Loading core/java/android/app/backup/BackupAgent.java +19 −9 Original line number Original line Diff line number Diff line Loading @@ -440,22 +440,32 @@ public abstract class BackupAgent extends ContextWrapper { basePath = getCacheDir().getCanonicalPath(); basePath = getCacheDir().getCanonicalPath(); } else { } else { // Not a supported location // Not a supported location Log.i(TAG, "Data restored from non-app domain " + domain + ", ignoring"); Log.i(TAG, "Unrecognized domain " + domain); } } // Now that we've figured out where the data goes, send it on its way // Now that we've figured out where the data goes, send it on its way if (basePath != null) { if (basePath != null) { // Canonicalize the nominal path and verify that it lies within the stated domain File outFile = new File(basePath, path); File outFile = new File(basePath, path); if (DEBUG) Log.i(TAG, "[" + domain + " : " + path + "] mapped to " + outFile.getPath()); String outPath = outFile.getCanonicalPath(); if (outPath.startsWith(basePath + File.separatorChar)) { if (DEBUG) Log.i(TAG, "[" + domain + " : " + path + "] mapped to " + outPath); onRestoreFile(data, size, outFile, type, mode, mtime); onRestoreFile(data, size, outFile, type, mode, mtime); return; } else { } else { // Not a supported output location? We need to consume the data // Attempt to restore to a path outside the file's nominal domain. if (DEBUG) { Log.e(TAG, "Cross-domain restore attempt: " + outPath); } } } // Not a supported output location, or bad path: we need to consume the data // anyway, so just use the default "copy the data out" implementation // anyway, so just use the default "copy the data out" implementation // with a null destination. // with a null destination. if (DEBUG) Log.i(TAG, "[ skipping data from unsupported domain " + domain + "]"); if (DEBUG) Log.i(TAG, "[ skipping file " + path + "]"); FullBackup.restoreFile(data, size, type, mode, mtime, null); FullBackup.restoreFile(data, size, type, mode, mtime, null); } } } // ----- Core implementation ----- // ----- Core implementation ----- Loading Loading
core/java/android/app/backup/BackupAgent.java +19 −9 Original line number Original line Diff line number Diff line Loading @@ -440,22 +440,32 @@ public abstract class BackupAgent extends ContextWrapper { basePath = getCacheDir().getCanonicalPath(); basePath = getCacheDir().getCanonicalPath(); } else { } else { // Not a supported location // Not a supported location Log.i(TAG, "Data restored from non-app domain " + domain + ", ignoring"); Log.i(TAG, "Unrecognized domain " + domain); } } // Now that we've figured out where the data goes, send it on its way // Now that we've figured out where the data goes, send it on its way if (basePath != null) { if (basePath != null) { // Canonicalize the nominal path and verify that it lies within the stated domain File outFile = new File(basePath, path); File outFile = new File(basePath, path); if (DEBUG) Log.i(TAG, "[" + domain + " : " + path + "] mapped to " + outFile.getPath()); String outPath = outFile.getCanonicalPath(); if (outPath.startsWith(basePath + File.separatorChar)) { if (DEBUG) Log.i(TAG, "[" + domain + " : " + path + "] mapped to " + outPath); onRestoreFile(data, size, outFile, type, mode, mtime); onRestoreFile(data, size, outFile, type, mode, mtime); return; } else { } else { // Not a supported output location? We need to consume the data // Attempt to restore to a path outside the file's nominal domain. if (DEBUG) { Log.e(TAG, "Cross-domain restore attempt: " + outPath); } } } // Not a supported output location, or bad path: we need to consume the data // anyway, so just use the default "copy the data out" implementation // anyway, so just use the default "copy the data out" implementation // with a null destination. // with a null destination. if (DEBUG) Log.i(TAG, "[ skipping data from unsupported domain " + domain + "]"); if (DEBUG) Log.i(TAG, "[ skipping file " + path + "]"); FullBackup.restoreFile(data, size, type, mode, mtime, null); FullBackup.restoreFile(data, size, type, mode, mtime, null); } } } // ----- Core implementation ----- // ----- Core implementation ----- Loading
