1 /*
2  * Copyright (C) 2009 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 package android.app.backup;
18 
19 import android.app.IBackupAgent;
20 import android.app.QueuedWork;
21 import android.content.Context;
22 import android.content.ContextWrapper;
23 import android.content.pm.ApplicationInfo;
24 import android.os.Binder;
25 import android.os.Handler;
26 import android.os.IBinder;
27 import android.os.Looper;
28 import android.os.ParcelFileDescriptor;
29 import android.os.Process;
30 import android.os.RemoteException;
31 import android.system.ErrnoException;
32 import android.system.Os;
33 import android.system.OsConstants;
34 import android.system.StructStat;
35 import android.util.ArraySet;
36 import android.util.Log;
37 
38 import libcore.io.IoUtils;
39 
40 import org.xmlpull.v1.XmlPullParserException;
41 
42 import java.io.File;
43 import java.io.FileOutputStream;
44 import java.io.IOException;
45 import java.util.Collection;
46 import java.util.LinkedList;
47 import java.util.Map;
48 import java.util.Set;
49 import java.util.concurrent.CountDownLatch;
50 
51 /**
52  * Provides the central interface between an
53  * application and Android's data backup infrastructure.  An application that wishes
54  * to participate in the backup and restore mechanism will declare a subclass of
55  * {@link android.app.backup.BackupAgent}, implement the
56  * {@link #onBackup(ParcelFileDescriptor, BackupDataOutput, ParcelFileDescriptor) onBackup()}
57  * and {@link #onRestore(BackupDataInput, int, ParcelFileDescriptor) onRestore()} methods,
58  * and provide the name of its backup agent class in its {@code AndroidManifest.xml} file via
59  * the <code>
60  * <a href="{@docRoot}guide/topics/manifest/application-element.html">&lt;application&gt;</a></code>
61  * tag's {@code android:backupAgent} attribute.
62  *
63  * <div class="special reference">
64  * <h3>Developer Guides</h3>
65  * <p>For more information about using BackupAgent, read the
66  * <a href="{@docRoot}guide/topics/data/backup.html">Data Backup</a> developer guide.</p></div>
67  *
68  * <h3>Basic Operation</h3>
69  * <p>
70  * When the application makes changes to data that it wishes to keep backed up,
71  * it should call the
72  * {@link android.app.backup.BackupManager#dataChanged() BackupManager.dataChanged()} method.
73  * This notifies the Android Backup Manager that the application needs an opportunity
74  * to update its backup image.  The Backup Manager, in turn, schedules a
75  * backup pass to be performed at an opportune time.
76  * <p>
77  * Restore operations are typically performed only when applications are first
78  * installed on a device.  At that time, the operating system checks to see whether
79  * there is a previously-saved data set available for the application being installed, and if so,
80  * begins an immediate restore pass to deliver the backup data as part of the installation
81  * process.
82  * <p>
83  * When a backup or restore pass is run, the application's process is launched
84  * (if not already running), the manifest-declared backup agent class (in the {@code
85  * android:backupAgent} attribute) is instantiated within
86  * that process, and the agent's {@link #onCreate()} method is invoked.  This prepares the
87  * agent instance to run the actual backup or restore logic.  At this point the
88  * agent's
89  * {@link #onBackup(ParcelFileDescriptor, BackupDataOutput, ParcelFileDescriptor) onBackup()} or
90  * {@link #onRestore(BackupDataInput, int, ParcelFileDescriptor) onRestore()} method will be
91  * invoked as appropriate for the operation being performed.
92  * <p>
93  * A backup data set consists of one or more "entities," flattened binary data
94  * records that are each identified with a key string unique within the data set.  Adding a
95  * record to the active data set or updating an existing record is done by simply
96  * writing new entity data under the desired key.  Deleting an entity from the data set
97  * is done by writing an entity under that key with header specifying a negative data
98  * size, and no actual entity data.
99  * <p>
100  * <b>Helper Classes</b>
101  * <p>
102  * An extensible agent based on convenient helper classes is available in
103  * {@link android.app.backup.BackupAgentHelper}.  That class is particularly
104  * suited to handling of simple file or {@link android.content.SharedPreferences}
105  * backup and restore.
106  *
107  * @see android.app.backup.BackupManager
108  * @see android.app.backup.BackupAgentHelper
109  * @see android.app.backup.BackupDataInput
110  * @see android.app.backup.BackupDataOutput
111  */
112 public abstract class BackupAgent extends ContextWrapper {
113     private static final String TAG = "BackupAgent";
114     private static final boolean DEBUG = false;
115 
116     /** @hide */
117     public static final int TYPE_EOF = 0;
118 
119     /**
120      * During a full restore, indicates that the file system object being restored
121      * is an ordinary file.
122      */
123     public static final int TYPE_FILE = 1;
124 
125     /**
126      * During a full restore, indicates that the file system object being restored
127      * is a directory.
128      */
129     public static final int TYPE_DIRECTORY = 2;
130 
131     /** @hide */
132     public static final int TYPE_SYMLINK = 3;
133 
134     Handler mHandler = null;
135 
getHandler()136     Handler getHandler() {
137         if (mHandler == null) {
138             mHandler = new Handler(Looper.getMainLooper());
139         }
140         return mHandler;
141     }
142 
143     class SharedPrefsSynchronizer implements Runnable {
144         public final CountDownLatch mLatch = new CountDownLatch(1);
145 
146         @Override
run()147         public void run() {
148             QueuedWork.waitToFinish();
149             mLatch.countDown();
150         }
151     };
152 
153     // Syncing shared preferences deferred writes needs to happen on the main looper thread
waitForSharedPrefs()154     private void waitForSharedPrefs() {
155         Handler h = getHandler();
156         final SharedPrefsSynchronizer s = new SharedPrefsSynchronizer();
157         h.postAtFrontOfQueue(s);
158         try {
159             s.mLatch.await();
160         } catch (InterruptedException e) { /* ignored */ }
161     }
162 
163 
BackupAgent()164     public BackupAgent() {
165         super(null);
166     }
167 
168     /**
169      * Provided as a convenience for agent implementations that need an opportunity
170      * to do one-time initialization before the actual backup or restore operation
171      * is begun.
172      * <p>
173      */
onCreate()174     public void onCreate() {
175     }
176 
177     /**
178      * Provided as a convenience for agent implementations that need to do some
179      * sort of shutdown process after backup or restore is completed.
