
- public void run() {
- try {
- // Clear the on-device backup state to ensure a full backup next time
- File stateDir = new File(mBaseStateDir, mTransport.transportDirName());
- File stateFile = new File(stateDir, mPackage.packageName);
- stateFile.delete();
- // Tell the transport to remove all the persistent storage for the app
- // TODO - need to handle failures
- mTransport.clearBackupData(mPackage);
- } catch (RemoteException e) {
- // can't happen; the transport is local
- } catch (Exception e) {
- Slog.e(TAG, "Transport threw attempting to clear data for " + mPackage);
- } finally {
- try {
- // TODO - need to handle failures
- mTransport.finishBackup();
- } catch (RemoteException e) {
- // can't happen; the transport is local
- }
- // Last but not least, release the cpu
- mWakelock.release();
- }
- }
- }
- class PerformInitializeTask implements Runnable {
- HashSet<String> mQueue;
- PerformInitializeTask(HashSet<String> transportNames) {
- mQueue = transportNames;
- }
- public void run() {
- try {
- for (String transportName : mQueue) {
- IBackupTransport transport = getTransport(transportName);
- if (transport == null) {
- Slog.e(TAG, "Requested init for " + transportName + " but not found");
- continue;
- }
- Slog.i(TAG, "Initializing (wiping) backup transport storage: " + transportName);
- EventLog.writeEvent(EventLogTags.BACKUP_START, transport.transportDirName());
- long startRealtime = SystemClock.elapsedRealtime();
- int status = transport.initializeDevice();
- if (status == BackupConstants.TRANSPORT_OK) {
- status = transport.finishBackup();
- }
- // Okay, the wipe really happened. Clean up our local bookkeeping.
- if (status == BackupConstants.TRANSPORT_OK) {
- Slog.i(TAG, "Device init successful");
- int millis = (int) (SystemClock.elapsedRealtime() - startRealtime);
- EventLog.writeEvent(EventLogTags.BACKUP_INITIALIZE);
- resetBackupState(new File(mBaseStateDir, transport.transportDirName()));
- EventLog.writeEvent(EventLogTags.BACKUP_SUCCESS, 0, millis);
- synchronized (mQueueLock) {
- recordInitPendingLocked(false, transportName);
- }
- } else {
- // If this didn't work, requeue this one and try again
- // after a suitable interval
- Slog.e(TAG, "Transport error in initializeDevice()");
- EventLog.writeEvent(EventLogTags.BACKUP_TRANSPORT_FAILURE, "(initialize)");
- synchronized (mQueueLock) {
- recordInitPendingLocked(true, transportName);
- }
- // do this via another alarm to make sure of the wakelock states
- long delay = transport.requestBackupTime();
- if (DEBUG) Slog.w(TAG, "init failed on "
- + transportName + " resched in " + delay);
- mAlarmManager.set(AlarmManager.RTC_WAKEUP,
- System.currentTimeMillis() + delay, mRunInitIntent);
- }
- }
- } catch (RemoteException e) {
- // can't happen; the transports are local
- } catch (Exception e) {
- Slog.e(TAG, "Unexpected error performing init", e);
- } finally {
- // Done; release the wakelock
- mWakelock.release();
- }
- }
- }
- private void dataChangedImpl(String packageName) {
- HashSet<String> targets = dataChangedTargets(packageName);
- dataChangedImpl(packageName, targets);
- }
- private void dataChangedImpl(String packageName, HashSet<String> targets) {
- // Record that we need a backup pass for the caller. Since multiple callers
- // may share a uid, we need to note all candidates within that uid and schedule
- // a backup pass for each of them.
- EventLog.writeEvent(EventLogTags.BACKUP_DATA_CHANGED, packageName);
- if (targets == null) {
- Slog.w(TAG, "dataChanged but no participant pkg='" + packageName + "'"
- + " uid=" + Binder.getCallingUid());
- return;
- }
- synchronized (mQueueLock) {
- // Note that this client has made data changes that need to be backed up
- if (targets.contains(packageName)) {
- // Add the caller to the set of pending backups. If there is
- // one already there, then overwrite it, but no harm done.
- BackupRequest req = new BackupRequest(packageName);
- if (mPendingBackups.put(packageName, req) == null) {
- if (DEBUG) Slog.d(TAG, "Now staging backup of " + packageName);
- // Journal this request in case of crash. The put()
- // operation returned null when this package was not already
- // in the set; we want to avoid touching the disk redundantly.
- writeToJournalLocked(packageName);
- if (MORE_DEBUG) {
- int numKeys = mPendingBackups.size();
- Slog.d(TAG, "Now awaiting backup for " + numKeys + " participants:");
- for (BackupRequest b : mPendingBackups.values()) {
- Slog.d(TAG, " + " + b);
- }
- }
- }
- }
- }
- }
- // Note: packageName is currently unused, but may be in the future
- private HashSet<String> dataChangedTargets(String packageName) {
- // If the caller does not hold the BACKUP permission, it can only request a
- // backup of its own data.
- if ((mContext.checkPermission(android.Manifest.permission.BACKUP, Binder.getCallingPid(),
- Binder.getCallingUid())) == PackageManager.PERMISSION_DENIED) {
- synchronized (mBackupParticipants) {
- return mBackupParticipants.get(Binder.getCallingUid());
- }
- }
- // a caller with full permission can ask to back up any participating app
- // !!! TODO: allow backup of ANY app?
