Permissions: GET_ACCOUNTS permission cleanup
First, getAccounts*() will now return all available accounts depending
on both GET_ACCOUNTS grants and signature matching. This is different
from before where a caller of getAccounts() would need GET_ACCOUNTS to
get any accounts, but if that same caller called getAccountsByType, they
might have gotten back accounts if they shared a signature with the same
developer.
Second, cleaned up some NPEs and javadoc.
This change was motivated by progress on the cts tests.
Change-Id: I2f36226780e074fdf58214b46de3b79d8319ace1
diff --git a/core/java/android/accounts/AbstractAccountAuthenticator.java b/core/java/android/accounts/AbstractAccountAuthenticator.java
index 3e4a66d..9c401c7f 100644
--- a/core/java/android/accounts/AbstractAccountAuthenticator.java
+++ b/core/java/android/accounts/AbstractAccountAuthenticator.java
@@ -138,7 +138,9 @@
new AccountAuthenticatorResponse(response),
accountType, authTokenType, features, options);
if (Log.isLoggable(TAG, Log.VERBOSE)) {
- result.keySet(); // force it to be unparcelled
+ if (result != null) {
+ result.keySet(); // force it to be unparcelled
+ }
Log.v(TAG, "addAccount: result " + AccountManager.sanitizeResult(result));
}
if (result != null) {
@@ -160,7 +162,9 @@
final Bundle result = AbstractAccountAuthenticator.this.confirmCredentials(
new AccountAuthenticatorResponse(response), account, options);
if (Log.isLoggable(TAG, Log.VERBOSE)) {
- result.keySet(); // force it to be unparcelled
+ if (result != null) {
+ result.keySet(); // force it to be unparcelled
+ }
Log.v(TAG, "confirmCredentials: result "
+ AccountManager.sanitizeResult(result));
}
@@ -185,7 +189,9 @@
result.putString(AccountManager.KEY_AUTH_TOKEN_LABEL,
AbstractAccountAuthenticator.this.getAuthTokenLabel(authTokenType));
if (Log.isLoggable(TAG, Log.VERBOSE)) {
- result.keySet(); // force it to be unparcelled
+ if (result != null) {
+ result.keySet(); // force it to be unparcelled
+ }
Log.v(TAG, "getAuthTokenLabel: result "
+ AccountManager.sanitizeResult(result));
}
@@ -209,7 +215,9 @@
new AccountAuthenticatorResponse(response), account,
authTokenType, loginOptions);
if (Log.isLoggable(TAG, Log.VERBOSE)) {
- result.keySet(); // force it to be unparcelled
+ if (result != null) {
+ result.keySet(); // force it to be unparcelled
+ }
Log.v(TAG, "getAuthToken: result " + AccountManager.sanitizeResult(result));
}
if (result != null) {
@@ -234,7 +242,10 @@
new AccountAuthenticatorResponse(response), account,
authTokenType, loginOptions);
if (Log.isLoggable(TAG, Log.VERBOSE)) {
- result.keySet(); // force it to be unparcelled
+ // Result may be null.
+ if (result != null) {
+ result.keySet(); // force it to be unparcelled
+ }
Log.v(TAG, "updateCredentials: result "
+ AccountManager.sanitizeResult(result));
}
@@ -490,7 +501,7 @@
* <ul>
* <li> {@link AccountManager#KEY_INTENT}, or
* <li> {@link AccountManager#KEY_ACCOUNT_NAME} and {@link AccountManager#KEY_ACCOUNT_TYPE} of
- * the account that was added, or
+ * the account whose credentials were updated, or
* <li> {@link AccountManager#KEY_ERROR_CODE} and {@link AccountManager#KEY_ERROR_MESSAGE} to
* indicate an error
* </ul>
diff --git a/core/java/android/accounts/AccountManager.java b/core/java/android/accounts/AccountManager.java
index dd3d3a8..f18d2c4 100644
--- a/core/java/android/accounts/AccountManager.java
+++ b/core/java/android/accounts/AccountManager.java
@@ -329,7 +329,7 @@
try {
return mService.getPassword(account);
} catch (RemoteException e) {
- // will never happen
+ // won't ever happen
throw new RuntimeException(e);
}
}
@@ -354,7 +354,7 @@
try {
return mService.getUserData(account, key);
} catch (RemoteException e) {
- // will never happen
+ // won't ever happen
throw new RuntimeException(e);
}
}
@@ -407,8 +407,10 @@
*
* <p>It is safe to call this method from the main thread.
