Cross Reference: /frameworks/base/services/java/com/android/server/BackupManagerService.java

History log of /frameworks/base/services/java/com/android/server/BackupManagerService.java
Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
71beeab14a891297b6658c4aeb47557083091aa1	25-Jun-2010	Christopher Tate <ctate@google.com>	Properly note the current active restore set's token Bug: 2796780 Change-Id: Iad601ed96ae73cf34910a276350712e6af19bb4e /frameworks/base/services/java/com/android/server/BackupManagerService.java
a32504fce826fb66b53991d04819ece3e6bf105e	22-Apr-2010	Christopher Tate <ctate@google.com>	Fix security hole in Google backup transport registration Previously, it was conceivable that a 3rd party application on a non-GED device could publish a service that supported the (hidden) IBackupTransport interface and spoofed the Google backup transport's package and component name. This could allow it to secretly intercept all data moved through the backup mechanism. Fix by ensuring that the package in question exists and is part of the OS itself (FLAG_SYSTEM in its ApplicationInfo description) before binding to it. Fixes bug #2457063 Change-Id: I3487572be45c2014fa209beacfe3ac6f8270f872 /frameworks/base/services/java/com/android/server/BackupManagerService.java
5923c9718390bf6d50c52661263f15c1f863012b	05-Apr-2010	Christopher Tate <ctate@google.com>	Fix 'dumpsys backup' "for (Type foo : mSetOfType)" doesn't work when mSetOfType is null. Change-Id: Iac667c7309f99b12d3147830e166b542b29cba5f /frameworks/base/services/java/com/android/server/BackupManagerService.java
2d449afe3d075020bdd1115bcc15c9383cbce122	30-Mar-2010	Christopher Tate <ctate@google.com>	Make RestoreSession.getAvailableRestoreSets() asynchronous This transaction can involve the transport having to query a remote backend over the wire, so it can take a Long Time(tm). Make it main-thread-safe by making it asynchronous, with the results passed as a callback to the invoker's RestoreObserver. We also make the IRestoreObserver callback interface properly oneway. Bug #2550665 Bug #2549422 Change-Id: If18a233a0a3d54c7b55101715c9e6195b762c5a0 /frameworks/base/services/java/com/android/server/BackupManagerService.java
1f4df90bfab8ca42eabe95f19eadff3432eee7fd	27-Mar-2010	Oscar Montemayor <oam@google.com>	DO NOT MERGE Removing unused features from source tree. Please refer to Bug#2502219. Change-Id: I879c29bfd5ffe933f64bb1082aaae7c956450a5a /frameworks/base/services/java/com/android/server/BackupManagerService.java
9c3cee9824026764275e4d84ba9b5d9fdc5da690	26-Mar-2010	Christopher Tate <ctate@google.com>	API CHANGE: Backup/restore API changes requested by the API Council * @hide the android.app.backup.RestoreSession class and functionality * Provide a public method on android.app.backup.BackupManager that apps can use to request a restore pass of their last-known-good dataset. The new method is called requestRestore(). * Provide the name of the package being restored, not just its ordinal, in the RestoreObserver's onUpdate() callback. Part of bug #2545514 Change-Id: I9689bf8d6e2b808b4ee412424a36a835be0a5ca8 /frameworks/base/services/java/com/android/server/BackupManagerService.java
3de55bcd34afd5871816526294f9514d1adf3fe5	13-Mar-2010	Christopher Tate <ctate@google.com>	API CHANGE: expose the backup-related ApplicationInfo flag masks Fixes bug #2507582 by doing the following: - Un-@hide the FLAG_ALLOW_BACKUP, FLAG_KILL_AFTER_RESTORE, and FLAG_RESTORE_ANY_VERSION mask constants in ApplicationInfo. These correspond, respectively, to the <application> manifest tag's android:allowBackup, android:killAfterRestore, and android:restoreAnyVersion attributes. - Remove the android:restoreNeedsApplication attribute and the corresponding FLAG_RESTORE_NEEDS_APPLICATION constant [which was still marked @hide]. We now always use the application's own Application class when performing a normal restore. In the future when we support an externalized full-filesystem backup/restore operation, we will use an OS-defined agent class with a base-class Application instance, but this will not happen until a future release. Also expands real documentation on the above ApplicationInfo constants; that work is part of bug #2465360 Change-Id: I735d07a963ae80a01343637d83bef84e4c23fdcc /frameworks/base/services/java/com/android/server/BackupManagerService.java
4528186e0d65fc68ef0dd1941aa2ac8aefcd55a3	06-Mar-2010	Christopher Tate <ctate@google.com>	Refactor android.backup => android.app.backup Change-Id: I0b21316ff890d7f3c7d4b82837bb60670724c2e8 /frameworks/base/services/java/com/android/server/BackupManagerService.java
8a9b22056b13477f59df934928c00c58b5871c95	27-Feb-2010	Joe Onorato <joeo@android.com>	Switch the services library to using the new Slog /frameworks/base/services/java/com/android/server/BackupManagerService.java
7d411a3b947ba82d1d57f73c0fa698c3b9c95892	26-Feb-2010	Christopher Tate <ctate@google.com>	Add single-package restore to Bmgr feature set Also sanity-check the package name on the Backup Manager side, failing gracefully if the given package is not a backup/restore participant. Bug: 2293977 Change-Id: I3575046ffcaa3cf45c1c602824baeadd64082f70 /frameworks/base/services/java/com/android/server/BackupManagerService.java
5035fdab3dbb60b226bc6bb2f03e9944bcb964cd	26-Feb-2010	Christopher Tate <ctate@google.com>	Default the auto-restore setting to "enabled." Change-Id: I7d8710466214a1b09aabdd71e77b9b34d3d62365 /frameworks/base/services/java/com/android/server/BackupManagerService.java
ae06ed97382429f51075d257e3290cdd86f66326	26-Feb-2010	Christopher Tate <ctate@google.com>	Fix the build Change-Id: I41616afc75a3366ea7e9e79ac7ea4c46d1863d83 /frameworks/base/services/java/com/android/server/BackupManagerService.java
f087272d56ff84157e2481b7ca34d4d077affa74	26-Feb-2010	Christopher Tate <ctate@google.com>	Start respecting the auto-restore-at-install setting Change-Id: I420ff6b4ba72f87bee56f45d8906f086f7a2b114 /frameworks/base/services/java/com/android/server/BackupManagerService.java
3dda518a4fd57cdded3afa50d8aa206501de7fc6	25-Feb-2010	Christopher Tate <ctate@google.com>	Add 'restoreAnyVersion' attr for apps that want to restore "future" data If a backup-participating app sets android:restoreAnyVersion="true" in its manifest <application> tag, then its agent will be invoked for restore even if the available dataset was created by a later version of the app than is currently installed on the device. This will not typically be a problem for third party applications, since for them the installation and initial data restore are tightly coupled, but it can cause serious problems for applications which are both preinstalled on the system partition and overridden by later updates. The primary difficulty that this new attribute addresses is this: 1. User buys a Nexus One, Market self-updates, and the user installs some apps. At this point the backup data on the server may indicate that the version of Market which originated its bookkeeping is newer than the stock N1 Market app. 2. User loses their phone, and buys a replacement N1. At setup time, Market has not yet had a chance to self-update, so when the restore comes in, it's tagged as being from "the future" and so the restore is refused. No apps get reinstalled. Bug: 2442127 Change-Id: I076a9553dc613e5c3189350e778315718ed1ed2b /frameworks/base/services/java/com/android/server/BackupManagerService.java