- HashSet<String> targets = new HashSet<String>();
- synchronized (mBackupParticipants) {
- int N = mBackupParticipants.size();
- for (int i = 0; i < N; i++) {
- HashSet<String> s = mBackupParticipants.valueAt(i);
- if (s != null) {
- targets.addAll(s);
- }
- }
- }
- return targets;
- }
- private void writeToJournalLocked(String str) {
- RandomAccessFile out = null;
- try {
- if (mJournal == null) mJournal = File.createTempFile("journal", null, mJournalDir);
- out = new RandomAccessFile(mJournal, "rws");
- out.seek(out.length());
- out.writeUTF(str);
- } catch (IOException e) {
- Slog.e(TAG, "Can't write " + str + " to backup journal", e);
- mJournal = null;
- } finally {
- try { if (out != null) out.close(); } catch (IOException e) {}
- }
- }
- // ----- IBackupManager binder interface -----
- public void dataChanged(final String packageName) {
- final int callingUserHandle = UserHandle.getCallingUserId();
- if (callingUserHandle != UserHandle.USER_OWNER) {
- // App is running under a non-owner user profile. For now, we do not back
- // up data from secondary user profiles.
- // TODO: backups for all user profiles.
- if (MORE_DEBUG) {
- Slog.v(TAG, "dataChanged(" + packageName + ") ignored because it's user "
- + callingUserHandle);
- }
- return;
- }
- final HashSet<String> targets = dataChangedTargets(packageName);
- if (targets == null) {
- Slog.w(TAG, "dataChanged but no participant pkg='" + packageName + "'"
- + " uid=" + Binder.getCallingUid());
- return;
- }
- mBackupHandler.post(new Runnable() {
- public void run() {
- dataChangedImpl(packageName, targets);
- }
- });
- }
- // Clear the given package's backup data from the current transport
- public void clearBackupData(String transportName, String packageName) {
- if (DEBUG) Slog.v(TAG, "clearBackupData() of " + packageName + " on " + transportName);
- PackageInfo info;
- try {
- info = mPackageManager.getPackageInfo(packageName, PackageManager.GET_SIGNATURES);
- } catch (NameNotFoundException e) {
- Slog.d(TAG, "No such package '" + packageName + "' - not clearing backup data");
- return;
- }
- // If the caller does not hold the BACKUP permission, it can only request a
- // wipe of its own backed-up data.
- HashSet<String> apps;
- if ((mContext.checkPermission(android.Manifest.permission.BACKUP, Binder.getCallingPid(),
- Binder.getCallingUid())) == PackageManager.PERMISSION_DENIED) {
- apps = mBackupParticipants.get(Binder.getCallingUid());
- } else {
- // a caller with full permission can ask to back up any participating app
- // !!! TODO: allow data-clear of ANY app?
- if (DEBUG) Slog.v(TAG, "Privileged caller, allowing clear of other apps");
- apps = new HashSet<String>();
- int N = mBackupParticipants.size();
- for (int i = 0; i < N; i++) {
- HashSet<String> s = mBackupParticipants.valueAt(i);
- if (s != null) {
- apps.addAll(s);
- }
- }
- }
- // Is the given app an available participant?
- if (apps.contains(packageName)) {
- // found it; fire off the clear request
- if (DEBUG) Slog.v(TAG, "Found the app - running clear process");
- mBackupHandler.removeMessages(MSG_RETRY_CLEAR);
- synchronized (mQueueLock) {
- final IBackupTransport transport = getTransport(transportName);
- if (transport == null) {
- // transport is currently unavailable -- make sure to retry
- Message msg = mBackupHandler.obtainMessage(MSG_RETRY_CLEAR,
- new ClearRetryParams(transportName, packageName));
- mBackupHandler.sendMessageDelayed(msg, TRANSPORT_RETRY_INTERVAL);
- return;
- }
- long oldId = Binder.clearCallingIdentity();
- mWakelock.acquire();
- Message msg = mBackupHandler.obtainMessage(MSG_RUN_CLEAR,
- new ClearParams(transport, info));
- mBackupHandler.sendMessage(msg);
- Binder.restoreCallingIdentity(oldId);
- }
- }
- }
- // Run a backup pass immediately for any applications that have declared
- // that they have pending updates.
- public void backupNow() {
- mContext.enforceCallingOrSelfPermission(android.Manifest.permission.BACKUP, "backupNow");
- if (DEBUG) Slog.v(TAG, "Scheduling immediate backup pass");
- synchronized (mQueueLock) {
- // Because the alarms we are using can jitter, and we want an *immediate*
- // backup pass to happen, we restart the timer beginning with "next time,"
- // then manually fire the backup trigger intent ourselves.
- startBackupAlarmsLocked(BACKUP_INTERVAL);
- try {
- mRunBackupIntent.send();
- } catch (PendingIntent.CanceledException e) {
- // should never happen
- Slog.e(TAG, "run-backup intent cancelled!");
- }
- }
- }
- boolean deviceIsProvisioned() {
- final ContentResolver resolver = mContext.getContentResolver();
- return (Settings.Global.getInt(resolver, Settings.Global.DEVICE_PROVISIONED, 0) != 0);
- }
- // Run a *full* backup pass for the given package, writing the resulting data stream
- // to the supplied file descriptor. This method is synchronous and does not return
- // to the caller until the backup has been completed.
- public void fullBackup(ParcelFileDescriptor fd, boolean includeApks,
- boolean includeObbs, boolean includeShared,
- boolean doAllApps, boolean includeSystem, String[] pkgList) {
- mContext.enforceCallingPermission(android.Manifest.permission.BACKUP, "fullBackup");
- final int callingUserHandle = UserHandle.getCallingUserId();
- if (callingUserHandle != UserHandle.USER_OWNER) {
- throw new IllegalStateException("Backup supported only for the device owner");
- }
- // Validate
- if (!doAllApps) {
- if (!includeShared) {
- // If we're backing up shared data (sdcard or equivalent), then we can run
- // without any supplied app names. Otherwise, we'd be doing no work, so
- // report the error.