*
- * <p>This method requires the caller to hold the permission
- * {@link android.Manifest.permission#GET_ACCOUNTS}.
+ * <p>Clients of this method that have not been granted the
+ * {@link android.Manifest.permission#GET_ACCOUNTS} permission,
+ * will only see those accounts managed by AbstractAccountAuthenticators whose
+ * signature matches the client.
*
* @return An array of {@link Account}, one for each account. Empty
* (never null) if no accounts have been added.
@@ -430,8 +432,10 @@
*
* <p>It is safe to call this method from the main thread.
*
- * <p>This method requires the caller to hold the permission
- * {@link android.Manifest.permission#GET_ACCOUNTS}.
+ * <p>Clients of this method that have not been granted the
+ * {@link android.Manifest.permission#GET_ACCOUNTS} permission,
+ * will only see those accounts managed by AbstractAccountAuthenticators whose
+ * signature matches the client.
*
* @return An array of {@link Account}, one for each account. Empty
* (never null) if no accounts have been added.
@@ -458,7 +462,7 @@
try {
return mService.getAccountsForPackage(packageName, uid);
} catch (RemoteException re) {
- // possible security exception
+ // won't ever happen
throw new RuntimeException(re);
}
}
@@ -475,7 +479,7 @@
try {
return mService.getAccountsByTypeForPackage(type, packageName);
} catch (RemoteException re) {
- // possible security exception
+ // won't ever happen
throw new RuntimeException(re);
}
}
@@ -489,9 +493,10 @@
*
* <p>It is safe to call this method from the main thread.
*
- * <p>This method requires the caller to hold the permission
- * {@link android.Manifest.permission#GET_ACCOUNTS} or share a uid with the
- * authenticator that owns the account type.
+ * <p>Clients of this method that have not been granted the
+ * {@link android.Manifest.permission#GET_ACCOUNTS} permission,
+ * will only see those accounts managed by AbstractAccountAuthenticators whose
+ * signature matches the client.
*
* @param type The type of accounts to return, null to retrieve all accounts
* @return An array of {@link Account}, one per matching account. Empty
@@ -573,7 +578,8 @@
* {@link AccountManagerFuture} must not be used on the main thread.
*
* <p>This method requires the caller to hold the permission
- * {@link android.Manifest.permission#GET_ACCOUNTS}.
+ * {@link android.Manifest.permission#GET_ACCOUNTS} or be a signature
+ * match with the AbstractAccountAuthenticator that manages the account.
*
* @param account The {@link Account} to test
* @param features An array of the account features to check
@@ -616,9 +622,10 @@
* <p>This method may be called from any thread, but the returned
* {@link AccountManagerFuture} must not be used on the main thread.
*
- * <p>This method requires the caller to hold the permission
- * {@link android.Manifest.permission#GET_ACCOUNTS} or share a uid with the
- * authenticator that owns the account type.
+ * <p>Clients of this method that have not been granted the
+ * {@link android.Manifest.permission#GET_ACCOUNTS} permission,
+ * will only see those accounts managed by AbstractAccountAuthenticators whose
+ * signature matches the client.
