)]}'
{
  "commit": "5bab9daf3cf66f4de19f8757e386030e8bef23ce",
  "tree": "99acf5026c8aad1e7205eff5b1f771e43e4220fc",
  "parents": [
    "c6568719671206e726f260fad390680f7fb0ee9e"
  ],
  "author": {
    "name": "Carlos Valdivia",
    "email": "carlosvaldivia@google.com",
    "time": "Sun Sep 29 05:11:56 2013 -0700"
  },
  "committer": {
    "name": "Carlos Valdivia",
    "email": "carlosvaldivia@google.com",
    "time": "Sun Sep 29 05:23:16 2013 -0700"
  },
  "message": "Prevent authenticators from using Settings to  launch arbitrary activities.\n\nVarious authenticator results such as getAuthToken and addAccount might\nresult in an Intent returned to the AccountManager caller. A malicious\nauthenticator could exploit the fact that the Settings are a system app,\nlead the user to launch add account for their account type and thus get\nSettings to use the intent to start some arbitrary third parties Activity.\n\nThe fix is to make sure that the UID of the app associated with Activity\nto be launched by the supplied intent and the Authenticators UID share\nthe same signature.  This means that an authenticator implementer can only\nexploit apps they control.\n\nBug: 7699048\nChange-Id: I34330454c341e6a8422ca1ed3b390466a0feedce\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "2145b76b39e52a570b46434427f57ed8e0518aa6",
      "old_mode": 33188,
      "old_path": "services/java/com/android/server/accounts/AccountManagerService.java",
      "new_id": "3a3dfd5f1c0484bec96e9760d6fbdd71c120fbac",
      "new_mode": 33188,
      "new_path": "services/java/com/android/server/accounts/AccountManagerService.java"
    }
  ]
}