Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "Clear calling identity before getUserAccounts in AccountManagerService" into oc-dev

Browse Source
This commit is contained in:
TreeHugger Robot
2017-04-05 20:18:38 +00:00
committed by Android (Google) Code Review
parent ae23290ef5 5c80debe86
commit 8c9f966eab
2 changed files with 61 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

87
services/core/java/com/android/server/accounts/AccountManagerService.java
View File

@@ -427,14 +427,13 @@ public class AccountManagerService
public boolean addAccountExplicitlyWithVisibility(Account account, String password,
Bundle extras, Map packageToVisibility) {
Bundle.setDefusable(extras, true);
final int callingUid = Binder.getCallingUid();
int callingUid = Binder.getCallingUid();
int userId = UserHandle.getCallingUserId();
if (Log.isLoggable(TAG, Log.VERBOSE)) {
Log.v(TAG, "addAccountExplicitly: " + account + ", caller's uid " + callingUid
+ ", pid " + Binder.getCallingPid());
}
Preconditions.checkNotNull(account, "account cannot be null");
int userId = UserHandle.getCallingUserId();
if (!isAccountManagedByCaller(account.type, callingUid, userId)) {
String msg = String.format("uid %s cannot explicitly add accounts of type: %s",
callingUid, account.type);
@@ -461,9 +460,9 @@ public class AccountManagerService
public Map<Account, Integer> getAccountsAndVisibilityForPackage(String packageName,
String accountType) {
int callingUid = Binder.getCallingUid();
int userId = UserHandle.getCallingUserId();
boolean isSystemUid = UserHandle.isSameApp(callingUid, Process.SYSTEM_UID);
List<String> managedTypes =
getTypesForCaller(callingUid, UserHandle.getUserId(callingUid), isSystemUid);
List<String> managedTypes = getTypesForCaller(callingUid, userId, isSystemUid);
if ((accountType != null && !managedTypes.contains(accountType))
|| (accountType == null && !isSystemUid)) {
@@ -478,8 +477,9 @@ public class AccountManagerService
long identityToken = clearCallingIdentity();
try {
UserAccounts accounts = getUserAccounts(userId);
return getAccountsAndVisibilityForPackage(packageName, managedTypes, callingUid,
getUserAccounts(UserHandle.getUserId(callingUid)));
accounts);
} finally {
restoreCallingIdentity(identityToken);
}
@@ -490,12 +490,8 @@ public class AccountManagerService
*/
private Map<Account, Integer> getAccountsAndVisibilityForPackage(String packageName,
List<String> accountTypes, Integer callingUid, UserAccounts accounts) {
int uid = 0;
try {
uid = mPackageManager.getPackageUidAsUser(packageName,
UserHandle.getUserId(callingUid));
} catch (NameNotFoundException e) {
Log.d(TAG, "Package not found " + e.getMessage());
if (!packageExistsForUser(packageName, accounts.userId)) {
Log.d(TAG, "Package not found " + packageName);
return new LinkedHashMap<>();
}
@@ -520,19 +516,26 @@ public class AccountManagerService
public Map<String, Integer> getPackagesAndVisibilityForAccount(Account account) {
Preconditions.checkNotNull(account, "account cannot be null");
int callingUid = Binder.getCallingUid();
int userId = UserHandle.getUserId(callingUid);
UserAccounts accounts = getUserAccounts(userId);
int userId = UserHandle.getCallingUserId();
if (!isAccountManagedByCaller(account.type, callingUid, userId)
&& !isSystemUid(callingUid)) {
String msg =
String.format("uid %s cannot get secrets for account %s", callingUid, account);
throw new SecurityException(msg);
}
synchronized (accounts.dbLock) {
synchronized (accounts.cacheLock) {
return getPackagesAndVisibilityForAccountLocked(account, accounts);
long identityToken = clearCallingIdentity();
try {
UserAccounts accounts = getUserAccounts(userId);
synchronized (accounts.dbLock) {
synchronized (accounts.cacheLock) {
return getPackagesAndVisibilityForAccountLocked(account, accounts);
}
}
} finally {
restoreCallingIdentity(identityToken);
}
}
/**
@@ -560,8 +563,8 @@ public class AccountManagerService
Preconditions.checkNotNull(account, "account cannot be null");
Preconditions.checkNotNull(packageName, "packageName cannot be null");
