)]}'
{
  "commit": "a32504fce826fb66b53991d04819ece3e6bf105e",
  "tree": "b51c9b09c4c071e5d90adac6ad766388676c873d",
  "parents": [
    "0dde41fbe0e36bfe059399c839604267ad0318c1"
  ],
  "author": {
    "name": "Christopher Tate",
    "email": "ctate@google.com",
    "time": "Wed Apr 21 17:58:07 2010 -0700"
  },
  "committer": {
    "name": "Christopher Tate",
    "email": "ctate@google.com",
    "time": "Wed Apr 21 18:02:56 2010 -0700"
  },
  "message": "Fix security hole in Google backup transport registration\n\nPreviously, it was conceivable that a 3rd party application on a non-GED\ndevice could publish a service that supported the (hidden) IBackupTransport\ninterface and spoofed the Google backup transport\u0027s package and component\nname.  This could allow it to secretly intercept all data moved through the\nbackup mechanism.\n\nFix by ensuring that the package in question exists and is part of the\nOS itself (FLAG_SYSTEM in its ApplicationInfo description) before binding\nto it.\n\nFixes bug #2457063\n\nChange-Id: I3487572be45c2014fa209beacfe3ac6f8270f872\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "91dfaf3d65b470900220155d66621fae415f322f",
      "old_mode": 33188,
      "old_path": "services/java/com/android/server/BackupManagerService.java",
      "new_id": "d67dde0b75c4d60f6ddfc5c81adba1f874402c86",
      "new_mode": 33188,
      "new_path": "services/java/com/android/server/BackupManagerService.java"
    }
  ]
}
