Loading services/core/java/com/android/server/accounts/AccountManagerService.java +60 −27 Original line number Original line Diff line number Diff line Loading @@ -427,14 +427,13 @@ public class AccountManagerService public boolean addAccountExplicitlyWithVisibility(Account account, String password, public boolean addAccountExplicitlyWithVisibility(Account account, String password, Bundle extras, Map packageToVisibility) { Bundle extras, Map packageToVisibility) { Bundle.setDefusable(extras, true); Bundle.setDefusable(extras, true); int callingUid = Binder.getCallingUid(); final int callingUid = Binder.getCallingUid(); int userId = UserHandle.getCallingUserId(); if (Log.isLoggable(TAG, Log.VERBOSE)) { if (Log.isLoggable(TAG, Log.VERBOSE)) { Log.v(TAG, "addAccountExplicitly: " + account + ", caller's uid " + callingUid Log.v(TAG, "addAccountExplicitly: " + account + ", caller's uid " + callingUid + ", pid " + Binder.getCallingPid()); + ", pid " + Binder.getCallingPid()); } } Preconditions.checkNotNull(account, "account cannot be null"); Preconditions.checkNotNull(account, "account cannot be null"); int userId = UserHandle.getCallingUserId(); if (!isAccountManagedByCaller(account.type, callingUid, userId)) { if (!isAccountManagedByCaller(account.type, callingUid, userId)) { String msg = String.format("uid %s cannot explicitly add accounts of type: %s", String msg = String.format("uid %s cannot explicitly add accounts of type: %s", callingUid, account.type); callingUid, account.type); Loading @@ -461,9 +460,9 @@ public class AccountManagerService public Map<Account, Integer> getAccountsAndVisibilityForPackage(String packageName, public Map<Account, Integer> getAccountsAndVisibilityForPackage(String packageName, String accountType) { String accountType) { int callingUid = Binder.getCallingUid(); int callingUid = Binder.getCallingUid(); int userId = UserHandle.getCallingUserId(); boolean isSystemUid = UserHandle.isSameApp(callingUid, Process.SYSTEM_UID); boolean isSystemUid = UserHandle.isSameApp(callingUid, Process.SYSTEM_UID); List<String> managedTypes = List<String> managedTypes = getTypesForCaller(callingUid, userId, isSystemUid); getTypesForCaller(callingUid, UserHandle.getUserId(callingUid), isSystemUid); if ((accountType != null && !managedTypes.contains(accountType)) if ((accountType != null && !managedTypes.contains(accountType)) || (accountType == null && !isSystemUid)) { || (accountType == null && !isSystemUid)) { Loading @@ -478,8 +477,9 @@ public class AccountManagerService long identityToken = clearCallingIdentity(); long identityToken = clearCallingIdentity(); try { try { UserAccounts accounts = getUserAccounts(userId); return getAccountsAndVisibilityForPackage(packageName, managedTypes, callingUid, return getAccountsAndVisibilityForPackage(packageName, managedTypes, callingUid, getUserAccounts(UserHandle.getUserId(callingUid))); accounts); } finally { } finally { restoreCallingIdentity(identityToken); restoreCallingIdentity(identityToken); } } Loading @@ -490,12 +490,8 @@ public class AccountManagerService */ */ private Map<Account, Integer> getAccountsAndVisibilityForPackage(String packageName, private Map<Account, Integer> getAccountsAndVisibilityForPackage(String packageName, List<String> accountTypes, Integer callingUid, UserAccounts accounts) { List<String> accountTypes, Integer callingUid, UserAccounts accounts) { int uid = 0; if (!packageExistsForUser(packageName, accounts.userId)) { try { Log.d(TAG, "Package not found " + packageName); uid = mPackageManager.getPackageUidAsUser(packageName, UserHandle.getUserId(callingUid)); } catch (NameNotFoundException e) { Log.d(TAG, "Package not found " + e.getMessage()); return new LinkedHashMap<>(); return new LinkedHashMap<>(); } } Loading @@ -520,19 +516,26 @@ public class AccountManagerService public Map<String, Integer> getPackagesAndVisibilityForAccount(Account account) { public Map<String, Integer> getPackagesAndVisibilityForAccount(Account account) { Preconditions.checkNotNull(account, "account cannot be null"); Preconditions.checkNotNull(account, "account cannot be null"); int callingUid = Binder.getCallingUid(); int