180      * <p>
181      * Agents do not need to override this method.
182      */
onDestroy()183     public void onDestroy() {
184     }
185 
186     /**
187      * The application is being asked to write any data changed since the last
188      * time it performed a backup operation. The state data recorded during the
189      * last backup pass is provided in the <code>oldState</code> file
190      * descriptor. If <code>oldState</code> is <code>null</code>, no old state
191      * is available and the application should perform a full backup. In both
192      * cases, a representation of the final backup state after this pass should
193      * be written to the file pointed to by the file descriptor wrapped in
194      * <code>newState</code>.
195      * <p>
196      * Each entity written to the {@link android.app.backup.BackupDataOutput}
197      * <code>data</code> stream will be transmitted
198      * over the current backup transport and stored in the remote data set under
199      * the key supplied as part of the entity.  Writing an entity with a negative
200      * data size instructs the transport to delete whatever entity currently exists
201      * under that key from the remote data set.
202      *
203      * @param oldState An open, read-only ParcelFileDescriptor pointing to the
204      *            last backup state provided by the application. May be
205      *            <code>null</code>, in which case no prior state is being
206      *            provided and the application should perform a full backup.
207      * @param data A structured wrapper around an open, read/write
208      *            file descriptor pointing to the backup data destination.
209      *            Typically the application will use backup helper classes to
210      *            write to this file.
211      * @param newState An open, read/write ParcelFileDescriptor pointing to an
212      *            empty file. The application should record the final backup
213      *            state here after writing the requested data to the <code>data</code>
214      *            output stream.
215      */
onBackup(ParcelFileDescriptor oldState, BackupDataOutput data, ParcelFileDescriptor newState)216     public abstract void onBackup(ParcelFileDescriptor oldState, BackupDataOutput data,
217             ParcelFileDescriptor newState) throws IOException;
218 
219     /**
220      * The application is being restored from backup and should replace any
221      * existing data with the contents of the backup. The backup data is
222      * provided through the <code>data</code> parameter. Once
223      * the restore is finished, the application should write a representation of
224      * the final state to the <code>newState</code> file descriptor.
225      * <p>
226      * The application is responsible for properly erasing its old data and
227      * replacing it with the data supplied to this method. No "clear user data"
228      * operation will be performed automatically by the operating system. The
229      * exception to this is in the case of a failed restore attempt: if
230      * onRestore() throws an exception, the OS will assume that the
231      * application's data may now be in an incoherent state, and will clear it
232      * before proceeding.
233      *
234      * @param data A structured wrapper around an open, read-only
235      *            file descriptor pointing to a full snapshot of the
236      *            application's data.  The application should consume every
237      *            entity represented in this data stream.
238      * @param appVersionCode The value of the <a
239      * href="{@docRoot}guide/topics/manifest/manifest-element.html#vcode">{@code
240      *            android:versionCode}</a> manifest attribute,
241      *            from the application that backed up this particular data set. This
242      *            makes it possible for an application's agent to distinguish among any
243      *            possible older data versions when asked to perform the restore
244      *            operation.
245      * @param newState An open, read/write ParcelFileDescriptor pointing to an
246      *            empty file. The application should record the final backup
247      *            state here after restoring its data from the <code>data</code> stream.
248      *            When a full-backup dataset is being restored, this will be <code>null</code>.
249      */
onRestore(BackupDataInput data, int appVersionCode, ParcelFileDescriptor newState)250     public abstract void onRestore(BackupDataInput data, int appVersionCode,
251             ParcelFileDescriptor newState) throws IOException;
252 
253     /**
254      * The application is having its entire file system contents backed up.  {@code data}
255      * points to the backup destination, and the app has the opportunity to choose which
256      * files are to be stored.  To commit a file as part of the backup, call the
257      * {@link #fullBackupFile(File, FullBackupDataOutput)} helper method.  After all file
258      * data is written to the output, the agent returns from this method and the backup
259      * operation concludes.
260      *
261      * <p>Certain parts of the app's data are never backed up even if the app explicitly
262      * sends them to the output:
263      *
264      * <ul>
265      * <li>The contents of the {@link #getCacheDir()} directory</li>
266      * <li>The contents of the {@link #getCodeCacheDir()} directory</li>
267      * <li>The contents of the {@link #getNoBackupFilesDir()} directory</li>
268      * <li>The contents of the app's shared library directory</li>
269      * </ul>
270      *
271      * <p>The default implementation of this method backs up the entirety of the
272      * application's "owned" file system trees to the output other than the few exceptions
273      * listed above.  Apps only need to override this method if they need to impose special
274      * limitations on which files are being stored beyond the control that
275      * {@link #getNoBackupFilesDir()} offers.
276      * Alternatively they can provide an xml resource to specify what data to include or exclude.
277      *
278      *
279      * @param data A structured wrapper pointing to the backup destination.
280      * @throws IOException
281      *
282      * @see Context#getNoBackupFilesDir()
283      * @see ApplicationInfo#fullBackupContent
284      * @see #fullBackupFile(File, FullBackupDataOutput)
285      * @see #onRestoreFile(ParcelFileDescriptor, long, File, int, long, long)
286      */
onFullBackup(FullBackupDataOutput data)287     public void onFullBackup(FullBackupDataOutput data) throws IOException {
288         FullBackup.BackupScheme backupScheme = FullBackup.getBackupScheme(this);
289         if (!backupScheme.isFullBackupContentEnabled()) {
290             return;
291         }
292 
293         Map<String, Set<String>> manifestIncludeMap;
294         ArraySet<String> manifestExcludeSet;
295         try {
296             manifestIncludeMap =
297                     backupScheme.maybeParseAndGetCanonicalIncludePaths();
298             manifestExcludeSet = backupScheme.maybeParseAndGetCanonicalExcludePaths();
299         } catch (IOException | XmlPullParserException e) {
300             if (Log.isLoggable(FullBackup.TAG_XML_PARSER, Log.VERBOSE)) {
301                 Log.v(FullBackup.TAG_XML_PARSER,
302                         "Exception trying to parse fullBackupContent xml file!"
303                                 + " Aborting full backup.", e);
304             }
305             return;
306         }
307 
308         final String packageName = getPackageName();
309         final ApplicationInfo appInfo = getApplicationInfo();
310 
311         // System apps have control over where their default storage context
312         // is pointed, so we're always explicit when building paths.
