Cross Reference: /frameworks/base/cmds/bmgr/src/com/android/commands/bmgr/Bmgr.java

History log of /frameworks/base/cmds/bmgr/src/com/android/commands/bmgr/Bmgr.java
Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
ab225b301b8b13a141053a33d5dd5eeccfc69887	25-Jun-2014	Christopher Tate <ctate@google.com>	Add 'fullbackup' to bmgr's usage statement Also make it handle the list of packages to be backed up as a single multiple-app argument to fullTransportBackup() rather than N calls each backing up one app. Change-Id: I9fe4d5caca54fafef70ffe9af4c26e3941dc5d26 /frameworks/base/cmds/bmgr/src/com/android/commands/bmgr/Bmgr.java
9ff53a7100b1a40f5d2df3eb19a2f3f2fff39a46	04-Jun-2014	Christopher Tate <ctate@google.com>	Implement full data backup through transport Currently no timed/scheduled full-data backup operations are performed by the OS, but the plumbing is now in place and can be tested using 'adb shell bmgr fullbackup pkg [pkg2 pkg3 ...]'. The LocalTransport test transport implementation has been augmented to support the new full-data backup API as well. In addition, 'adb backup' now takes the -compress/-nocompress command line options to control whether the resulting archive is compressed before leaving the device. Previously the archive was always compressed. (The default is still to compress, as it will usually reduce the archive size considerably.) Internally, the core implementation of gathering the full backup data stream from the target application has been refactored into an "engine" component that is shared by both 'adb backup' and the transport-oriented full backup task. The archive file header generation, encryption, and compression logic are now factored out of the engine itself instead of being hardwired into the data handling. Bug 15329632 Change-Id: I4a044faa4070d684ef457bd3e11771198cdf557c /frameworks/base/cmds/bmgr/src/com/android/commands/bmgr/Bmgr.java
b0183f0ae311966cff0e10e8139c56f97288d1f2	18-Nov-2013	Christopher Tate <ctate@google.com>	Harden against transiently unavailable backup transports The init & clear operations are particularly important to ensure delivery when at all possible, so we retry those periodically if the transport is unavailable when we first attempt them. Now with 100% less build break. Bug 11716868 Change-Id: I2af4e93788068cfac97c0a48d3568c561eefa23d /frameworks/base/cmds/bmgr/src/com/android/commands/bmgr/Bmgr.java
d5965cb506bde84612109bf26c3fcc6712ca91e5	19-Nov-2013	Sascha Prueter <saschap@google.com>	Trying to unbreak build... Revert "Harden against transiently unavailable backup transports" This reverts commit 8f98252afea3fd0e68693635ec21b6004a52fa69. Change-Id: I3aabb80f1a5932d530bce6b82d4b30c6cd1cdd5a /frameworks/base/cmds/bmgr/src/com/android/commands/bmgr/Bmgr.java
8f98252afea3fd0e68693635ec21b6004a52fa69	18-Nov-2013	Christopher Tate <ctate@google.com>	Harden against transiently unavailable backup transports The init & clear operations are particularly important to ensure delivery when at all possible, so we retry those periodically if the transport is unavailable when we first attempt them. Bug 11716868 Change-Id: I4860fe3d4e99618b2cd194c83162bd7cbd5a83a9 /frameworks/base/cmds/bmgr/src/com/android/commands/bmgr/Bmgr.java
284f1bb4daf77f7e6b688c0936dd4a31ec2e7c74	07-Jul-2011	Christopher Tate <ctate@google.com>	Can now restore a subset of apps from historical dataset Adds the ability to filter a restore of an historical dataset so that it only restores certain apps' data regardless of what is actually present in the dataset. This is currently only used by the bmgr command-line tool, for debugging / developer support. Bug 2021590 Change-Id: I7685e5d609b0f5506f71d70c26410602bb387659 /frameworks/base/cmds/bmgr/src/com/android/commands/bmgr/Bmgr.java