callingUid = Binder.getCallingUid(); int userId = UserHandle.getUserId(callingUid); int userId = UserHandle.getCallingUserId(); UserAccounts accounts = getUserAccounts(userId); if (!isAccountManagedByCaller(account.type, callingUid, userId) if (!isAccountManagedByCaller(account.type, callingUid, userId) && !isSystemUid(callingUid)) { && !isSystemUid(callingUid)) { String msg = String msg = String.format("uid %s cannot get secrets for account %s", callingUid, account); String.format("uid %s cannot get secrets for account %s", callingUid, account); throw new SecurityException(msg); throw new SecurityException(msg); } } long identityToken = clearCallingIdentity(); try { UserAccounts accounts = getUserAccounts(userId); synchronized (accounts.dbLock) { synchronized (accounts.dbLock) { synchronized (accounts.cacheLock) { synchronized (accounts.cacheLock) { return getPackagesAndVisibilityForAccountLocked(account, accounts); return getPackagesAndVisibilityForAccountLocked(account, accounts); } } } } } finally { restoreCallingIdentity(identityToken); } } } /** /** Loading Loading @@ -560,8 +563,8 @@ public class AccountManagerService Preconditions.checkNotNull(account, "account cannot be null"); Preconditions.checkNotNull(account, "account cannot be null"); Preconditions.checkNotNull(packageName, "packageName cannot be null"); Preconditions.checkNotNull(packageName, "packageName cannot be null"); int callingUid = Binder.getCallingUid(); int callingUid = Binder.getCallingUid(); UserAccounts accounts = getUserAccounts(UserHandle.getUserId(callingUid)); int userId = UserHandle.getCallingUserId(); if (!isAccountManagedByCaller(account.type, callingUid, accounts.userId) if (!isAccountManagedByCaller(account.type, callingUid, userId) && !isSystemUid(callingUid)) { && !isSystemUid(callingUid)) { String msg = String.format( String msg = String.format( "uid %s cannot get secrets for accounts of type: %s", "uid %s cannot get secrets for accounts of type: %s", Loading @@ -569,7 +572,13 @@ public class AccountManagerService account.type); account.type); throw new SecurityException(msg); throw new SecurityException(msg); } } long identityToken = clearCallingIdentity(); try { UserAccounts accounts = getUserAccounts(userId); return resolveAccountVisibility(account, packageName, accounts); return resolveAccountVisibility(account, packageName, accounts); } finally { restoreCallingIdentity(identityToken); } } } /** /** Loading Loading @@ -708,8 +717,8 @@ public class AccountManagerService Preconditions.checkNotNull(account, "account cannot be null"); Preconditions.checkNotNull(account, "account cannot be null"); Preconditions.checkNotNull(packageName, "packageName cannot be null"); Preconditions.checkNotNull(packageName, "packageName cannot be null"); int callingUid = Binder.getCallingUid(); int callingUid = Binder.getCallingUid(); UserAccounts accounts = getUserAccounts(UserHandle.getUserId(callingUid)); int userId = UserHandle.getCallingUserId(); if (!isAccountManagedByCaller(account.type, callingUid, accounts.userId) if (!isAccountManagedByCaller(account.type, callingUid, userId) && !isSystemUid(callingUid)) { && !isSystemUid(callingUid)) { String msg = String.format( String msg = String.format( "uid %s cannot get secrets for accounts of type: %s", "uid %s cannot get secrets for accounts of type: %s", Loading @@ -717,8 +726,14 @@ public class AccountManagerService account.type); account.type); throw new SecurityException(msg); throw new SecurityException(msg); } } long identityToken = clearCallingIdentity(); try { UserAccounts accounts = getUserAccounts(userId); return setAccountVisibility(account, packageName, newVisibility, true /* notify */, return setAccountVisibility(account, packageName, newVisibility, true /* notify */, accounts); accounts); } finally { restoreCallingIdentity(identityToken); } } } /** /** Loading Loading @@ -805,8 +820,15 @@ public class AccountManagerService public void registerAccountListener(String[] accountTypes, String opPackageName) { public void registerAccountListener(String[] accountTypes, String opPackageName) { int callingUid = Binder.getCallingUid(); int callingUid = Binder.getCallingUid(); mAppOpsManager.checkPackage(callingUid, opPackageName); mAppOpsManager.checkPackage(callingUid, opPackageName); registerAccountListener(accountTypes, opPackageName, getUserAccounts(UserHandle.getUserId(callingUid))); int userId = UserHandle.getCallingUserId(); long identityToken = clearCallingIdentity(); try { UserAccounts accounts = getUserAccounts(userId); registerAccountListener(accountTypes, opPackageName, accounts); } finally { restoreCallingIdentity(identityToken); } } } private void registerAccountListener(String[] accountTypes, String opPackageName, private void registerAccountListener(String[] accountTypes, String opPackageName, Loading @@ -832,7 +854,18 @@ public class AccountManagerService public void unregisterAccountListener(String[] accountTypes, String opPackageName) { public void unregisterAccountListener(String[] accountTypes, String opPackageName) { int callingUid = Binder.getCallingUid(); int callingUid = Binder.getCallingUid(); mAppOpsManager.checkPackage(callingUid, opPackageName); mAppOpsManager.checkPackage(callingUid, opPackageName); UserAccounts accounts = getUserAccounts(UserHandle.getUserId(callingUid)); int userId = UserHandle.getCallingUserId(); long identityToken = clearCallingIdentity(); try { UserAccounts accounts = getUserAccounts(userId); unregisterAccountListener(accountTypes, opPackageName, accounts); } finally { restoreCallingIdentity(identityToken); } } private void unregisterAccountListener(String[] accountTypes, String opPackageName, UserAccounts accounts) { synchronized (accounts.mReceiversForType) { synchronized (accounts.mReceiversForType) { if (accountTypes == null) { if (accountTypes == null) { // null for any type // null for any type Loading Loading @@ -903,7 +936,7 @@ public class AccountManagerService long identityToken = clearCallingIdentity(); long identityToken = clearCallingIdentity(); try { try { mPackageManager.getPackageUidAsUser(packageName, userId); mPackageManager.getPackageUidAsUser(packageName, userId); return true; // package exist return true; } finally { } finally { restoreCallingIdentity(identityToken); restoreCallingIdentity(identityToken); } } Loading services/tests/servicestests/src/com/android/server/accounts/AccountsDbTest.java +1 −1 Original line number Original line Diff line number Diff line Loading @@ -149,7 +149,7 @@ public class AccountsDbTest { // 2nd account // 2nd account Account account2 = new Account("name", "example2.com"); Account account2 = new Account("name", "example2.com"); long accId2 = mAccountsDb.insertCeAccount(account2, "password"); long accId2 = mAccountsDb.insertCeAccount(account2, "password"); mAccountsDb.insertDeAccount(account2, accId); mAccountsDb.insertDeAccount(account2, accId2); mAccountsDb.insertAuthToken(accId2, "type", "token"); mAccountsDb.insertAuthToken(accId2, "type", "token"); mAccountsDb.deleteAuthTokensByAccountId(accId2); mAccountsDb.deleteAuthTokensByAccountId(accId2); Loading Loading
services/core/java/com/android/server/accounts/AccountManagerService.java +60 −27 Original line number Original line Diff line number Diff line Loading @@ -427,14 +427,13 @@ public class AccountManagerService public boolean addAccountExplicitlyWithVisibility(Account account, String password, public boolean addAccountExplicitlyWithVisibility(Account account, String password, Bundle extras, Map packageToVisibility) { Bundle extras, Map packageToVisibility) { Bundle.setDefusable(extras, true); Bundle.setDefusable(extras, true); int callingUid = Binder.getCallingUid(); final int callingUid = Binder.getCallingUid(); int userId = UserHandle.getCallingUserId(); if (Log.isLoggable(TAG, Log.VERBOSE)) { if (Log.isLoggable(TAG, Log.VERBOSE)) { Log.v(TAG, "addAccountExplicitly: " + account + ", caller's uid " + callingUid Log.v(TAG, "addAccountExplicitly: " + account + ", caller's uid " + callingUid + ", pid " + Binder.getCallingPid()); + ", pid " + Binder.getCallingPid()); } } Preconditions.checkNotNull(account, "account cannot be null"); Preconditions.checkNotNull(account, "account cannot be null"); int userId = UserHandle.getCallingUserId(); if (!isAccountManagedByCaller(account.type, callingUid, userId)) { if (!isAccountManagedByCaller(account.type, callingUid, userId)) { String msg = String.format("uid %s cannot explicitly add accounts of type: %s", String msg = String.format("uid %s cannot explicitly add accounts of type: %s", callingUid, account.type); callingUid, account.type); Loading @@ -461,9 +460,9 @@ public class AccountManagerService public Map<Account, Integer> getAccountsAndVisibilityForPackage(String packageName, public Map<Account, Integer> getAccountsAndVisibilityForPackage(String packageName, String accountType) { String accountType) { int callingUid = Binder.getCallingUid(); int callingUid = Binder.getCallingUid(); int userId = UserHandle.getCallingUserId(); boolean isSystemUid = UserHandle.isSameApp(callingUid, Process.SYSTEM_UID); boolean isSystemUid = UserHandle.isSameApp(callingUid, Process.SYSTEM_UID); List<String> managedTypes = List<String> managedTypes = getTypesForCaller(callingUid, userId, isSystemUid); getTypesForCaller(callingUid, UserHandle.getUserId(callingUid), isSystemUid); if ((accountType != null && !managedTypes.contains(accountType)) if ((accountType != null && !managedTypes.contains(accountType)) || (accountType == null && !isSystemUid)) { || (accountType == null && !isSystemUid)) { Loading @@ -478,8 +477,9 @@ public class AccountManagerService long identityToken = clearCallingIdentity(); long identityToken = clearCallingIdentity(); try { try { UserAccounts accounts = getUserAccounts(userId); return getAccountsAndVisibilityForPackage(packageName, managedTypes, callingUid, return getAccountsAndVisibilityForPackage(packageName, managedTypes, callingUid, getUserAccounts(UserHandle.getUserId(callingUid))); accounts); } finally { } finally { restoreCallingIdentity(identityToken); restoreCallingIdentity(identityToken); } } Loading @@ -490,12 +490,8 @@ public class AccountManagerService */ */ private Map<Account, Integer> getAccountsAndVisibilityForPackage(String packageName, private Map<Account, Integer> getAccountsAndVisibilityForPackage(String packageName, List<String> accountTypes, Integer callingUid, UserAccounts accounts) { List<String> accountTypes, Integer callingUid, UserAccounts accounts) { int uid = 0; if (!packageExistsForUser(packageName, accounts.userId)) { try { Log.d(TAG, "Package not found " + packageName); uid = mPackageManager.getPackageUidAsUser(packageName, UserHandle.getUserId(callingUid)); } catch (NameNotFoundException e) { Log.d(TAG, "Package not found " + e.getMessage()); return new LinkedHashMap<>(); return new LinkedHashMap<>(); } } Loading @@ -520,19 +516,26 @@ public class AccountManagerService public Map<String, Integer> getPackagesAndVisibilityForAccount(Account account) { public Map<String, Integer> getPackagesAndVisibilityForAccount(Account account) { Preconditions.checkNotNull(account, "account cannot be null"); Preconditions.checkNotNull(account, "account cannot be null"); int callingUid = Binder.getCallingUid(); int callingUid = Binder.getCallingUid(); int userId = UserHandle.getUserId(callingUid); int userId = UserHandle.getCallingUserId(); UserAccounts accounts = getUserAccounts(userId); if (!isAccountManagedByCaller(account.type, callingUid, userId) if (!isAccountManagedByCaller(account.type, callingUid, userId) && !isSystemUid(callingUid)) { && !isSystemUid(callingUid)) { String msg = String msg = String.format("uid %s cannot get secrets for account %s", callingUid, account); String.format("uid %s cannot get secrets for account %s", callingUid, account); throw new SecurityException(msg); throw new SecurityException(msg); } } long identityToken = clearCallingIdentity(); try { UserAccounts accounts = getUserAccounts(userId); synchronized (accounts.dbLock) { synchronized (accounts.dbLock) { synchronized (accounts.cacheLock) { synchronized (accounts.cacheLock) { return getPackagesAndVisibilityForAccountLocked(account, accounts); return getPackagesAndVisibilityForAccountLocked(account, accounts); } } } } } finally { restoreCallingIdentity(identityToken); } } } /** /** Loading Loading @@ -560,8 +563,8 @@ public class AccountManagerService Preconditions.checkNotNull(account, "account cannot be