313         final Context ceContext = createCredentialProtectedStorageContext();
314         final String rootDir = ceContext.getDataDir().getCanonicalPath();
315         final String filesDir = ceContext.getFilesDir().getCanonicalPath();
316         final String noBackupDir = ceContext.getNoBackupFilesDir().getCanonicalPath();
317         final String databaseDir = ceContext.getDatabasePath("foo").getParentFile()
318                 .getCanonicalPath();
319         final String sharedPrefsDir = ceContext.getSharedPreferencesPath("foo").getParentFile()
320                 .getCanonicalPath();
321         final String cacheDir = ceContext.getCacheDir().getCanonicalPath();
322         final String codeCacheDir = ceContext.getCodeCacheDir().getCanonicalPath();
323 
324         final Context deContext = createDeviceProtectedStorageContext();
325         final String deviceRootDir = deContext.getDataDir().getCanonicalPath();
326         final String deviceFilesDir = deContext.getFilesDir().getCanonicalPath();
327         final String deviceNoBackupDir = deContext.getNoBackupFilesDir().getCanonicalPath();
328         final String deviceDatabaseDir = deContext.getDatabasePath("foo").getParentFile()
329                 .getCanonicalPath();
330         final String deviceSharedPrefsDir = deContext.getSharedPreferencesPath("foo")
331                 .getParentFile().getCanonicalPath();
332         final String deviceCacheDir = deContext.getCacheDir().getCanonicalPath();
333         final String deviceCodeCacheDir = deContext.getCodeCacheDir().getCanonicalPath();
334 
335         final String libDir = (appInfo.nativeLibraryDir != null)
336                 ? new File(appInfo.nativeLibraryDir).getCanonicalPath()
337                 : null;
338 
339         // Maintain a set of excluded directories so that as we traverse the tree we know we're not
340         // going places we don't expect, and so the manifest includes can't take precedence over
341         // what the framework decides is not to be included.
342         final ArraySet<String> traversalExcludeSet = new ArraySet<String>();
343 
344         // Add the directories we always exclude.
345         traversalExcludeSet.add(filesDir);
346         traversalExcludeSet.add(noBackupDir);
347         traversalExcludeSet.add(databaseDir);
348         traversalExcludeSet.add(sharedPrefsDir);
349         traversalExcludeSet.add(cacheDir);
350         traversalExcludeSet.add(codeCacheDir);
351 
352         traversalExcludeSet.add(deviceFilesDir);
353         traversalExcludeSet.add(deviceNoBackupDir);
354         traversalExcludeSet.add(deviceDatabaseDir);
355         traversalExcludeSet.add(deviceSharedPrefsDir);
356         traversalExcludeSet.add(deviceCacheDir);
357         traversalExcludeSet.add(deviceCodeCacheDir);
358 
359         if (libDir != null) {
360             traversalExcludeSet.add(libDir);
361         }
362 
363         // Root dir first.
364         applyXmlFiltersAndDoFullBackupForDomain(
365                 packageName, FullBackup.ROOT_TREE_TOKEN, manifestIncludeMap,
366                 manifestExcludeSet, traversalExcludeSet, data);
367         traversalExcludeSet.add(rootDir);
368 
369         applyXmlFiltersAndDoFullBackupForDomain(
370                 packageName, FullBackup.DEVICE_ROOT_TREE_TOKEN, manifestIncludeMap,
371                 manifestExcludeSet, traversalExcludeSet, data);
372         traversalExcludeSet.add(deviceRootDir);
373 
374         // Data dir next.
375         traversalExcludeSet.remove(filesDir);
376         applyXmlFiltersAndDoFullBackupForDomain(
377                 packageName, FullBackup.FILES_TREE_TOKEN, manifestIncludeMap,
378                 manifestExcludeSet, traversalExcludeSet, data);
379         traversalExcludeSet.add(filesDir);
380 
381         traversalExcludeSet.remove(deviceFilesDir);
382         applyXmlFiltersAndDoFullBackupForDomain(
383                 packageName, FullBackup.DEVICE_FILES_TREE_TOKEN, manifestIncludeMap,
384                 manifestExcludeSet, traversalExcludeSet, data);
385         traversalExcludeSet.add(deviceFilesDir);
386 
387         // Database directory.
388         traversalExcludeSet.remove(databaseDir);
389         applyXmlFiltersAndDoFullBackupForDomain(
390                 packageName, FullBackup.DATABASE_TREE_TOKEN, manifestIncludeMap,
391                 manifestExcludeSet, traversalExcludeSet, data);
392         traversalExcludeSet.add(databaseDir);
393 
394         traversalExcludeSet.remove(deviceDatabaseDir);
395         applyXmlFiltersAndDoFullBackupForDomain(
396                 packageName, FullBackup.DEVICE_DATABASE_TREE_TOKEN, manifestIncludeMap,
397                 manifestExcludeSet, traversalExcludeSet, data);
398         traversalExcludeSet.add(deviceDatabaseDir);
399 
400         // SharedPrefs.
401         traversalExcludeSet.remove(sharedPrefsDir);
402         applyXmlFiltersAndDoFullBackupForDomain(
403                 packageName, FullBackup.SHAREDPREFS_TREE_TOKEN, manifestIncludeMap,
404                 manifestExcludeSet, traversalExcludeSet, data);
405         traversalExcludeSet.add(sharedPrefsDir);
406 
407         traversalExcludeSet.remove(deviceSharedPrefsDir);
408         applyXmlFiltersAndDoFullBackupForDomain(
409                 packageName, FullBackup.DEVICE_SHAREDPREFS_TREE_TOKEN, manifestIncludeMap,
410                 manifestExcludeSet, traversalExcludeSet, data);
411         traversalExcludeSet.add(deviceSharedPrefsDir);
412 
413         // getExternalFilesDir() location associated with this app.  Technically there should
414         // not be any files here if the app does not properly have permission to access
415         // external storage, but edge cases happen. fullBackupFileTree() catches
416         // IOExceptions and similar, and treats them as non-fatal, so we rely on that; and
417         // we know a priori that processes running as the system UID are not permitted to
418         // access external storage, so we check for that as well to avoid nastygrams in
419         // the log.