- if (pkgList == null || pkgList.length == 0) {
- throw new IllegalArgumentException(
- "Backup requested but neither shared nor any apps named");
- }
- }
- }
- long oldId = Binder.clearCallingIdentity();
- try {
- // Doesn't make sense to do a full backup prior to setup
- if (!deviceIsProvisioned()) {
- Slog.i(TAG, "Full backup not supported before setup");
- return;
- }
- if (DEBUG) Slog.v(TAG, "Requesting full backup: apks=" + includeApks
- + " obb=" + includeObbs + " shared=" + includeShared + " all=" + doAllApps
- + " pkgs=" + pkgList);
- Slog.i(TAG, "Beginning full backup...");
- FullBackupParams params = new FullBackupParams(fd, includeApks, includeObbs,
- includeShared, doAllApps, includeSystem, pkgList);
- final int token = generateToken();
- synchronized (mFullConfirmations) {
- mFullConfirmations.put(token, params);
- }
- // start up the confirmation UI
- if (DEBUG) Slog.d(TAG, "Starting backup confirmation UI, token=" + token);
- if (!startConfirmationUi(token, FullBackup.FULL_BACKUP_INTENT_ACTION)) {
- Slog.e(TAG, "Unable to launch full backup confirmation");
- mFullConfirmations.delete(token);
- return;
- }
- // make sure the screen is lit for the user interaction
- mPowerManager.userActivity(SystemClock.uptimeMillis(), false);
- // start the confirmation countdown
- startConfirmationTimeout(token, params);
- // wait for the backup to be performed
- if (DEBUG) Slog.d(TAG, "Waiting for full backup completion...");
- waitForCompletion(params);
- } finally {
- try {
- fd.close();
- } catch (IOException e) {
- // just eat it
- }
- Binder.restoreCallingIdentity(oldId);
- Slog.d(TAG, "Full backup processing complete.");
- }
- }
- public void fullRestore(ParcelFileDescriptor fd) {
- mContext.enforceCallingPermission(android.Manifest.permission.BACKUP, "fullRestore");
- final int callingUserHandle = UserHandle.getCallingUserId();
- if (callingUserHandle != UserHandle.USER_OWNER) {
- throw new IllegalStateException("Restore supported only for the device owner");
- }
- long oldId = Binder.clearCallingIdentity();
- try {
- // Check whether the device has been provisioned -- we don't handle
- // full restores prior to completing the setup process.
- if (!deviceIsProvisioned()) {
- Slog.i(TAG, "Full restore not permitted before setup");
- return;
- }
- Slog.i(TAG, "Beginning full restore...");
- FullRestoreParams params = new FullRestoreParams(fd);
- final int token = generateToken();
- synchronized (mFullConfirmations) {
- mFullConfirmations.put(token, params);
- }
- // start up the confirmation UI
- if (DEBUG) Slog.d(TAG, "Starting restore confirmation UI, token=" + token);
- if (!startConfirmationUi(token, FullBackup.FULL_RESTORE_INTENT_ACTION)) {
- Slog.e(TAG, "Unable to launch full restore confirmation");
- mFullConfirmations.delete(token);
- return;
- }
- // make sure the screen is lit for the user interaction
- mPowerManager.userActivity(SystemClock.uptimeMillis(), false);
- // start the confirmation countdown
- startConfirmationTimeout(token, params);
- // wait for the restore to be performed
- if (DEBUG) Slog.d(TAG, "Waiting for full restore completion...");
- waitForCompletion(params);
- } finally {
- try {
- fd.close();
- } catch (IOException e) {
- Slog.w(TAG, "Error trying to close fd after full restore: " + e);
- }
- Binder.restoreCallingIdentity(oldId);
- Slog.i(TAG, "Full restore processing complete.");
- }
- }
- boolean startConfirmationUi(int token, String action) {
- try {
- Intent confIntent = new Intent(action);
- confIntent.setClassName("com.android.backupconfirm",
- "com.android.backupconfirm.BackupRestoreConfirmation");
- confIntent.putExtra(FullBackup.CONF_TOKEN_INTENT_EXTRA, token);
- confIntent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
- mContext.startActivity(confIntent);
- } catch (ActivityNotFoundException e) {
- return false;
- }
- return true;
- }
- void startConfirmationTimeout(int token, FullParams params) {
- if (MORE_DEBUG) Slog.d(TAG, "Posting conf timeout msg after "
- + TIMEOUT_FULL_CONFIRMATION + " millis");
- Message msg = mBackupHandler.obtainMessage(MSG_FULL_CONFIRMATION_TIMEOUT,
- token, 0, params);
- mBackupHandler.sendMessageDelayed(msg, TIMEOUT_FULL_CONFIRMATION);
- }
- void waitForCompletion(FullParams params) {
- synchronized (params.latch) {
- while (params.latch.get() == false) {
- try {
- params.latch.wait();
- } catch (InterruptedException e) { /* never interrupted */ }
- }
- }
- }
- void signalFullBackupRestoreCompletion(FullParams params) {
- synchronized (params.latch) {
- params.latch.set(true);
- params.latch.notifyAll();
- }
- }
- // Confirm that the previously-requested full backup/restore operation can proceed. This
- // is used to require a user-facing disclosure about the operation.
