base

Fix security hole in Google backup transport registration

Previously, it was conceivable that a 3rd party application on a non-GED
device could publish a service that supported the (hidden) IBackupTransport
interface and spoofed the Google backup transport's package and component
name.  This could allow it to secretly intercept all data moved through the
backup mechanism.

Fix by ensuring that the package in question exists and is part of the
OS itself (FLAG_SYSTEM in its ApplicationInfo description) before binding
to it.

Fixes bug #2457063

Change-Id: I3487572be45c2014fa209beacfe3ac6f8270f872