*
* @param type The type of accounts to return, must not be null
* @param features An array of the account features to require,
@@ -680,7 +687,7 @@
try {
return mService.addAccountExplicitly(account, password, userdata);
} catch (RemoteException e) {
- // won't ever happen
+ // Can happen if there was a SecurityException was thrown.
throw new RuntimeException(e);
}
}
@@ -929,7 +936,7 @@
try {
return mService.removeAccountExplicitly(account);
} catch (RemoteException e) {
- // won't ever happen
+ // May happen if the caller doesn't match the signature of the authenticator.
throw new RuntimeException(e);
}
}
@@ -1057,7 +1064,7 @@
try {
mService.setUserData(account, key, value);
} catch (RemoteException e) {
- // won't ever happen
+ // Will happen if there is not signature match.
throw new RuntimeException(e);
}
}
@@ -1648,7 +1655,7 @@
* with these fields if an activity was supplied and the account
* credentials were successfully updated:
* <ul>
- * <li> {@link #KEY_ACCOUNT_NAME} - the name of the account created
+ * <li> {@link #KEY_ACCOUNT_NAME} - the name of the account
* <li> {@link #KEY_ACCOUNT_TYPE} - the type of the account
* </ul>
*
@@ -2408,10 +2415,12 @@
* listeners are added in an Activity or Service's {@link Activity#onCreate}
* and removed in {@link Activity#onDestroy}.
*
- * <p>It is safe to call this method from the main thread.
+ * <p>The listener will only be informed of accounts that would be returned
+ * to the caller via {@link #getAccounts()}. Typically this means that to
+ * get any accounts, the caller will need to be grated the GET_ACCOUNTS
+ * permission.
*
- * <p>This method requires the caller to hold the permission
- * {@link android.Manifest.permission#GET_ACCOUNTS}.
+ * <p>It is safe to call this method from the main thread.
*
* @param listener The listener to send notifications to
* @param handler {@link Handler} identifying the thread to use
diff --git a/services/core/java/com/android/server/accounts/AccountManagerService.java b/services/core/java/com/android/server/accounts/AccountManagerService.java
index 32fd56a..83e8db0 100644
--- a/services/core/java/com/android/server/accounts/AccountManagerService.java
+++ b/services/core/java/com/android/server/accounts/AccountManagerService.java
@@ -527,14 +527,14 @@
+ ", pid " + Binder.getCallingPid());
}
if (account == null) throw new IllegalArgumentException("account is null");
- if (!isAccountManagedByCaller(account.type, callingUid)) {
+ int userId = UserHandle.getCallingUserId();
+ if (!isAccountManagedByCaller(account.type, callingUid, userId)) {
String msg = String.format(
"uid %s cannot get secrets for accounts of type: %s",
callingUid,
account.type);
throw new SecurityException(msg);
}
- int userId = UserHandle.getCallingUserId();
long identityToken = clearCallingIdentity();
try {
UserAccounts accounts = getUserAccounts(userId);
@@ -627,14 +627,14 @@
}
if (account == null) throw new IllegalArgumentException("account is null");
if (key == null) throw new IllegalArgumentException("key is null");
- if (!isAccountManagedByCaller(account.type, callingUid)) {
+ int userId = UserHandle.getCallingUserId();
+ if (!isAccountManagedByCaller(account.type, callingUid, userId)) {
String msg = String.format(
"uid %s cannot get user data for accounts of type: %s",
callingUid,
account.type);
throw new SecurityException(msg);
}
- int userId = UserHandle.getCallingUserId();
long identityToken = clearCallingIdentity();
try {
UserAccounts accounts = getUserAccounts(userId);
@@ -664,22 +664,32 @@
final long identityToken = clearCallingIdentity();
try {
- Collection<AccountAuthenticatorCache.ServiceInfo<AuthenticatorDescription>>
- authenticatorCollection = mAuthenticatorCache.getAllServices(userId);
- AuthenticatorDescription[] types =
- new AuthenticatorDescription[authenticatorCollection.size()];
- int i = 0;
- for (AccountAuthenticatorCache.ServiceInfo<AuthenticatorDescription> authenticator
- : authenticatorCollection) {
- types[i] = authenticator.type;
- i++;
- }
- return types;
+ return getAuthenticatorTypesInternal(userId);
+
} finally {
restoreCallingIdentity(identityToken);
}
}
+ /**
+ * Should only be called inside of a clearCallingIdentity block.
