From 86f0c21417fd78de78e1d56400b84fbc538d1e24 Mon Sep 17 00:00:00 2001
From: Matthew Williams <mjwilliams@google.com>
Date: Wed, 10 Sep 2014 10:53:14 -0700
Subject: [PATCH] Protect LOGIN_ACCOUNTS_CHANGED receiver in SyncManager

BUG: 17359770
Reuse the Manifest.permission.ACCOUNT_MANAGER to protect this receiver,
because when this intent lands it kicks off a sync for every account/provider
on the device.
Semantically this means "if you can't talk to an authenticator to do things like
get a token or add an account, then you can't send an intent to the SyncManager
that the accounts on the device have changed in some drastic way"

Change-Id: I7eccc38e135cb00ebb0aafc69afc802fe1c4f219
---
 services/core/java/com/android/server/content/SyncManager.java | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/services/core/java/com/android/server/content/SyncManager.java b/services/core/java/com/android/server/content/SyncManager.java
index f6beb9ae50b6b..9292d459b02a4 100644
--- a/services/core/java/com/android/server/content/SyncManager.java
+++ b/services/core/java/com/android/server/content/SyncManager.java
@@ -16,6 +16,7 @@
 
 package com.android.server.content;
 
+import android.Manifest;
 import android.accounts.Account;
 import android.accounts.AccountAndUser;
 import android.accounts.AccountManager;
@@ -478,7 +479,7 @@ public class SyncManager {
             mContext.registerReceiverAsUser(mAccountsUpdatedReceiver,
                     UserHandle.ALL,
                     new IntentFilter(AccountManager.LOGIN_ACCOUNTS_CHANGED_ACTION),
-                    null, null);
+                    Manifest.permission.ACCOUNT_MANAGER, null);
         }
 
         // Pick a random second in a day to seed all periodic syncs