1bb6906c7a903ee6427c8ff37bdc5896c386ff73	20-Feb-2010	Christopher Tate <ctate@google.com>	Automatically restore app data at install time When an application being installed defines a backupAgent in its manifest, we now automatically perform a restore of the latest-known-good data for that app. This is defined as "data backed up by this app from this handset, if available; otherwise data for this app as it existed when the device was initially provisioned." If neither option exists for the app, no restore action is taken. The CL involves major changes in the Backup and Package Managers... * The Package Manager's act of installing an application has now been split into two separate phases, with a data-restore phase optionally occurring between these two PM actions. First, the details of the install are performed as usual. Instead of immediately notifying install observers and issuing the install-related broadcasts, the in-process install state is snapshotted and the backup manager notified that a restore operation should be attempted. It does this by calling a new API on IBackupManager, passing a token by which it identifies its in-progress install state. The backup manager then downloads [if possible] the data for the newly-installed application and invokes the app's backupAgent to do the restore. After this step, regardless of failure, it then calls back into the Package Manager to indicate that the restore phase has been completed, supplying the token that was passed in the original notification from the Package Manager. The Package Manager then runs the final post-install actions: notifying install observers and sending out all the appropriate broadcasts. It's only at this point that the app becomes visible to the Launcher and the rest of the OS. ... and a few other bits and pieces... * The ApplicationInfo.backupAgentName field has been exposed to the SDK. This can be reverted if there's a reason to do so, but it wasn't clear that this info needs to be hidden from 3rd party apps. * Debug logging of restore set IDs and operation timeout tokens [used during any asynchronous Backup Manager operation] are now consistently in hex for readability. * We now properly reset our binder identity before calling into the transport during restore-set operations. This fixes a permissions failure when a single-app restore was attempted. * The 'BackupTest' test app is no longer lumped onto the system partition by default. Change-Id: If3addefb846791f327e2a221de97c8d5d20ee7b3 /frameworks/base/services/java/com/android/server/BackupManagerService.java
1168baae849f03ad655bff74360b286b2f10b4a8	17-Feb-2010	Christopher Tate <ctate@google.com>	Tone down a non-error log message about lack of ancestral dataset tracking Change-Id: I2e5e48c9b695d6225016365907fe8edc73ab2c8e /frameworks/base/services/java/com/android/server/BackupManagerService.java
e28290e21f908b4e917099ff2aa41e3aab9310c2	17-Feb-2010	Christopher Tate <ctate@google.com>	API CHANGE: expose backup/restore to the SDK The core backup/restore classes [BackupManager, BackupAgent, RestoreSession, and RestoreObserver] are now published for 3rd party developers, as well as the suite of helper classes that exist so far to aid authorship of backup/restore agents. In conjunction with the API change, the restore-time automatic data wipe has now been removed: applications are responsible for managing the logic of wipe vs merge themselves. If the app's agent onRestore() callback throws, the data is presumed to be incoherent and a wipe is issued via the Activity Manager; otherwise, no automatic action is ever taken. Change-Id: I0b3418b829d4689b58b88be3d9c4ace37a8583a9 /frameworks/base/services/java/com/android/server/BackupManagerService.java
a87240c2270e83c3e865ffa1e56f79bfa74daffc	12-Feb-2010	Christopher Tate <ctate@google.com>	Remove BACKUP_DATA permission and associated checks Any package can now participate in backup/restore, without requiring any manifest-declared permission. Control of the backup manager is still guarded by the BACKUP permission, which is signatureOrSystem. Change-Id: I116fcfcd4cd255e3c976330da1c4dea7d4faae9d /frameworks/base/services/java/com/android/server/BackupManagerService.java
b49ceb3b8b17656984fd969d548dc912e7d2c7c1	09-Feb-2010	Christopher Tate <ctate@google.com>	Remember which apps have available restore info in the ancestral dataset When we perform a full-system restore, remember the set of applications which have data available in our ancestral dataset. This is a key filter for not having to do a round trip to the [remote] storage backend at app-install time unless it is likely to be fruitful. Change-Id: I7c77b490c560c581888d84f02f258b2e2d73bc69 /frameworks/base/services/java/com/android/server/BackupManagerService.java
b56ae20b22fd7283df32072a431ab6d4965f3c1b	05-Feb-2010	Suchi Amalapurapu <asuchitra@google.com>	Rename media resource broadcasts Add checks for fwdlocked and updated system apps add more tests remove duplicate adds /frameworks/base/services/java/com/android/server/BackupManagerService.java
c61da3136b1ffce9152f54ff19cab2782cb8450b	05-Feb-2010	Christopher Tate <ctate@google.com>	Don't hold the backup queue lock across a backup operation This got lost in the shuffle when the backup process was retooled to run synchronously within a single spun-off HandlerThread. Formerly it was okay to hold the lock around the point in time when the backup service thread was being spun off, but once that became synchronous it wound up locking out apps' calls to dataChanged(), which in turn led to ANRs. Bug: 2421333 Change-Id: Icf378e5733af5f28a689c564494486cd3555eca7 /frameworks/base/services/java/com/android/server/BackupManagerService.java
8472581aa32eee1368de379c2c079ea0a66baa3c	05-Feb-2010	Christopher Tate <ctate@google.com>	Add single-package restore from an app's most-recent data Renamed the RestoreSession performRestore() method to restoreAll(), and added a new restorePackage() method that only restores the single specified app. In order to restore an app other than itself, the caller must hold the android.permission.BACKUP permission. This change also introduces dataset tracking: the Backup Manager persistently remembers both the current backup dataset's identity and that of the "ancestral" dataset, i.e. the one most recently used for a whole-device restore such as performed by SetupWizard. When a single package is restored via restorePackage(), the selection of most-recent dataset to use is this: 1. The data from the currently-active backup dataset, if such exists. An app that has ever backed up data will therefore get its last- known-good data. 2. The app's data from the ancestral dataset, if such exists. This covers the case of a factory reset followed by reinstallation of an app at a later time. The app had not yet backed anything up post-wipe, but the old data is in the ancestral dataset and should be brought forward when the app reappears. 3. If neither 1. nor 2. exist, there is no data to restore, so just skip it and return failure. Note that the infrastructure to automatically attempt a restore after an application has been installed does not yet exist; that's coming. Change-Id: I0ba170df9885128000c46ed28d3dddda3a63a143 /frameworks/base/services/java/com/android/server/BackupManagerService.java
cce9da5dc3d515f98c260af41a03e61e57b4e7a6	04-Feb-2010	Christopher Tate <ctate@google.com>	Add auto-restore setting and Backup Manager awareness thereof This setting, like BACKUP_ENABLE, should never be set directly in the secure settings database. Instead, it should be manipulated through the new IBackupManager method setAutoRestore(boolean). Change-Id: I5c3226ca85b6148bb756d753d7f9e4ea76e878c4 /frameworks/base/services/java/com/android/server/BackupManagerService.java
08675a3376819a82aa5ab344bc3e7b1635c30b05	28-Jan-2010	Suchi Amalapurapu <asuchitra@google.com>	Apps on sdcard: Add new broadcasts Add new broadcasts ACTION_MEDIA_RESOURCES_AVAILABLE and ACTION_MEDIA_RESOURCES_UNAVAILABLE that get broadcast by PackageManagerService when sdcard gets mounted/unmounted by MountService so that packages on sdcard get recognized by various system services as being installed/available or removed/unavailable by the system. The broadcasts are sent before the actual package cleanup which includes mounting/unmounting the packages and we force a gc right after so that any lingering file references to resources on sdcard get released. /frameworks/base/services/java/com/android/server/BackupManagerService.java
c2af5d3bf84fa66570081d30ce0210458e46b1b8	03-Feb-2010	Christopher Tate <ctate@google.com>	Get rid of now-superfluous "backup or restore in progress" tracking Now that backup/restore/etc operations are queued and serialized, we no longer need to use external state tracking to prevent overlapping operations. Change-Id: I14f2a5d740cb97ae062aad55a06f49a2be5dd985 /frameworks/base/services/java/com/android/server/BackupManagerService.java