+ */
+ private AuthenticatorDescription[] getAuthenticatorTypesInternal(int userId) {
+ Collection<AccountAuthenticatorCache.ServiceInfo<AuthenticatorDescription>>
+ authenticatorCollection = mAuthenticatorCache.getAllServices(userId);
+ AuthenticatorDescription[] types =
+ new AuthenticatorDescription[authenticatorCollection.size()];
+ int i = 0;
+ for (AccountAuthenticatorCache.ServiceInfo<AuthenticatorDescription> authenticator
+ : authenticatorCollection) {
+ types[i] = authenticator.type;
+ i++;
+ }
+ return types;
+ }
+
+
+
private boolean isCrossUser(int callingUid, int userId) {
return (userId != UserHandle.getCallingUserId()
&& callingUid != Process.myUid()
@@ -697,7 +707,8 @@
+ ", pid " + Binder.getCallingPid());
}
if (account == null) throw new IllegalArgumentException("account is null");
- if (!isAccountManagedByCaller(account.type, callingUid)) {
+ int userId = UserHandle.getCallingUserId();
+ if (!isAccountManagedByCaller(account.type, callingUid, userId)) {
String msg = String.format(
"uid %s cannot explicitly add accounts of type: %s",
callingUid,
@@ -713,12 +724,10 @@
*/
// fails if the account already exists
- int uid = getCallingUid();
- int userId = UserHandle.getCallingUserId();
long identityToken = clearCallingIdentity();
try {
UserAccounts accounts = getUserAccounts(userId);
- return addAccountInternal(accounts, account, password, extras, false, uid);
+ return addAccountInternal(accounts, account, password, extras, false, callingUid);
} finally {
restoreCallingIdentity(identityToken);
}
@@ -794,25 +803,26 @@
if (account == null) {
throw new IllegalArgumentException("account is null");
}
- if (!isAccountManagedByCaller(account.type, callingUid)) {
+ int userId = UserHandle.getCallingUserId();
+ if (!isAccountManagedByCaller(account.type, callingUid, userId)) {
String msg = String.format(
"uid %s cannot notify authentication for accounts of type: %s",
callingUid,
account.type);
throw new SecurityException(msg);
}
- int userId = Binder.getCallingUserHandle().getIdentifier();
+
if (!canUserModifyAccounts(userId) || !canUserModifyAccountsForType(userId, account.type)) {
return false;
}
- int user = UserHandle.getCallingUserId();
+
long identityToken = clearCallingIdentity();
try {
- UserAccounts accounts = getUserAccounts(user);
+ UserAccounts accounts = getUserAccounts(userId);
+ return updateLastAuthenticatedTime(account);
} finally {
restoreCallingIdentity(identityToken);
}
- return updateLastAuthenticatedTime(account);
}
private boolean updateLastAuthenticatedTime(Account account) {
@@ -985,8 +995,9 @@
if (response == null) throw new IllegalArgumentException("response is null");
if (account == null) throw new IllegalArgumentException("account is null");
if (features == null) throw new IllegalArgumentException("features is null");
- checkReadAccountsPermitted(callingUid, account.type);
int userId = UserHandle.getCallingUserId();
+ checkReadAccountsPermitted(callingUid, account.type, userId);
+
long identityToken = clearCallingIdentity();
try {
UserAccounts accounts = getUserAccounts(userId);
@@ -1062,14 +1073,14 @@
+ ", pid " + Binder.getCallingPid());
}
if (accountToRename == null) throw new IllegalArgumentException("account is null");
- if (!isAccountManagedByCaller(accountToRename.type, callingUid)) {
+ int userId = UserHandle.getCallingUserId();
+ if (!isAccountManagedByCaller(accountToRename.type, callingUid, userId)) {
String msg = String.format(
"uid %s cannot rename accounts of type: %s",
callingUid,
accountToRename.type);
throw new SecurityException(msg);
}
- int userId = UserHandle.getCallingUserId();
long identityToken = clearCallingIdentity();
try {
UserAccounts accounts = getUserAccounts(userId);
@@ -1211,14 +1222,15 @@
* authenticator. This will let users remove accounts (via Settings in the system) but not
* arbitrary applications (like competing authenticators).