4a627c71ff53a4fca1f961f4b1dcc0461df18a06	01-Apr-2011	Christopher Tate <ctate@google.com>	Full local backup infrastructure This is the basic infrastructure for pulling a full() backup of the device's data over an adb() connection to the local device. The basic process consists of these interacting pieces: 1. The framework's BackupManagerService, which coordinates the collection of app data and routing to the destination. 2. A new framework-provided BackupAgent implementation called FullBackupAgent, which is instantiated in the target applications' processes in turn, and knows how to emit a datastream that contains all of the app's saved data files. 3. A new shell-level program called "bu" that is used to bridge from adb to the framework's Backup Manager. 4. adb itself, which now knows how to use 'bu' to kick off a backup operation and pull the resulting data stream to the desktop host. 5. A system-provided application that verifies with the user that an attempted backup/restore operation is in fact expected and to be allowed. The full agent implementation is not used during normal operation of the delta-based app-customized remote backup process. Instead it's used during user-confirmed full* backup of applications and all their data to a local destination, e.g. via the adb connection. The output format is 'tar'. This makes it very easy for the end user to examine the resulting dataset, e.g. for purpose of extracting files for debug purposes; as well as making it easy to contemplate adding things like a direct gzip stage to the data pipeline during backup/restore. It also makes it convenient to construct and maintain synthetic backup datasets for testing purposes. Within the tar format, certain artificial conventions are used. All files are stored within top-level directories according to their semantic origin: apps/pkgname/a/ : Application .apk file itself apps/pkgname/obb/: The application's associated .obb containers apps/pkgname/f/ : The subtree rooted at the getFilesDir() location apps/pkgname/db/ : The subtree rooted at the getDatabasePath() parent apps/pkgname/sp/ : The subtree rooted at the getSharedPrefsFile() parent apps/pkgname/r/ : Files stored relative to the root of the app's file tree apps/pkgname/c/ : Reserved for the app's getCacheDir() tree; not stored. For each package, the first entry in the tar stream is a file called "_manifest", nominally rooted at apps/pkgname. This file contains some metadata about the package whose data is stored in the archive. The contents of shared storage can optionally be included in the tar stream. It is placed in the synthetic location: shared/... uid/gid are ignored; app uids are assigned at install time, and the app's data is handled from within its own execution environment, so will automatically have the app's correct uid. Forward-locked .apk files are never backed up. System-partition .apk files are not backed up unless they have been overridden by a post-factory upgrade, in which case the current .apk is backed up -- i.e. the .apk that matches the on-disk data. The manifest preceding each application's portion of the tar stream provides version numbers and signature blocks for version checking, as well as an indication of whether the restore logic should expect to install the .apk before extracting the data. System packages can designate their own full backup agents. This is to manage things like the settings provider which (a) cannot be shut down on the fly in order to do a clean snapshot of their file trees, and (b) manage data that is not only irrelevant but actively hostile to non-identical devices -- CDMA telephony settings would seriously mess up a GSM device if emplaced there blind, for example. When a full backup or restore is initiated from adb, the system will present a confirmation UI that the user must explicitly respond to within a short [~ 30 seconds] timeout. This is to avoid the possibility of malicious desktop-side software secretly grabbing a copy of all the user's data for nefarious purposes. () The backup is not strictly a full mirror. In particular, the settings database is not cloned; it is handled the same way that it is in cloud backup/restore. This is because some settings are actively destructive if cloned onto a different (or especially a different-model) device: telephony settings and AndroidID are good examples of this. () On the framework side it doesn't care that it's adb; it just sends the tar stream to a file descriptor. This can easily be retargeted around whatever transport we might decide to use in the future. KNOWN ISSUES: the security UI is desperately ugly; no proper designs have yet been done for it * restore is not yet implemented * shared storage backup is not yet implemented * symlinks aren't yet handled, though some infrastructure for dealing with them has been put in place. Change-Id: Ia8347611e23b398af36ea22c36dff0a276b1ce91 /frameworks/base/cmds/bmgr/src/com/android/commands/bmgr/Bmgr.java
