Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 5c80debe authored by Dmitry Dementyev's avatar Dmitry Dementyev
Browse files

Clear calling identity before getUserAccounts in 

AccountManagerService

Fix accountsDb tests.

Bug: 36860606
Test: manual
Change-Id: Iad86d1bf7edd0f847262562ace9c2d5c9fdff978
(cherry picked from commit 9fc6f574)
parent 081d2ccd

services/core/java/com/android/server/accounts/AccountManagerService.java

+60 −27
Original line number Diff line number Diff line
@@ -427,14 +427,13 @@ public class AccountManagerService 
    public boolean addAccountExplicitlyWithVisibility(Account account, String password,

            Bundle extras, Map packageToVisibility) {

        Bundle.setDefusable(extras, true);



        final int callingUid = Binder.getCallingUid();

        int callingUid = Binder.getCallingUid();

        int userId = UserHandle.getCallingUserId();

        if (Log.isLoggable(TAG, Log.VERBOSE)) {

            Log.v(TAG, "addAccountExplicitly: " + account + ", caller's uid " + callingUid

                    + ", pid " + Binder.getCallingPid());

        }

        Preconditions.checkNotNull(account, "account cannot be null");

        int userId = UserHandle.getCallingUserId();

        if (!isAccountManagedByCaller(account.type, callingUid, userId)) {

            String msg = String.format("uid %s cannot explicitly add accounts of type: %s",

                    callingUid, account.type);
@@ -461,9 +460,9 @@ public class AccountManagerService 
    public Map<Account, Integer> getAccountsAndVisibilityForPackage(String packageName,

            String accountType) {

        int callingUid = Binder.getCallingUid();

        int userId = UserHandle.getCallingUserId();

        boolean isSystemUid = UserHandle.isSameApp(callingUid, Process.SYSTEM_UID);

        List<String> managedTypes =

                getTypesForCaller(callingUid, UserHandle.getUserId(callingUid), isSystemUid);

        List<String> managedTypes = getTypesForCaller(callingUid, userId, isSystemUid);



        if ((accountType != null && !managedTypes.contains(accountType))

                || (accountType == null && !isSystemUid)) {
@@ -478,8 +477,9 @@ public class AccountManagerService 


        long identityToken = clearCallingIdentity();

        try {

            UserAccounts accounts = getUserAccounts(userId);

            return getAccountsAndVisibilityForPackage(packageName, managedTypes, callingUid,

                    getUserAccounts(UserHandle.getUserId(callingUid)));

                    accounts);

        } finally {

            restoreCallingIdentity(identityToken);

        }
@@ -490,12 +490,8 @@ public class AccountManagerService 
     */

    private Map<Account, Integer> getAccountsAndVisibilityForPackage(String packageName,

            List<String> accountTypes, Integer callingUid, UserAccounts accounts) {

        int uid = 0;

        try {

            uid = mPackageManager.getPackageUidAsUser(packageName,

                    UserHandle.getUserId(callingUid));

        } catch (NameNotFoundException e) {

            Log.d(TAG, "Package not found " + e.getMessage());

        if (!packageExistsForUser(packageName, accounts.userId)) {

            Log.d(TAG, "Package not found " + packageName);

            return new LinkedHashMap<>();

        }
@@ -520,19 +516,26 @@ public class AccountManagerService 
    public Map<String, Integer> getPackagesAndVisibilityForAccount(Account account) {

        Preconditions.checkNotNull(account, "account cannot be null");

        int callingUid = Binder.getCallingUid();

        int userId = UserHandle.getUserId(callingUid);

        UserAccounts accounts = getUserAccounts(userId);

        int userId = UserHandle.getCallingUserId();

        if (!isAccountManagedByCaller(account.type, callingUid, userId)

                && !isSystemUid(callingUid)) {

            String msg =

                    String.format("uid %s cannot get secrets for account %s", callingUid, account);

            throw new SecurityException(msg);

        }



        long identityToken = clearCallingIdentity();

        try {

            UserAccounts accounts = getUserAccounts(userId);

            synchronized (accounts.dbLock) {

                synchronized (accounts.cacheLock) {

                    return getPackagesAndVisibilityForAccountLocked(account, accounts);

                }

            }

        } finally {

            restoreCallingIdentity(identityToken);

        }



    }



    /**
@@ -560,8 +563,8 @@ public class AccountManagerService 
        Preconditions.checkNotNull(account, "account cannot be null");

        Preconditions.checkNotNull(packageName, "packageName cannot be null");

        int callingUid = Binder.getCallingUid();