*/
- if (!isAccountManagedByCaller(account.type, callingUid) && !isSystemUid(callingUid)) {
+ UserHandle user = new UserHandle(userId);
+ if (!isAccountManagedByCaller(account.type, callingUid, user.getIdentifier())
+ && !isSystemUid(callingUid)) {
String msg = String.format(
"uid %s cannot remove accounts of type: %s",
callingUid,
account.type);
throw new SecurityException(msg);
}
-
if (!canUserModifyAccounts(userId)) {
try {
response.onError(AccountManager.ERROR_CODE_USER_RESTRICTED,
@@ -1235,10 +1247,7 @@
}
return;
}
-
- UserHandle user = new UserHandle(userId);
long identityToken = clearCallingIdentity();
-
UserAccounts accounts = getUserAccounts(userId);
cancelNotification(getSigninRequiredNotificationId(accounts, account), user);
synchronized(accounts.credentialsPermissionNotificationIds) {
@@ -1268,6 +1277,7 @@
+ ", caller's uid " + callingUid
+ ", pid " + Binder.getCallingPid());
}
+ int userId = Binder.getCallingUserHandle().getIdentifier();
if (account == null) {
/*
* Null accounts should result in returning false, as per
@@ -1275,22 +1285,18 @@
*/
Log.e(TAG, "account is null");
return false;
- } else if (!isAccountManagedByCaller(account.type, callingUid)) {
+ } else if (!isAccountManagedByCaller(account.type, callingUid, userId)) {
String msg = String.format(
"uid %s cannot explicitly add accounts of type: %s",
callingUid,
account.type);
throw new SecurityException(msg);
}
-
UserAccounts accounts = getUserAccountsForCaller();
- int userId = Binder.getCallingUserHandle().getIdentifier();
if (!canUserModifyAccounts(userId) || !canUserModifyAccountsForType(userId, account.type)) {
return false;
}
-
logRecord(accounts, DebugDbHelper.ACTION_CALLED_ACCOUNT_REMOVE, TABLE_ACCOUNTS);
-
long identityToken = clearCallingIdentity();
try {
return removeAccountInternal(accounts, account);
@@ -1524,14 +1530,14 @@
}
if (account == null) throw new IllegalArgumentException("account is null");
if (authTokenType == null) throw new IllegalArgumentException("authTokenType is null");
- if (!isAccountManagedByCaller(account.type, callingUid)) {
+ int userId = UserHandle.getCallingUserId();
+ if (!isAccountManagedByCaller(account.type, callingUid, userId)) {
String msg = String.format(
"uid %s cannot peek the authtokens associated with accounts of type: %s",
callingUid,
account.type);
throw new SecurityException(msg);
}
- int userId = UserHandle.getCallingUserId();
long identityToken = clearCallingIdentity();
try {
UserAccounts accounts = getUserAccounts(userId);
@@ -1552,14 +1558,14 @@
}
if (account == null) throw new IllegalArgumentException("account is null");
if (authTokenType == null) throw new IllegalArgumentException("authTokenType is null");
- if (!isAccountManagedByCaller(account.type, callingUid)) {
+ int userId = UserHandle.getCallingUserId();
+ if (!isAccountManagedByCaller(account.type, callingUid, userId)) {
String msg = String.format(
"uid %s cannot set auth tokens associated with accounts of type: %s",
callingUid,
account.type);
throw new SecurityException(msg);
}
- int userId = UserHandle.getCallingUserId();
long identityToken = clearCallingIdentity();
try {
UserAccounts accounts = getUserAccounts(userId);
@@ -1578,14 +1584,14 @@
+ ", pid " + Binder.getCallingPid());
}
if (account == null) throw new IllegalArgumentException("account is null");
- if (!isAccountManagedByCaller(account.type, callingUid)) {
+ int userId = UserHandle.getCallingUserId();
+ if (!isAccountManagedByCaller(account.type, callingUid, userId)) {
String msg = String.format(
"uid %s cannot set secrets for accounts of type: %s",
callingUid,
account.type);
