)]}'
{
  "commit": "c45bd7f20987ed2fd29b9192edb38d02b4caa23b",
  "tree": "58fdc36923a3b5abeb5a87086bfbc5f08d7172d6",
  "parents": [
    "950230663fb3a9af438ec2ee57605fc9e7a58428"
  ],
  "author": {
    "name": "Carlos Valdivia",
    "email": "carlosvaldivia@google.com",
    "time": "Sun Sep 29 05:11:56 2013 -0700"
  },
  "committer": {
    "name": "Paul Lawrence",
    "email": "paullawrence@google.com",
    "time": "Thu Feb 27 17:03:15 2014 +0000"
  },
  "message": "Prevent authenticators from using Settings to  launch arbitrary activities.\n\nVarious authenticator results such as getAuthToken and addAccount might\nresult in an Intent returned to the AccountManager caller. A malicious\nauthenticator could exploit the fact that the Settings are a system app,\nlead the user to launch add account for their account type and thus get\nSettings to use the intent to start some arbitrary third parties Activity.\n\nThe fix is to make sure that the UID of the app associated with Activity\nto be launched by the supplied intent and the Authenticators UID share\nthe same signature.  This means that an authenticator implementer can only\nexploit apps they control.\n\nBug: 7699048\nChange-Id: I34330454c341e6a8422ca1ed3b390466a0feedce\n(cherry picked from commit 5bab9daf3cf66f4de19f8757e386030e8bef23ce)\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "0fbde37a20c5148ccd856962b546e9bd29e83051",
      "old_mode": 33188,
      "old_path": "services/java/com/android/server/accounts/AccountManagerService.java",
      "new_id": "18c7d2c9567c4e995036b949b6d85308424982a9",
      "new_mode": 33188,
      "new_path": "services/java/com/android/server/accounts/AccountManagerService.java"
    }
  ]
}