- @Override
- public void acknowledgeFullBackupOrRestore(int token, boolean allow,
- String curPassword, String encPpassword, IFullBackupRestoreObserver observer) {
- if (DEBUG) Slog.d(TAG, "acknowledgeFullBackupOrRestore : token=" + token
- + " allow=" + allow);
- // TODO: possibly require not just this signature-only permission, but even
- // require that the specific designated confirmation-UI app uid is the caller?
- mContext.enforceCallingPermission(android.Manifest.permission.BACKUP, "acknowledgeFullBackupOrRestore");
- long oldId = Binder.clearCallingIdentity();
- try {
- FullParams params;
- synchronized (mFullConfirmations) {
- params = mFullConfirmations.get(token);
- if (params != null) {
- mBackupHandler.removeMessages(MSG_FULL_CONFIRMATION_TIMEOUT, params);
- mFullConfirmations.delete(token);
- if (allow) {
- final int verb = params instanceof FullBackupParams
- ? MSG_RUN_FULL_BACKUP
- : MSG_RUN_FULL_RESTORE;
- params.observer = observer;
- params.curPassword = curPassword;
- boolean isEncrypted;
- try {
- isEncrypted = (mMountService.getEncryptionState() != MountService.ENCRYPTION_STATE_NONE);
- if (isEncrypted) Slog.w(TAG, "Device is encrypted; forcing enc password");
- } catch (RemoteException e) {
- // couldn't contact the mount service; fail "safe" and assume encryption
- Slog.e(TAG, "Unable to contact mount service!");
- isEncrypted = true;
- }
- params.encryptPassword = (isEncrypted) ? curPassword : encPpassword;
- if (DEBUG) Slog.d(TAG, "Sending conf message with verb " + verb);
- mWakelock.acquire();
- Message msg = mBackupHandler.obtainMessage(verb, params);
- mBackupHandler.sendMessage(msg);
- } else {
- Slog.w(TAG, "User rejected full backup/restore operation");
- // indicate completion without having actually transferred any data
- signalFullBackupRestoreCompletion(params);
- }
- } else {
- Slog.w(TAG, "Attempted to ack full backup/restore with invalid token");
- }
- }
- } finally {
- Binder.restoreCallingIdentity(oldId);
- }
- }
- // Enable/disable the backup service
- @Override
- public void setBackupEnabled(boolean enable) {
- mContext.enforceCallingOrSelfPermission(android.Manifest.permission.BACKUP,
- "setBackupEnabled");
- Slog.i(TAG, "Backup enabled => " + enable);
- long oldId = Binder.clearCallingIdentity();
- try {
- boolean wasEnabled = mEnabled;
- synchronized (this) {
- Settings.Secure.putInt(mContext.getContentResolver(),
- Settings.Secure.BACKUP_ENABLED, enable ? 1 : 0);
- mEnabled = enable;
- }
- synchronized (mQueueLock) {
- if (enable && !wasEnabled && mProvisioned) {
- // if we've just been enabled, start scheduling backup passes
- startBackupAlarmsLocked(BACKUP_INTERVAL);
- } else if (!enable) {
- // No longer enabled, so stop running backups
- if (DEBUG) Slog.i(TAG, "Opting out of backup");
- mAlarmManager.cancel(mRunBackupIntent);
- // This also constitutes an opt-out, so we wipe any data for
- // this device from the backend. We start that process with
- // an alarm in order to guarantee wakelock states.
- if (wasEnabled && mProvisioned) {
- // NOTE: we currently flush every registered transport, not just
- // the currently-active one.
- HashSet<String> allTransports;
- synchronized (mTransports) {
- allTransports = new HashSet<String>(mTransports.keySet());
- }
- // build the set of transports for which we are posting an init
- for (String transport : allTransports) {
- recordInitPendingLocked(true, transport);
- }
- mAlarmManager.set(AlarmManager.RTC_WAKEUP, System.currentTimeMillis(),
- mRunInitIntent);
- }
- }
- }
- } finally {
- Binder.restoreCallingIdentity(oldId);
- }
- }
- // Enable/disable automatic restore of app data at install time
- public void setAutoRestore(boolean doAutoRestore) {
- mContext.enforceCallingOrSelfPermission(android.Manifest.permission.BACKUP,
- "setAutoRestore");
- Slog.i(TAG, "Auto restore => " + doAutoRestore);
- synchronized (this) {
- Settings.Secure.putInt(mContext.getContentResolver(),
- Settings.Secure.BACKUP_AUTO_RESTORE, doAutoRestore ? 1 : 0);
- mAutoRestore = doAutoRestore;
- }
- }
- // Mark the backup service as having been provisioned
- public void setBackupProvisioned(boolean available) {
- mContext.enforceCallingOrSelfPermission(android.Manifest.permission.BACKUP,
- "setBackupProvisioned");
- /*
- * This is now a no-op; provisioning is simply the device's own setup state.
- */
- }
- private void startBackupAlarmsLocked(long delayBeforeFirstBackup) {
- // We used to use setInexactRepeating(), but that may be linked to
- // backups running at :00 more often than not, creating load spikes.
- // Schedule at an exact time for now, and also add a bit of "fuzz".