throw new SecurityException(msg);
}
- int userId = UserHandle.getCallingUserId();
long identityToken = clearCallingIdentity();
try {
UserAccounts accounts = getUserAccounts(userId);
@@ -1642,14 +1648,14 @@
+ ", pid " + Binder.getCallingPid());
}
if (account == null) throw new IllegalArgumentException("account is null");
- if (!isAccountManagedByCaller(account.type, callingUid)) {
+ int userId = UserHandle.getCallingUserId();
+ if (!isAccountManagedByCaller(account.type, callingUid, userId)) {
String msg = String.format(
"uid %s cannot clear passwords for accounts of type: %s",
callingUid,
account.type);
throw new SecurityException(msg);
}
- int userId = UserHandle.getCallingUserId();
long identityToken = clearCallingIdentity();
try {
UserAccounts accounts = getUserAccounts(userId);
@@ -1670,14 +1676,14 @@
}
if (key == null) throw new IllegalArgumentException("key is null");
if (account == null) throw new IllegalArgumentException("account is null");
- if (!isAccountManagedByCaller(account.type, callingUid)) {
+ int userId = UserHandle.getCallingUserId();
+ if (!isAccountManagedByCaller(account.type, callingUid, userId)) {
String msg = String.format(
"uid %s cannot set user data for accounts of type: %s",
callingUid,
account.type);
throw new SecurityException(msg);
}
- int userId = UserHandle.getCallingUserId();
long identityToken = clearCallingIdentity();
try {
UserAccounts accounts = getUserAccounts(userId);
@@ -1840,8 +1846,8 @@
// skip the check if customTokens
final int callerUid = Binder.getCallingUid();
- final boolean permissionGranted = customTokens ||
- permissionIsGranted(account, authTokenType, callerUid);
+ final boolean permissionGranted =
+ customTokens || permissionIsGranted(account, authTokenType, callerUid, userId);
// Get the calling package. We will use it for the purpose of caching.
final String callerPkg = loginOptions.getString(AccountManager.KEY_ANDROID_PACKAGE_NAME);
@@ -2363,14 +2369,14 @@
}
if (response == null) throw new IllegalArgumentException("response is null");
if (accountType == null) throw new IllegalArgumentException("accountType is null");
- if (!isAccountManagedByCaller(accountType, callingUid) && !isSystemUid(callingUid)) {
+ int userId = UserHandle.getCallingUserId();
+ if (!isAccountManagedByCaller(accountType, callingUid, userId) && !isSystemUid(callingUid)) {
String msg = String.format(
"uid %s cannot edit authenticator properites for account type: %s",
callingUid,
accountType);
throw new SecurityException(msg);
}
- int userId = UserHandle.getCallingUserId();
long identityToken = clearCallingIdentity();
try {
UserAccounts accounts = getUserAccounts(userId);
@@ -2493,20 +2499,22 @@
}
/**
- * Returns the accounts for a specific user
+ * Returns the accounts visible to the client within the context of a specific user
* @hide
*/
public Account[] getAccounts(int userId) {
int callingUid = Binder.getCallingUid();
- if (!isReadAccountsPermitted(callingUid, null)) {
+ List<String> visibleAccountTypes = getTypesVisibleToCaller(callingUid, userId);
+ if (visibleAccountTypes.isEmpty()) {
return new Account[0];
}
long identityToken = clearCallingIdentity();
try {
- UserAccounts accounts = getUserAccounts(userId);
- synchronized (accounts.cacheLock) {
- return getAccountsFromCacheLocked(accounts, null, callingUid, null);
- }
+ return getAccountsInternal(
+ userId,
+ callingUid,
+ null, // packageName
+ visibleAccountTypes);
} finally {
restoreCallingIdentity(identityToken);
}
@@ -2588,22 +2596,52 @@
callingUid = packageUid;
}
- // Authenticators should be able to see their own accounts regardless of permissions.