44ab8453e1c4c46790f792a46d026fa1017d8cfe	17-Nov-2010	Chris Tate <ctate@google.com>	Permission fix: don't require BACKUP perm for self-restores The public API is not supposed to require the BACKUP permission in order for an application to restore its own last-known-good backup data. However, as currently implemented, BackupManager.requestRestore() [the public API in question] depends on private Backup Manager methods that do enforce that permission. The net result is that the method cannot be successfully used by third party applications: it will throw an exception if attempted. This CL restructures the permission checking involved. First, the underlying beginRestoreSession() operation can now be passed a 'null' transport name; if this is done, then the restore session is begun on whatever the currently-active transport is. Looking up the name of the active transport is one of the permission-guarded actions that was required with the initial implementation. Second, a package name can now be passed to beginRestoreSession(). If this is done, then the restore session can only be used to perform a single-package restore of that one application. The BACKUP permission is not required if the caller is tying the restore to its own package name. In combination, these changes permit BackupManager.requestRestore() to function without the calling app needing to hold any special permission. The no-permission case is intentionally quite narrow: the caller must hold the permission unless they both (a) pass 'null' for the transport name, thereby accepting whatever the currently active transport is, and (b) pass their own package name to restrict the restore session only to their own app. External bug http://code.google.com/p/android/issues/detail?id=10094 Internal bug 3197202 Change-Id: Ibc9d652323f2da03727d850f991b4096af6520d2 /frameworks/base/cmds/bmgr/src/com/android/commands/bmgr/Bmgr.java
7a0fc8776782a18374ec6e3b4418027c3c685b1a	01-Nov-2010	Chris Tate <ctate@google.com>	Don't crash bmgr if there are no available restore sets Properly guard against a null set of available restore sets when validating the token passed to 'bmgr restore TOKEN' against what's known to exist on the backend. Fixes bug 3153986 Change-Id: I74bdd4c6242f682833c1633baa4fefccb2b165a7 /frameworks/base/cmds/bmgr/src/com/android/commands/bmgr/Bmgr.java
04686f428995fde3f6f5f5f12ccdd135f885ac84	01-Oct-2010	Fabrice Di Meglio <fdimeglio@google.com>	Fix bug #3055578 ("adb shell bmgr list sets" generates NPE and cannot be run again when device has no account setup) - fix NPE - code cleaning Change-Id: Ieb30b666d995de8cbd27ee6d17e2178e7ea670f6 /frameworks/base/cmds/bmgr/src/com/android/commands/bmgr/Bmgr.java
7e76ff1c409bc22e89ed09ef90161164dae40838	09-Jun-2010	Christopher Tate <ctate@google.com>	Fail gracefully if the user fails to supply necessary args to bmgr Fixes bug #2755355 Change-Id: I4690756bb5077a6b4bbbfb232cd852cad43cef77 /frameworks/base/cmds/bmgr/src/com/android/commands/bmgr/Bmgr.java
1398e27bb0f5768cbbd5b9d9fd7c8675da63ccb0	06-Apr-2010	Christopher Tate <ctate@google.com>	Fix 'bmgr restore' Zero means success. Fixes bug #2573785 Change-Id: I11bd4d85aa2b3a061aa37e085790ee8cd52d50a2 /frameworks/base/cmds/bmgr/src/com/android/commands/bmgr/Bmgr.java
2d449afe3d075020bdd1115bcc15c9383cbce122	30-Mar-2010	Christopher Tate <ctate@google.com>	Make RestoreSession.getAvailableRestoreSets() asynchronous This transaction can involve the transport having to query a remote backend over the wire, so it can take a Long Time(tm). Make it main-thread-safe by making it asynchronous, with the results passed as a callback to the invoker's RestoreObserver. We also make the IRestoreObserver callback interface properly oneway. Bug #2550665 Bug #2549422 Change-Id: If18a233a0a3d54c7b55101715c9e6195b762c5a0 /frameworks/base/cmds/bmgr/src/com/android/commands/bmgr/Bmgr.java