        UserAccounts accounts = getUserAccounts(UserHandle.getUserId(callingUid));

        if (!isAccountManagedByCaller(account.type, callingUid, accounts.userId)

        int userId = UserHandle.getCallingUserId();

        if (!isAccountManagedByCaller(account.type, callingUid, userId)

            && !isSystemUid(callingUid)) {

            String msg = String.format(

                    "uid %s cannot get secrets for accounts of type: %s",
@@ -569,7 +572,13 @@ public class AccountManagerService 
                    account.type);

            throw new SecurityException(msg);

        }

        long identityToken = clearCallingIdentity();

        try {

            UserAccounts accounts = getUserAccounts(userId);

            return resolveAccountVisibility(account, packageName, accounts);

        } finally {

            restoreCallingIdentity(identityToken);

        }

    }



    /**
@@ -708,8 +717,8 @@ public class AccountManagerService 
        Preconditions.checkNotNull(account, "account cannot be null");

        Preconditions.checkNotNull(packageName, "packageName cannot be null");

        int callingUid = Binder.getCallingUid();

        UserAccounts accounts = getUserAccounts(UserHandle.getUserId(callingUid));

        if (!isAccountManagedByCaller(account.type, callingUid, accounts.userId)

        int userId = UserHandle.getCallingUserId();

        if (!isAccountManagedByCaller(account.type, callingUid, userId)

            && !isSystemUid(callingUid)) {

            String msg = String.format(

                    "uid %s cannot get secrets for accounts of type: %s",
@@ -717,8 +726,14 @@ public class AccountManagerService 
                    account.type);

            throw new SecurityException(msg);

        }

        long identityToken = clearCallingIdentity();

        try {

            UserAccounts accounts = getUserAccounts(userId);

            return setAccountVisibility(account, packageName, newVisibility, true /* notify */,

                accounts);

        } finally {

            restoreCallingIdentity(identityToken);

        }

    }



    /**
@@ -805,8 +820,15 @@ public class AccountManagerService 
    public void registerAccountListener(String[] accountTypes, String opPackageName) {

        int callingUid = Binder.getCallingUid();

        mAppOpsManager.checkPackage(callingUid, opPackageName);

        registerAccountListener(accountTypes, opPackageName,

            getUserAccounts(UserHandle.getUserId(callingUid)));



        int userId = UserHandle.getCallingUserId();

        long identityToken = clearCallingIdentity();

        try {

            UserAccounts accounts = getUserAccounts(userId);

            registerAccountListener(accountTypes, opPackageName, accounts);

        } finally {

            restoreCallingIdentity(identityToken);

        }

    }



    private void registerAccountListener(String[] accountTypes, String opPackageName,
@@ -832,7 +854,18 @@ public class AccountManagerService 
    public void unregisterAccountListener(String[] accountTypes, String opPackageName) {

        int callingUid = Binder.getCallingUid();

        mAppOpsManager.checkPackage(callingUid, opPackageName);

        UserAccounts accounts = getUserAccounts(UserHandle.getUserId(callingUid));

        int userId = UserHandle.getCallingUserId();

        long identityToken = clearCallingIdentity();

        try {

            UserAccounts accounts = getUserAccounts(userId);

            unregisterAccountListener(accountTypes, opPackageName, accounts);

        } finally {

            restoreCallingIdentity(identityToken);

        }

    }



    private void unregisterAccountListener(String[] accountTypes, String opPackageName,

            UserAccounts accounts) {

        synchronized (accounts.mReceiversForType) {

            if (accountTypes == null) {

                // null for any type
@@ -903,7 +936,7 @@ public class AccountManagerService 
            long identityToken = clearCallingIdentity();

            try {

                mPackageManager.getPackageUidAsUser(packageName, userId);

                return true; // package exist

                return true;

            } finally {

                restoreCallingIdentity(identityToken);

            }

services/tests/servicestests/src/com/android/server/accounts/AccountsDbTest.java

+1 −1
Original line number Diff line number Diff line
@@ -149,7 +149,7 @@ public class AccountsDbTest { 
        // 2nd account

        Account account2 = new Account("name", "example2.com");

        long accId2 = mAccountsDb.insertCeAccount(account2, "password");

        mAccountsDb.insertDeAccount(account2, accId);

        mAccountsDb.insertDeAccount(account2, accId2);

        mAccountsDb.insertAuthToken(accId2, "type", "token");



        mAccountsDb.deleteAuthTokensByAccountId(accId2);