- Random random = new Random();
- long when = System.currentTimeMillis() + delayBeforeFirstBackup +
- random.nextInt(FUZZ_MILLIS);
- mAlarmManager.setRepeating(AlarmManager.RTC_WAKEUP, when,
- BACKUP_INTERVAL + random.nextInt(FUZZ_MILLIS), mRunBackupIntent);
- mNextBackupPass = when;
- }
- // Report whether the backup mechanism is currently enabled
- public boolean isBackupEnabled() {
- mContext.enforceCallingOrSelfPermission(android.Manifest.permission.BACKUP, "isBackupEnabled");
- return mEnabled; // no need to synchronize just to read it
- }
- // Report the name of the currently active transport
- public String getCurrentTransport() {
- mContext.enforceCallingOrSelfPermission(android.Manifest.permission.BACKUP,
- "getCurrentTransport");
- if (MORE_DEBUG) Slog.v(TAG, "... getCurrentTransport() returning " + mCurrentTransport);
- return mCurrentTransport;
- }
- // Report all known, available backup transports
- public String[] listAllTransports() {
- mContext.enforceCallingOrSelfPermission(android.Manifest.permission.BACKUP, "listAllTransports");
- String[] list = null;
- ArrayList<String> known = new ArrayList<String>();
- for (Map.Entry<String, IBackupTransport> entry : mTransports.entrySet()) {
- if (entry.getValue() != null) {
- known.add(entry.getKey());
- }
- }
- if (known.size() > 0) {
- list = new String[known.size()];
- known.toArray(list);
- }
- return list;
- }
- // Select which transport to use for the next backup operation. If the given
- // name is not one of the available transports, no action is taken and the method
- // returns null.
- public String selectBackupTransport(String transport) {
- mContext.enforceCallingOrSelfPermission(android.Manifest.permission.BACKUP, "selectBackupTransport");
- synchronized (mTransports) {
- String prevTransport = null;
- if (mTransports.get(transport) != null) {
- prevTransport = mCurrentTransport;
- mCurrentTransport = transport;
- Settings.Secure.putString(mContext.getContentResolver(),
- Settings.Secure.BACKUP_TRANSPORT, transport);
- Slog.v(TAG, "selectBackupTransport() set " + mCurrentTransport
- + " returning " + prevTransport);
- } else {
- Slog.w(TAG, "Attempt to select unavailable transport " + transport);
- }
- return prevTransport;
- }
- }
- // Supply the configuration Intent for the given transport. If the name is not one
- // of the available transports, or if the transport does not supply any configuration
- // UI, the method returns null.
- public Intent getConfigurationIntent(String transportName) {
- mContext.enforceCallingOrSelfPermission(android.Manifest.permission.BACKUP,
- "getConfigurationIntent");
- synchronized (mTransports) {
- final IBackupTransport transport = mTransports.get(transportName);
- if (transport != null) {
- try {
- final Intent intent = transport.configurationIntent();
- if (MORE_DEBUG) Slog.d(TAG, "getConfigurationIntent() returning config intent "
- + intent);
- return intent;
- } catch (RemoteException e) {
- /* fall through to return null */
- }
- }
- }
- return null;
- }
- // Supply the configuration summary string for the given transport. If the name is
- // not one of the available transports, or if the transport does not supply any
- // summary / destination string, the method can return null.
- //
- // This string is used VERBATIM as the summary text of the relevant Settings item!
- public String getDestinationString(String transportName) {
- mContext.enforceCallingOrSelfPermission(android.Manifest.permission.BACKUP,
- "getDestinationString");
- synchronized (mTransports) {
- final IBackupTransport transport = mTransports.get(transportName);
- if (transport != null) {
- try {
- final String text = transport.currentDestinationString();
- if (MORE_DEBUG) Slog.d(TAG, "getDestinationString() returning " + text);
- return text;
- } catch (RemoteException e) {
- /* fall through to return null */
- }
- }
- }
- return null;
- }
- // Callback: a requested backup agent has been instantiated. This should only
- // be called from the Activity Manager.
- public void agentConnected(String packageName, IBinder agentBinder) {
- synchronized(mAgentConnectLock) {
- if (Binder.getCallingUid() == Process.SYSTEM_UID) {
- Slog.d(TAG, "agentConnected pkg=" + packageName + " agent=" + agentBinder);
- IBackupAgent agent = IBackupAgent.Stub.asInterface(agentBinder);
- mConnectedAgent = agent;
- mConnecting = false;
- } else {
- Slog.w(TAG, "Non-system process uid=" + Binder.getCallingUid()
- + " claiming agent connected");
- }
- mAgentConnectLock.notifyAll();
- }
- }
- // Callback: a backup agent has failed to come up, or has unexpectedly quit.
- // If the agent failed to come up in the first place, the agentBinder argument
- // will be null. This should only be called from the Activity Manager.
- public void agentDisconnected(String packageName) {
- // TODO: handle backup being interrupted
- synchronized(mAgentConnectLock) {
- if (Binder.getCallingUid() == Process.SYSTEM_UID) {
- mConnectedAgent = null;
- mConnecting = false;
- } else {
- Slog.w(TAG, "Non-system process uid=" + Binder.getCallingUid()
- + " claiming agent disconnected");
- }
- mAgentConnectLock.notifyAll();
- }
- }
- // An application being installed will need a restore pass, then the Package Manager
- // will need to be told when the restore is finished.
- public void restoreAtInstall(String packageName, int token) {
- if (Binder.getCallingUid() != Process.SYSTEM_UID) {
- Slog.w(TAG, "Non-system process uid=" + Binder.getCallingUid()
- + " attemping install-time restore");
- return;
- }
- boolean skip = false;
- long restoreSet = getAvailableRestoreToken(packageName);
- if (DEBUG) Slog.v(TAG, "restoreAtInstall pkg=" + packageName
- + " token=" + Integer.toHexString(token)
- + " restoreSet=" + Long.toHexString(restoreSet));
- if (restoreSet == 0) {
- if (MORE_DEBUG) Slog.i(TAG, "No restore set");
- skip = true;
- }
- // Do we have a transport to fetch data for us?