- if (TextUtils.isEmpty(type) && !isReadAccountsPermitted(callingUid, type)) {
+ List<String> visibleAccountTypes = getTypesVisibleToCaller(callingUid, userId);
+ if (visibleAccountTypes.isEmpty()
+ || (type != null && !visibleAccountTypes.contains(type))) {
return new Account[0];
- }
+ } else if (visibleAccountTypes.contains(type)) {
+ // Prune the list down to just the requested type.
+ visibleAccountTypes = new ArrayList<>();
+ visibleAccountTypes.add(type);
+ } // else aggregate all the visible accounts (it won't matter if the list is empty).
long identityToken = clearCallingIdentity();
try {
- UserAccounts accounts = getUserAccounts(userId);
- synchronized (accounts.cacheLock) {
- return getAccountsFromCacheLocked(accounts, type, callingUid, callingPackage);
- }
+ return getAccountsInternal(
+ userId,
+ callingUid,
+ callingPackage,
+ visibleAccountTypes);
} finally {
restoreCallingIdentity(identityToken);
}
}
+ private Account[] getAccountsInternal(
+ int userId,
+ int callingUid,
+ String callingPackage,
+ List<String> visibleAccountTypes) {
+ UserAccounts accounts = getUserAccounts(userId);
+ synchronized (accounts.cacheLock) {
+ UserAccounts userAccounts = getUserAccounts(userId);
+ ArrayList<Account> visibleAccounts = new ArrayList<>();
+ for (String visibleType : visibleAccountTypes) {
+ Account[] accountsForType = getAccountsFromCacheLocked(
+ userAccounts, visibleType, callingUid, callingPackage);
+ if (accountsForType != null) {
+ visibleAccounts.addAll(Arrays.asList(accountsForType));
+ }
+ }
+ Account[] result = new Account[visibleAccounts.size()];
+ for (int i = 0; i < visibleAccounts.size(); i++) {
+ result[i] = visibleAccounts.get(i);
+ }
+ return result;
+ }
+ }
+
@Override
public boolean addSharedAccountAsUser(Account account, int userId) {
userId = handleIncomingUser(userId);
@@ -2739,8 +2777,12 @@
}
if (response == null) throw new IllegalArgumentException("response is null");
if (type == null) throw new IllegalArgumentException("accountType is null");
- if (!isReadAccountsPermitted(callingUid, type)) {
+ int userId = UserHandle.getCallingUserId();
+
+ List<String> visibleAccountTypes = getTypesVisibleToCaller(callingUid, userId);
+ if (!visibleAccountTypes.contains(type)) {
Bundle result = new Bundle();
+ // Need to return just the accounts that are from matching signatures.
