Ensure install-during-restore is like install-then-restore

When we've installed an apk from the archive, recheck whether
to apply the system-uid policy restrictions around file system
restores.

Bug 8833099

Change-Id: Ifa1b5877673a0d6ca6acf94e60f314fd0dda008c

1 files changed, 10 insertions, 1 deletions

diff --git a/services/java/com/android/server/BackupManagerService.java b/services/java/com/android/server/BackupManagerService.java
index 2a3c87e4ff6f..a537e99dfa98 100644
--- a/services/java/com/android/server/BackupManagerService.java
+++ b/services/java/com/android/server/BackupManagerService.java
@@ -3735,7 +3735,16 @@ class BackupManagerService extends IBackupManager.Stub {
                             } else {
                                 // So far so good -- do the signatures match the manifest?
                                 Signature[] sigs = mManifestSignatures.get(info.packageName);
-                                if (!signaturesMatch(sigs, pkg)) {
+                                if (signaturesMatch(sigs, pkg)) {
+                                    // If this is a system-uid app without a declared backup agent,
+                                    // don't restore any of the file data.
+                                    if ((pkg.applicationInfo.uid < Process.FIRST_APPLICATION_UID)
+                                            && (pkg.applicationInfo.backupAgentName == null)) {
+                                        Slog.w(TAG, "Installed app " + info.packageName
+                                                + " has restricted uid and no agent");
+                                        okay = false;
+                                    }
+                                } else {
                                     Slog.w(TAG, "Installed app " + info.packageName
                                             + " signatures do not match restore manifest");
                                     okay = false;