Merge "Check key intent for selectors and prohibited flags" into sc-v2-dev am:... (0a5140b7) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/accounts/AccountManagerService.java

+13 −5

Original line number	Diff line number	Diff line
		@@ -4893,10 +4893,6 @@ public class AccountManagerService
		if (intent.getClipData() == null) {
		intent.setClipData(ClipData.newPlainText(null, null));
		}
		intent.setFlags(intent.getFlags() & ~(Intent.FLAG_GRANT_READ_URI_PERMISSION
		\| Intent.FLAG_GRANT_WRITE_URI_PERMISSION
		\| Intent.FLAG_GRANT_PERSISTABLE_URI_PERMISSION
		\| Intent.FLAG_GRANT_PREFIX_URI_PERMISSION));
		final long bid = Binder.clearCallingIdentity();
		try {
		PackageManager pm = mContext.getPackageManager();
		@@ -4942,7 +4938,19 @@ public class AccountManagerService
		if (intent == null) {
		return (simulateIntent == null);
		}
		return intent.filterEquals(simulateIntent);
		if (!intent.filterEquals(simulateIntent)) {
		return false;
		}

		if (intent.getSelector() != simulateIntent.getSelector()) {
		return false;
		}

		int prohibitedFlags = Intent.FLAG_GRANT_READ_URI_PERMISSION
		\| Intent.FLAG_GRANT_WRITE_URI_PERMISSION
		\| Intent.FLAG_GRANT_PERSISTABLE_URI_PERMISSION
		\| Intent.FLAG_GRANT_PREFIX_URI_PERMISSION;
		return (simulateIntent.getFlags() & prohibitedFlags) == 0;
		}

		private boolean isExportedSystemActivity(ActivityInfo activityInfo) {

services/tests/servicestests/src/com/android/server/accounts/AccountManagerServiceTest.java

+36 −0

Original line number	Diff line number	Diff line
		@@ -18,6 +18,7 @@ package com.android.server.accounts;

		import static android.database.sqlite.SQLiteDatabase.deleteDatabase;

		import static org.mockito.ArgumentMatchers.contains;
		import static org.mockito.Matchers.any;
		import static org.mockito.Matchers.anyBoolean;
		import static org.mockito.Matchers.anyInt;
		@@ -707,6 +708,41 @@ public class AccountManagerServiceTest extends AndroidTestCase {
		assertNotNull(intent.getParcelableExtra(AccountManagerServiceTestFixtures.KEY_CALLBACK));
		}

		@SmallTest
		public void testStartAddAccountSessionWhereAuthenticatorReturnsIntentWithProhibitedFlags()
		throws Exception {
		unlockSystemUser();
		ResolveInfo resolveInfo = new ResolveInfo();
		resolveInfo.activityInfo = new ActivityInfo();
		resolveInfo.activityInfo.applicationInfo = new ApplicationInfo();
		when(mMockPackageManager.resolveActivityAsUser(
		any(Intent.class), anyInt(), anyInt())).thenReturn(resolveInfo);
		when(mMockPackageManager.checkSignatures(
		anyInt(), anyInt())).thenReturn(PackageManager.SIGNATURE_MATCH);

		final CountDownLatch latch = new CountDownLatch(1);
		Response response = new Response(latch, mMockAccountManagerResponse);
		Bundle options = createOptionsWithAccountName(
		AccountManagerServiceTestFixtures.ACCOUNT_NAME_INTERVENE);
		int prohibitedFlags = Intent.FLAG_GRANT_READ_URI_PERMISSION
		\| Intent.FLAG_GRANT_WRITE_URI_PERMISSION
		\| Intent.FLAG_GRANT_PERSISTABLE_URI_PERMISSION
		\| Intent.FLAG_GRANT_PREFIX_URI_PERMISSION;
		options.putInt(AccountManagerServiceTestFixtures.KEY_INTENT_FLAGS, prohibitedFlags);

		mAms.startAddAccountSession(
		response, // response
		AccountManagerServiceTestFixtures.ACCOUNT_TYPE_1, // accountType
		"authTokenType",
		null, // requiredFeatures
		true, // expectActivityLaunch
		options); // optionsIn
		waitForLatch(latch);

		verify(mMockAccountManagerResponse).onError(
		eq(AccountManager.ERROR_CODE_INVALID_RESPONSE), contains("invalid intent"));
		}

		@SmallTest
		public void testStartAddAccountSessionError() throws Exception {
		unlockSystemUser();

services/tests/servicestests/src/com/android/server/accounts/AccountManagerServiceTestFixtures.java

+2 −3

Original line number	Diff line number	Diff line
		@@ -17,9 +17,6 @@ package com.android.server.accounts;

		import android.accounts.Account;

		import java.util.ArrayList;
		import java.util.List;

		/**
		* Constants shared between test AccountAuthenticators and AccountManagerServiceTest.
		*/
		@@ -31,6 +28,8 @@ public final class AccountManagerServiceTestFixtures {
		"account_manager_service_test:account_status_token_key";
		public static final String KEY_ACCOUNT_PASSWORD =
		"account_manager_service_test:account_password_key";
		public static final String KEY_INTENT_FLAGS =
		"account_manager_service_test:intent_flags_key";
		public static final String KEY_OPTIONS_BUNDLE =
		"account_manager_service_test:option_bundle_key";
		public static final String ACCOUNT_NAME_SUCCESS = "success_on_return@fixture.com";

services/tests/servicestests/src/com/android/server/accounts/TestAccountType1Authenticator.java

+3 −2

Original line number	Diff line number	Diff line
		@@ -24,8 +24,6 @@ import android.content.Context;
		import android.content.Intent;
		import android.os.Bundle;

		import com.android.frameworks.servicestests.R;

		import java.util.concurrent.atomic.AtomicInteger;

		/**
		@@ -270,11 +268,13 @@ public class TestAccountType1Authenticator extends AbstractAccountAuthenticator
		String accountName = null;
		Bundle sessionBundle = null;
		String password = null;
		int intentFlags = 0;
		if (options != null) {
		accountName = options.getString(AccountManagerServiceTestFixtures.KEY_ACCOUNT_NAME);
		sessionBundle = options.getBundle(
		AccountManagerServiceTestFixtures.KEY_ACCOUNT_SESSION_BUNDLE);
		password = options.getString(AccountManagerServiceTestFixtures.KEY_ACCOUNT_PASSWORD);
		intentFlags = options.getInt(AccountManagerServiceTestFixtures.KEY_INTENT_FLAGS, 0);
		}

		Bundle result = new Bundle();
		@@ -302,6 +302,7 @@ public class TestAccountType1Authenticator extends AbstractAccountAuthenticator
		intent.putExtra(AccountManagerServiceTestFixtures.KEY_RESULT,
		eventualActivityResultData);
		intent.putExtra(AccountManagerServiceTestFixtures.KEY_CALLBACK, response);
		intent.setFlags(intentFlags);

		result.putParcelable(AccountManager.KEY_INTENT, intent);
		} else {