result.putParcelableArray(AccountManager.KEY_ACCOUNTS, new Account[0]);
try {
response.onResult(result);
@@ -2749,7 +2791,6 @@
}
return;
}
- int userId = UserHandle.getCallingUserId();
long identityToken = clearCallingIdentity();
try {
UserAccounts userAccounts = getUserAccounts(userId);
@@ -2763,7 +2804,11 @@
onResult(response, result);
return;
}
- new GetAccountsByTypeAndFeatureSession(userAccounts, response, type, features,
+ new GetAccountsByTypeAndFeatureSession(
+ userAccounts,
+ response,
+ type,
+ features,
callingUid).bind();
} finally {
restoreCallingIdentity(identityToken);
@@ -3696,10 +3741,11 @@
return false;
}
- private boolean permissionIsGranted(Account account, String authTokenType, int callerUid) {
+ private boolean permissionIsGranted(
+ Account account, String authTokenType, int callerUid, int userId) {
final boolean isPrivileged = isPrivileged(callerUid);
final boolean fromAuthenticator = account != null
- && isAccountManagedByCaller(account.type, callerUid);
+ && isAccountManagedByCaller(account.type, callerUid, userId);
final boolean hasExplicitGrants = account != null
&& hasExplicitlyGrantedPermission(account, authTokenType, callerUid);
if (Log.isLoggable(TAG, Log.VERBOSE)) {
@@ -3711,23 +3757,45 @@
return fromAuthenticator || hasExplicitGrants || isPrivileged;
}
- private boolean isAccountManagedByCaller(String accountType, int callingUid) {
+ private boolean isAccountVisibleToCaller(String accountType, int callingUid, int userId) {
if (accountType == null) {
return false;
+ } else {
+ return getTypesVisibleToCaller(callingUid, userId).contains(accountType);
}
- final int callingUserId = UserHandle.getUserId(callingUid);
+ }
+
+ private boolean isAccountManagedByCaller(String accountType, int callingUid, int userId) {
+ if (accountType == null) {
+ return false;
+ } else {
+ return getTypesManagedByCaller(callingUid, userId).contains(accountType);
+ }
+ }
+
+ private List<String> getTypesVisibleToCaller(int callingUid, int userId) {
+ boolean isPermitted =
+ isPermitted(callingUid, Manifest.permission.GET_ACCOUNTS,
+ Manifest.permission.GET_ACCOUNTS_PRIVILEGED);
+ Log.i(TAG, String.format("getTypesVisibleToCaller: isPermitted? %s", isPermitted));
+ return getTypesForCaller(callingUid, userId, isPermitted);
+ }
+
+ private List<String> getTypesManagedByCaller(int callingUid, int userId) {
+ return getTypesForCaller(callingUid, userId, false);
+ }
+
+ private List<String> getTypesForCaller(
+ int callingUid, int userId, boolean isOtherwisePermitted) {
+ List<String> managedAccountTypes = new ArrayList<>();
for (RegisteredServicesCache.ServiceInfo<AuthenticatorDescription> serviceInfo :
- mAuthenticatorCache.getAllServices(callingUserId)) {
- if (serviceInfo.type.type.equals(accountType)) {
- /*
- * We can't simply compare uids because uids can be recycled before the
- * authenticator cache is updated.
- */
- final int sigChk = mPackageManager.checkSignatures(serviceInfo.uid, callingUid);
- return sigChk == PackageManager.SIGNATURE_MATCH;
+ mAuthenticatorCache.getAllServices(userId)) {
+ final int sigChk = mPackageManager.checkSignatures(serviceInfo.uid, callingUid);
+ if (isOtherwisePermitted || sigChk == PackageManager.SIGNATURE_MATCH) {
+ managedAccountTypes.add(serviceInfo.type.type);
}
}
- return false;
+ return managedAccountTypes;
}
private boolean isAccountPresentForCaller(String accountName, String accountType) {
@@ -3792,28 +3860,12 @@
return false;
}
- private boolean isReadAccountsPermitted(int callingUid, String accountType) {
- /*
- * Settings app (which is in the same uid as AcocuntManagerService), apps with the
- * GET_ACCOUNTS permission or authenticators that own the account type should be able to
- * access accounts of the specified account.
- */
- boolean isPermitted =
- isPermitted(callingUid, Manifest.permission.GET_ACCOUNTS,
- Manifest.permission.GET_ACCOUNTS_PRIVILEGED);
- boolean isAccountManagedByCaller = isAccountManagedByCaller(accountType, callingUid);
- Log.w(TAG, String.format(
- "isReadAccountPermitted: isPermitted: %s, isAM: %s",
- isPermitted,
- isAccountManagedByCaller));
- return isPermitted || isAccountManagedByCaller;
- }
-
/** Succeeds if any of the specified permissions are granted. */
private void checkReadAccountsPermitted(
int callingUid,
- String accountType) {
- if (!isReadAccountsPermitted(callingUid, accountType)) {
+ String accountType,
+ int userId) {
+ if (!isAccountVisibleToCaller(accountType, callingUid, userId)) {
String msg = String.format(
"caller uid %s cannot access %s accounts",
callingUid,
