diff --git a/api/current.txt b/api/current.txt
index 207a25dc369d5..a1b587e46606d 100644
--- a/api/current.txt
+++ b/api/current.txt
@@ -2210,6 +2210,7 @@ package android.accounts {
     field public static final java.lang.String AUTHENTICATOR_ATTRIBUTES_NAME = "account-authenticator";
     field public static final java.lang.String AUTHENTICATOR_META_DATA_NAME = "android.accounts.AccountAuthenticator";
     field public static final int ERROR_CODE_BAD_ARGUMENTS = 7; // 0x7
+    field public static final int ERROR_CODE_BAD_AUTHENTICATION = 9; // 0x9
     field public static final int ERROR_CODE_BAD_REQUEST = 8; // 0x8
     field public static final int ERROR_CODE_CANCELED = 4; // 0x4
     field public static final int ERROR_CODE_INVALID_RESPONSE = 5; // 0x5
diff --git a/core/java/android/accounts/AccountManager.java b/core/java/android/accounts/AccountManager.java
index 313260f65f9f4..81aa504e941ab 100644
--- a/core/java/android/accounts/AccountManager.java
+++ b/core/java/android/accounts/AccountManager.java
@@ -151,6 +151,7 @@ public class AccountManager {
     public static final int ERROR_CODE_UNSUPPORTED_OPERATION = 6;
     public static final int ERROR_CODE_BAD_ARGUMENTS = 7;
     public static final int ERROR_CODE_BAD_REQUEST = 8;
+    public static final int ERROR_CODE_BAD_AUTHENTICATION = 9;
 
     /** @hide */
     public static final int ERROR_CODE_USER_RESTRICTED = 100;
@@ -964,10 +965,10 @@ public class AccountManager {
      */
     @Deprecated
     public AccountManagerFuture<Bundle> getAuthToken(
-            final Account account, final String authTokenType, 
+            final Account account, final String authTokenType,
             final boolean notifyAuthFailure,
             AccountManagerCallback<Bundle> callback, Handler handler) {
-        return getAuthToken(account, authTokenType, null, notifyAuthFailure, callback, 
+        return getAuthToken(account, authTokenType, null, notifyAuthFailure, callback,
                 handler);
     }
 
diff --git a/services/java/com/android/server/accounts/AccountManagerService.java b/services/java/com/android/server/accounts/AccountManagerService.java
index 03679a56a7967..944bf33b02677 100644
--- a/services/java/com/android/server/accounts/AccountManagerService.java
+++ b/services/java/com/android/server/accounts/AccountManagerService.java
@@ -541,6 +541,7 @@ public class AccountManagerService
         }
     }
 
+    @Override
     public boolean addAccount(Account account, String password, Bundle extras) {
         if (Log.isLoggable(TAG, Log.VERBOSE)) {
             Log.v(TAG, "addAccount: " + account
@@ -549,9 +550,13 @@ public class AccountManagerService
         }
         if (account == null) throw new IllegalArgumentException("account is null");
         checkAuthenticateAccountsPermission(account);
-        if (!canUserModifyAccounts(Binder.getCallingUid())) {
-            return false;
-        }
+        /*
+         * Child users are not allowed to add accounts. Only the accounts that are
+         * shared by the parent profile can be added to child profile.
+         *
+         * TODO: Only allow accounts that were shared to be added by
+         *     a limited user.
+         */
 
         UserAccounts accounts = getUserAccountsForCaller();
         // fails if the account already exists
@@ -588,12 +593,9 @@ public class AccountManagerService
                         if (result.getBoolean(AccountManager.KEY_BOOLEAN_RESULT, false)) {
                             // Create a Session for the target user and pass in the bundle
                             completeCloningAccount(result, account, toAccounts);
-                        } else {
-                            clonePassword(fromAccounts, toAccounts, account);
                         }
                         return;
                     } else {
-                        clonePassword(fromAccounts, toAccounts, account);
                         super.onResult(result);
                     }
                 }
@@ -604,23 +606,6 @@ public class AccountManagerService
         return true;
     }
 
-    // TODO: Remove fallback - move to authenticator
-    private void clonePassword(UserAccounts fromAccounts, UserAccounts toAccounts,
-            Account account) {
-        long id = clearCallingIdentity();
-        try {
-            String password = readPasswordInternal(fromAccounts, account);
-            String extraFlags = readUserDataInternal(fromAccounts, account, "flags");
-            String extraServices = readUserDataInternal(fromAccounts, account, "services");
-            Bundle extras = new Bundle();
-            extras.putString("flags", extraFlags);
-            extras.putString("services", extraServices);
-            addAccountInternal(toAccounts, account, password, extras, true);
-        } finally {
-            restoreCallingIdentity(id);
-        }
-    }
-
     void completeCloningAccount(final Bundle result, final Account account,
             final UserAccounts targetUser) {
         long id = clearCallingIdentity();