am 7e93aad4: am 36fa4713: Merge "Fix security hole in Google backup transport registration" into froyo

Merge commit '7e93aad42d5f96e4e3a471e49384e1ce794c9411' into kraken

* commit '7e93aad42d5f96e4e3a471e49384e1ce794c9411':
  Fix security hole in Google backup transport registration
This commit is contained in:
Christopher Tate
2010-04-21 18:19:38 -07:00
committed by Android Git Automerger

View File

@ -479,10 +479,25 @@ class BackupManagerService extends IBackupManager.Stub {
// Attach to the Google backup transport. When this comes up, it will set
// itself as the current transport because we explicitly reset mCurrentTransport
// to null.
Intent intent = new Intent().setComponent(new ComponentName(
"com.google.android.backup",
"com.google.android.backup.BackupTransportService"));
context.bindService(intent, mGoogleConnection, Context.BIND_AUTO_CREATE);
ComponentName transportComponent = new ComponentName("com.google.android.backup",
"com.google.android.backup.BackupTransportService");
try {
// If there's something out there that is supposed to be the Google
// backup transport, make sure it's legitimately part of the OS build
// and not an app lying about its package name.
ApplicationInfo info = mPackageManager.getApplicationInfo(
transportComponent.getPackageName(), 0);
if ((info.flags & ApplicationInfo.FLAG_SYSTEM) != 0) {
if (DEBUG) Slog.v(TAG, "Binding to Google transport");
Intent intent = new Intent().setComponent(transportComponent);
context.bindService(intent, mGoogleConnection, Context.BIND_AUTO_CREATE);
} else {
Slog.w(TAG, "Possible Google transport spoof: ignoring " + info);
}
} catch (PackageManager.NameNotFoundException nnf) {
// No such package? No binding.
if (DEBUG) Slog.v(TAG, "Google transport not present");
}
// Now that we know about valid backup participants, parse any
// leftover journal files into the pending backup set