420         if (Process.myUid() != Process.SYSTEM_UID) {
421             File efLocation = getExternalFilesDir(null);
422             if (efLocation != null) {
423                 applyXmlFiltersAndDoFullBackupForDomain(
424                         packageName, FullBackup.MANAGED_EXTERNAL_TREE_TOKEN, manifestIncludeMap,
425                         manifestExcludeSet, traversalExcludeSet, data);
426             }
427 
428         }
429     }
430 
431     /**
432      * Notification that the application's current backup operation causes it to exceed
433      * the maximum size permitted by the transport.  The ongoing backup operation is
434      * halted and rolled back: any data that had been stored by a previous backup operation
435      * is still intact.  Typically the quota-exceeded state will be detected before any data
436      * is actually transmitted over the network.
437      *
438      * <p>The {@code quotaBytes} value is the total data size currently permitted for this
439      * application.  If desired, the application can use this as a hint for determining
440      * how much data to store.  For example, a messaging application might choose to
441      * store only the newest messages, dropping enough older content to stay under
442      * the quota.
443      *
444      * <p class="note">Note that the maximum quota for the application can change over
445      * time.  In particular, in the future the quota may grow.  Applications that adapt
446      * to the quota when deciding what data to store should be aware of this and implement
447      * their data storage mechanisms in a way that can take advantage of additional
448      * quota.
449      *
450      * @param backupDataBytes The amount of data measured while initializing the backup
451      *    operation, if the total exceeds the app's alloted quota.  If initial measurement
452      *    suggested that the data would fit but then too much data was actually submitted
453      *    as part of the operation, then this value is the amount of data that had been
454      *    streamed into the transport at the time the quota was reached.
455      * @param quotaBytes The maximum data size that the transport currently permits
456      *    this application to store as a backup.
457      */
onQuotaExceeded(long backupDataBytes, long quotaBytes)458     public void onQuotaExceeded(long backupDataBytes, long quotaBytes) {
459     }
460 
461     /**
462      * Check whether the xml yielded any <include/> tag for the provided <code>domainToken</code>.
463      * If so, perform a {@link #fullBackupFileTree} which backs up the file or recurses if the path
464      * is a directory.
465      */
applyXmlFiltersAndDoFullBackupForDomain(String packageName, String domainToken, Map<String, Set<String>> includeMap, ArraySet<String> filterSet, ArraySet<String> traversalExcludeSet, FullBackupDataOutput data)466     private void applyXmlFiltersAndDoFullBackupForDomain(String packageName, String domainToken,
467                                                          Map<String, Set<String>> includeMap,
468                                                          ArraySet<String> filterSet,
469                                                          ArraySet<String> traversalExcludeSet,
470                                                          FullBackupDataOutput data)
471             throws IOException {
472         if (includeMap == null || includeMap.size() == 0) {
473             // Do entire sub-tree for the provided token.
474             fullBackupFileTree(packageName, domainToken,
475                     FullBackup.getBackupScheme(this).tokenToDirectoryPath(domainToken),
476                     filterSet, traversalExcludeSet, data);
477         } else if (includeMap.get(domainToken) != null) {
478             // This will be null if the xml parsing didn't yield any rules for
479             // this domain (there may still be rules for other domains).
480             for (String includeFile : includeMap.get(domainToken)) {
481                 fullBackupFileTree(packageName, domainToken, includeFile, filterSet,
482                         traversalExcludeSet, data);
483             }
484         }
485     }
486 
487     /**
488      * Write an entire file as part of a full-backup operation.  The file's contents
489      * will be delivered to the backup destination along with the metadata necessary
490      * to place it with the proper location and permissions on the device where the
491      * data is restored.
492      *
493      * <p class="note">Attempting to back up files in directories that are ignored by
494      * the backup system will have no effect.  For example, if the app calls this method
495      * with a file inside the {@link #getNoBackupFilesDir()} directory, it will be ignored.
496      * See {@link #onFullBackup(FullBackupDataOutput)} for details on what directories
497      * are excluded from backups.
498      *
499      * @param file The file to be backed up.  The file must exist and be readable by
500      *     the caller.
501      * @param output The destination to which the backed-up file data will be sent.
502      */
fullBackupFile(File file, FullBackupDataOutput output)503     public final void fullBackupFile(File file, FullBackupDataOutput output) {
504         // Look up where all of our various well-defined dir trees live on this device
505         final String rootDir;
506         final String filesDir;
507         final String nbFilesDir;
508         final String dbDir;
509         final String spDir;
510         final String cacheDir;
511         final String codeCacheDir;
512         final String deviceRootDir;
513         final String deviceFilesDir;
514         final String deviceNbFilesDir;
515         final String deviceDbDir;
516         final String deviceSpDir;
517         final String deviceCacheDir;
518         final String deviceCodeCacheDir;
519         final String libDir;
520 
521         String efDir = null;
522         String filePath;
523 
524         ApplicationInfo appInfo = getApplicationInfo();
525 
526         try {
527             // System apps have control over where their default storage context
528             // is pointed, so we're always explicit when building paths.
529             final Context ceContext = createCredentialProtectedStorageContext();
530             rootDir = ceContext.getDataDir().getCanonicalPath();
531             filesDir = ceContext.getFilesDir().getCanonicalPath();
532             nbFilesDir = ceContext.getNoBackupFilesDir().getCanonicalPath();
533             dbDir = ceContext.getDatabasePath("foo").getParentFile().getCanonicalPath();
534             spDir = ceContext.getSharedPreferencesPath("foo").getParentFile().getCanonicalPath();
535             cacheDir = ceContext.getCacheDir().getCanonicalPath();
536             codeCacheDir = ceContext.getCodeCacheDir().getCanonicalPath();
537 
538             final Context deContext = createDeviceProtectedStorageContext();
539             deviceRootDir = deContext.getDataDir().getCanonicalPath();
540             deviceFilesDir = deContext.getFilesDir().getCanonicalPath();
541             deviceNbFilesDir = deContext.getNoBackupFilesDir().getCanonicalPath();
542             deviceDbDir = deContext.getDatabasePath("foo").getParentFile().getCanonicalPath();
543             deviceSpDir = deContext.getSharedPreferencesPath("foo").getParentFile()
544                     .getCanonicalPath();
545             deviceCacheDir = deContext.getCacheDir().getCanonicalPath();
546             deviceCodeCacheDir = deContext.getCodeCacheDir().getCanonicalPath();
547 
548             libDir = (appInfo.nativeLibraryDir == null)
549                     ? null
550                     : new File(appInfo.nativeLibraryDir).getCanonicalPath();
551 
552             // may or may not have external files access to attempt backup/restore there
553             if (Process.myUid() != Process.SYSTEM_UID) {
554                 File efLocation = getExternalFilesDir(null);
555                 if (efLocation != null) {
556                     efDir = efLocation.getCanonicalPath();
557                 }
558             }
559 
560             // Now figure out which well-defined tree the file is placed in, working from
561             // most to least specific.  We also specifically exclude the lib, cache,
562             // and code_cache dirs.
