If we can't get the restore set's metadata, don't continue Without the metadata we can't verify the version number or the signatures of the apps whose data we'd be trying to restore against the apps present on device. This is not acceptable; we need to refuse to give data to an unauthenticated app.

commit: 8c0324752a7f47afd9e84f0a3088954b5d05a94b [log] [tgz]
author: Christopher Tate <ctate@google.com> Thu Jul 02 14:28:47 2009 -0700
committer: Christopher Tate <ctate@google.com> Thu Jul 02 14:28:47 2009 -0700
tree: 5e485de5800af2b9f70a81a74e1497a057722e70
parent: 9701b3d594868bd6750d5887af560c6295ea091b [diff] [blame]
diff --git a/services/java/com/android/server/BackupManagerService.java b/services/java/com/android/server/BackupManagerService.java
index c3b9157..7977d1f 100644
--- a/services/java/com/android/server/BackupManagerService.java
+++ b/services/java/com/android/server/BackupManagerService.java

@@ -943,6 +943,15 @@
                         mPackageManager, agentPackages);
                 processOneRestore(omPackage, 0, IBackupAgent.Stub.asInterface(pmAgent.onBind()));
 
+                // Verify that the backup set includes metadata.  If not, we can't do
+                // signature/version verification etc, so we simply do not proceed with
+                // the restore operation.
+                Metadata pmMeta = pmAgent.getRestoredMetadata(packageName);
+                if (pmMeta == null) {
+                    Log.i(TAG, "No restore metadata available, so not restoring settings");
+                    return;
+                }
+
                 int count = 0;
                 for (;;) {
                     packageName = mTransport.nextRestorePackage();
commit	8c0324752a7f47afd9e84f0a3088954b5d05a94b	[log] [tgz]
author	Christopher Tate <ctate@google.com>	Thu Jul 02 14:28:47 2009 -0700
committer	Christopher Tate <ctate@google.com>	Thu Jul 02 14:28:47 2009 -0700
tree	5e485de5800af2b9f70a81a74e1497a057722e70
parent	9701b3d594868bd6750d5887af560c6295ea091b [diff] [blame]