Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

am 8a4465e8: am 682e0237: am 845d14db: Revert "Permissions: GET_ACCOUNTS permission cleanup"

Browse Source 
* commit '8a4465e8ec7da6bf9dfcec760ebd359c191a0617':
  Revert "Permissions: GET_ACCOUNTS permission cleanup"
This commit is contained in:
Ian Pedowitz
2015-08-04 15:11:51 +00:00
committed by Android Git Automerger
parent a93e7e5e78 8a4465e8ec
commit 573e92fc35
3 changed files with 127 additions and 199 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
core/java/android/accounts/AbstractAccountAuthenticator.java
View File

@@ -138,9 +138,7 @@ public abstract class AbstractAccountAuthenticator {
new AccountAuthenticatorResponse(response),
accountType, authTokenType, features, options);
if (Log.isLoggable(TAG, Log.VERBOSE)) {
if (result != null) {
result.keySet(); // force it to be unparcelled
}
result.keySet(); // force it to be unparcelled
Log.v(TAG, "addAccount: result " + AccountManager.sanitizeResult(result));
}
if (result != null) {
@@ -162,9 +160,7 @@ public abstract class AbstractAccountAuthenticator {
final Bundle result = AbstractAccountAuthenticator.this.confirmCredentials(
new AccountAuthenticatorResponse(response), account, options);
if (Log.isLoggable(TAG, Log.VERBOSE)) {
if (result != null) {
result.keySet(); // force it to be unparcelled
}
result.keySet(); // force it to be unparcelled
Log.v(TAG, "confirmCredentials: result "
+ AccountManager.sanitizeResult(result));
}
@@ -189,9 +185,7 @@ public abstract class AbstractAccountAuthenticator {
result.putString(AccountManager.KEY_AUTH_TOKEN_LABEL,
AbstractAccountAuthenticator.this.getAuthTokenLabel(authTokenType));
if (Log.isLoggable(TAG, Log.VERBOSE)) {
if (result != null) {
result.keySet(); // force it to be unparcelled
}
result.keySet(); // force it to be unparcelled
Log.v(TAG, "getAuthTokenLabel: result "
+ AccountManager.sanitizeResult(result));
}
@@ -215,9 +209,7 @@ public abstract class AbstractAccountAuthenticator {
new AccountAuthenticatorResponse(response), account,
authTokenType, loginOptions);
if (Log.isLoggable(TAG, Log.VERBOSE)) {
if (result != null) {
result.keySet(); // force it to be unparcelled
}
result.keySet(); // force it to be unparcelled
Log.v(TAG, "getAuthToken: result " + AccountManager.sanitizeResult(result));
}
if (result != null) {
@@ -242,10 +234,7 @@ public abstract class AbstractAccountAuthenticator {
new AccountAuthenticatorResponse(response), account,
authTokenType, loginOptions);
if (Log.isLoggable(TAG, Log.VERBOSE)) {
// Result may be null.
if (result != null) {
result.keySet(); // force it to be unparcelled
}
result.keySet(); // force it to be unparcelled
Log.v(TAG, "updateCredentials: result "
+ AccountManager.sanitizeResult(result));
}
@@ -501,7 +490,7 @@ public abstract class AbstractAccountAuthenticator {
* <ul>
* <li> {@link AccountManager#KEY_INTENT}, or
* <li> {@link AccountManager#KEY_ACCOUNT_NAME} and {@link AccountManager#KEY_ACCOUNT_TYPE} of
* the account whose credentials were updated, or
* the account that was added, or
* <li> {@link AccountManager#KEY_ERROR_CODE} and {@link AccountManager#KEY_ERROR_MESSAGE} to
* indicate an error
* </ul>

53
core/java/android/accounts/AccountManager.java
View File

@@ -333,7 +333,7 @@ public class AccountManager {
try {
return mService.getPassword(account);
} catch (RemoteException e) {
// won't ever happen
// will never happen
throw new RuntimeException(e);
}
}
@@ -362,7 +362,7 @@ public class AccountManager {
try {
return mService.getUserData(account, key);
} catch (RemoteException e) {
// won't ever happen
// will never happen
throw new RuntimeException(e);
}
}
@@ -415,10 +415,8 @@ public class AccountManager {
*
* <p>It is safe to call this method from the main thread.