9c3cee9824026764275e4d84ba9b5d9fdc5da690	26-Mar-2010	Christopher Tate <ctate@google.com>	API CHANGE: Backup/restore API changes requested by the API Council * @hide the android.app.backup.RestoreSession class and functionality * Provide a public method on android.app.backup.BackupManager that apps can use to request a restore pass of their last-known-good dataset. The new method is called requestRestore(). * Provide the name of the package being restored, not just its ordinal, in the RestoreObserver's onUpdate() callback. Part of bug #2545514 Change-Id: I9689bf8d6e2b808b4ee412424a36a835be0a5ca8 /frameworks/base/cmds/bmgr/src/com/android/commands/bmgr/Bmgr.java
4528186e0d65fc68ef0dd1941aa2ac8aefcd55a3	06-Mar-2010	Christopher Tate <ctate@google.com>	Refactor android.backup => android.app.backup Change-Id: I0b21316ff890d7f3c7d4b82837bb60670724c2e8 /frameworks/base/cmds/bmgr/src/com/android/commands/bmgr/Bmgr.java
485c3a16cef38136a821e79a5fe37df4e1779d28	04-Mar-2010	Christian Sonntag <cxs@google.com>	fix hex parsing of bmgr /frameworks/base/cmds/bmgr/src/com/android/commands/bmgr/Bmgr.java
7d411a3b947ba82d1d57f73c0fa698c3b9c95892	26-Feb-2010	Christopher Tate <ctate@google.com>	Add single-package restore to Bmgr feature set Also sanity-check the package name on the Backup Manager side, failing gracefully if the given package is not a backup/restore participant. Bug: 2293977 Change-Id: I3575046ffcaa3cf45c1c602824baeadd64082f70 /frameworks/base/cmds/bmgr/src/com/android/commands/bmgr/Bmgr.java
8472581aa32eee1368de379c2c079ea0a66baa3c	05-Feb-2010	Christopher Tate <ctate@google.com>	Add single-package restore from an app's most-recent data Renamed the RestoreSession performRestore() method to restoreAll(), and added a new restorePackage() method that only restores the single specified app. In order to restore an app other than itself, the caller must hold the android.permission.BACKUP permission. This change also introduces dataset tracking: the Backup Manager persistently remembers both the current backup dataset's identity and that of the "ancestral" dataset, i.e. the one most recently used for a whole-device restore such as performed by SetupWizard. When a single package is restored via restorePackage(), the selection of most-recent dataset to use is this: 1. The data from the currently-active backup dataset, if such exists. An app that has ever backed up data will therefore get its last- known-good data. 2. The app's data from the ancestral dataset, if such exists. This covers the case of a factory reset followed by reinstallation of an app at a later time. The app had not yet backed anything up post-wipe, but the old data is in the ancestral dataset and should be brought forward when the app reappears. 3. If neither 1. nor 2. exist, there is no data to restore, so just skip it and return failure. Note that the infrastructure to automatically attempt a restore after an application has been installed does not yet exist; that's coming. Change-Id: I0ba170df9885128000c46ed28d3dddda3a63a143 /frameworks/base/cmds/bmgr/src/com/android/commands/bmgr/Bmgr.java
0e0b4ae5bc5c652c8339d71ed9667e1e37baaa03	11-Aug-2009	Christopher Tate <ctate@android.com>	Don't let bmgr leave a restore session hanging on error Specifically, don't wait for the RestoreObserver to be informed that the restore has completed unless performRestore() ran. We were winding up in a case where bmgr was hanging forever waiting on a nonexistent restore process instead of calling endRestoreSession(). Also improve the documentation, explicitly calling out the need to call endRestoreSession() even if previous operations on the session were unsuccessful. /frameworks/base/cmds/bmgr/src/com/android/commands/bmgr/Bmgr.java
84780f56f441deb4ff736987986daeaf64db17a4	08-Aug-2009	Christopher Tate <ctate@android.com>	Don't crash if the Backup Manager returns a null RestoreSet[] /frameworks/base/cmds/bmgr/src/com/android/commands/bmgr/Bmgr.java
77095d49f203eed6a6742f2605ca319e7360af32	07-Aug-2009	Christian Sonntag <cxs@android.com>	make restore tokens shown in hex. Since they are android ids, it is much easier to use them as hex, since we can just copy then into android inspector and learn more about the restore set. /frameworks/base/cmds/bmgr/src/com/android/commands/bmgr/Bmgr.java