563             filePath = file.getCanonicalPath();
564         } catch (IOException e) {
565             Log.w(TAG, "Unable to obtain canonical paths");
566             return;
567         }
568 
569         if (filePath.startsWith(cacheDir)
570                 || filePath.startsWith(codeCacheDir)
571                 || filePath.startsWith(nbFilesDir)
572                 || filePath.startsWith(deviceCacheDir)
573                 || filePath.startsWith(deviceCodeCacheDir)
574                 || filePath.startsWith(deviceNbFilesDir)
575                 || filePath.startsWith(libDir)) {
576             Log.w(TAG, "lib, cache, code_cache, and no_backup files are not backed up");
577             return;
578         }
579 
580         final String domain;
581         String rootpath = null;
582         if (filePath.startsWith(dbDir)) {
583             domain = FullBackup.DATABASE_TREE_TOKEN;
584             rootpath = dbDir;
585         } else if (filePath.startsWith(spDir)) {
586             domain = FullBackup.SHAREDPREFS_TREE_TOKEN;
587             rootpath = spDir;
588         } else if (filePath.startsWith(filesDir)) {
589             domain = FullBackup.FILES_TREE_TOKEN;
590             rootpath = filesDir;
591         } else if (filePath.startsWith(rootDir)) {
592             domain = FullBackup.ROOT_TREE_TOKEN;
593             rootpath = rootDir;
594         } else if (filePath.startsWith(deviceDbDir)) {
595             domain = FullBackup.DEVICE_DATABASE_TREE_TOKEN;
596             rootpath = deviceDbDir;
597         } else if (filePath.startsWith(deviceSpDir)) {
598             domain = FullBackup.DEVICE_SHAREDPREFS_TREE_TOKEN;
599             rootpath = deviceSpDir;
600         } else if (filePath.startsWith(deviceFilesDir)) {
601             domain = FullBackup.DEVICE_FILES_TREE_TOKEN;
602             rootpath = deviceFilesDir;
603         } else if (filePath.startsWith(deviceRootDir)) {
604             domain = FullBackup.DEVICE_ROOT_TREE_TOKEN;
605             rootpath = deviceRootDir;
606         } else if ((efDir != null) && filePath.startsWith(efDir)) {
607             domain = FullBackup.MANAGED_EXTERNAL_TREE_TOKEN;
608             rootpath = efDir;
609         } else {
610             Log.w(TAG, "File " + filePath + " is in an unsupported location; skipping");
611             return;
612         }
613 
614         // And now that we know where it lives, semantically, back it up appropriately
615         // In the measurement case, backupToTar() updates the size in output and returns
616         // without transmitting any file data.
617         if (DEBUG) Log.i(TAG, "backupFile() of " + filePath + " => domain=" + domain
618                 + " rootpath=" + rootpath);
619 
620         FullBackup.backupToTar(getPackageName(), domain, null, rootpath, filePath, output);
621     }
622 
623     /**
624      * Scan the dir tree (if it actually exists) and process each entry we find.  If the
625      * 'excludes' parameters are non-null, they are consulted each time a new file system entity
626      * is visited to see whether that entity (and its subtree, if appropriate) should be
627      * omitted from the backup process.
628      *
629      * @param systemExcludes An optional list of excludes.
630      * @hide
631      */
fullBackupFileTree(String packageName, String domain, String startingPath, ArraySet<String> manifestExcludes, ArraySet<String> systemExcludes, FullBackupDataOutput output)632     protected final void fullBackupFileTree(String packageName, String domain, String startingPath,
633                                             ArraySet<String> manifestExcludes,
634                                             ArraySet<String> systemExcludes,
635             FullBackupDataOutput output) {
636         // Pull out the domain and set it aside to use when making the tarball.
637         String domainPath = FullBackup.getBackupScheme(this).tokenToDirectoryPath(domain);
638         if (domainPath == null) {
639             // Should never happen.
640             return;
641         }
642 
643         File rootFile = new File(startingPath);
644         if (rootFile.exists()) {
645             LinkedList<File> scanQueue = new LinkedList<File>();
646             scanQueue.add(rootFile);
647 
648             while (scanQueue.size() > 0) {
649                 File file = scanQueue.remove(0);
650                 String filePath;
651                 try {
652                     // Ignore things that aren't "real" files or dirs
653                     StructStat stat = Os.lstat(file.getPath());
654                     if (!OsConstants.S_ISREG(stat.st_mode)
655                             && !OsConstants.S_ISDIR(stat.st_mode)) {
656                         if (DEBUG) Log.i(TAG, "Not a file/dir (skipping)!: " + file);
657                         continue;
658                     }
659 
660                     // For all other verification, look at the canonicalized path
661                     filePath = file.getCanonicalPath();
662 
663                     // prune this subtree?
664                     if (manifestExcludes != null && manifestExcludes.contains(filePath)) {
665                         continue;
666                     }
667                     if (systemExcludes != null && systemExcludes.contains(filePath)) {
668                         continue;
669                     }
670 
671                     // If it's a directory, enqueue its contents for scanning.
672                     if (OsConstants.S_ISDIR(stat.st_mode)) {
673                         File[] contents = file.listFiles();
674                         if (contents != null) {
675                             for (File entry : contents) {
676                                 scanQueue.add(0, entry);
677                             }
678                         }
679                     }
680                 } catch (IOException e) {
681                     if (DEBUG) Log.w(TAG, "Error canonicalizing path of " + file);
682                     if (Log.isLoggable(FullBackup.TAG_XML_PARSER, Log.VERBOSE)) {
683                         Log.v(FullBackup.TAG_XML_PARSER, "Error canonicalizing path of " + file);
684                     }
685                     continue;
686                 } catch (ErrnoException e) {
687                     if (DEBUG) Log.w(TAG, "Error scanning file " + file + " : " + e);
688                     if (Log.isLoggable(FullBackup.TAG_XML_PARSER, Log.VERBOSE)) {
689                         Log.v(FullBackup.TAG_XML_PARSER, "Error scanning file " + file + " : " + e);
690                     }
691                     continue;
692                 }
693 
694                 // Finally, back this file up (or measure it) before proceeding
695                 FullBackup.backupToTar(packageName, domain, null, domainPath, filePath, output);
696             }
697         }
698     }
699 
700     /**
701      * Handle the data delivered via the given file descriptor during a full restore
702      * operation.  The agent is given the path to the file's original location as well
703      * as its size and metadata.