*
* <p>Clients of this method that have not been granted the
* {@link android.Manifest.permission#GET_ACCOUNTS} permission,
* will only see those accounts managed by AbstractAccountAuthenticators whose
* signature matches the client.
* <p>This method requires the caller to hold the permission
* {@link android.Manifest.permission#GET_ACCOUNTS}.
*
* @return An array of {@link Account}, one for each account. Empty
* (never null) if no accounts have been added.
@@ -440,10 +438,8 @@ public class AccountManager {
*
* <p>It is safe to call this method from the main thread.
*
* <p>Clients of this method that have not been granted the
* {@link android.Manifest.permission#GET_ACCOUNTS} permission,
* will only see those accounts managed by AbstractAccountAuthenticators whose
* signature matches the client.
* <p>This method requires the caller to hold the permission
* {@link android.Manifest.permission#GET_ACCOUNTS}.
*
* @return An array of {@link Account}, one for each account. Empty
* (never null) if no accounts have been added.
@@ -470,7 +466,7 @@ public class AccountManager {
try {
return mService.getAccountsForPackage(packageName, uid);
} catch (RemoteException re) {
// won't ever happen
// possible security exception
throw new RuntimeException(re);
}
}
@@ -487,7 +483,7 @@ public class AccountManager {
try {
return mService.getAccountsByTypeForPackage(type, packageName);
} catch (RemoteException re) {
// won't ever happen
// possible security exception
throw new RuntimeException(re);
}
}
@@ -501,10 +497,9 @@ public class AccountManager {
*
* <p>It is safe to call this method from the main thread.
*
* <p>Clients of this method that have not been granted the
* {@link android.Manifest.permission#GET_ACCOUNTS} permission,
* will only see those accounts managed by AbstractAccountAuthenticators whose
* signature matches the client.
* <p>This method requires the caller to hold the permission
* {@link android.Manifest.permission#GET_ACCOUNTS} or share a uid with the
* authenticator that owns the account type.
*
* <p><b>NOTE:</b> If targeting your app to work on API level 22 and before,
* GET_ACCOUNTS permission is needed for those platforms, irrespective of uid
@@ -590,8 +585,7 @@ public class AccountManager {
* {@link AccountManagerFuture} must not be used on the main thread.
*
* <p>This method requires the caller to hold the permission
* {@link android.Manifest.permission#GET_ACCOUNTS} or be a signature
* match with the AbstractAccountAuthenticator that manages the account.
* {@link android.Manifest.permission#GET_ACCOUNTS}.
*
* @param account The {@link Account} to test
* @param features An array of the account features to check
@@ -634,10 +628,9 @@ public class AccountManager {
* <p>This method may be called from any thread, but the returned
* {@link AccountManagerFuture} must not be used on the main thread.
*
* <p>Clients of this method that have not been granted the
* {@link android.Manifest.permission#GET_ACCOUNTS} permission,
* will only see those accounts managed by AbstractAccountAuthenticators whose
* signature matches the client.
* <p>This method requires the caller to hold the permission
* {@link android.Manifest.permission#GET_ACCOUNTS} or share a uid with the
* authenticator that owns the account type.
*
* @param type The type of accounts to return, must not be null
* @param features An array of the account features to require,
@@ -708,7 +701,7 @@ public class AccountManager {
try {
return mService.addAccountExplicitly(account, password, userdata);
} catch (RemoteException e) {
// Can happen if there was a SecurityException was thrown.