08e40b858e8a3266c5519a83fda6f7505f1c14db	07-Aug-2009	Christopher Tate <ctate@android.com>	Fix Bmgr's logic around restore completion The caller needs to wait for the restore observer to be informed that the restore has finished processing before it can safely shut down the restore session. /frameworks/base/cmds/bmgr/src/com/android/commands/bmgr/Bmgr.java
d23d7f2d12c20314e1e8ff206fafc8f21745ca2d	02-Jul-2009	Christopher Tate <ctate@google.com>	Add a 'wipe' operation to Bmgr "bmgr wipe PACKAGE" now issues the backup transport clearBackupData() operation for the given package. /frameworks/base/cmds/bmgr/src/com/android/commands/bmgr/Bmgr.java
6ef58a1509b9d3348a33ca5686917796c2759aa5	29-Jun-2009	Christopher Tate <ctate@google.com>	Implement persistent enable/disable of the backup manager Backup & restore is still enabled by default, but with the expectation that it will be enabled during the course of the Setup Wizard or some other privileged entity that has notified the user about the ramifications. While disabled, data-changed notices will still be collected, but no backup pass will be scheduled. When the backup manager is later enabled, any pending data-changed notices will then be processed and the apps invoked for backup. /frameworks/base/cmds/bmgr/src/com/android/commands/bmgr/Bmgr.java
9171749700853305f3e6abbcdbd9e02f3a71d459	27-Jun-2009	Christopher Tate <ctate@google.com>	Use system properties to track the current transport This change retools the transport selection mechanism a fair bit. Transports are now specified by name rather than by numeric ID, and the name of the currently selected transport is stored in a persistent system property under the name "persist.service.bkup.trans". The name -> IBackupTransport translation is now handled by maintaining a map from the names to the live IBackupTransport objects that correspond. The Google transport service observer now registers and unregisters the transport as the service goes up and down. The bmgr command has been expanded to include real transport interrogation and selection by name, and some documentation has been written for it. /frameworks/base/cmds/bmgr/src/com/android/commands/bmgr/Bmgr.java
156411df4627336b246db78cddca8248ed615b67	26-Jun-2009	Dan Egnor <egnor@google.com>	Use a long for restore token /frameworks/base/cmds/bmgr/src/com/android/commands/bmgr/Bmgr.java
c73a218c2663e6ae3ec8a9ab8b9524f95702ade9	26-Jun-2009	Christopher Tate <ctate@google.com>	Add some error reporting & info to bmgr's output /frameworks/base/cmds/bmgr/src/com/android/commands/bmgr/Bmgr.java
4a64bded06a0299785c295a975e2818308eb53e2	26-Jun-2009	Joe Onorato <joeo@android.com>	Add some helpful tests scripts for backup and make bmgr restore wait until the backup is done. /frameworks/base/cmds/bmgr/src/com/android/commands/bmgr/Bmgr.java
5e8a4b842c20dd47b82e9915f1bd730ee1b0d46d	26-Jun-2009	Joe Onorato <joeo@android.com>	Give the bmgr command an IRestoreObserver too. /frameworks/base/cmds/bmgr/src/com/android/commands/bmgr/Bmgr.java
abce4e8714bed26a2b37b20ad3f02cf619d71c9a	19-Jun-2009	Christopher Tate <ctate@google.com>	Use signatures on restore On restore now, the backup manager gets the signature blocks corresponding to the restore set from the transport. It then validates those signatures against the on-device app signatures, and refuses to restore data to an app whose on-device sig block does not match the backup image's. Also actually implement 'bmgr transport N' so that we can select the local transport easily during runtime. /frameworks/base/cmds/bmgr/src/com/android/commands/bmgr/Bmgr.java
f68eb500f99361541049e09eb7f9ddd6f4ef4efa	16-Jun-2009	Christopher Tate <ctate@google.com>	More bmgr work; fix clear-data signalling The 'list sets' and 'restore token#' commands from bmgr now do what they are supposed to. At this point we see the restore target's data being cleared properly and its agent being launched and invoked for restore. /frameworks/base/cmds/bmgr/src/com/android/commands/bmgr/Bmgr.java
ace7f094bf07bbd90cb998b9462e4f2d101a498c	16-Jun-2009	Christopher Tate <ctate@google.com>	Sketch out a 'bmgr' command line tool Not finished, but eventually will allow adb shell access to the Backup Manager for testing purposes etc. /frameworks/base/cmds/bmgr/src/com/android/commands/bmgr/Bmgr.java