- IBackupTransport transport = getTransport(mCurrentTransport);
- if (transport == null) {
- if (DEBUG) Slog.w(TAG, "No transport");
- skip = true;
- }
- if (!skip && mAutoRestore && mProvisioned) {
- try {
- // okay, we're going to attempt a restore of this package from this restore set.
- // The eventual message back into the Package Manager to run the post-install
- // steps for 'token' will be issued from the restore handling code.
- // This can throw and so *must* happen before the wakelock is acquired
- String dirName = transport.transportDirName();
- // We can use a synthetic PackageInfo here because:
- // 1. We know it's valid, since the Package Manager supplied the name
- // 2. Only the packageName field will be used by the restore code
- PackageInfo pkg = new PackageInfo();
- pkg.packageName = packageName;
- mWakelock.acquire();
- Message msg = mBackupHandler.obtainMessage(MSG_RUN_RESTORE);
- msg.obj = new RestoreParams(transport, dirName, null,
- restoreSet, pkg, token, true);
- mBackupHandler.sendMessage(msg);
- } catch (RemoteException e) {
- // Binding to the transport broke; back off and proceed with the installation.
- Slog.e(TAG, "Unable to contact transport");
- skip = true;
- }
- }
- if (skip) {
- // Auto-restore disabled or no way to attempt a restore; just tell the Package
- // Manager to proceed with the post-install handling for this package.
- if (DEBUG) Slog.v(TAG, "Skipping");
- try {
- mPackageManagerBinder.finishPackageInstall(token);
- } catch (RemoteException e) { /* can't happen */ }
- }
- }
- // Hand off a restore session
- public IRestoreSession beginRestoreSession(String packageName, String transport) {
- if (DEBUG) Slog.v(TAG, "beginRestoreSession: pkg=" + packageName
- + " transport=" + transport);
- boolean needPermission = true;
- if (transport == null) {
- transport = mCurrentTransport;
- if (packageName != null) {
- PackageInfo app = null;
- try {
- app = mPackageManager.getPackageInfo(packageName, 0);
- } catch (NameNotFoundException nnf) {
- Slog.w(TAG, "Asked to restore nonexistent pkg " + packageName);
- throw new IllegalArgumentException("Package " + packageName + " not found");
- }
- if (app.applicationInfo.uid == Binder.getCallingUid()) {
- // So: using the current active transport, and the caller has asked
- // that its own package will be restored. In this narrow use case
- // we do not require the caller to hold the permission.
- needPermission = false;
- }
- }
- }
- if (needPermission) {
- mContext.enforceCallingOrSelfPermission(android.Manifest.permission.BACKUP,
- "beginRestoreSession");
- } else {
- if (DEBUG) Slog.d(TAG, "restoring self on current transport; no permission needed");
- }
- synchronized(this) {
- if (mActiveRestoreSession != null) {
- Slog.d(TAG, "Restore session requested but one already active");
- return null;
- }
- mActiveRestoreSession = new ActiveRestoreSession(packageName, transport);
- mBackupHandler.sendEmptyMessageDelayed(MSG_RESTORE_TIMEOUT, TIMEOUT_RESTORE_INTERVAL);
- }
- return mActiveRestoreSession;
- }
- void clearRestoreSession(ActiveRestoreSession currentSession) {
- synchronized(this) {
- if (currentSession != mActiveRestoreSession) {
- Slog.e(TAG, "ending non-current restore session");
- } else {
- if (DEBUG) Slog.v(TAG, "Clearing restore session and halting timeout");
- mActiveRestoreSession = null;
- mBackupHandler.removeMessages(MSG_RESTORE_TIMEOUT);
- }
- }
- }
- // Note that a currently-active backup agent has notified us that it has
- // completed the given outstanding asynchronous backup/restore operation.
- @Override
- public void opComplete(int token) {
- if (MORE_DEBUG) Slog.v(TAG, "opComplete: " + Integer.toHexString(token));
- Operation op = null;
- synchronized (mCurrentOpLock) {
- op = mCurrentOperations.get(token);
- if (op != null) {
- op.state = OP_ACKNOWLEDGED;
- }
- mCurrentOpLock.notifyAll();
- }
- // The completion callback, if any, is invoked on the handler
- if (op != null && op.callback != null) {
- Message msg = mBackupHandler.obtainMessage(MSG_OP_COMPLETE, op.callback);
- mBackupHandler.sendMessage(msg);
- }
- }
- // ----- Restore session -----
- class ActiveRestoreSession extends IRestoreSession.Stub {
- private static final String TAG = "RestoreSession";
- private String mPackageName;
- private IBackupTransport mRestoreTransport = null;
- RestoreSet[] mRestoreSets = null;
- boolean mEnded = false;
- ActiveRestoreSession(String packageName, String transport) {
- mPackageName = packageName;
- mRestoreTransport = getTransport(transport);
- }
- // --- Binder interface ---
- public synchronized int getAvailableRestoreSets(IRestoreObserver observer) {
- mContext.enforceCallingOrSelfPermission(android.Manifest.permission.BACKUP,
- "getAvailableRestoreSets");
- if (observer == null) {
- throw new IllegalArgumentException("Observer must not be null");
- }
- if (mEnded) {
- throw new IllegalStateException("Restore session already ended");
- }
- long oldId = Binder.clearCallingIdentity();
- try {
- if (mRestoreTransport == null) {
- Slog.w(TAG, "Null transport getting restore sets");
- return -1;
- }
- // spin off the transport request to our service thread
- mWakelock.acquire();
- Message msg = mBackupHandler.obtainMessage(MSG_RUN_GET_RESTORE_SETS,
- new RestoreGetSetsParams(mRestoreTransport, this, observer));
- mBackupHandler.sendMessage(msg);
- return 0;
- } catch (Exception e) {
- Slog.e(TAG, "Error in getAvailableRestoreSets", e);
- return -1;
- } finally {
- Binder.restoreCallingIdentity(oldId);
- }
- }
- public synchronized int restoreAll(long token, IRestoreObserver observer) {
- mContext.enforceCallingOrSelfPermission(android.Manifest.permission.BACKUP,
- "performRestore");
- if (DEBUG) Slog.d(TAG, "restoreAll token=" + Long.toHexString(token)
- + " observer=" + observer);
- if (mEnded) {
- throw new IllegalStateException("Restore session already ended");
- }
- if (mRestoreTransport == null || mRestoreSets == null) {
- Slog.e(TAG, "Ignoring restoreAll() with no restore set");
- return -1;
- }
- if (mPackageName != null) {
- Slog.e(TAG, "Ignoring restoreAll() on single-package session");
- return -1;
- }
- String dirName;
- try {
- dirName = mRestoreTransport.transportDirName();
- } catch (RemoteException e) {
- // Transport went AWOL; fail.