// won't ever happen
throw new RuntimeException(e);
}
}
@@ -973,7 +966,7 @@ public class AccountManager {
try {
return mService.removeAccountExplicitly(account);
} catch (RemoteException e) {
// May happen if the caller doesn't match the signature of the authenticator.
// won't ever happen
throw new RuntimeException(e);
}
}
@@ -1121,7 +1114,7 @@ public class AccountManager {
try {
mService.setUserData(account, key, value);
} catch (RemoteException e) {
// Will happen if there is not signature match.
// won't ever happen
throw new RuntimeException(e);
}
}
@@ -1740,7 +1733,7 @@ public class AccountManager {
* with these fields if an activity was supplied and the account
* credentials were successfully updated:
* <ul>
* <li> {@link #KEY_ACCOUNT_NAME} - the name of the account
* <li> {@link #KEY_ACCOUNT_NAME} - the name of the account created
* <li> {@link #KEY_ACCOUNT_TYPE} - the type of the account
* </ul>
*
@@ -2508,13 +2501,11 @@ public class AccountManager {
* listeners are added in an Activity or Service's {@link Activity#onCreate}
* and removed in {@link Activity#onDestroy}.
*
* <p>The listener will only be informed of accounts that would be returned
* to the caller via {@link #getAccounts()}. Typically this means that to
* get any accounts, the caller will need to be grated the GET_ACCOUNTS
* permission.
*
* <p>It is safe to call this method from the main thread.
*
* <p>This method requires the caller to hold the permission
* {@link android.Manifest.permission#GET_ACCOUNTS}.
*
* @param listener The listener to send notifications to
* @param handler {@link Handler} identifying the thread to use
* for notifications, null for the main thread

250
services/core/java/com/android/server/accounts/AccountManagerService.java
View File

@@ -527,14 +527,14 @@ public class AccountManagerService
+ ", pid " + Binder.getCallingPid());
}
if (account == null) throw new IllegalArgumentException("account is null");
int userId = UserHandle.getCallingUserId();
if (!isAccountManagedByCaller(account.type, callingUid, userId)) {
if (!isAccountManagedByCaller(account.type, callingUid)) {
String msg = String.format(
"uid %s cannot get secrets for accounts of type: %s",
callingUid,
account.type);
throw new SecurityException(msg);
}
int userId = UserHandle.getCallingUserId();
long identityToken = clearCallingIdentity();
try {
UserAccounts accounts = getUserAccounts(userId);
@@ -627,14 +627,14 @@ public class AccountManagerService
}
if (account == null) throw new IllegalArgumentException("account is null");
if (key == null) throw new IllegalArgumentException("key is null");
int userId = UserHandle.getCallingUserId();
if (!isAccountManagedByCaller(account.type, callingUid, userId)) {
if (!isAccountManagedByCaller(account.type, callingUid)) {
String msg = String.format(
"uid %s cannot get user data for accounts of type: %s",
callingUid,
account.type);
throw new SecurityException(msg);
}
int userId = UserHandle.getCallingUserId();
long identityToken = clearCallingIdentity();
try {
UserAccounts accounts = getUserAccounts(userId);
@@ -664,32 +664,22 @@ public class AccountManagerService
final long identityToken = clearCallingIdentity();
try {
return getAuthenticatorTypesInternal(userId);
Collection<AccountAuthenticatorCache.ServiceInfo<AuthenticatorDescription>>
authenticatorCollection = mAuthenticatorCache.getAllServices(userId);
AuthenticatorDescription[] types =
new AuthenticatorDescription[authenticatorCollection.size()];
int i = 0;
for (AccountAuthenticatorCache.ServiceInfo<AuthenticatorDescription> authenticator
: authenticatorCollection) {
types[i] = authenticator.type;
i++;
}
return types;
} finally {
restoreCallingIdentity(identityToken);
}
}
/**
* Should only be called inside of a clearCallingIdentity block.