b0dcaaf108d70040e4e4e4ac65df1a7eae732d1e	30-Jan-2010	Christopher Tate <ctate@google.com>	Don't crash on transport unregistration if there is no current transport Change-Id: Icd0962254ba224a7be27d408dffb25b634f67863 /frameworks/base/services/java/com/android/server/BackupManagerService.java
44a2790374bf27116cbd91060d4f096ca5999709	28-Jan-2010	Christopher Tate <ctate@google.com>	Make backup/restore asynchronous and enforce timeouts Callouts to app backup agents are now asynchronous, and timeouts are applied if they take too long, hang, etc. The initial timeouts are set to 15 seconds on backup, 60 seconds on restore. These operations typically run at background priority, so it's necessary to give them ample time to run. As part of setting up this asynchronicity, the Backup Manager's internal thread management has been overhauled. It now spins off a single HandlerThread at startup, and runs backup/restore/etc operations synchronously in that thread, applying timeouts as appropriate. This means we're no longer spinning up new threads all the time, and furthermore it ensures that we can never have more than one operation in flight at once. Later CLs will remove the now-redundant logic that previously ensured that operations didn't stomp on each other. Bug: 2053560 Change-Id: Ie4315c219c7ff6dd8f51f2ad6c0872595b18cff1 /frameworks/base/services/java/com/android/server/BackupManagerService.java
80202c8cb8c8e4ab507079e79b864c61a8eeeee9	26-Jan-2010	Christopher Tate <ctate@google.com>	Move towards a formal public API for backup and restore This commit makes a few changes towards establishing a formal application interface for interacting with the backup/restore mechanism: 1. Introduce public wrapper classes around the various binder interfaces; 3rd party code will never see the binders directly. 2. Progress update callbacks during a restore sequence now occur on the main thread, not in a binder thread [and not with system-process permissions!]. 3. Rename the BackupManagerService's inner "RestoreSession" class to avoid ambiguity with the new public "RestoreSession" class. /frameworks/base/services/java/com/android/server/BackupManagerService.java
dfa47b56e1c10c001adcb9dd6c32613b4ce50ff7	23-Dec-2009	Christopher Tate <ctate@google.com>	Don't crash the system process when a backup transport unregisters Bug: 2342503 /frameworks/base/services/java/com/android/server/BackupManagerService.java
18803d37e2ce47407b7ac52513e3254207e8b287	07-Dec-2009	Doug Zongker <dougz@android.com>	resolved conflicts for merge of 5a2fdbba to master
ab5c49c7e7f5f61040650109a76f38a443fb852d	04-Dec-2009	Doug Zongker <dougz@android.com>	move event log tags used by system server into this package We can now locate event log tag definitions in individual packages (and java constants for the tag numbers get auto-generated), so move all the tags used by the system server into the package. /frameworks/base/services/java/com/android/server/BackupManagerService.java
a8529f68671a8a118751cb6ad577f44eaf076b96	18-Nov-2009	Oscar Montemayor <oam@google.com>	Encrypted File Systems Project. Installer modifications. Started to modify isntaller for data redirection to a secure location. /frameworks/base/services/java/com/android/server/BackupManagerService.java
78dd4a737172afe98c25ad19dacc0106a6f5474a	04-Nov-2009	Christopher Tate <ctate@android.com>	Fix #2176803 - restores from userdebug to user builds not working The underlying issue is that ordinarily, the restore mechanism checks the signature block of the package which uploaded the restore data against the signature of the package on-device that will be handling the restore. This is to ensure that the restore goes to the "same" application as the one that uploaded it. However, applications bundled on the system partition as part of the device build are signed not with a permanent, app-identifying signature, but rather with the device's signature block, which is different for each kind of device and potentially between kinds of build for the same device. That renders the stored backup data unusable when changing devices / builds / etc. This change works around the problem by explicitly privileging applications that reside on the system partition: they have been built into the device, and so are trusted to be able to handle data that is marked as coming from its package name. Change-Id: I561011bce2b54cff3e695e82e7544b126b6ac31e /frameworks/base/services/java/com/android/server/BackupManagerService.java
c1c49c024f990bf54b2a7d16fdf5110263693aea	31-Oct-2009	Dan Egnor <egnor@google.com>	Use setRepeating() rather than setInexactRepeating() for backup scheduling, and add some random fuzz to the scheduling times, to make sure we aren't creating hour-aligned server load spikes. See bug 2226553 for details & Dr. No information. /frameworks/base/services/java/com/android/server/BackupManagerService.java
13f4a64ddd0d81ffa04cb2ff4fd4c6500d6d21ed	01-Oct-2009	Christopher Tate <ctate@android.com>	Turn off the last of the STOPSHIP verbose debugging Change-Id: Id93f4c9e9fb8468a554ae1e5c5c767f72903662c /frameworks/base/services/java/com/android/server/BackupManagerService.java
852f8e4660302a4163bfdc4a9b1e8012296522b0	30-Sep-2009	Dan Egnor <egnor@google.com>	Only re-initialize backup state if @pm@ metadata is missing, to defensively work around a still-mysterious bug where the list of saved packages ends up being empty even though we still have state pending. If we do re-initialize, then wipe all state to make sure the right thing happens. Don't keep open journal files -- close them after every update. A bit less efficient, but possibly more reliable (again, this is defensive programming here). Also change "rwd" to "rws" mode for fully synchronous operation. /frameworks/base/services/java/com/android/server/BackupManagerService.java
726247ca6153d801e56ba5c574e0d9ba48135a5c	30-Sep-2009	Dan Egnor <egnor@google.com>	Better event log tracking for initializeDevice() requests -- on success, record "backup_initialize" event; on failure, record "backup_transport_failure" event (and add tags to "backup_transport_failure" events that aren't associated with a particular package -- namely "(initialize)" and "(finish)"). /frameworks/base/services/java/com/android/server/BackupManagerService.java
55f931a375cf6da96c525aa70d97541c0878951e	30-Sep-2009	Christopher Tate <ctate@android.com>	Add more useful-for-debug info to 'dumpsys backup' Change-Id: I52e20bac01ff63feaf28920a79311881992293a3 /frameworks/base/services/java/com/android/server/BackupManagerService.java
a253f16cf8e70e0dcb0bcd6338441c83c3e44c3a	28-Sep-2009	Christopher Tate <ctate@android.com>	Don't forget to clear "backup in progress" state when finishing a pass If a backup pass had been skipped (either because the transport was unavailable or -- in a common case! -- because there was simply no work pending when the periodic backup check fired), we were forgetting to reset the "backup currently in progress" flag. Once we'd done that, the device would NEVER perform a backup until it was rebooted, since it would forever think that there was one currently in operation that must not be interfered with. Change-Id: I0d6d7375dc6de99b599222a449934e70fe13ebb9 /frameworks/base/services/java/com/android/server/BackupManagerService.java
21ab6a5bdb791c138f284442cdac9e73ca6c5c11	25-Sep-2009	Christopher Tate <ctate@android.com>	Disallow concurrent backups; consult transport requestBackupTime() * We now check for in-progress backups when asked to perform one, and don't bother firing off another one concurrently (nor do we adjust the scheduling; after all, someone asked to do a backup "now" and we're doing one, so we are in line with expectations). We also defer backup passes while a restore is in flight, and abort attempts to perform a restore during a backup pass. * When a backup attempt fails, we now ask the transport how far in the future we should put our retry. Previously we were simply not bothering to consult with the transport, so we would wind up retrying backup while network connectivity was known to be down, etc. Change-Id: Ic7758010b74e06e90c50d46b7b0dd01b17af7c90 /frameworks/base/services/java/com/android/server/BackupManagerService.java