- Slog.e(TAG, "Unable to contact transport for restore");
- return -1;
- }
- synchronized (mQueueLock) {
- for (int i = 0; i < mRestoreSets.length; i++) {
- if (token == mRestoreSets[i].token) {
- long oldId = Binder.clearCallingIdentity();
- mWakelock.acquire();
- Message msg = mBackupHandler.obtainMessage(MSG_RUN_RESTORE);
- msg.obj = new RestoreParams(mRestoreTransport, dirName,
- observer, token, true);
- mBackupHandler.sendMessage(msg);
- Binder.restoreCallingIdentity(oldId);
- return 0;
- }
- }
- }
- Slog.w(TAG, "Restore token " + Long.toHexString(token) + " not found");
- return -1;
- }
- public synchronized int restoreSome(long token, IRestoreObserver observer,
- String[] packages) {
- mContext.enforceCallingOrSelfPermission(android.Manifest.permission.BACKUP,
- "performRestore");
- if (DEBUG) {
- StringBuilder b = new StringBuilder(128);
- b.append("restoreSome token=");
- b.append(Long.toHexString(token));
- b.append(" observer=");
- b.append(observer.toString());
- b.append(" packages=");
- if (packages == null) {
- b.append("null");
- } else {
- b.append('{');
- boolean first = true;
- for (String s : packages) {
- if (!first) {
- b.append(", ");
- } else first = false;
- b.append(s);
- }
- b.append('}');
- }
- Slog.d(TAG, b.toString());
- }
- if (mEnded) {
- throw new IllegalStateException("Restore session already ended");
- }
- if (mRestoreTransport == null || mRestoreSets == null) {
- Slog.e(TAG, "Ignoring restoreAll() with no restore set");
- return -1;
- }
- if (mPackageName != null) {
- Slog.e(TAG, "Ignoring restoreAll() on single-package session");
- return -1;
- }
- String dirName;
- try {
- dirName = mRestoreTransport.transportDirName();
- } catch (RemoteException e) {
- // Transport went AWOL; fail.
- Slog.e(TAG, "Unable to contact transport for restore");
- return -1;
- }
- synchronized (mQueueLock) {
- for (int i = 0; i < mRestoreSets.length; i++) {
- if (token == mRestoreSets[i].token) {
- long oldId = Binder.clearCallingIdentity();
- mWakelock.acquire();
- Message msg = mBackupHandler.obtainMessage(MSG_RUN_RESTORE);
- msg.obj = new RestoreParams(mRestoreTransport, dirName, observer, token,
- packages, true);
- mBackupHandler.sendMessage(msg);
- Binder.restoreCallingIdentity(oldId);
- return 0;
- }
- }
- }
- Slog.w(TAG, "Restore token " + Long.toHexString(token) + " not found");
- return -1;
- }
- public synchronized int restorePackage(String packageName, IRestoreObserver observer) {
- if (DEBUG) Slog.v(TAG, "restorePackage pkg=" + packageName + " obs=" + observer);
- if (mEnded) {
- throw new IllegalStateException("Restore session already ended");
- }
- if (mPackageName != null) {
- if (! mPackageName.equals(packageName)) {
- Slog.e(TAG, "Ignoring attempt to restore pkg=" + packageName
- + " on session for package " + mPackageName);
- return -1;
- }
- }
- PackageInfo app = null;
- try {
- app = mPackageManager.getPackageInfo(packageName, 0);
- } catch (NameNotFoundException nnf) {
- Slog.w(TAG, "Asked to restore nonexistent pkg " + packageName);
- return -1;
- }
- // If the caller is not privileged and is not coming from the target
- // app's uid, throw a permission exception back to the caller.
- int perm = mContext.checkPermission(android.Manifest.permission.BACKUP,
- Binder.getCallingPid(), Binder.getCallingUid());
- if ((perm == PackageManager.PERMISSION_DENIED) &&
- (app.applicationInfo.uid != Binder.getCallingUid())) {
- Slog.w(TAG, "restorePackage: bad packageName=" + packageName
- + " or calling uid=" + Binder.getCallingUid());
- throw new SecurityException("No permission to restore other packages");
- }
- // If the package has no backup agent, we obviously cannot proceed
- if (app.applicationInfo.backupAgentName == null) {
- Slog.w(TAG, "Asked to restore package " + packageName + " with no agent");
- return -1;
- }
- // So far so good; we're allowed to try to restore this package. Now
- // check whether there is data for it in the current dataset, falling back
- // to the ancestral dataset if not.