*/
private AuthenticatorDescription[] getAuthenticatorTypesInternal(int userId) {
Collection<AccountAuthenticatorCache.ServiceInfo<AuthenticatorDescription>>
authenticatorCollection = mAuthenticatorCache.getAllServices(userId);
AuthenticatorDescription[] types =
new AuthenticatorDescription[authenticatorCollection.size()];
int i = 0;
for (AccountAuthenticatorCache.ServiceInfo<AuthenticatorDescription> authenticator
: authenticatorCollection) {
types[i] = authenticator.type;
i++;
}
return types;
}
private boolean isCrossUser(int callingUid, int userId) {
return (userId != UserHandle.getCallingUserId()
&& callingUid != Process.myUid()
@@ -707,8 +697,7 @@ public class AccountManagerService
+ ", pid " + Binder.getCallingPid());
}
if (account == null) throw new IllegalArgumentException("account is null");
int userId = UserHandle.getCallingUserId();
if (!isAccountManagedByCaller(account.type, callingUid, userId)) {
if (!isAccountManagedByCaller(account.type, callingUid)) {
String msg = String.format(
"uid %s cannot explicitly add accounts of type: %s",
callingUid,
@@ -724,10 +713,12 @@ public class AccountManagerService
*/
// fails if the account already exists
int uid = getCallingUid();
int userId = UserHandle.getCallingUserId();
long identityToken = clearCallingIdentity();
try {
UserAccounts accounts = getUserAccounts(userId);
return addAccountInternal(accounts, account, password, extras, false, callingUid);
return addAccountInternal(accounts, account, password, extras, false, uid);
} finally {
restoreCallingIdentity(identityToken);
}
@@ -803,26 +794,25 @@ public class AccountManagerService
if (account == null) {
throw new IllegalArgumentException("account is null");
}
int userId = UserHandle.getCallingUserId();
if (!isAccountManagedByCaller(account.type, callingUid, userId)) {
if (!isAccountManagedByCaller(account.type, callingUid)) {
String msg = String.format(
"uid %s cannot notify authentication for accounts of type: %s",
callingUid,
account.type);
throw new SecurityException(msg);
}
int userId = Binder.getCallingUserHandle().getIdentifier();
if (!canUserModifyAccounts(userId) || !canUserModifyAccountsForType(userId, account.type)) {
return false;
}
int user = UserHandle.getCallingUserId();
long identityToken = clearCallingIdentity();
try {
UserAccounts accounts = getUserAccounts(userId);
return updateLastAuthenticatedTime(account);
UserAccounts accounts = getUserAccounts(user);
} finally {
restoreCallingIdentity(identityToken);
}
return updateLastAuthenticatedTime(account);
}
private boolean updateLastAuthenticatedTime(Account account) {
@@ -995,9 +985,8 @@ public class AccountManagerService
if (response == null) throw new IllegalArgumentException("response is null");
if (account == null) throw new IllegalArgumentException("account is null");
if (features == null) throw new IllegalArgumentException("features is null");
checkReadAccountsPermitted(callingUid, account.type);
int userId = UserHandle.getCallingUserId();
checkReadAccountsPermitted(callingUid, account.type, userId);
long identityToken = clearCallingIdentity();
try {
UserAccounts accounts = getUserAccounts(userId);
@@ -1073,14 +1062,14 @@ public class AccountManagerService
+ ", pid " + Binder.getCallingPid());
}
if (accountToRename == null) throw new IllegalArgumentException("account is null");
int userId = UserHandle.getCallingUserId();
if (!isAccountManagedByCaller(accountToRename.type, callingUid, userId)) {
if (!isAccountManagedByCaller(accountToRename.type, callingUid)) {
String msg = String.format(
"uid %s cannot rename accounts of type: %s",
callingUid,
accountToRename.type);
throw new SecurityException(msg);
}
int userId = UserHandle.getCallingUserId();
long identityToken = clearCallingIdentity();
try {
UserAccounts accounts = getUserAccounts(userId);
@@ -1222,15 +1211,14 @@ public class AccountManagerService
* authenticator. This will let users remove accounts (via Settings in the system) but not
* arbitrary applications (like competing authenticators).
