Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 4b0c3c73 authored by Android (Google) Code Review's avatar Android (Google) Code Review
Browse files

Merge change 8302 

* changes:
  add account manager permission checking
parents 8c4ee20f d4a1d2e1

api/current.xml

+143 −0
Original line number Diff line number Diff line
@@ -122,6 +122,28 @@ 
 visibility="public"

>

</field>

<field name="ACCOUNT_MANAGER_SERVICE"

 type="java.lang.String"

 transient="false"

 volatile="false"

 value="&quot;android.permission.ACCOUNT_MANAGER_SERVICE&quot;"

 static="true"

 final="true"

 deprecated="not deprecated"

 visibility="public"

>

</field>

<field name="AUTHENTICATE_ACCOUNTS"

 type="java.lang.String"

 transient="false"

 volatile="false"

 value="&quot;android.permission.AUTHENTICATE_ACCOUNTS&quot;"

 static="true"

 final="true"

 deprecated="not deprecated"

 visibility="public"

>

</field>

<field name="BATTERY_STATS"

 type="java.lang.String"

 transient="false"
@@ -573,6 +595,17 @@ 
 visibility="public"

>

</field>

<field name="MANAGE_ACCOUNTS"

 type="java.lang.String"

 transient="false"

 volatile="false"

 value="&quot;android.permission.MANAGE_ACCOUNTS&quot;"

 static="true"

 final="true"

 deprecated="not deprecated"

 visibility="public"

>

</field>

<field name="MANAGE_APP_TOKENS"

 type="java.lang.String"

 transient="false"
@@ -1079,6 +1112,17 @@ 
 visibility="public"

>

</field>

<field name="USE_CREDENTIALS"

 type="java.lang.String"

 transient="false"

 volatile="false"

 value="&quot;android.permission.USE_CREDENTIALS&quot;"

 static="true"

 final="true"

 deprecated="not deprecated"

 visibility="public"

>

</field>

<field name="VIBRATE"

 type="java.lang.String"

 transient="false"
@@ -15929,6 +15973,8 @@ 
 deprecated="not deprecated"

 visibility="public"

>

<parameter name="context" type="android.content.Context">

</parameter>

</constructor>

<method name="addAccount"

 return="android.os.Bundle"
@@ -16023,6 +16069,19 @@ 
<exception name="NetworkErrorException" type="android.accounts.NetworkErrorException">

</exception>

</method>

<method name="getAuthTokenLabel"

 return="java.lang.String"

 abstract="true"

 native="false"

 synchronized="false"

 static="false"

 final="false"

 deprecated="not deprecated"

 visibility="public"

>

<parameter name="authTokenType" type="java.lang.String">

</parameter>

</method>

<method name="getIAccountAuthenticator"

 return="android.accounts.IAccountAuthenticator"

 abstract="false"
@@ -17335,6 +17394,17 @@ 
 visibility="public"

>

</field>

<field name="AUTH_TOKEN_LABEL_KEY"

 type="java.lang.String"

 transient="false"

 volatile="false"

 value="&quot;authTokenLabelKey&quot;"

 static="true"

 final="true"

 deprecated="not deprecated"

 visibility="public"

>

</field>

<field name="BOOLEAN_RESULT_KEY"

 type="java.lang.String"

 transient="false"
@@ -17715,6 +17785,23 @@ 
<exception name="RemoteException" type="android.os.RemoteException">

</exception>

</method>

<method name="getAuthTokenLabel"

 return="void"

 abstract="true"

 native="false"

 synchronized="false"

 static="false"

 final="false"

 deprecated="not deprecated"

 visibility="public"

>

<parameter name="response" type="android.accounts.IAccountAuthenticatorResponse">

</parameter>

<parameter name="authTokenType" type="java.lang.String">

</parameter>

<exception name="RemoteException" type="android.os.RemoteException">

</exception>

</method>

<method name="hasFeatures"

 return="void"

 abstract="true"
@@ -138591,6 +138678,62 @@ 
>

</method>

</class>

<class name="Pair"

 extends="java.lang.Object"

 abstract="false"

 static="false"

 final="false"

 deprecated="not deprecated"

 visibility="public"

>

<constructor name="Pair"

 type="android.util.Pair"

 static="false"

 final="false"

 deprecated="not deprecated"

 visibility="public"

>

<parameter name="first" type="F">

</parameter>

<parameter name="second" type="S">

</parameter>

</constructor>

<method name="create"

 return="android.util.Pair&lt;A, B&gt;"

 abstract="false"

 native="false"

 synchronized="false"

 static="true"

 final="false"

 deprecated="not deprecated"

 visibility="public"

>

<parameter name="a" type="A">

</parameter>

<parameter name="b" type="B">

</parameter>

</method>

<field name="first"

 type="F"

 transient="false"

 volatile="false"

 static="false"

 final="true"

 deprecated="not deprecated"

 visibility="public"

>

</field>

<field name="second"

 type="S"

 transient="false"

 volatile="false"

 static="false"

 final="true"

 deprecated="not deprecated"

 visibility="public"

>

</field>

</class>

<class name="PrintStreamPrinter"

 extends="java.lang.Object"

 abstract="false"

core/java/android/accounts/AbstractAccountAuthenticator.java

+45 −0
Original line number Diff line number Diff line
@@ -18,6 +18,11 @@ package android.accounts; 


import android.os.Bundle;

import android.os.RemoteException;

import android.os.Binder;

import android.util.Log;

import android.content.pm.PackageManager;

import android.content.Context;

import android.Manifest;



/**

 * Base class for creating AccountAuthenticators. This implements the IAccountAuthenticator
@@ -25,10 +30,17 @@ import android.os.RemoteException; 
 * AccountAuthenticators.