- long token = getAvailableRestoreToken(packageName);
- // If we didn't come up with a place to look -- no ancestral dataset and
- // the app has never been backed up from this device -- there's nothing
- // to do but return failure.
- if (token == 0) {
- if (DEBUG) Slog.w(TAG, "No data available for this package; not restoring");
- return -1;
- }
- String dirName;
- try {
- dirName = mRestoreTransport.transportDirName();
- } catch (RemoteException e) {
- // Transport went AWOL; fail.
- Slog.e(TAG, "Unable to contact transport for restore");
- return -1;
- }
- // Ready to go: enqueue the restore request and claim success
- long oldId = Binder.clearCallingIdentity();
- mWakelock.acquire();
- Message msg = mBackupHandler.obtainMessage(MSG_RUN_RESTORE);
- msg.obj = new RestoreParams(mRestoreTransport, dirName,
- observer, token, app, 0, false);
- mBackupHandler.sendMessage(msg);
- Binder.restoreCallingIdentity(oldId);
- return 0;
- }
- // Posted to the handler to tear down a restore session in a cleanly synchronized way
- class EndRestoreRunnable implements Runnable {
- BackupManagerService mBackupManager;
- ActiveRestoreSession mSession;
- EndRestoreRunnable(BackupManagerService manager, ActiveRestoreSession session) {
- mBackupManager = manager;
- mSession = session;
- }
- public void run() {
- // clean up the session's bookkeeping
- synchronized (mSession) {
- try {
- if (mSession.mRestoreTransport != null) {
- mSession.mRestoreTransport.finishRestore();
- }
- } catch (Exception e) {
- Slog.e(TAG, "Error in finishRestore", e);
- } finally {
- mSession.mRestoreTransport = null;
- mSession.mEnded = true;
- }
- }
- // clean up the BackupManagerService side of the bookkeeping
- // and cancel any pending timeout message
- mBackupManager.clearRestoreSession(mSession);
- }
- }
- public synchronized void endRestoreSession() {
- if (DEBUG) Slog.d(TAG, "endRestoreSession");
- if (mEnded) {
- throw new IllegalStateException("Restore session already ended");
- }
- mBackupHandler.post(new EndRestoreRunnable(BackupManagerService.this, this));
- }
- }
- @Override
- public void dump(FileDescriptor fd, PrintWriter pw, String[] args) {
- mContext.enforceCallingOrSelfPermission(android.Manifest.permission.DUMP, TAG);
- long identityToken = Binder.clearCallingIdentity();
- try {
- dumpInternal(pw);
- } finally {
- Binder.restoreCallingIdentity(identityToken);
- }
- }
- private void dumpInternal(PrintWriter pw) {
- synchronized (mQueueLock) {
- pw.println("Backup Manager is " + (mEnabled ? "enabled" : "disabled")
- + " / " + (!mProvisioned ? "not " : "") + "provisioned / "
- + (this.mPendingInits.size() == 0 ? "not " : "") + "pending init");
- pw.println("Auto-restore is " + (mAutoRestore ? "enabled" : "disabled"));
- if (mBackupRunning) pw.println("Backup currently running");
- pw.println("Last backup pass started: " + mLastBackupPass
- + " (now = " + System.currentTimeMillis() + ')');
- pw.println(" next scheduled: " + mNextBackupPass);
- pw.println("Available transports:");
- for (String t : listAllTransports()) {
- pw.println((t.equals(mCurrentTransport) ? " * " : " ") + t);
- try {
- IBackupTransport transport = getTransport(t);
- File dir = new File(mBaseStateDir, transport.transportDirName());
- pw.println(" destination: " + transport.currentDestinationString());
- pw.println(" intent: " + transport.configurationIntent());
- for (File f : dir.listFiles()) {
- pw.println(" " + f.getName() + " - " + f.length() + " state bytes");
- }
- } catch (Exception e) {
- Slog.e(TAG, "Error in transport", e);
- pw.println(" Error: " + e);
- }
- }
- pw.println("Pending init: " + mPendingInits.size());
- for (String s : mPendingInits) {
- pw.println(" " + s);
- }
- if (DEBUG_BACKUP_TRACE) {
- synchronized (mBackupTrace) {
- if (!mBackupTrace.isEmpty()) {
- pw.println("Most recent backup trace:");
- for (String s : mBackupTrace) {
- pw.println(" " + s);
- }
- }
- }
- }
- int N = mBackupParticipants.size();
- pw.println("Participants:");
- for (int i=0; i<N; i++) {
- int uid = mBackupParticipants.keyAt(i);
- pw.print(" uid: ");
- pw.println(uid);
- HashSet<String> participants = mBackupParticipants.valueAt(i);
- for (String app: participants) {
- pw.println(" " + app);
- }
- }
- pw.println("Ancestral packages: "
- + (mAncestralPackages == null ? "none" : mAncestralPackages.size()));
- if (mAncestralPackages != null) {
- for (String pkg : mAncestralPackages) {
- pw.println(" " + pkg);
- }
- }
- pw.println("Ever backed up: " + mEverStoredApps.size());
- for (String pkg : mEverStoredApps) {
- pw.println(" " + pkg);
- }
- pw.println("Pending backup: " + mPendingBackups.size());
- for (BackupRequest req : mPendingBackups.values()) {
- pw.println(" " + req);
- }
- }
- }
- }