4cc86e1ae80eb1938500fe5fa06bbdf8b4b7b50d	22-Sep-2009	Christopher Tate <ctate@android.com>	Clear the device's data from the transport when backup is disabled Turning off backup in the Settings UI constitutes an opt-out of the whole mechanism. For privacy reasons we instruct the backend to wipe all of the data belonging to this device when the user does this. If the attempt fails it is rescheduled in the future based on the transport's requestBackupTime() suggestion. If network connectivity changes prompt the transport to indicate a backup pass is appropriate "now," any pending init operation is processed before the backup schedule is resumed. The broadcasts used internally to the backup manager are now fully protected; third party apps can neither send nor receive them. (Also a minor logging change; don't log 'appropriate' EOF encountered during parsing of a backup data stream.) /frameworks/base/services/java/com/android/server/BackupManagerService.java
b03b3bbd6833f7c6fbd8100fa3958220554f66a3	22-Sep-2009	Christopher Tate <ctate@android.com>	If backup fails, reenqueue all of the affected packages for next time. /frameworks/base/services/java/com/android/server/BackupManagerService.java
313b29faafab789ab7253be84c84ac560e72db7c	22-Sep-2009	Dan Egnor <egnor@google.com>	Add parameter for the restore set (device id) data is being restored from to the restore_start event /frameworks/base/services/java/com/android/server/BackupManagerService.java
0144516e19b9fd5415a56f8b41191187e2344bb0	22-Sep-2009	Dan Egnor <egnor@google.com>	Make IBackupTransport.finishBackup() also return an int code, since it too can return TRANSPORT_NOT_INITIALIZED (in fact that's typically how it comes). For consistency, make other IBackupTransport methods return int instead of boolean, and handle accordingly. Make initializeDevice() its own method instead of a flag on performBackup(). This will be needed when un-checking the settings box anyway, and is conceptually unrelated to whatever happens to be the first post-initialization backup we perform. (Note that even if the init is sent separately from the backup operation, the server will remember that an init has been done and will not return NOT_INITIALIZED for the subsequent backup.) Fix LocalTransport accordingly (trivial changes). Handle failures more robustly in BackupManagerService -- most notably, doQueuedBackups() was ignoring the result code of processOneBackup(), so a NOT_INITIALIZED error would go past unseen (at least until the next backup pass). Keep track of error code returns more universally now. (This includes finishBackup(), of course.) /frameworks/base/services/java/com/android/server/BackupManagerService.java
d55e18acbe444b74dc9e71eff6ea2c3eaf25fbd0	21-Sep-2009	Christopher Tate <ctate@android.com>	Reset backup tracking in response to transport data-wipe notification When attempting a backup, the transport may inform us that the backend is in an uninitialized state. This typically means that the device's data has been wiped after a period [e.g. 90 days] of inactivity. This means that we need to re-store all data subject to backup, and all of our incremental state tracking on the device is now stale. In response, we wipe all of our recorded backup state and restart the backup pass on all participants. /frameworks/base/services/java/com/android/server/BackupManagerService.java
90967f4f0d5ba38ae7225788b111289516d1dda1	21-Sep-2009	Christopher Tate <ctate@android.com>	Fix up the first-backup-ever tracking This changes a couple of bits of the Backup Manager's logic around first-backup-ever handling. First, it uses the same "what we've ever backed up" handling as the rest of the system for purposes of instructing the backend to do a wipe when the metadata is initialized for the device, instead of looking at the presence of the @pm@ file. Secondly, for the time being we won't be using the saved state produced by agents' doRestore() logic. Until the server is migrating each restored package's data over to the new dataset, this was resulting in the client holding an agent state blob for which no data existed on the server under this device's identity but which the device thought was fully up to date. /frameworks/base/services/java/com/android/server/BackupManagerService.java
25a747f5c47f25c1a18961b03507f309b84924fe	20-Sep-2009	Christopher Tate <ctate@android.com>	Add an 'init everything' operation to the first backup pass IBackupTransport.performBackup() now takes a flag "wipeAllFirst", which if set will result in the entire restore set for the current device/account being wiped clean prior to the storage of the provided package. This ensures that a device on which backup has just been enabled will not confront potentially-stale information, nor will the restore set potentially contain mismatched data from orphaned packages. The Backup Manager has also been revised to pass this flag when first backing up its master metadata block (and never pass it thereafter unless something has caused the backup state tracking to be erased, e.g. the user has opted out of backup and then later re-enabled it). /frameworks/base/services/java/com/android/server/BackupManagerService.java
83861e74c3c89337b0cc43fb38daedfef19e6edf	18-Sep-2009	Dan Egnor <egnor@google.com>	Inefficient but correct fix for 2122381: call finishBackup after every performBackup /frameworks/base/services/java/com/android/server/BackupManagerService.java
b8eb1cb79b2912b91a1b0198ba3e61776af07a79	16-Sep-2009	Christopher Tate <ctate@android.com>	Be sure to include shared lib path info when dealing with agents In particular, this ensures that on the client side the full classpath is known and used by the class loader during execution of the agent. /frameworks/base/services/java/com/android/server/BackupManagerService.java
5e1ab335e6e8fbfa19c64d53880a22f472010953	02-Sep-2009	Christopher Tate <ctate@android.com>	Expand apps' control over the settings restore process Applications can now specify two more aspects of the restore process: whether they need to run with their own custom Application subclass rather than being launched in the usual restricted mode during restore, and whether it's okay for the backup manager to kill the app process once restore has completed. The new manifest attributes for these are, respectively, android:restoreNeedsApplication and android:killAfterRestore. If unspecified in the manifest, restoreNeedsApplication is false, and killAfterRestore is true. In order to support kill-after-restore cleanly, this change also adds a new system-process-only interface to the Activity Manager, which will schedule a "commit suicide" event on the target app's main thread looper. The framework backup agents have been given the appropriate new backup attributes as well. /frameworks/base/services/java/com/android/server/BackupManagerService.java
0749dcd19301fe4093f9cf8677c722d17bceabfb	14-Aug-2009	Christopher Tate <ctate@android.com>	Backup participants must now hold the BACKUP_DATA permission Packages that do not use android.permission.BACKUP_DATA will neither be backed up nor restored. That permission is currently signature-only. In the future if access to the backup/restore infrastructure is made available to arbitrary 3rd party applications, the permission checks (and indeed, the permission itself) can simply be removed. /frameworks/base/services/java/com/android/server/BackupManagerService.java
0e0b4ae5bc5c652c8339d71ed9667e1e37baaa03	11-Aug-2009	Christopher Tate <ctate@android.com>	Don't let bmgr leave a restore session hanging on error Specifically, don't wait for the RestoreObserver to be informed that the restore has completed unless performRestore() ran. We were winding up in a case where bmgr was hanging forever waiting on a nonexistent restore process instead of calling endRestoreSession(). Also improve the documentation, explicitly calling out the need to call endRestoreSession() even if previous operations on the session were unsuccessful. /frameworks/base/services/java/com/android/server/BackupManagerService.java
f2c321aeff64ac0b980c34b948755d52ddd52516	11-Aug-2009	Christopher Tate <ctate@android.com>	Print restore tokens in hex /frameworks/base/services/java/com/android/server/BackupManagerService.java
