Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 27eb2414 authored by Fred Quintana's avatar Fred Quintana Committed by Android (Google) Code Review
Browse files

Merge "allow permission USE_CREDENTIALS for AccountManager.invalidateAuthToken... 

Merge "allow permission USE_CREDENTIALS for AccountManager.invalidateAuthToken as well as the previous MANAGE_ACCOUNTS"
parents 9245bf85 b38eb14d

core/java/android/accounts/AccountManager.java

+2 −1
Original line number Diff line number Diff line
@@ -516,7 +516,8 @@ public class AccountManager { 
     * <p>It is safe to call this method from the main thread.

     *

     * <p>This method requires the caller to hold the permission

     * {@link android.Manifest.permission#MANAGE_ACCOUNTS}.

     * {@link android.Manifest.permission#MANAGE_ACCOUNTS} or

     * {@link android.Manifest.permission#USE_CREDENTIALS}

     *

     * @param accountType The account type of the auth token to invalidate

     * @param authToken The auth token to invalidate

core/java/android/accounts/AccountManagerService.java

+20 −10
Original line number Diff line number Diff line
@@ -565,7 +565,7 @@ public class AccountManagerService 
    }



    public void invalidateAuthToken(String accountType, String authToken) {

        checkManageAccountsPermission();

        checkManageAccountsOrUseCredentialsPermissions();

        long identityToken = clearCallingIdentity();

        try {

            SQLiteDatabase db = mOpenHelper.getWritableDatabase();
@@ -1747,19 +1747,24 @@ public class AccountManagerService 
        }

    }



    private void checkBinderPermission(String permission) {

    /** Succeeds if any of the specified permissions are granted. */

    private void checkBinderPermission(String... permissions) {

        final int uid = Binder.getCallingUid();

        if (mContext.checkCallingOrSelfPermission(permission) !=

                PackageManager.PERMISSION_GRANTED) {

            String msg = "caller uid " + uid + " lacks " + permission;

            Log.w(TAG, msg);

            throw new SecurityException(msg);

        }



        for (String perm : permissions) {

            if (mContext.checkCallingOrSelfPermission(perm) == PackageManager.PERMISSION_GRANTED) {

                if (Log.isLoggable(TAG, Log.VERBOSE)) {

            Log.v(TAG, "caller uid " + uid + " has " + permission);

                    Log.v(TAG, "caller uid " + uid + " has " + perm);

                }

                return;

            }

        }



        String msg = "caller uid " + uid + " lacks any of " + TextUtils.join(",", permissions);

        Log.w(TAG, msg);

        throw new SecurityException(msg);

    }



    private boolean inSystemImage(int callerUid) {

        String[] packages = mContext.getPackageManager().getPackagesForUid(callerUid);

        for (String name : packages) {
@@ -1848,6 +1853,11 @@ public class AccountManagerService 
        checkBinderPermission(Manifest.permission.MANAGE_ACCOUNTS);

    }



    private void checkManageAccountsOrUseCredentialsPermissions() {

        checkBinderPermission(Manifest.permission.MANAGE_ACCOUNTS,

                Manifest.permission.USE_CREDENTIALS);

    }



    /**

     * Allow callers with the given uid permission to get credentials for account/authTokenType.

     * <p>