Only return password for account session flow if the caller is signed
with system key and have get_password permission.
Bug: 30455516
Change-Id: I78484c59e4de1dff685ab91a0a8e7a756fffd9bf
diff --git a/core/java/android/accounts/AccountManager.java b/core/java/android/accounts/AccountManager.java
index 7465ed9..d3551b7 100644
--- a/core/java/android/accounts/AccountManager.java
+++ b/core/java/android/accounts/AccountManager.java
@@ -2676,8 +2676,6 @@
* <ul>
* <li>{@link #KEY_ACCOUNT_SESSION_BUNDLE} - encrypted Bundle for
* adding the the to the device later.
- * <li>{@link #KEY_PASSWORD} - optional, the password or password
- * hash of the account.
* <li>{@link #KEY_ACCOUNT_STATUS_TOKEN} - optional, token to check
* status of the account
* </ul>
@@ -2765,8 +2763,6 @@
* <ul>
* <li>{@link #KEY_ACCOUNT_SESSION_BUNDLE} - encrypted Bundle for
* updating the local credentials on device later.
- * <li>{@link #KEY_PASSWORD} - optional, the password or password
- * hash of the account
* <li>{@link #KEY_ACCOUNT_STATUS_TOKEN} - optional, token to check
* status of the account
* </ul>
diff --git a/services/core/java/com/android/server/accounts/AccountManagerService.java b/services/core/java/com/android/server/accounts/AccountManagerService.java
index 39f054c..cb6cb21 100644
--- a/services/core/java/com/android/server/accounts/AccountManagerService.java
+++ b/services/core/java/com/android/server/accounts/AccountManagerService.java
@@ -2685,10 +2685,9 @@
boolean isPasswordForwardingAllowed = isPermitted(
callerPkg, uid, Manifest.permission.GET_PASSWORD);
- int usrId = UserHandle.getCallingUserId();
long identityToken = clearCallingIdentity();
try {
- UserAccounts accounts = getUserAccounts(usrId);
+ UserAccounts accounts = getUserAccounts(userId);
logRecordWithUid(accounts, DebugDbHelper.ACTION_CALLED_START_ACCOUNT_ADD,
TABLE_ACCOUNTS, uid);
new StartAccountSession(
@@ -2749,10 +2748,6 @@
checkKeyIntent(
Binder.getCallingUid(),
intent);
- // Omit passwords if the caller isn't permitted to see them.
- if (!mIsPasswordForwardingAllowed) {
- result.remove(AccountManager.KEY_PASSWORD);
- }
}
IAccountManagerResponse response;
if (mExpectActivityLaunch && result != null
@@ -2782,6 +2777,11 @@
return;
}
+ // Omit passwords if the caller isn't permitted to see them.
+ if (!mIsPasswordForwardingAllowed) {
+ result.remove(AccountManager.KEY_PASSWORD);
+ }
+
// Strip auth token from result.
result.remove(AccountManager.KEY_AUTHTOKEN);