2e6bca690197978bb23cdcf31d948383bdb14c91	08-Aug-2009	Amith Yamasani <yamasani@google.com>	Temporarily rollback a change that's causing SetupWizard failures during restore. #2042337 Don't kill the process of the package that's being restored. This is causing a chain reaction of killing a provider needed by the setup process. /frameworks/base/services/java/com/android/server/BackupManagerService.java
9dfdac5b088d91b905f4f24822b76f4a0883f9d6	06-Aug-2009	Christopher Tate <ctate@android.com>	Clear app data via the Activity Manager, not Package Manager This is because doing it through the Activity Manager also makes sure that the app has been shut down first, which is quite a desirable invariant for restore handling. /frameworks/base/services/java/com/android/server/BackupManagerService.java
aa93b0418fe5a13d696841074bb6d8e690456cda	06-Aug-2009	Christopher Tate <ctate@android.com>	Correct the backup manager's identity around wakelock use /frameworks/base/services/java/com/android/server/BackupManagerService.java
dfec20b10bb5cc1125217168690779d11ed8ea5a	04-Aug-2009	Christopher Tate <ctate@android.com>	Bootstrap the ever-backed-up bookkeeping properly /frameworks/base/services/java/com/android/server/BackupManagerService.java
0084da561e9830c17068435cb398635145fca5c0	29-Jul-2009	Dan Egnor <egnor@google.com>	Allow zero-length lists in EventLog entries. (I'm verifying that the consumers of EventLog -- logcat, checkin -- are OK with this.) Improve the error handling in RestoreSession. /frameworks/base/services/java/com/android/server/BackupManagerService.java
bb9001c69a313b28d805fe1cfbb7e848eb6aa55f	27-Jul-2009	Dan Egnor <egnor@google.com>	clean up error recovery; log events tracking backup activity /frameworks/base/services/java/com/android/server/BackupManagerService.java
ab9a2a52c5fe9046216bffefca4a540814b4260b	27-Jul-2009	Joe Onorato <joeo@android.com>	Backup manager should default to not "provisioned" so backups don't start until the setup wizard is done. /frameworks/base/services/java/com/android/server/BackupManagerService.java
1531dc80e621b29636e24bae54cab2e0ad25f6ca	25-Jul-2009	Christopher Tate <ctate@android.com>	Don't leave restore data lying around after the operation /frameworks/base/services/java/com/android/server/BackupManagerService.java
5933a497227c6ecb99ae89bc35482ffc49bca2b3	24-Jul-2009	Joe Onorato <joeo@android.com>	Need to be able to call the backup manager from the system process. /frameworks/base/services/java/com/android/server/BackupManagerService.java
967330496438a7f28273b0220a444a30dbdc9fb9	20-Jul-2009	Christopher Tate <ctate@android.com>	Clean up when an attempted restore throws When a restore agent throws an exception back into the framework, assume that it may have left the app's data in an inconsistent state and clear the data for that app (again -- it was cleared just prior to the attempted restore, too). /frameworks/base/services/java/com/android/server/BackupManagerService.java
e97e807a468bf64ad614fca77d350b016f3ce4a9	16-Jul-2009	Christopher Tate <ctate@android.com>	The rest of ever-backed-up tracking When a package is uninstalled we now remove our notion of its having been backed up, thereby forcing a backup pass if it is reinstalled at some point in the future. Removal from the log means rewriting it and doing an atomic rename to the canonical version. The temporary existence used during the rewrite is not written synchronously; there's no need and it keeps the load on the flash part much lower. Because we might crash & reboot in the middle of the rewrite operation, there's now code during init that sanity-checks the contents of the ever-backed-up log and ensures that it's in a coherent state. /frameworks/base/services/java/com/android/server/BackupManagerService.java
73e025296fd8712c775fe75c5f5d6981155b0867	15-Jul-2009	Christopher Tate <ctate@android.com>	Ensure that everything gets backed up at least once We now schedule a backup pass for any new application we see (at boot or package-install time) for which we have never performed a backup. The bookkeeping is a log file with the names of all the packages we've successfully completed a backup pass on, maintained with synchronous journal-type behavior. Also, make a bunch of private fields package-scoped to permit cheaper access from the various worker / binder threads that run under the Backup Manager's aegis. /frameworks/base/services/java/com/android/server/BackupManagerService.java
de83ab9fce4d02ddfde785e193bc787497d45138	15-Jul-2009	Christopher Tate <ctate@android.com>	Grant adb the BACKUP permission This also means we should no longer do explicit calling-identity fiddling in dump(), relying instead on the usual permission enforcement mechanism to handle things. /frameworks/base/services/java/com/android/server/BackupManagerService.java
433830452dac5dc353f1db7a80023e889d522a82	14-Jul-2009	Christopher Tate <ctate@android.com>	Don't NPE if a restore session is requested for an invalid transport /frameworks/base/services/java/com/android/server/BackupManagerService.java
b407f22c9d960b48ed49ed2a1cee0042d9f2a92e	08-Jul-2009	Christopher Tate <ctate@google.com>	Don't invoke the transport if doBackup supplied no data If there's no data to be backed up, we no longer invoke the transport. We DO still require that the agent have emitted a valid new state file, however. This change also finally uncomments the code that removes the backup data file after it has been sent to the transport, so there will be no more packagename.data files lying around in the staging area. /frameworks/base/services/java/com/android/server/BackupManagerService.java
22b60d8fd055171d7abe6be60a24ea8ac1af25b0	08-Jul-2009	Christopher Tate <ctate@google.com>	Remove a lot of debug-log verbosity We now log in dataChanged() only when an app is added to the backup set (and not if it redundantly asks to be added after it's already there) and on error. /frameworks/base/services/java/com/android/server/BackupManagerService.java
a7de3845507b7bf57a2c7b26fb08f05b193697d6	07-Jul-2009	Christopher Tate <ctate@google.com>	Only write to the pending-backup journal when necessary We now only commit to the pending-backup journal on disk the first time that a given package is added to the backup set. This avoids a lot of write thrashing of the disk, particularly since Settings tends to call dataChanged() a great many times during boot, while the Settings UI is in use, etc. /frameworks/base/services/java/com/android/server/BackupManagerService.java
3d7cd13e772bde1c4a72fa4e740baa03cb042e6c	07-Jul-2009	Christopher Tate <ctate@google.com>	Fix the metadata-available test during restore /frameworks/base/services/java/com/android/server/BackupManagerService.java
8031a3df2fd0c38d85eeae39c1ea2c83e813f4ff	07-Jul-2009	Christopher Tate <ctate@google.com>	Make enable/provisioning of the backup service a two-step process This CL adds the concept of 'provisioned' to the backup manager. No backups will be scheduled until the user has indicated that backups are to be enabled and has clicked all the way through the setup wizard. When the user first turns on the backup system, the delay before the initial backup pass is different from the periodic backup interval. Currently that initial delay is 12 hours. The intent here is to guess at a less-active time for performing that first backup pass. NOTE: currently the backup service defaults to 'provisioned'. Once the real code goes live in Setup Wizard, this will be changed to default to not-provisioned until the user has confirmed all the relevant UI. /frameworks/base/services/java/com/android/server/BackupManagerService.java
34ebd0e1bbd54def9fea020f4a9083382160fd3d	07-Jul-2009	Christopher Tate <ctate@google.com>	Fix up permissions for 'dumpsys backup' /frameworks/base/services/java/com/android/server/BackupManagerService.java
b6787f2ee535338bb96df0ab8ad70a9f82760a25	03-Jul-2009	Christopher Tate <ctate@google.com>	Hold a wakelock during backup/restore/clear operations We need to make sure we stay alive for the duration of a backup or (especially) restore operation. The existing Handler-based timing system was simply not properly functional, so it's been retooled to use a repeating alarm delivering a broastcast PendingIntent to our registered receiver. We acquire a partial wake lock in the broadcast receiver [i.e. while the Alarm Manager is holding one for the duration of broadcast delivery] and pass the wakelock object to the backup thread, which eventually releases it when it's finsihed operations. A similar pattern is used for the threads handling restore and clear. /frameworks/base/services/java/com/android/server/BackupManagerService.java
