-
Notifications
You must be signed in to change notification settings - Fork 73
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Backup work profile (Shelter) #77
Comments
Hey! I'm thinking this is what you may be looking for: https://github.com/aosp-mirror/platform_packages_apps_settings/blob/master/src/com/android/settings/backup/BackupSettingsHelper.java#L216 Untested, but looks right to me. Let me know if changing that works for you. If it's not there, I would guess it's somewhere around there. |
Looks promising. I will patch this function to always return true and enable logging in my next build for the 2020-04-05 security patch. For reference, logcat shows $ adb logcat -v year,uid,color -s BackupSettingsHelper
--------- beginning of system
--------- beginning of crash
--------- beginning of main
2020-03-13 22:15:18.781 1101000 7049 7049 E BackupSettingsHelper: Backup transport has not provided an intent or the component for the intent is not found! I will report back. |
Will close this for now, if you find a good solution I can add it to the documentation so those interested can consider applying the patch. Thanks for bringing this to our attention. |
The patch:
Does not fully work unfortunately. I don’t get "Disabled by admin" anymore, but a blank screen with only the title "Backup". As if Seedvault was not installed. But I checked, it is installed for the work profile. Note that the blank screen is the same behavior of AOSP without Google stuff when no Seedvault is integrated into the built. So it seems Android does not quite get that Seedvault should also be responsible for the work profile. From the debug log, we see that
|
I'll re-open this in case anyone else is having this issue and wants to contribute. It sounds to me like the backup transport is not set for that user. However, I'm not sure if the backup transport setting is per user. There could be other code affecting the backup transport settings for non-admin profiles somewhere else as well. |
You might need to set the backup transport for the current user. This sounds like it is set to |
Check the @chirayudesai is there maybe a way to set the transport automatically for all users, so they don't end up in that empty activity? |
@grote probably, need to check. Will it work with other users though? We should test that before we enable it. |
It should work™, but yeah we should do our own tests before enabling this in production. If it works, that's probably something for an OEM documentation. |
Oh you know, this could also be useful for testing on the same device. I can add the restore activity to the per-user setupwizard. Then you can just create a new user, and then restore a backup made on the main/other user. |
What I've tried:
There even seems to be a different view on internal storage, so if you back up to that, the files don't conflict between users. @ypid can you confirm that this work for you? Please let us know if there's other issues with Seedvault in different user-profiles! |
I now also tried the Shelter app (which is pretty sweet btw.). There @chirayudesai the activate and transport set steps ideally are something that we can automatically to on a ROM level for all current and future users maybe? |
Yes now that you've confirmed it works we should do that. Did you try restoring? I think we could do it for 11, and just document the steps you did for 10 if that's fine. |
A full restore works, but I couldn't get Auto-Restore to work. There's not really any clues in the log, just that the system tries all(?) users for a backup agent of the package I am restoring, but then doing nothing. This might be unrelated as I couldn't get it to work in the personal/main profile. |
So that's strange: Auto-Restore for the owner profile only started to work again after I deleted the users manually with Might be an AOSP bug since backup multi-user support was only introduced in Android 10 with a few commits and not touched since. Also, this is all system APIs, Seedvault isn't even called at that point. |
@grote With your help, I managed to enable Seedvault for a new user. But not for my work profile. Testing was done on AOSP 10.