*/
UserHandle user = new UserHandle(userId);
if (!isAccountManagedByCaller(account.type, callingUid, user.getIdentifier())
&& !isSystemUid(callingUid)) {
if (!isAccountManagedByCaller(account.type, callingUid) && !isSystemUid(callingUid)) {
String msg = String.format(
"uid %s cannot remove accounts of type: %s",
callingUid,
account.type);
throw new SecurityException(msg);
}
if (!canUserModifyAccounts(userId)) {
try {
response.onError(AccountManager.ERROR_CODE_USER_RESTRICTED,
@@ -1247,7 +1235,10 @@ public class AccountManagerService
}
return;
}
UserHandle user = new UserHandle(userId);
long identityToken = clearCallingIdentity();
UserAccounts accounts = getUserAccounts(userId);
cancelNotification(getSigninRequiredNotificationId(accounts, account), user);
synchronized(accounts.credentialsPermissionNotificationIds) {
@@ -1277,7 +1268,6 @@ public class AccountManagerService
+ ", caller's uid " + callingUid
+ ", pid " + Binder.getCallingPid());
}
int userId = Binder.getCallingUserHandle().getIdentifier();
if (account == null) {
/*
* Null accounts should result in returning false, as per
@@ -1285,18 +1275,22 @@ public class AccountManagerService
*/
Log.e(TAG, "account is null");
return false;
} else if (!isAccountManagedByCaller(account.type, callingUid, userId)) {
} else if (!isAccountManagedByCaller(account.type, callingUid)) {
String msg = String.format(
"uid %s cannot explicitly add accounts of type: %s",
callingUid,
account.type);
throw new SecurityException(msg);
}
UserAccounts accounts = getUserAccountsForCaller();
int userId = Binder.getCallingUserHandle().getIdentifier();
if (!canUserModifyAccounts(userId) || !canUserModifyAccountsForType(userId, account.type)) {
return false;
}
logRecord(accounts, DebugDbHelper.ACTION_CALLED_ACCOUNT_REMOVE, TABLE_ACCOUNTS);
long identityToken = clearCallingIdentity();
try {
return removeAccountInternal(accounts, account);
@@ -1530,14 +1524,14 @@ public class AccountManagerService
}
if (account == null) throw new IllegalArgumentException("account is null");
if (authTokenType == null) throw new IllegalArgumentException("authTokenType is null");
int userId = UserHandle.getCallingUserId();
if (!isAccountManagedByCaller(account.type, callingUid, userId)) {
if (!isAccountManagedByCaller(account.type, callingUid)) {
String msg = String.format(
"uid %s cannot peek the authtokens associated with accounts of type: %s",
callingUid,
account.type);
throw new SecurityException(msg);
}
int userId = UserHandle.getCallingUserId();
long identityToken = clearCallingIdentity();
try {
UserAccounts accounts = getUserAccounts(userId);
@@ -1558,14 +1552,14 @@ public class AccountManagerService
}
if (account == null) throw new IllegalArgumentException("account is null");
if (authTokenType == null) throw new IllegalArgumentException("authTokenType is null");
int userId = UserHandle.getCallingUserId();
if (!isAccountManagedByCaller(account.type, callingUid, userId)) {
if (!isAccountManagedByCaller(account.type, callingUid)) {
String msg = String.format(
"uid %s cannot set auth tokens associated with accounts of type: %s",
callingUid,
account.type);
throw new SecurityException(msg);
}
int userId = UserHandle.getCallingUserId();
long identityToken = clearCallingIdentity();
try {
UserAccounts accounts = getUserAccounts(userId);
@@ -1584,14 +1578,14 @@ public class AccountManagerService
+ ", pid " + Binder.getCallingPid());
}
if (account == null) throw new IllegalArgumentException("account is null");
int userId = UserHandle.getCallingUserId();
if (!isAccountManagedByCaller(account.type, callingUid, userId)) {
if (!isAccountManagedByCaller(account.type, callingUid)) {
String msg = String.format(
"uid %s cannot set secrets for accounts of type: %s",
callingUid,
account.type);
throw new SecurityException(msg);
}
int userId = UserHandle.getCallingUserId();