8c0324752a7f47afd9e84f0a3088954b5d05a94b	02-Jul-2009	Christopher Tate <ctate@google.com>	If we can't get the restore set's metadata, don't continue Without the metadata we can't verify the version number or the signatures of the apps whose data we'd be trying to restore against the apps present on device. This is not acceptable; we need to refuse to give data to an unauthenticated app. /frameworks/base/services/java/com/android/server/BackupManagerService.java
4e3e50cfa7cf02270ed0dd454d5c51bf7065bd14	02-Jul-2009	Christopher Tate <ctate@google.com>	Clean up the last two literal permission string usages /frameworks/base/services/java/com/android/server/BackupManagerService.java
ee0e78af5af3bf23dd928fe5e0ebeb39157eaf66	02-Jul-2009	Christopher Tate <ctate@google.com>	Add a "clear backed-up data" method to the backup mechanism It's now possible to ask that the backup manager wipe the saved data for a given application from the backing store. LocalTransport implements this now but the Google backend does not yet. When the data is wiped, the on-device backup state is also wiped to ensure that the next backup pushes all necessary data. Bmgr has not yet been modified to actually call into this method, but it will be soon. /frameworks/base/services/java/com/android/server/BackupManagerService.java
cf098294da7a820d5c30d8ed2006ed5446ee1da9	02-Jul-2009	Dianne Hackborn <hackbod@google.com>	Move backup state to settings, change permission checks to use symbol. This changes the backup service to use the settings provider instead of system properties, correspondingly making it off by default and allowing specific devices to define the transport. Also tweaks the permission checks to use the permission symbol instead of raw strings. This requires some corresponding changes in the vendor projects. /frameworks/base/services/java/com/android/server/BackupManagerService.java
9a5e3e115fc69181e143bdb9ec455e0f94fbc11f	02-Jul-2009	Joe Onorato <joeo@android.com>	Less logging in some places. More in others. /frameworks/base/services/java/com/android/server/BackupManagerService.java
49401ddb9ac11ad5caead4e4cefcaa81d2418ed2	01-Jul-2009	Christopher Tate <ctate@google.com>	Revamp backup scheduling policy We now schedule a periodic check of pending backups; if any apps have requested a backup since the last check, we perform all of the pending backups. The periodic backup scheduling matches the enable/disable state of the backup manager; while backups are disabled entirely there are no periodic wakeups. The period is set here to one hour. If an external caller (transport, the 'bmgr' command line tool, etc) requests an immediate backup pass, that is performed and then the periodic backup check is rescheduled using that pass as the starting point of a new interval. /frameworks/base/services/java/com/android/server/BackupManagerService.java
ce0bf069fe8c5c93f91cb70b0cd9365245d144c1	01-Jul-2009	Christopher Tate <ctate@google.com>	Use secure settings for backup enable / transport selection /frameworks/base/services/java/com/android/server/BackupManagerService.java
7958834e0e8adb42ca5183541c4bbcd8aaa7d3aa	01-Jul-2009	Christopher Tate <ctate@google.com>	Run backups at background priority /frameworks/base/services/java/com/android/server/BackupManagerService.java
6ef58a1509b9d3348a33ca5686917796c2759aa5	29-Jun-2009	Christopher Tate <ctate@google.com>	Implement persistent enable/disable of the backup manager Backup & restore is still enabled by default, but with the expectation that it will be enabled during the course of the Setup Wizard or some other privileged entity that has notified the user about the ramifications. While disabled, data-changed notices will still be collected, but no backup pass will be scheduled. When the backup manager is later enabled, any pending data-changed notices will then be processed and the apps invoked for backup. /frameworks/base/services/java/com/android/server/BackupManagerService.java
9171749700853305f3e6abbcdbd9e02f3a71d459	27-Jun-2009	Christopher Tate <ctate@google.com>	Use system properties to track the current transport This change retools the transport selection mechanism a fair bit. Transports are now specified by name rather than by numeric ID, and the name of the currently selected transport is stored in a persistent system property under the name "persist.service.bkup.trans". The name -> IBackupTransport translation is now handled by maintaining a map from the names to the live IBackupTransport objects that correspond. The Google transport service observer now registers and unregisters the transport as the service goes up and down. The bmgr command has been expanded to include real transport interrogation and selection by name, and some documentation has been written for it. /frameworks/base/services/java/com/android/server/BackupManagerService.java
f7c886b4fe27cd9ab4a9991958ff931054556a24	27-Jun-2009	Christopher Tate <ctate@google.com>	Respect android:allowClearUserData=false during restore Ordinarily we wipe the data of apps we are restoring. This is problematic for packages that expect that their data can never be wiped back to nothing, especially system packages, so we now respect the android:allowClearUserData manifest attribute. /frameworks/base/services/java/com/android/server/BackupManagerService.java
466ef345d17104076e03674cc49c368e6bd46df2	26-Jun-2009	Christopher Tate <ctate@google.com>	Trim some superfluous imports. /frameworks/base/services/java/com/android/server/BackupManagerService.java
156411df4627336b246db78cddca8248ed615b67	26-Jun-2009	Dan Egnor <egnor@google.com>	Use a long for restore token /frameworks/base/services/java/com/android/server/BackupManagerService.java
7d562ec393d54dd9ef387c49d1283243bfdbd2b1	26-Jun-2009	Christopher Tate <ctate@google.com>	Add a new IRestoreObserver callback class to the restore process The observer is told when restore begins how many packages are being restored. It then gets an onUpdate() call telling it that the Nth package is now undergoing restore. Ultimately, its restoreFinished() callback is invoked, passing a simple success/fail error code, to let it know that the restore operation has concluded. /frameworks/base/services/java/com/android/server/BackupManagerService.java
5cb400bd72726c22f641f334951b35ce2ddcfeef	26-Jun-2009	Christopher Tate <ctate@google.com>	Keep track of backup state independently for each transport Backup transports now provide the Backup Manager with a suggested name with which it can disambiguate any transport-specific bookkeeping that it needs to maintain. The Manager keeps separate application backup 'state blobs' for each transport now, preventing things from getting out of step if the device is switched among multiple transports. Also, the metadata backup agent is always invoked now on each backup pass. This is cheap when there is nothing to do, but also strongly ensures that we never wind up in a situation where a given transport destination has not been given all of the metadata necessary for the backup set. /frameworks/base/services/java/com/android/server/BackupManagerService.java
6f21128d1fc949828b1a4c2a0023f07bfd280e2e	25-Jun-2009	Dan Egnor <egnor@google.com>	Switch the default transport to GOOGLE. /frameworks/base/services/java/com/android/server/BackupManagerService.java
111bd4acdb378266221b430a284f88a3990a3958	25-Jun-2009	Christopher Tate <ctate@google.com>	Start backing up wallpaper This CL does the following: + adds an AbsoluteFileBackupHelper class for managing backup of files known by absolute path, not based off of the app's getFilesDir() root + bumps up the collection interval from its testing-only default of 1 second to 3 minutes + adds a SystemBackupAgent class to the main system package and names it as the android:backupAgent for the main OS package. Right now this agent only backs up & restores the wallpaper file. + amend the Wallpaper Service to inform the Backup Manager when the wallpaper changes. On the subject of the 3-minute collection interval before the backup actually occurs: this can be short-circuited from an adb shell. Running the command 'bmgr run' will cause the Backup Manager to kick off any pending backup operations immediately. /frameworks/base/services/java/com/android/server/BackupManagerService.java
