Don't back up / restore non-primary users' data
For now only the device owner "user" gets cloud backups. Also, only the
device owner account has access to local backup/restore.
Bug 6956438
Change-Id: I87d7ba5969e606c23f4214469f9bf2fd47a6c61b
diff --git a/core/java/android/os/UserId.java b/core/java/android/os/UserId.java
index 7e611df..18a3062 100644
--- a/core/java/android/os/UserId.java
+++ b/core/java/android/os/UserId.java
@@ -33,6 +33,8 @@
/** A user id to indicate the currently active user */
public static final int USER_CURRENT = -2;
+ /** A user id constant to indicate the "owner" user of the device */
+ public static final int USER_OWNER = 0;
/**
* Enable multi-user related side effects. Set this to false if there are problems with single
diff --git a/services/java/com/android/server/BackupManagerService.java b/services/java/com/android/server/BackupManagerService.java
index 2167c49..4542840 100644
--- a/services/java/com/android/server/BackupManagerService.java
+++ b/services/java/com/android/server/BackupManagerService.java
@@ -65,6 +65,7 @@
import android.os.RemoteException;
import android.os.ServiceManager;
import android.os.SystemClock;
+import android.os.UserId;
import android.os.WorkSource;
import android.os.storage.IMountService;
import android.provider.Settings;
@@ -4845,6 +4846,18 @@
// ----- IBackupManager binder interface -----
public void dataChanged(final String packageName) {
+ final int callingUserHandle = UserId.getCallingUserId();
+ if (callingUserHandle != UserId.USER_OWNER) {
+ // App is running under a non-owner user profile. For now, we do not back
+ // up data from secondary user profiles.
+ // TODO: backups for all user profiles.
+ if (MORE_DEBUG) {
+ Slog.v(TAG, "dataChanged(" + packageName + ") ignored because it's user "
+ + callingUserHandle);
+ }
+ return;
+ }
+
final HashSet<String> targets = dataChangedTargets(packageName);
if (targets == null) {
Slog.w(TAG, "dataChanged but no participant pkg='" + packageName + "'"
@@ -4937,6 +4950,11 @@
boolean doAllApps, boolean includeSystem, String[] pkgList) {
mContext.enforceCallingPermission(android.Manifest.permission.BACKUP, "fullBackup");
+ final int callingUserHandle = UserId.getCallingUserId();
+ if (callingUserHandle != UserId.USER_OWNER) {
+ throw new IllegalStateException("Backup supported only for the device owner");
+ }
+
// Validate
if (!doAllApps) {
if (!includeShared) {
@@ -5001,6 +5019,11 @@
public void fullRestore(ParcelFileDescriptor fd) {
mContext.enforceCallingPermission(android.Manifest.permission.BACKUP, "fullRestore");
+ final int callingUserHandle = UserId.getCallingUserId();
+ if (callingUserHandle != UserId.USER_OWNER) {
+ throw new IllegalStateException("Restore supported only for the device owner");
+ }
+
long oldId = Binder.clearCallingIdentity();
try {