int callingUid = Binder.getCallingUid();
UserAccounts accounts = getUserAccounts(UserHandle.getUserId(callingUid));
if (!isAccountManagedByCaller(account.type, callingUid, accounts.userId)
int userId = UserHandle.getCallingUserId();
if (!isAccountManagedByCaller(account.type, callingUid, userId)
&& !isSystemUid(callingUid)) {
String msg = String.format(
"uid %s cannot get secrets for accounts of type: %s",
@@ -569,7 +572,13 @@ public class AccountManagerService
account.type);
throw new SecurityException(msg);
}
return resolveAccountVisibility(account, packageName, accounts);
long identityToken = clearCallingIdentity();
try {
UserAccounts accounts = getUserAccounts(userId);
return resolveAccountVisibility(account, packageName, accounts);
} finally {
restoreCallingIdentity(identityToken);
}
}
/**
@@ -708,8 +717,8 @@ public class AccountManagerService
Preconditions.checkNotNull(account, "account cannot be null");
Preconditions.checkNotNull(packageName, "packageName cannot be null");
int callingUid = Binder.getCallingUid();
UserAccounts accounts = getUserAccounts(UserHandle.getUserId(callingUid));
if (!isAccountManagedByCaller(account.type, callingUid, accounts.userId)
int userId = UserHandle.getCallingUserId();
if (!isAccountManagedByCaller(account.type, callingUid, userId)
&& !isSystemUid(callingUid)) {
String msg = String.format(
"uid %s cannot get secrets for accounts of type: %s",
@@ -717,8 +726,14 @@ public class AccountManagerService
account.type);
throw new SecurityException(msg);
}
return setAccountVisibility(account, packageName, newVisibility, true /* notify */,
long identityToken = clearCallingIdentity();
try {
UserAccounts accounts = getUserAccounts(userId);
return setAccountVisibility(account, packageName, newVisibility, true /* notify */,
accounts);
} finally {
restoreCallingIdentity(identityToken);
}
}
/**
@@ -805,8 +820,15 @@ public class AccountManagerService
public void registerAccountListener(String[] accountTypes, String opPackageName) {
int callingUid = Binder.getCallingUid();
mAppOpsManager.checkPackage(callingUid, opPackageName);
registerAccountListener(accountTypes, opPackageName,
getUserAccounts(UserHandle.getUserId(callingUid)));
int userId = UserHandle.getCallingUserId();
long identityToken = clearCallingIdentity();
try {
UserAccounts accounts = getUserAccounts(userId);
registerAccountListener(accountTypes, opPackageName, accounts);
} finally {
restoreCallingIdentity(identityToken);
}
}
private void registerAccountListener(String[] accountTypes, String opPackageName,
@@ -832,7 +854,18 @@ public class AccountManagerService
public void unregisterAccountListener(String[] accountTypes, String opPackageName) {
int callingUid = Binder.getCallingUid();
mAppOpsManager.checkPackage(callingUid, opPackageName);
UserAccounts accounts = getUserAccounts(UserHandle.getUserId(callingUid));
int userId = UserHandle.getCallingUserId();
long identityToken = clearCallingIdentity();
try {
UserAccounts accounts = getUserAccounts(userId);
unregisterAccountListener(accountTypes, opPackageName, accounts);
} finally {
restoreCallingIdentity(identityToken);
}
}
private void unregisterAccountListener(String[] accountTypes, String opPackageName,
UserAccounts accounts) {
synchronized (accounts.mReceiversForType) {
if (accountTypes == null) {
// null for any type
@@ -903,7 +936,7 @@ public class AccountManagerService
long identityToken = clearCallingIdentity();
try {
mPackageManager.getPackageUidAsUser(packageName, userId);
return true; // package exist
return true;
} finally {
restoreCallingIdentity(identityToken);
}

2
services/tests/servicestests/src/com/android/server/accounts/AccountsDbTest.java
View File

@@ -149,7 +149,7 @@ public class AccountsDbTest {
// 2nd account
Account account2 = new Account("name", "example2.com");
long accId2 = mAccountsDb.insertCeAccount(account2, "password");
mAccountsDb.insertDeAccount(account2, accId);
mAccountsDb.insertDeAccount(account2, accId2);
mAccountsDb.insertAuthToken(accId2, "type", "token");
mAccountsDb.deleteAuthTokensByAccountId(accId2);