efe52647f6b41993be43a5f47d1178bb0468cec8	24-Jun-2009	Dan Egnor <egnor@google.com>	Modify the IBackupTransport API to support bulk restore operations. Change the BackupManagerService and LocalTransport to support the new API. /frameworks/base/services/java/com/android/server/BackupManagerService.java
5cbbf5652a78902ac3382dc4a3583bc5b0351027	23-Jun-2009	Christopher Tate <ctate@google.com>	Pass the originating app's versionCode along with a restore set This change amends the doRestore() / onRestore() interface to backup agents to provide the integer android:versionCode of the app that stored the backup set. This should help agents figure out how to handle whatever historical data set they're handed at restore time. /frameworks/base/services/java/com/android/server/BackupManagerService.java
3a31a93b8a195ae2d0180e6dfbf292da2e581f50	23-Jun-2009	Christopher Tate <ctate@google.com>	Add some global metadata to the restore set In addition to the signatures of each participating application, we now also store the versionCode of each backed-up package, plus the OS version running on the device that contributed the backup set. We also refuse to process a backup from a later OS revision to an earlier one, or from a later app version to an earlier. LocalTransport has been modified as well to be more resilient to changes in the system's use of metadata pseudopackages. /frameworks/base/services/java/com/android/server/BackupManagerService.java
06290a4bb9b280fa14a2bbeb2d3ceb09396a78c3	19-Jun-2009	Joe Onorato <joeo@android.com>	Helper API cleanup. Allows multiple helpers to function, because they'll always go in the same order, and this lets us not have to write headers to keep them paired. /frameworks/base/services/java/com/android/server/BackupManagerService.java
6aa41f4c575479672661f7eb4c704ef59d26a629	19-Jun-2009	Christopher Tate <ctate@google.com>	Add app version to the backup metadata We now record the version number of the app (drawn from its manifest versionCode attribute) along with its signatures. At restore time, we compare the version associated with the restore set with the version present on the device. If the restore set is from a newer version of the app than is present on device, we do not perform the restore operation. Also fix the pending-backup iteration in 'dumpsys backup'. /frameworks/base/services/java/com/android/server/BackupManagerService.java
20efdf6b56e54b0520d8629cd706045dc8d280d3	19-Jun-2009	Christopher Tate <ctate@google.com>	Make signature checks on restore work with unsigned apps /frameworks/base/services/java/com/android/server/BackupManagerService.java
5d605dc56b036232e885f6ec36b888b729673060	19-Jun-2009	Joe Onorato <joeo@android.com>	backup stuff /frameworks/base/services/java/com/android/server/BackupManagerService.java
abce4e8714bed26a2b37b20ad3f02cf619d71c9a	19-Jun-2009	Christopher Tate <ctate@google.com>	Use signatures on restore On restore now, the backup manager gets the signature blocks corresponding to the restore set from the transport. It then validates those signatures against the on-device app signatures, and refuses to restore data to an app whose on-device sig block does not match the backup image's. Also actually implement 'bmgr transport N' so that we can select the local transport easily during runtime. /frameworks/base/services/java/com/android/server/BackupManagerService.java
6785dd842075889e5230d93ed9c0ab9c204ab432	19-Jun-2009	Christopher Tate <ctate@google.com>	Store the app signatures as part of the backup set Under a pseudo-app for the Package Manager, we store the app signatures for all participating applications installed on the device. At restore time we will restore this first, then ensure that the current on-device signature chain is compatible with the one in the backup set. If there's a mismatch, this may be a spoof attempt and we will refuse to restore that app's data. The restore side of this is not implemented, but the Package Manager agent is here as well as the backup side theoretically pushing the data now. /frameworks/base/services/java/com/android/server/BackupManagerService.java
87a02bcf68dd4cc1f6d9fdcee3d1ebc9b04cf1f8	17-Jun-2009	Dan Egnor <egnor@google.com>	Replace the stub GoogleTransport with callout to the GoogleTransportService (which lives in vendor/google). Use the Google transport by default. Also, fix a bug: Thread.run() != Thread.start() /frameworks/base/services/java/com/android/server/BackupManagerService.java
aa088447baadd2e0bbcfd18cc529645610c13ddc	17-Jun-2009	Christopher Tate <ctate@google.com>	Hold the current transport instantiated all the time. We no longer instantiate the transport just for the duration of handling a backup or restore operation. Instead, we hold the object forever (replacing it if instructed to do so). This makes it easier for transports to watch system state and help set backup timing policy. Also fixes up the IBackupTransport documentation a bit. /frameworks/base/services/java/com/android/server/BackupManagerService.java
63d2700036d0f73cbde27f0fa724d30045b4bb07	17-Jun-2009	Christopher Tate <ctate@google.com>	Allow privileged callers to schedule a backup pass for any app. /frameworks/base/services/java/com/android/server/BackupManagerService.java
f68eb500f99361541049e09eb7f9ddd6f4ef4efa	16-Jun-2009	Christopher Tate <ctate@google.com>	More bmgr work; fix clear-data signalling The 'list sets' and 'restore token#' commands from bmgr now do what they are supposed to. At this point we see the restore target's data being cleared properly and its agent being launched and invoked for restore. /frameworks/base/services/java/com/android/server/BackupManagerService.java
ace7f094bf07bbd90cb998b9462e4f2d101a498c	16-Jun-2009	Christopher Tate <ctate@google.com>	Sketch out a 'bmgr' command line tool Not finished, but eventually will allow adb shell access to the Backup Manager for testing purposes etc. /frameworks/base/services/java/com/android/server/BackupManagerService.java
cde87f45e0fa052d070b88ae33fb03c89870536a	12-Jun-2009	Christopher Tate <ctate@google.com>	Journal backup requests so that they won't be lost in a crash When an application requests a backup via dataChanged(), we now journal that fact on disk. The journal persists and is only removed following a successful backup pass. When the backup manager is started at boot time, it looks for any existing journal files and schedules a backup for the apps listed in them, on the expectation that the device shut down or crashed before a backup could be performed. /frameworks/base/services/java/com/android/server/BackupManagerService.java
9bbc21a773cbdfbef2876a75c32bda5839647751	11-Jun-2009	Christopher Tate <ctate@google.com>	Flesh out restore interface on manager; work up most of LocalTransport /frameworks/base/services/java/com/android/server/BackupManagerService.java
c7b31e3c3cd71129557d4bf9e3fbcebb9235aba5	11-Jun-2009	Christopher Tate <ctate@google.com>	The rest of the basic flow for restore Also moved the processOneBackup() implementation into the Thread class that runs the backup sequence. /frameworks/base/services/java/com/android/server/BackupManagerService.java
df01deaacff82b918b4f0ba774d5ad3087543629	10-Jun-2009	Christopher Tate <ctate@google.com>	More restore plumbing, plus add suggested-backoff to transport API Adds most of the code for a background-thread restore process, structured much like the backup thread. Broke some common functionality out into a helper function for doing a synchronous wait for a requested agent to attach. Added a method to IBackupTransport whereby the transport will be asked for an opinion on whether this is a good time for a backup to happen. It will reply with the results of its policymaking around backoff intervals, time-of-day selection, etc. /frameworks/base/services/java/com/android/server/BackupManagerService.java