I could imaging that the issue I cannot activate the Backup service for my work profile is because I installed Seedvault after setting up the work profile. I will test this when I will start working on Android 11. |
The I tested this on a |
I have the exact same
Pixel3a running CalyxOS. Is there any info I can collect to troubleshoot? |
Checking the logs makes sense of course :) I disabled the second user again:
adb shell bmgr --user 10 enable true
adb shell bmgr --user 10 activate true
[Logcat output is very similar. I diffed it. D AndroidRuntime: >>>>>> START com.android.internal.os.RuntimeInit uid 2000 <<<<<<
+W app_process: type=1400 audit(0.0:15256): avc: denied { read } for name="u:object_r:device_config_runtime_native_boot_prop:s0" dev="tmpfs" ino=21722 scontext=u:r:shell:s0 tcontext=u:object_r:device_config_runtime_native_boot_prop:s0 tclass=file permissive=0
E libc : Access denied finding property "persist.device_config.runtime_native_boot.enable_apex_image"
I AndroidRuntime: Using default boot image
E libc : Access denied finding property "persist.device_config.runtime_native_boot.disable_lock_profiling"
I AndroidRuntime: Leaving lock profiling enabled
E libc : Access denied finding property "persist.device_config.runtime_native_boot.enable_generational_cc"
-W app_process: type=1400 audit(0.0:15267): avc: denied { read } for name="u:object_r:device_config_runtime_native_boot_prop:s0" dev="tmpfs" ino=21722 scontext=u:r:shell:s0 tcontext=u:object_r:device_config_runtime_native_boot_prop:s0 tclass=file permissive=0
+W app_process: type=1400 audit(0.0:15257): avc: denied { read } for name="u:object_r:device_config_runtime_native_boot_prop:s0" dev="tmpfs" ino=21722 scontext=u:r:shell:s0 tcontext=u:object_r:device_config_runtime_native_boot_prop:s0 tclass=file permissive=0
D ICU : Time zone APEX file found: /apex/com.android.tzdata/etc/icu/icu_tzdata.dat
I app_process: The ClassLoaderContext is a special shared library.
W app_process: JNI RegisterNativeMethods: attempt to register 0 native methods for android.media.AudioAttributes
D AndroidRuntime: Calling main entry com.android.commands.bmgr.Bmgr
-V Bmgr : Running activate for user:10
+V Bmgr : Running enable for user:10
D AndroidRuntime: Shutting down VM I am still running on the same exact build and only removed the user, but I now get
That is what I had in mind. I will probably test with a userdebug build when I get into Android 11 migration work. So you might have cheated :) |
Had a chat with the Shelter dev. The problem is probably https://developer.android.com/reference/android/app/admin/DevicePolicyManager#setBackupServiceEnabled(android.content.ComponentName,%20boolean) |
Yeah, if Shelter could add an option to enable backups (or just do it unconditionally) that would be best I guess. @ypid thanks for the logs and research. That sounds like something @chirayudesai might want to look into. |
I guess we could close this, right? |
Hi, this was the first search result for "backup work profile" in duckduckgo-privacybrowser...does that mean it's currently impossible to back up a work profile, making impossible to try other sandboxing apps (for example, switching from shelter to insular to see if insular supports updating apps that are frozen but aren't cloned), without loosing every app, file, etc, in ones work profile? |
https://review.calyxos.org/c/CalyxOS/platform_packages_apps_Settings/+/3478 I successfully backed up a work profile to internal storage using the patch above. Now the question is about restoring it. Additionally I noticed that backing up to USB was not available on the work profile |
By default, Android exposes USB devices only to the main user. In order to query, read and write to it, the signature permission INTERACT_ACROSS_USERS_FULL (optional) is granted to create Seedvault's context as the system user. Issue: calyxos#437 Issue: #77 Change-Id: I0b1b4c8c5aeeb226419ff94e15f631ebe1db66df
By default, Android exposes USB devices only to the main user. In order to query, read and write to it, the signature permission INTERACT_ACROSS_USERS_FULL (optional) is granted to create Seedvault's context as the system user. Issue: calyxos#437 Issue: seedvault-app/seedvault#77 Change-Id: I0b1b4c8c5aeeb226419ff94e15f631ebe1db66df
closing as per #77 (comment) work profile support for seedvault in calyxos has improved a lot since then |
Hi,
I have setup a Android work profile so when I open System -> Backup, the settings app asks in which profile the Seedvault should be opened. Personal profile works as intended. But when I select "Work", it says "Disabled by admin". I am the admin and I did not disable it :) I did a quick grep over
frameworks/base
, Internet search and logcat. No obvious setting. Do you see a trick to patch Android so that backing up the work profile works?Keep up the good work!
The text was updated successfully, but these errors were encountered: