Merge "Separate allow lists for profile and full non-system users."

        mPackageManagerBinder = AppGlobals.getPackageManager();

        mActivityManager = ActivityManager.getService();

        mActivityManagerInternal = LocalServices.getService(ActivityManagerInternal.class);

        mScheduledBackupEligibility = getEligibilityRules(mPackageManager, userId,

        mScheduledBackupEligibility = getEligibilityRules(mPackageManager, userId, mContext,

                BackupDestination.CLOUD);

        mAlarmManager = (AlarmManager) context.getSystemService(Context.ALARM_SERVICE);

    public BackupEligibilityRules getEligibilityRulesForOperation(

            @BackupDestination int backupDestination) {

        return getEligibilityRules(mPackageManager, mUserId, backupDestination);

        return getEligibilityRules(mPackageManager, mUserId, mContext, backupDestination);

    }

    private static BackupEligibilityRules getEligibilityRules(PackageManager packageManager,

            int userId, @BackupDestination int backupDestination) {

            int userId, Context context, @BackupDestination int backupDestination) {

        return new BackupEligibilityRules(packageManager,

                LocalServices.getService(PackageManagerInternal.class), userId, backupDestination);

                LocalServices.getService(PackageManagerInternal.class), userId, context,

                backupDestination);

    }

    /** Prints service state for 'dumpsys backup'. */

            BackupEligibilityRules eligibilityRules = new BackupEligibilityRules(

                    mBackupManagerService.getPackageManager(),

                    LocalServices.getService(PackageManagerInternal.class),

                    mBackupManagerService.getUserId(), BackupDestination.ADB_BACKUP);

                    mBackupManagerService.getUserId(),

                    mBackupManagerService.getContext(),

                    BackupDestination.ADB_BACKUP);

            FullRestoreEngine mEngine = new FullRestoreEngine(mBackupManagerService,

                    mOperationStorage, null, mObserver, null, null,

                    true, 0 /*unused*/, true, eligibilityRules);

import android.compat.annotation.ChangeId;

import android.compat.annotation.EnabledSince;

import android.compat.annotation.Overridable;

import android.content.Context;

import android.content.pm.ApplicationInfo;

import android.content.pm.PackageInfo;

import android.content.pm.PackageManager;

import android.content.pm.SigningInfo;

import android.os.Build;

import android.os.UserHandle;

import android.os.UserManager;

import android.util.Slog;

import com.android.internal.annotations.VisibleForTesting;

import com.android.internal.util.ArrayUtils;

import com.android.server.backup.SetUtils;

import com.android.server.backup.transport.BackupTransportClient;

import com.android.server.backup.transport.TransportConnection;

 */

public class BackupEligibilityRules {

    private static final boolean DEBUG = false;

    // List of system packages that are eligible for backup in non-system users.

    private static final Set<String> systemPackagesAllowedForAllUsers = Sets.newArraySet(

            PACKAGE_MANAGER_SENTINEL, PLATFORM_PACKAGE_NAME, WALLPAPER_PACKAGE, SETTINGS_PACKAGE);

    /**

     * List of system packages that are eligible for backup in "profile" users (such as work

     * profile). See {@link UserManager#isProfile()}. This is a subset of {@link

     * #systemPackagesAllowedForNonSystemUsers}

     */

    private static final Set<String> systemPackagesAllowedForProfileUser =

            Sets.newArraySet(PACKAGE_MANAGER_SENTINEL, PLATFORM_PACKAGE_NAME);

    /**

     * List of system packages that are eligible for backup in non-system users.

     */

    private static final Set<String> systemPackagesAllowedForNonSystemUsers = SetUtils.union(

            systemPackagesAllowedForProfileUser,

            Sets.newArraySet(WALLPAPER_PACKAGE, SETTINGS_PACKAGE));

    private final PackageManager mPackageManager;

    private final PackageManagerInternal mPackageManagerInternal;

    private final int mUserId;

    private boolean mIsProfileUser = false;

    @BackupDestination  private final int mBackupDestination;

    /**

    public static BackupEligibilityRules forBackup(PackageManager packageManager,

            PackageManagerInternal packageManagerInternal,

            int userId) {

        return new BackupEligibilityRules(packageManager, packageManagerInternal, userId,

            int userId,

            Context context) {

        return new BackupEligibilityRules(packageManager, packageManagerInternal, userId, context,

                BackupDestination.CLOUD);

    }

    public BackupEligibilityRules(PackageManager packageManager,

            PackageManagerInternal packageManagerInternal,

            int userId,

            Context context,

            @BackupDestination int backupDestination) {

        mPackageManager = packageManager;

        mPackageManagerInternal = packageManagerInternal;

        mUserId = userId;

        mBackupDestination = backupDestination;

        UserManager userManager = context.getSystemService(UserManager.class);

        mIsProfileUser = userManager.isProfile();

    }

    /**

        // 2. they run as a system-level uid

        if (UserHandle.isCore(app.uid)) {

            // and the backup is happening for a non-system user on a package that is not explicitly

            // allowed.

            if (mUserId != UserHandle.USER_SYSTEM

                    && !systemPackagesAllowedForAllUsers.contains(app.packageName)) {

            // and the backup is happening for a non-system user or profile on a package that is

            // not explicitly allowed.

            if (mUserId != UserHandle.USER_SYSTEM) {

                if (mIsProfileUser && !systemPackagesAllowedForProfileUser.contains(

                        app.packageName)) {

                    return false;

                }

                if (!mIsProfileUser && !systemPackagesAllowedForNonSystemUsers.contains(

                        app.packageName)) {

                    return false;

                }

            }

            // or do not supply their own backup agent

            if (app.backupAgentName == null) {

                            PackageManagerInternal pmi = LocalServices.getService(

                                    PackageManagerInternal.class);

                            BackupEligibilityRules eligibilityRules =

                                    BackupEligibilityRules.forBackup(packageManager, pmi, userId);

                                    BackupEligibilityRules.forBackup(packageManager, pmi, userId,

                                            context);

                            if (eligibilityRules.signaturesMatch(sigs, pkg)) {

                                // If this is a system-uid app without a declared backup agent,

                                // don't restore any of the file data.

/*

 * Copyright (C) 2023 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

package com.android.server.backup.utils;

import java.util.HashSet;

import java.util.Set;

/**

 * Helper class containing common operation on {@link java.util.Set}.

 */

public final class SetUtils {

    // Statics only

    private SetUtils() {}

    /**

     * Returns union of two sets.

     */

    public static <T> Set<T> union(Set<T> set1, Set<T> set2) {

        Set<T> unionSet = new HashSet<>(set1);

        unionSet.addAll(set2);

        return unionSet;

    }

}