9b3905c4a25f2d785ce7535d1f2e1540b46bb561	09-Jun-2009	Christopher Tate <ctate@google.com>	Revamp IRestoreSession a bit We now supply an array of RestoreSet objects instead of wacky Bundle shenanigans. Also, pushed beginRestoreSession() out to the BackupManager concrete interface class so that SetupWizard can use it. (beginRestoreSession() is @hide, non-privileged apps cannot use it. It's also guarded by android.permission.BACKUP enforcement.) /frameworks/base/services/java/com/android/server/BackupManagerService.java
8c850b792f2d371fd8a4aff146d9d757ee982539	08-Jun-2009	Christopher Tate <ctate@google.com>	Add IRestoreSession interface for the restore flow Restore is a fairly complicated, somewhat stateful process, so we introduce a new interface to encapsulate the various bits and pieces into a nicely separable component. In particular, this will make it much cleaner to open and interrogate an expensive-to-construct transport and then reuse it for the actual restore process itself. /frameworks/base/services/java/com/android/server/BackupManagerService.java
7b88128e08ba45b071cd714dad9681ce66920d32	07-Jun-2009	Christopher Tate <ctate@google.com>	Adjust IBackupTransport interface Instead of just passing a package name to performBackup, pass the whole PackageInfo struct, explicitly including the list of signatures for the package. No need to make each transport look this up individually when it's a necessary part of the backup payload for each app. /frameworks/base/services/java/com/android/server/BackupManagerService.java
cd4ff2e72d42d66ea2d6a27f1c87cfffd16b1791	05-Jun-2009	Christopher Tate <ctate@google.com>	Fix tracking of backup participants across package remove/update /frameworks/base/services/java/com/android/server/BackupManagerService.java
1885b37913181230c36d6485bdd389f89fa90f43	05-Jun-2009	Christopher Tate <ctate@google.com>	Fix backup agent unbind The handwritten binder transaction passing wasn't propagating the agent-destroy transaction to the client side. Oops. Also, remove obsolete run-one-agent code from the backup manager service. /frameworks/base/services/java/com/android/server/BackupManagerService.java
043dadc7516d20c3b3ccbcb20c53aaeef076a237	03-Jun-2009	Christopher Tate <ctate@google.com>	More backup work * Put in some permission enforcement around agent connection notification and full-backup scheduling. * Full backup now applies to any package, not just backup participants who have declared their own android:backupAgent * The process of running the backup operation on the set of apps who have been queued for it is now done in a separate thread, with a notification mechanism from the main Backup Manager service to pass along new-agent binding knowledge. There's no longer one do-backup message on the primary Handler per target application. * The new backup thread sets up the desired transport now and passes along the newly backed-up data to it for each backup target. Two transports have been defined so far, GoogleTransport and AdbTransport; both are stubs at present. Note that at present the backup data output file seems to be properly created, but after doBackup() is called on the test app's agent it's still zero size. /frameworks/base/services/java/com/android/server/BackupManagerService.java
181fafaf48208978b8ba2022683ffa78aaeddde1	14-May-2009	Christopher Tate <ctate@google.com>	Retool the backup process to use a new 'BackupAgent' class Backups will be handled by launching the application in a special mode under which no activities or services will be started, only the BackupAgent subclass named in the app's android:backupAgent manifest property. This takes the place of the BackupService class used earlier during development. In the cases of full backup or restore, an application that does not supply its own BackupAgent will be launched in a restricted manner; in particular, it will be using the default Application class rather than any manifest-declared one. This ensures that the app is not running any code that may try to manipulate its data while the backup system reads/writes its data set. /frameworks/base/services/java/com/android/server/BackupManagerService.java
d2110dbce071a236b6176de344ca797b737542eb	19-May-2009	Joe Onorato <joeo@android.com>	Hook up the backup data writer, and add a utility to read the backup data files. /frameworks/base/services/java/com/android/server/BackupManagerService.java
290bb011c5c1a9ba1f2116810b06cf52a9c36b3e	14-May-2009	Joe Onorato <joeo@android.com>	Get the backup calling through to the file backup helper. This includes some cleanup to make the parameters match between BackupService.onBackup and FileBackupHelper.performBackup. /frameworks/base/services/java/com/android/server/BackupManagerService.java
8ad028117d4b99883bbc52b29f097b2fb1d9b0c2	13-May-2009	Joe Onorato <joeo@android.com>	With this, the BackupService onBackup method is called. It took a bunch of refactoring inside BackupManagerService, which is unfortunately all temporary anyway, but it unblocks a bunch of stuff. /frameworks/base/services/java/com/android/server/BackupManagerService.java
b1a7ffef3a0007b6991b8338460f6aac8cbb11e8	07-May-2009	Joe Onorato <joeo@android.com>	More backup tests /frameworks/base/services/java/com/android/server/BackupManagerService.java
3799bc241b5cfc876cf082fbf39acc67c90a25b7	07-May-2009	Christopher Tate <ctate@google.com>	Track install/removal/update of packages that provide backup services /frameworks/base/services/java/com/android/server/BackupManagerService.java
b1d790b63e2115be558d451efbc914d1f8dfa846	06-May-2009	Christopher Tate <ctate@google.com>	Pass null as savedState to indicate a full backup is required /frameworks/base/services/java/com/android/server/BackupManagerService.java
46758123868d91e7b186aebb27c4c4988dede43e	06-May-2009	Christopher Tate <ctate@google.com>	Add a Backup Manager interface to request a full backup Given a package name, the Backup Manager schedules a full (i.e. non- incremental) backup pass for that package. Also added the state-file handling for distinguishing to the target between the full and incremental backup requests. /frameworks/base/services/java/com/android/server/BackupManagerService.java
f417247fa68524f2f34960f7389168eed7eb4a88	06-May-2009	Christopher Tate <ctate@google.com>	Further development of backup file handling Put backup data in flight into /cache Close the files and delete the intermediates after backup pass /frameworks/base/services/java/com/android/server/BackupManagerService.java
22b8787ed4be8d4b7ed5d54802f9913fedb41425	05-May-2009	Christopher Tate <ctate@google.com>	Squashed commit of the following: Author: Christopher Tate <ctate@google.com> Date: Mon May 4 16:38:11 2009 -0700 IBackupService now passes ParcelFileDescriptors rather than int fds The outlines of backup state file / data file handling are now in place as well in the BackupManagerService. Author: Christopher Tate <ctate@google.com> Date: Thu Apr 30 12:40:19 2009 -0700 Hide the backup stuff for now Also adjust based on comments: + changed service intent string to conform to usage guidelines + only publish the IBackupService binder when invoked with the right intent action + docs tweaks /frameworks/base/services/java/com/android/server/BackupManagerService.java
a8bf815c6153290b173f34b071dddb0a0034a115	30-Apr-2009	Christopher Tate <ctate@google.com>	Add android.backup.BackupManager Also tweak the dataChanged() api to have the client supply a package name. We don't necessarily TRUST this, but we use it to narrow the set of packages requesting a backup pass, no longer blithely scheduling a pass for all packages associated with the caller's uid. /frameworks/base/services/java/com/android/server/BackupManagerService.java
487529a70cd1479ae8d6bbfb356be7e72542c185	29-Apr-2009	Christopher Tate <ctate@google.com>	First baby steps towards settings backup This change adds a sketched outline of the backup system architecture, with all of the major pieces represented other than client-side helpers for specific types of data. IBackupManager and BackupService are public so that we can write test apps against SDK-domain symbols from the outset. What code exists in this change hasn't been tested and may crash. It's the beginnings of the real implementation but of course is barely begun. /frameworks/base/services/java/com/android/server/BackupManagerService.java