diff options
| author | Tobias Thierer <tobiast@google.com> | 2020-10-19 19:37:30 +0100 |
|---|---|---|
| committer | Tobias Thierer <tobiast@google.com> | 2020-12-11 00:50:23 +0000 |
| commit | 79192da3f32aba7a0d026c996b74342b83d4f6f0 (patch) | |
| tree | ea8dc048b100f7af8f2fbc19b03627c1957eb8b6 | |
| parent | 1c60ee31ac93e8b12ef27737806fe98bdd1dac46 (diff) | |
Enforce BACKUP permission on Service end.
BackupManager runs in the client process, whereas BackupManagerService
runs in the system server process. Therefore, apps permissions need should
be enforced on the service side.
Bug: 158482162
Test: Manually checked that a sample app encounters SecurityException
after but not before this CL, when running code similar to the
sample in http://b/158482162#comment1 to figure out whether
isBackupServiceActive() for its own uid.
Change-Id: I59693819542a80a065a9c88373393b0ba0dbef65
Merged-In: I59693819542a80a065a9c88373393b0ba0dbef65
(cherry picked from commit b2ab2c414fcac5f68edd8d790d3773f1f9330e3b)
| -rw-r--r-- | core/java/android/app/backup/BackupManager.java | 2 | ||||
| -rw-r--r-- | services/backup/java/com/android/server/backup/BackupManagerService.java | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/core/java/android/app/backup/BackupManager.java b/core/java/android/app/backup/BackupManager.java index e199cbe2d875..b1edaa6210e2 100644 --- a/core/java/android/app/backup/BackupManager.java +++ b/core/java/android/app/backup/BackupManager.java @@ -400,8 +400,6 @@ public class BackupManager { @SystemApi @RequiresPermission(android.Manifest.permission.BACKUP) public boolean isBackupServiceActive(UserHandle user) { - mContext.enforceCallingOrSelfPermission(android.Manifest.permission.BACKUP, - "isBackupServiceActive"); checkServiceBinder(); if (sService != null) { try { diff --git a/services/backup/java/com/android/server/backup/BackupManagerService.java b/services/backup/java/com/android/server/backup/BackupManagerService.java index b13bef2de151..19ada753f33d 100644 --- a/services/backup/java/com/android/server/backup/BackupManagerService.java +++ b/services/backup/java/com/android/server/backup/BackupManagerService.java @@ -506,6 +506,8 @@ public class BackupManagerService extends IBackupManager.Stub { */ @Override public boolean isBackupServiceActive(int userId) { + mContext.enforceCallingPermission(android.Manifest.permission.BACKUP, + "isBackupServiceActive"); synchronized (mStateLock) { return !mGlobalDisable && isBackupActivatedForUser(userId); } |