DO NOT MERGE. KEY_INTENT shouldn't grant permissions.

am: 04b96d76a9 Change-Id: Ie2ae7f5071a534e1245c92293014963c8e4187ca
2017-10-11 20:32:40 +00:00
parent a4f6ca3e77 04b96d76a9
commit d20cad62ee
1 changed files with 10 additions and 0 deletions
--- a/services/core/java/com/android/server/accounts/AccountManagerService.java
+++ b/services/core/java/com/android/server/accounts/AccountManagerService.java
@@ -2000,6 +2000,11 @@ public class AccountManagerService

                        Intent intent = result.getParcelable(AccountManager.KEY_INTENT);
                        if (intent != null && notifyOnAuthFailure && !customTokens) {
+                            intent.setFlags(
+                                    intent.getFlags() & ~(Intent.FLAG_GRANT_READ_URI_PERMISSION
+                                            | Intent.FLAG_GRANT_WRITE_URI_PERMISSION
+                                            | Intent.FLAG_GRANT_PERSISTABLE_URI_PERMISSION
+                                            | Intent.FLAG_GRANT_PREFIX_URI_PERMISSION));
                            doNotification(mAccounts,
                                    account, result.getString(AccountManager.KEY_AUTH_FAILED_MESSAGE),
                                    intent, accounts.userId);
@@ -3087,6 +3092,11 @@ public class AccountManagerService
            }
            if (result != null
                    && (intent = result.getParcelable(AccountManager.KEY_INTENT)) != null) {
+                intent.setFlags(
+                        intent.getFlags() & ~(Intent.FLAG_GRANT_READ_URI_PERMISSION
+                                | Intent.FLAG_GRANT_WRITE_URI_PERMISSION
+                                | Intent.FLAG_GRANT_PERSISTABLE_URI_PERMISSION
+                                | Intent.FLAG_GRANT_PREFIX_URI_PERMISSION));
                /*
                 * The Authenticator API allows third party authenticators to
                 * supply arbitrary intents to other apps that they can run,