Remove BACKUP_DATA permission and associated checks

Any package can now participate in backup/restore, without requiring any
manifest-declared permission.  *Control* of the backup manager is still
guarded by the BACKUP permission, which is signatureOrSystem.

Change-Id: I116fcfcd4cd255e3c976330da1c4dea7d4faae9d

5 files changed, 1 insertions, 33 deletions

diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
index f5f5a27274dc..8273dbf3877b 100644
--- a/core/res/AndroidManifest.xml
+++ b/core/res/AndroidManifest.xml
@@ -1161,13 +1161,6 @@
         android:description="@string/permdesc_backup"
         android:protectionLevel="signatureOrSystem" />
 
-    <!-- Allows an application to participate in the backup and restore process
-         @hide -->
-    <permission android:name="android.permission.BACKUP_DATA"
-        android:label="@string/permlab_backup_data"
-        android:description="@string/permdesc_backup_data"
-        android:protectionLevel="signatureOrSystem" />
-
     <!-- Allows an application to tell the AppWidget service which application
          can access AppWidget's data.  The normal user flow is that a user
          picks an AppWidget to go into a particular host, thereby giving that
diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml
index 9e596ef489d9..6f34b4f84ed4 100644
--- a/core/res/res/values/strings.xml
+++ b/core/res/res/values/strings.xml
@@ -565,11 +565,6 @@
     <string name="permdesc_backup">Allows the application to control the system\'s backup and restore mechanism.  Not for use by normal applications.</string>
 
     <!-- Title of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
-    <string name="permlab_backup_data">back up and restore the application\'s data</string>
-    <!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
-    <string name="permdesc_backup_data">Allows the application to participate in the system\'s backup and restore mechanism.</string>
-
-    <!-- Title of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
     <string name="permlab_internalSystemWindow">display unauthorized windows</string>
     <!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
     <string name="permdesc_internalSystemWindow">Allows the creation of
diff --git a/packages/SettingsProvider/AndroidManifest.xml b/packages/SettingsProvider/AndroidManifest.xml
index a54251828e34..c92b9d7fb564 100644
--- a/packages/SettingsProvider/AndroidManifest.xml
+++ b/packages/SettingsProvider/AndroidManifest.xml
@@ -2,8 +2,6 @@
         package="com.android.providers.settings"
         android:sharedUserId="android.uid.system">
 
-    <uses-permission android:name="android.permission.BACKUP_DATA" />
-
     <application android:allowClearUserData="false"
                  android:label="@string/app_label"
                  android:process="system"
diff --git a/services/java/com/android/server/BackupManagerService.java b/services/java/com/android/server/BackupManagerService.java
index 27055edadfe1..a7a6df515faa 100644
--- a/services/java/com/android/server/BackupManagerService.java
+++ b/services/java/com/android/server/BackupManagerService.java
@@ -896,9 +896,7 @@ class BackupManagerService extends IBackupManager.Stub {
             try {
                 ApplicationInfo app = pkg.applicationInfo;
                 if (((app.flags&ApplicationInfo.FLAG_ALLOW_BACKUP) == 0)
-                        || app.backupAgentName == null
-                        || (mPackageManager.checkPermission(android.Manifest.permission.BACKUP_DATA,
-                                pkg.packageName) != PackageManager.PERMISSION_GRANTED)) {
+                        || app.backupAgentName == null) {
                     packages.remove(a);
                 }
                 else {
@@ -1282,15 +1280,6 @@ class BackupManagerService extends IBackupManager.Stub {
             for (BackupRequest request : mQueue) {
                 Log.d(TAG, "starting agent for backup of " + request);
 
-                // Don't run backup, even if requested, if the target app does not have
-                // the requisite permission
-                if (mPackageManager.checkPermission(android.Manifest.permission.BACKUP_DATA,
-                        request.appInfo.packageName) != PackageManager.PERMISSION_GRANTED) {
-                    Log.w(TAG, "Skipping backup of unprivileged package "
-                            + request.appInfo.packageName);
-                    continue;
-                }
-
                 IBackupAgent agent = null;
                 int mode = (request.fullBackup)
                         ? IApplicationThread.BACKUP_MODE_FULL
@@ -1760,12 +1749,6 @@ class BackupManagerService extends IBackupManager.Stub {
 
             if (DEBUG) Log.d(TAG, "processOneRestore packageName=" + packageName);
 
-            // Don't restore to unprivileged packages
-            if (mPackageManager.checkPermission(android.Manifest.permission.BACKUP_DATA,
-                    packageName) != PackageManager.PERMISSION_GRANTED) {
-                Log.d(TAG, "Skipping restore of unprivileged package " + packageName);
-            }
-
             // !!! TODO: get the dirs from the transport
             File backupDataName = new File(mDataDir, packageName + ".restore");
             File newStateName = new File(mStateDir, packageName + ".new");
diff --git a/tests/backup/AndroidManifest.xml b/tests/backup/AndroidManifest.xml
index d992627de609..3778742e105e 100644
--- a/tests/backup/AndroidManifest.xml
+++ b/tests/backup/AndroidManifest.xml
@@ -1,6 +1,5 @@
 <manifest xmlns:android="http://schemas.android.com/apk/res/android"
         package="com.android.backuptest">
-    <uses-permission android:name="android.permission.BACKUP_DATA" />
     <application android:backupAgent="BackupTestAgent">
         <activity android:name="BackupTestActivity" android:label="_BackupTest">
             <intent-filter>