704      * <p>
705      * The file descriptor can only be read for {@code size} bytes; attempting to read
706      * more data has undefined behavior.
707      * <p>
708      * The default implementation creates the destination file/directory and populates it
709      * with the data from the file descriptor, then sets the file's access mode and
710      * modification time to match the restore arguments.
711      *
712      * @param data A read-only file descriptor from which the agent can read {@code size}
713      *     bytes of file data.
714      * @param size The number of bytes of file content to be restored to the given
715      *     destination.  If the file system object being restored is a directory, {@code size}
716      *     will be zero.
717      * @param destination The File on disk to be restored with the given data.
718      * @param type The kind of file system object being restored.  This will be either
719      *     {@link BackupAgent#TYPE_FILE} or {@link BackupAgent#TYPE_DIRECTORY}.
720      * @param mode The access mode to be assigned to the destination after its data is
721      *     written.  This is in the standard format used by {@code chmod()}.
722      * @param mtime The modification time of the file when it was backed up, suitable to
723      *     be assigned to the file after its data is written.
724      * @throws IOException
725      */
onRestoreFile(ParcelFileDescriptor data, long size, File destination, int type, long mode, long mtime)726     public void onRestoreFile(ParcelFileDescriptor data, long size,
727             File destination, int type, long mode, long mtime)
728             throws IOException {
729 
730         final boolean accept = isFileEligibleForRestore(destination);
731         // If we don't accept the file, consume the bytes from the pipe anyway.
732         FullBackup.restoreFile(data, size, type, mode, mtime, accept ? destination : null);
733     }
734 
isFileEligibleForRestore(File destination)735     private boolean isFileEligibleForRestore(File destination) throws IOException {
736         FullBackup.BackupScheme bs = FullBackup.getBackupScheme(this);
737         if (!bs.isFullBackupContentEnabled()) {
738             if (Log.isLoggable(FullBackup.TAG_XML_PARSER, Log.VERBOSE)) {
739                 Log.v(FullBackup.TAG_XML_PARSER,
740                         "onRestoreFile \"" + destination.getCanonicalPath()
741                                 + "\" : fullBackupContent not enabled for " + getPackageName());
742             }
743             return false;
744         }
745 
746         Map<String, Set<String>> includes = null;
747         ArraySet<String> excludes = null;
748         final String destinationCanonicalPath = destination.getCanonicalPath();
749         try {
750             includes = bs.maybeParseAndGetCanonicalIncludePaths();
751             excludes = bs.maybeParseAndGetCanonicalExcludePaths();
752         } catch (XmlPullParserException e) {
753             if (Log.isLoggable(FullBackup.TAG_XML_PARSER, Log.VERBOSE)) {
754                 Log.v(FullBackup.TAG_XML_PARSER,
755                         "onRestoreFile \"" + destinationCanonicalPath
756                                 + "\" : Exception trying to parse fullBackupContent xml file!"
757                                 + " Aborting onRestoreFile.", e);
758             }
759             return false;
760         }
761 
762         if (excludes != null &&
763                 isFileSpecifiedInPathList(destination, excludes)) {
764             if (Log.isLoggable(FullBackup.TAG_XML_PARSER, Log.VERBOSE)) {
765                 Log.v(FullBackup.TAG_XML_PARSER,
766                         "onRestoreFile: \"" + destinationCanonicalPath + "\": listed in"
767                                 + " excludes; skipping.");
768             }
769             return false;
770         }
771 
772         if (includes != null && !includes.isEmpty()) {
773             // Rather than figure out the <include/> domain based on the path (a lot of code, and
774             // it's a small list), we'll go through and look for it.
775             boolean explicitlyIncluded = false;
776             for (Set<String> domainIncludes : includes.values()) {
777                 explicitlyIncluded |= isFileSpecifiedInPathList(destination, domainIncludes);
778                 if (explicitlyIncluded) {
779                     break;
780                 }
781             }
782             if (!explicitlyIncluded) {
783                 if (Log.isLoggable(FullBackup.TAG_XML_PARSER, Log.VERBOSE)) {
784                     Log.v(FullBackup.TAG_XML_PARSER,
785                             "onRestoreFile: Trying to restore \""
786                                     + destinationCanonicalPath + "\" but it isn't specified"
787                                     + " in the included files; skipping.");
788                 }
789                 return false;
790             }
791         }
792         return true;
793     }
794 
795     /**
796      * @return True if the provided file is either directly in the provided list, or the provided
797      * file is within a directory in the list.
798      */
isFileSpecifiedInPathList(File file, Collection<String> canonicalPathList)799     private boolean isFileSpecifiedInPathList(File file, Collection<String> canonicalPathList)
800             throws IOException {
801         for (String canonicalPath : canonicalPathList) {
802             File fileFromList = new File(canonicalPath);
803             if (fileFromList.isDirectory()) {
804                 if (file.isDirectory()) {
805                     // If they are both directories check exact equals.
806                     return file.equals(fileFromList);
807                 } else {
808                     // O/w we have to check if the file is within the directory from the list.
809                     return file.getCanonicalPath().startsWith(canonicalPath);
810                 }
811             } else {
812                 if (file.equals(fileFromList)) {
813                     // Need to check the explicit "equals" so we don't end up with substrings.
814                     return true;
815                 }
816             }
817         }
818         return false;
819     }
820 
821     /**
822      * Only specialized platform agents should overload this entry point to support
823      * restores to crazy non-app locations.
