Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "Package checks for resloving recovery tokens should be user sensitive." into klp-dev

Browse Source
This commit is contained in:
Carlos Valdivia
2013-10-15 01:45:45 +00:00
committed by Android (Google) Code Review
parent cf8a6ca9aa 416747aea1
commit cdb9ea79a5
1 changed files with 13 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
services/java/com/android/server/accounts/AccountManagerService.java
View File

@@ -2167,15 +2167,20 @@ public class AccountManagerService
* this can be very bad when those apps are in the system like * this can be very bad when those apps are in the system like
* the System Settings. * the System Settings.
*/ */
PackageManager pm = mContext.getPackageManager();
ResolveInfo resolveInfo = pm.resolveActivity(intent, 0);
int targetUid = resolveInfo.activityInfo.applicationInfo.uid;
int authenticatorUid = Binder.getCallingUid(); int authenticatorUid = Binder.getCallingUid();
if (PackageManager.SIGNATURE_MATCH != long bid = Binder.clearCallingIdentity();
pm.checkSignatures(authenticatorUid, targetUid)) { try {
throw new SecurityException( PackageManager pm = mContext.getPackageManager();
"Activity to be started with KEY_INTENT must " + ResolveInfo resolveInfo = pm.resolveActivityAsUser(intent, 0, mAccounts.userId);
"share Authenticator's signatures"); int targetUid = resolveInfo.activityInfo.applicationInfo.uid;
if (PackageManager.SIGNATURE_MATCH !=
pm.checkSignatures(authenticatorUid, targetUid)) {
throw new SecurityException(
"Activity to be started with KEY_INTENT must " +
"share Authenticator's signatures");
}
} finally {
Binder.restoreCallingIdentity(bid);
} }
} }
if (result != null if (result != null