 */

public abstract class AbstractAccountAuthenticator {

    private final Context mContext;



    public AbstractAccountAuthenticator(Context context) {

        mContext = context;

    }



    class Transport extends IAccountAuthenticator.Stub {

        public void addAccount(IAccountAuthenticatorResponse response, String accountType,

                String authTokenType, String[] requiredFeatures, Bundle options)

                throws RemoteException {

            checkBinderPermission();

            final Bundle result;

            try {

                result = AbstractAccountAuthenticator.this.addAccount(
@@ -49,6 +61,7 @@ public abstract class AbstractAccountAuthenticator { 


        public void confirmPassword(IAccountAuthenticatorResponse response,

                Account account, String password) throws RemoteException {

            checkBinderPermission();

            boolean result;

            try {

                result = AbstractAccountAuthenticator.this.confirmPassword(
@@ -69,6 +82,7 @@ public abstract class AbstractAccountAuthenticator { 


        public void confirmCredentials(IAccountAuthenticatorResponse response,

                Account account) throws RemoteException {

            checkBinderPermission();

            final Bundle result;

            try {

                result = AbstractAccountAuthenticator.this.confirmCredentials(
@@ -83,9 +97,28 @@ public abstract class AbstractAccountAuthenticator { 
            }

        }



        public void getAuthTokenLabel(IAccountAuthenticatorResponse response,

                String authTokenType)

                throws RemoteException {

            checkBinderPermission();

            try {

                Bundle result = new Bundle();

                result.putString(Constants.AUTH_TOKEN_LABEL_KEY,

                        AbstractAccountAuthenticator.this.getAuthTokenLabel(authTokenType));

                response.onResult(result);

            } catch (IllegalArgumentException e) {

                response.onError(Constants.ERROR_CODE_BAD_ARGUMENTS,

                        "unknown authTokenType");

            } catch (UnsupportedOperationException e) {

                response.onError(Constants.ERROR_CODE_UNSUPPORTED_OPERATION,

                        "getAuthTokenTypeLabel not supported");

            }

        }



        public void getAuthToken(IAccountAuthenticatorResponse response,

                Account account, String authTokenType, Bundle loginOptions)

                throws RemoteException {

            checkBinderPermission();

            try {

                final Bundle result = AbstractAccountAuthenticator.this.getAuthToken(

                        new AccountAuthenticatorResponse(response), account,
@@ -103,6 +136,7 @@ public abstract class AbstractAccountAuthenticator { 


        public void updateCredentials(IAccountAuthenticatorResponse response, Account account,

                String authTokenType, Bundle loginOptions) throws RemoteException {

            checkBinderPermission();

            final Bundle result;

            try {

                result = AbstractAccountAuthenticator.this.updateCredentials(
@@ -120,6 +154,7 @@ public abstract class AbstractAccountAuthenticator { 


        public void editProperties(IAccountAuthenticatorResponse response,

                String accountType) throws RemoteException {

            checkBinderPermission();

            final Bundle result;

            try {

                result = AbstractAccountAuthenticator.this.editProperties(
@@ -136,6 +171,7 @@ public abstract class AbstractAccountAuthenticator { 


        public void hasFeatures(IAccountAuthenticatorResponse response,

                Account account, String[] features) throws RemoteException {

            checkBinderPermission();

            final Bundle result;

            try {

                result = AbstractAccountAuthenticator.this.hasFeatures(
@@ -154,6 +190,14 @@ public abstract class AbstractAccountAuthenticator { 
        }

    }



    private void checkBinderPermission() {

        final int uid = Binder.getCallingUid();

        final String perm = Manifest.permission.ACCOUNT_MANAGER_SERVICE;

        if (mContext.checkCallingOrSelfPermission(perm) != PackageManager.PERMISSION_GRANTED) {

            throw new SecurityException("caller uid " + uid + " lacks " + perm);

        }

    }



    Transport mTransport = new Transport();



    /**
@@ -189,6 +233,7 @@ public abstract class AbstractAccountAuthenticator { 
    public abstract Bundle getAuthToken(AccountAuthenticatorResponse response,

            Account account, String authTokenType, Bundle loginOptions)

            throws NetworkErrorException;

    public abstract String getAuthTokenLabel(String authTokenType);

    public abstract Bundle updateCredentials(AccountAuthenticatorResponse response,

            Account account, String authTokenType, Bundle loginOptions);

    public abstract Bundle hasFeatures(AccountAuthenticatorResponse response,

core/java/android/accounts/AccountManager.java

+7 −0
Original line number Diff line number Diff line
@@ -652,6 +652,13 @@ public class AccountManager { 
                    // that we see

                    mActivity.startActivity(intent);

                    // leave the Future running to wait for the real response to this request

                } else if (bundle.getBoolean("retry")) {

                    try {

                        doWork();

                    } catch (RemoteException e) {

                        // this will only happen if the system process is dead, which means

                        // we will be dying ourselves

                    }

                } else {

                    set(bundle);

                }

core/java/android/accounts/AccountManagerService.java

+370 −34

File changed.

Preview size limit exceeded, changes collapsed.

core/java/android/accounts/Constants.java

+1 −0
Original line number Diff line number Diff line
@@ -40,6 +40,7 @@ public class Constants { 
    public static final String ACCOUNT_AUTHENTICATOR_RESPONSE_KEY = "accountAuthenticatorResponse";

    public static final String ACCOUNT_MANAGER_RESPONSE_KEY = "accountManagerResponse";

    public static final String AUTH_FAILED_MESSAGE_KEY = "authFailedMessage";

    public static final String AUTH_TOKEN_LABEL_KEY = "authTokenLabelKey";



    public static final String AUTHENTICATOR_INTENT_ACTION =

            "android.accounts.AccountAuthenticator";