824      * @hide
825      */
onRestoreFile(ParcelFileDescriptor data, long size, int type, String domain, String path, long mode, long mtime)826     protected void onRestoreFile(ParcelFileDescriptor data, long size,
827             int type, String domain, String path, long mode, long mtime)
828             throws IOException {
829         String basePath = null;
830 
831         if (DEBUG) Log.d(TAG, "onRestoreFile() size=" + size + " type=" + type
832                 + " domain=" + domain + " relpath=" + path + " mode=" + mode
833                 + " mtime=" + mtime);
834 
835         basePath = FullBackup.getBackupScheme(this).tokenToDirectoryPath(domain);
836         if (domain.equals(FullBackup.MANAGED_EXTERNAL_TREE_TOKEN)) {
837             mode = -1;  // < 0 is a token to skip attempting a chmod()
838         }
839 
840         // Now that we've figured out where the data goes, send it on its way
841         if (basePath != null) {
842             // Canonicalize the nominal path and verify that it lies within the stated domain
843             File outFile = new File(basePath, path);
844             String outPath = outFile.getCanonicalPath();
845             if (outPath.startsWith(basePath + File.separatorChar)) {
846                 if (DEBUG) Log.i(TAG, "[" + domain + " : " + path + "] mapped to " + outPath);
847                 onRestoreFile(data, size, outFile, type, mode, mtime);
848                 return;
849             } else {
850                 // Attempt to restore to a path outside the file's nominal domain.
851                 if (DEBUG) {
852                     Log.e(TAG, "Cross-domain restore attempt: " + outPath);
853                 }
854             }
855         }
856 
857         // Not a supported output location, or bad path:  we need to consume the data
858         // anyway, so just use the default "copy the data out" implementation
859         // with a null destination.
860         if (DEBUG) Log.i(TAG, "[ skipping file " + path + "]");
861         FullBackup.restoreFile(data, size, type, mode, mtime, null);
862     }
863 
864     /**
865      * The application's restore operation has completed.  This method is called after
866      * all available data has been delivered to the application for restore (via either
867      * the {@link #onRestore(BackupDataInput, int, ParcelFileDescriptor) onRestore()} or
868      * {@link #onRestoreFile(ParcelFileDescriptor, long, File, int, long, long) onRestoreFile()}
869      * callbacks).  This provides the app with a stable end-of-restore opportunity to
870      * perform any appropriate post-processing on the data that was just delivered.
871      *
872      * @see #onRestore(BackupDataInput, int, ParcelFileDescriptor)
873      * @see #onRestoreFile(ParcelFileDescriptor, long, File, int, long, long)
874      */
onRestoreFinished()875     public void onRestoreFinished() {
876     }
877 
878     // ----- Core implementation -----
879 
880     /** @hide */
onBind()881     public final IBinder onBind() {
882         return mBinder;
883     }
884 
885     private final IBinder mBinder = new BackupServiceBinder().asBinder();
886 
887     /** @hide */
attach(Context context)888     public void attach(Context context) {
889         attachBaseContext(context);
890     }
891 
892     // ----- IBackupService binder interface -----
893     private class BackupServiceBinder extends IBackupAgent.Stub {
894         private static final String TAG = "BackupServiceBinder";
895 
896         @Override
doBackup(ParcelFileDescriptor oldState, ParcelFileDescriptor data, ParcelFileDescriptor newState, long quotaBytes, int token, IBackupManager callbackBinder)897         public void doBackup(ParcelFileDescriptor oldState,
898                 ParcelFileDescriptor data,
899                 ParcelFileDescriptor newState,
900                 long quotaBytes, int token, IBackupManager callbackBinder) throws RemoteException {
901             // Ensure that we're running with the app's normal permission level
902             long ident = Binder.clearCallingIdentity();
903 
904             if (DEBUG) Log.v(TAG, "doBackup() invoked");
905             BackupDataOutput output = new BackupDataOutput(data.getFileDescriptor(), quotaBytes);
906 
907             try {
908                 BackupAgent.this.onBackup(oldState, output, newState);
909             } catch (IOException ex) {
910                 Log.d(TAG, "onBackup (" + BackupAgent.this.getClass().getName() + ") threw", ex);
911                 throw new RuntimeException(ex);
912             } catch (RuntimeException ex) {
913                 Log.d(TAG, "onBackup (" + BackupAgent.this.getClass().getName() + ") threw", ex);
914                 throw ex;
915             } finally {
916                 // Ensure that any SharedPreferences writes have landed after the backup,
917                 // in case the app code has side effects (since apps cannot provide this
918                 // guarantee themselves).
919                 waitForSharedPrefs();
920 
921                 Binder.restoreCallingIdentity(ident);
922                 try {
923                     callbackBinder.opComplete(token, 0);
924                 } catch (RemoteException e) {
925                     // we'll time out anyway, so we're safe
926                 }
927 
928                 // Don't close the fd out from under the system service if this was local
929                 if (Binder.getCallingPid() != Process.myPid()) {
930                     IoUtils.closeQuietly(oldState);
931                     IoUtils.closeQuietly(data);
932                     IoUtils.closeQuietly(newState);
933                 }
934             }
935         }
936 
937         @Override
doRestore(ParcelFileDescriptor data, int appVersionCode, ParcelFileDescriptor newState, int token, IBackupManager callbackBinder)938         public void doRestore(ParcelFileDescriptor data, int appVersionCode,
939                 ParcelFileDescriptor newState,
940                 int token, IBackupManager callbackBinder) throws RemoteException {
941             // Ensure that we're running with the app's normal permission level
942             long ident = Binder.clearCallingIdentity();
943 
944             if (DEBUG) Log.v(TAG, "doRestore() invoked");
945             BackupDataInput input = new BackupDataInput(data.getFileDescriptor());
946             try {
947                 BackupAgent.this.onRestore(input, appVersionCode, newState);
948             } catch (IOException ex) {
949                 Log.d(TAG, "onRestore (" + BackupAgent.this.getClass().getName() + ") threw", ex);
950                 throw new RuntimeException(ex);
951             } catch (RuntimeException ex) {
952                 Log.d(TAG, "onRestore (" + BackupAgent.this.getClass().getName() + ") threw", ex);
953                 throw ex;
954             } finally {
955                 // Ensure that any side-effect SharedPreferences writes have landed
956                 waitForSharedPrefs();
957 
958                 Binder.restoreCallingIdentity(ident);
959                 try {
960                     callbackBinder.opComplete(token, 0);
961                 } catch (RemoteException e) {
962                     // we'll time out anyway, so we're safe
963                 }
964 
965                 if (Binder.getCallingPid() != Process.myPid()) {
966                     IoUtils.closeQuietly(data);
967                     IoUtils.closeQuietly(newState);
968                 }
969             }
970         }
971 
972         @Override
doFullBackup(ParcelFileDescriptor data, long quotaBytes, int token, IBackupManager callbackBinder)973         public void doFullBackup(ParcelFileDescriptor data,
974                 long quotaBytes, int token, IBackupManager callbackBinder) {
975             // Ensure that we're running with the app's normal permission level
976             long ident = Binder.clearCallingIdentity();
977 
978             if (DEBUG) Log.v(TAG, "doFullBackup() invoked");
979 
980             // Ensure that any SharedPreferences writes have landed *before*
981             // we potentially try to back up the underlying files directly.