long identityToken = clearCallingIdentity();
try {
UserAccounts accounts = getUserAccounts(userId);
@@ -1648,14 +1642,14 @@ public class AccountManagerService
+ ", pid " + Binder.getCallingPid());
}
if (account == null) throw new IllegalArgumentException("account is null");
int userId = UserHandle.getCallingUserId();
if (!isAccountManagedByCaller(account.type, callingUid, userId)) {
if (!isAccountManagedByCaller(account.type, callingUid)) {
String msg = String.format(
"uid %s cannot clear passwords for accounts of type: %s",
callingUid,
account.type);
throw new SecurityException(msg);
}
int userId = UserHandle.getCallingUserId();
long identityToken = clearCallingIdentity();
try {
UserAccounts accounts = getUserAccounts(userId);
@@ -1676,14 +1670,14 @@ public class AccountManagerService
}
if (key == null) throw new IllegalArgumentException("key is null");
if (account == null) throw new IllegalArgumentException("account is null");
int userId = UserHandle.getCallingUserId();
if (!isAccountManagedByCaller(account.type, callingUid, userId)) {
if (!isAccountManagedByCaller(account.type, callingUid)) {
String msg = String.format(
"uid %s cannot set user data for accounts of type: %s",
callingUid,
account.type);
throw new SecurityException(msg);
}
int userId = UserHandle.getCallingUserId();
long identityToken = clearCallingIdentity();
try {
UserAccounts accounts = getUserAccounts(userId);
@@ -1846,8 +1840,8 @@ public class AccountManagerService
// skip the check if customTokens
final int callerUid = Binder.getCallingUid();
final boolean permissionGranted =
customTokens || permissionIsGranted(account, authTokenType, callerUid, userId);
final boolean permissionGranted = customTokens ||
permissionIsGranted(account, authTokenType, callerUid);
// Get the calling package. We will use it for the purpose of caching.
final String callerPkg = loginOptions.getString(AccountManager.KEY_ANDROID_PACKAGE_NAME);
@@ -2369,14 +2363,14 @@ public class AccountManagerService
}
if (response == null) throw new IllegalArgumentException("response is null");
if (accountType == null) throw new IllegalArgumentException("accountType is null");
int userId = UserHandle.getCallingUserId();
if (!isAccountManagedByCaller(accountType, callingUid, userId) && !isSystemUid(callingUid)) {
if (!isAccountManagedByCaller(accountType, callingUid) && !isSystemUid(callingUid)) {
String msg = String.format(
"uid %s cannot edit authenticator properites for account type: %s",
callingUid,
accountType);
throw new SecurityException(msg);
}
int userId = UserHandle.getCallingUserId();
long identityToken = clearCallingIdentity();
try {
UserAccounts accounts = getUserAccounts(userId);
@@ -2499,22 +2493,20 @@ public class AccountManagerService
}
/**
* Returns the accounts visible to the client within the context of a specific user
* Returns the accounts for a specific user
* @hide
*/
public Account[] getAccounts(int userId) {
int callingUid = Binder.getCallingUid();
List<String> visibleAccountTypes = getTypesVisibleToCaller(callingUid, userId);
if (visibleAccountTypes.isEmpty()) {
if (!isReadAccountsPermitted(callingUid, null)) {
return new Account[0];
}
long identityToken = clearCallingIdentity();
try {
return getAccountsInternal(
userId,
callingUid,
null, // packageName
visibleAccountTypes);
UserAccounts accounts = getUserAccounts(userId);
synchronized (accounts.cacheLock) {
return getAccountsFromCacheLocked(accounts, null, callingUid, null);
}
} finally {
restoreCallingIdentity(identityToken);
}
@@ -2596,52 +2588,22 @@ public class AccountManagerService
callingUid = packageUid;
}
List<String> visibleAccountTypes = getTypesVisibleToCaller(callingUid, userId);
if (visibleAccountTypes.isEmpty()
|| (type != null && !visibleAccountTypes.contains(type))) {
// Authenticators should be able to see their own accounts regardless of permissions.
if (TextUtils.isEmpty(type) && !isReadAccountsPermitted(callingUid, type)) {
return new Account[0];
} else if (visibleAccountTypes.contains(type)) {
// Prune the list down to just the requested type.
visibleAccountTypes = new ArrayList<>();
visibleAccountTypes.add(type);
} // else aggregate all the visible accounts (it won't matter if the list is empty).
}
long identityToken = clearCallingIdentity();
try {
return getAccountsInternal(
userId,
callingUid,
callingPackage,
visibleAccountTypes);
UserAccounts accounts = getUserAccounts(userId);
synchronized (accounts.cacheLock) {
return getAccountsFromCacheLocked(accounts, type, callingUid, callingPackage);
}
} finally {
restoreCallingIdentity(identityToken);
}
}
private Account[] getAccountsInternal(
int userId,
int callingUid,
String callingPackage,
List<String> visibleAccountTypes) {
UserAccounts accounts = getUserAccounts(userId);
synchronized (accounts.cacheLock) {
UserAccounts userAccounts = getUserAccounts(userId);
ArrayList<Account> visibleAccounts = new ArrayList<>();
for (String visibleType : visibleAccountTypes) {
Account[] accountsForType = getAccountsFromCacheLocked(
userAccounts, visibleType, callingUid, callingPackage);
if (accountsForType != null) {
visibleAccounts.addAll(Arrays.asList(accountsForType));
}
}
Account[] result = new Account[visibleAccounts.size()];
for (int i = 0; i < visibleAccounts.size(); i++) {
result[i] = visibleAccounts.get(i);
}
return result;
}
}
@Override
public boolean addSharedAccountAsUser(Account account, int userId) {
userId = handleIncomingUser(userId);
@@ -2777,12 +2739,8 @@ public class AccountManagerService
}
if (response == null) throw new IllegalArgumentException("response is null");
if (type == null) throw new IllegalArgumentException("accountType is null");
int userId = UserHandle.getCallingUserId();
List<String> visibleAccountTypes = getTypesVisibleToCaller(callingUid, userId);
if (!visibleAccountTypes.contains(type)) {
if (!isReadAccountsPermitted(callingUid, type)) {
Bundle result = new Bundle();
// Need to return just the accounts that are from matching signatures.