982             waitForSharedPrefs();
983 
984             try {
985                 BackupAgent.this.onFullBackup(new FullBackupDataOutput(data, quotaBytes));
986             } catch (IOException ex) {
987                 Log.d(TAG, "onFullBackup (" + BackupAgent.this.getClass().getName() + ") threw", ex);
988                 throw new RuntimeException(ex);
989             } catch (RuntimeException ex) {
990                 Log.d(TAG, "onFullBackup (" + BackupAgent.this.getClass().getName() + ") threw", ex);
991                 throw ex;
992             } finally {
993                 // ... and then again after, as in the doBackup() case
994                 waitForSharedPrefs();
995 
996                 // Send the EOD marker indicating that there is no more data
997                 // forthcoming from this agent.
998                 try {
999                     FileOutputStream out = new FileOutputStream(data.getFileDescriptor());
1000                     byte[] buf = new byte[4];
1001                     out.write(buf);
1002                 } catch (IOException e) {
1003                     Log.e(TAG, "Unable to finalize backup stream!");
1004                 }
1005 
1006                 Binder.restoreCallingIdentity(ident);
1007                 try {
1008                     callbackBinder.opComplete(token, 0);
1009                 } catch (RemoteException e) {
1010                     // we'll time out anyway, so we're safe
1011                 }
1012 
1013                 if (Binder.getCallingPid() != Process.myPid()) {
1014                     IoUtils.closeQuietly(data);
1015                 }
1016             }
1017         }
1018 
doMeasureFullBackup(long quotaBytes, int token, IBackupManager callbackBinder)1019         public void doMeasureFullBackup(long quotaBytes, int token, IBackupManager callbackBinder) {
1020             // Ensure that we're running with the app's normal permission level
1021             final long ident = Binder.clearCallingIdentity();
1022             FullBackupDataOutput measureOutput = new FullBackupDataOutput(quotaBytes);
1023 
1024             waitForSharedPrefs();
1025             try {
1026                 BackupAgent.this.onFullBackup(measureOutput);
1027             } catch (IOException ex) {
1028                 Log.d(TAG, "onFullBackup[M] (" + BackupAgent.this.getClass().getName() + ") threw", ex);
1029                 throw new RuntimeException(ex);
1030             } catch (RuntimeException ex) {
1031                 Log.d(TAG, "onFullBackup[M] (" + BackupAgent.this.getClass().getName() + ") threw", ex);
1032                 throw ex;
1033             } finally {
1034                 Binder.restoreCallingIdentity(ident);
1035                 try {
1036                     callbackBinder.opComplete(token, measureOutput.getSize());
1037                 } catch (RemoteException e) {
1038                     // timeout, so we're safe
1039                 }
1040             }
1041         }
1042 
1043         @Override
doRestoreFile(ParcelFileDescriptor data, long size, int type, String domain, String path, long mode, long mtime, int token, IBackupManager callbackBinder)1044         public void doRestoreFile(ParcelFileDescriptor data, long size,
1045                 int type, String domain, String path, long mode, long mtime,
1046                 int token, IBackupManager callbackBinder) throws RemoteException {
1047             long ident = Binder.clearCallingIdentity();
1048             try {
1049                 BackupAgent.this.onRestoreFile(data, size, type, domain, path, mode, mtime);
1050             } catch (IOException e) {
1051                 Log.d(TAG, "onRestoreFile (" + BackupAgent.this.getClass().getName() + ") threw", e);
1052                 throw new RuntimeException(e);
1053             } finally {
1054                 // Ensure that any side-effect SharedPreferences writes have landed
1055                 waitForSharedPrefs();
1056 
1057                 Binder.restoreCallingIdentity(ident);
1058                 try {
1059                     callbackBinder.opComplete(token, 0);
1060                 } catch (RemoteException e) {
1061                     // we'll time out anyway, so we're safe
1062                 }
1063 
1064                 if (Binder.getCallingPid() != Process.myPid()) {
1065                     IoUtils.closeQuietly(data);
1066                 }
1067             }
1068         }
1069 
1070         @Override
doRestoreFinished(int token, IBackupManager callbackBinder)1071         public void doRestoreFinished(int token, IBackupManager callbackBinder) {
1072             long ident = Binder.clearCallingIdentity();
1073             try {
1074                 BackupAgent.this.onRestoreFinished();
1075             } catch (Exception e) {
1076                 Log.d(TAG, "onRestoreFinished (" + BackupAgent.this.getClass().getName() + ") threw", e);
1077                 throw e;
1078             } finally {
1079                 // Ensure that any side-effect SharedPreferences writes have landed
1080                 waitForSharedPrefs();
1081 
1082                 Binder.restoreCallingIdentity(ident);
1083                 try {
1084                     callbackBinder.opComplete(token, 0);
1085                 } catch (RemoteException e) {
1086                     // we'll time out anyway, so we're safe
1087                 }
1088             }
1089         }
1090 
1091         @Override
fail(String message)1092         public void fail(String message) {
1093             getHandler().post(new FailRunnable(message));
1094         }
1095 
1096         @Override
doQuotaExceeded(long backupDataBytes, long quotaBytes)1097         public void doQuotaExceeded(long backupDataBytes, long quotaBytes) {
1098             long ident = Binder.clearCallingIdentity();
1099             try {
1100                 BackupAgent.this.onQuotaExceeded(backupDataBytes, quotaBytes);
1101             } catch (Exception e) {
1102                 Log.d(TAG, "onQuotaExceeded(" + BackupAgent.this.getClass().getName() + ") threw",
1103                         e);
1104                 throw e;
1105             } finally {
1106                 waitForSharedPrefs();
1107                 Binder.restoreCallingIdentity(ident);
1108             }
1109         }
1110     }
1111 
1112     static class FailRunnable implements Runnable {
1113         private String mMessage;
1114 
FailRunnable(String message)1115         FailRunnable(String message) {
1116             mMessage = message;
1117         }
1118 
1119         @Override
run()1120         public void run() {
1121             throw new IllegalStateException(mMessage);
1122         }
1123     }
1124 }
1125