result.putParcelableArray(AccountManager.KEY_ACCOUNTS, new Account[0]);
try {
response.onResult(result);
@@ -2791,6 +2749,7 @@ public class AccountManagerService
}
return;
}
int userId = UserHandle.getCallingUserId();
long identityToken = clearCallingIdentity();
try {
UserAccounts userAccounts = getUserAccounts(userId);
@@ -2804,11 +2763,7 @@ public class AccountManagerService
onResult(response, result);
return;
}
new GetAccountsByTypeAndFeatureSession(
userAccounts,
response,
type,
features,
new GetAccountsByTypeAndFeatureSession(userAccounts, response, type, features,
callingUid).bind();
} finally {
restoreCallingIdentity(identityToken);
@@ -3741,11 +3696,10 @@ public class AccountManagerService
return false;
}
private boolean permissionIsGranted(
Account account, String authTokenType, int callerUid, int userId) {
private boolean permissionIsGranted(Account account, String authTokenType, int callerUid) {
final boolean isPrivileged = isPrivileged(callerUid);
final boolean fromAuthenticator = account != null
&& isAccountManagedByCaller(account.type, callerUid, userId);
&& isAccountManagedByCaller(account.type, callerUid);
final boolean hasExplicitGrants = account != null
&& hasExplicitlyGrantedPermission(account, authTokenType, callerUid);
if (Log.isLoggable(TAG, Log.VERBOSE)) {
@@ -3757,45 +3711,23 @@ public class AccountManagerService
return fromAuthenticator || hasExplicitGrants || isPrivileged;
}
private boolean isAccountVisibleToCaller(String accountType, int callingUid, int userId) {
private boolean isAccountManagedByCaller(String accountType, int callingUid) {
if (accountType == null) {
return false;
} else {
return getTypesVisibleToCaller(callingUid, userId).contains(accountType);
}
}
private boolean isAccountManagedByCaller(String accountType, int callingUid, int userId) {
if (accountType == null) {
return false;
} else {
return getTypesManagedByCaller(callingUid, userId).contains(accountType);
}
}
private List<String> getTypesVisibleToCaller(int callingUid, int userId) {
boolean isPermitted =
isPermitted(callingUid, Manifest.permission.GET_ACCOUNTS,
Manifest.permission.GET_ACCOUNTS_PRIVILEGED);
Log.i(TAG, String.format("getTypesVisibleToCaller: isPermitted? %s", isPermitted));
return getTypesForCaller(callingUid, userId, isPermitted);
}
private List<String> getTypesManagedByCaller(int callingUid, int userId) {
return getTypesForCaller(callingUid, userId, false);
}
private List<String> getTypesForCaller(
int callingUid, int userId, boolean isOtherwisePermitted) {
List<String> managedAccountTypes = new ArrayList<>();
final int callingUserId = UserHandle.getUserId(callingUid);
for (RegisteredServicesCache.ServiceInfo<AuthenticatorDescription> serviceInfo :
mAuthenticatorCache.getAllServices(userId)) {
final int sigChk = mPackageManager.checkSignatures(serviceInfo.uid, callingUid);
if (isOtherwisePermitted || sigChk == PackageManager.SIGNATURE_MATCH) {
managedAccountTypes.add(serviceInfo.type.type);
mAuthenticatorCache.getAllServices(callingUserId)) {
if (serviceInfo.type.type.equals(accountType)) {
/*
* We can't simply compare uids because uids can be recycled before the
* authenticator cache is updated.
*/
final int sigChk = mPackageManager.checkSignatures(serviceInfo.uid, callingUid);
return sigChk == PackageManager.SIGNATURE_MATCH;
}
}
return managedAccountTypes;
return false;
}
private boolean isAccountPresentForCaller(String accountName, String accountType) {
@@ -3860,12 +3792,28 @@ public class AccountManagerService
return false;
}
private boolean isReadAccountsPermitted(int callingUid, String accountType) {
/*
* Settings app (which is in the same uid as AcocuntManagerService), apps with the
* GET_ACCOUNTS permission or authenticators that own the account type should be able to
* access accounts of the specified account.
*/
boolean isPermitted =
isPermitted(callingUid, Manifest.permission.GET_ACCOUNTS,
Manifest.permission.GET_ACCOUNTS_PRIVILEGED);
boolean isAccountManagedByCaller = isAccountManagedByCaller(accountType, callingUid);
Log.w(TAG, String.format(
"isReadAccountPermitted: isPermitted: %s, isAM: %s",
isPermitted,
isAccountManagedByCaller));
return isPermitted || isAccountManagedByCaller;
}
/** Succeeds if any of the specified permissions are granted. */
private void checkReadAccountsPermitted(
int callingUid,
String accountType,
int userId) {
if (!isAccountVisibleToCaller(accountType, callingUid, userId)) {
String accountType) {
if (!isReadAccountsPermitted(callingUid, accountType)) {
String msg = String.format(
"caller uid %s cannot access %s accounts",
callingUid,