null"); Preconditions.checkNotNull(account, "account cannot be null"); Preconditions.checkNotNull(packageName, "packageName cannot be null"); Preconditions.checkNotNull(packageName, "packageName cannot be null"); int callingUid = Binder.getCallingUid(); int callingUid = Binder.getCallingUid(); UserAccounts accounts = getUserAccounts(UserHandle.getUserId(callingUid)); int userId = UserHandle.getCallingUserId(); if (!isAccountManagedByCaller(account.type, callingUid, accounts.userId) if (!isAccountManagedByCaller(account.type, callingUid, userId) && !isSystemUid(callingUid)) { && !isSystemUid(callingUid)) { String msg = String.format( String msg = String.format( "uid %s cannot get secrets for accounts of type: %s", "uid %s cannot get secrets for accounts of type: %s", Loading @@ -569,7 +572,13 @@ public class AccountManagerService account.type); account.type); throw new SecurityException(msg); throw new SecurityException(msg); } } long identityToken = clearCallingIdentity(); try { UserAccounts accounts = getUserAccounts(userId); return resolveAccountVisibility(account, packageName, accounts); return resolveAccountVisibility(account, packageName, accounts); } finally { restoreCallingIdentity(identityToken); } } } /** /** Loading Loading @@ -708,8 +717,8 @@ public class AccountManagerService Preconditions.checkNotNull(account, "account cannot be null"); Preconditions.checkNotNull(account, "account cannot be null"); Preconditions.checkNotNull(packageName, "packageName cannot be null"); Preconditions.checkNotNull(packageName, "packageName cannot be null"); int callingUid = Binder.getCallingUid(); int callingUid = Binder.getCallingUid(); UserAccounts accounts = getUserAccounts(UserHandle.getUserId(callingUid)); int userId = UserHandle.getCallingUserId(); if (!isAccountManagedByCaller(account.type, callingUid, accounts.userId) if (!isAccountManagedByCaller(account.type, callingUid, userId) && !isSystemUid(callingUid)) { && !isSystemUid(callingUid)) { String msg = String.format( String msg = String.format( "uid %s cannot get secrets for accounts of type: %s", "uid %s cannot get secrets for accounts of type: %s", Loading @@ -717,8 +726,14 @@ public class AccountManagerService account.type); account.type); throw new SecurityException(msg); throw new SecurityException(msg); } } long identityToken = clearCallingIdentity(); try { UserAccounts accounts = getUserAccounts(userId); return setAccountVisibility(account, packageName, newVisibility, true /* notify */, return setAccountVisibility(account, packageName, newVisibility, true /* notify */, accounts); accounts); } finally { restoreCallingIdentity(identityToken); } } } /** /** Loading Loading @@ -805,8 +820,15 @@ public class AccountManagerService public void registerAccountListener(String[] accountTypes, String opPackageName) { public void registerAccountListener(String[] accountTypes, String opPackageName) { int callingUid = Binder.getCallingUid(); int callingUid = Binder.getCallingUid(); mAppOpsManager.checkPackage(callingUid, opPackageName); mAppOpsManager.checkPackage(callingUid, opPackageName); registerAccountListener(accountTypes, opPackageName, getUserAccounts(UserHandle.getUserId(callingUid))); int userId = UserHandle.getCallingUserId(); long identityToken = clearCallingIdentity(); try { UserAccounts accounts = getUserAccounts(userId); registerAccountListener(accountTypes, opPackageName, accounts); } finally { restoreCallingIdentity(identityToken); } } } private void registerAccountListener(String[] accountTypes, String opPackageName, private void registerAccountListener(String[] accountTypes, String opPackageName, Loading @@ -832,7 +854,18 @@ public class AccountManagerService public void unregisterAccountListener(String[] accountTypes, String opPackageName) { public void unregisterAccountListener(String[] accountTypes, String opPackageName) { int callingUid = Binder.getCallingUid(); int callingUid = Binder.getCallingUid(); mAppOpsManager.checkPackage(callingUid, opPackageName); mAppOpsManager.checkPackage(callingUid, opPackageName); UserAccounts accounts = getUserAccounts(UserHandle.getUserId(callingUid)); int userId = UserHandle.getCallingUserId(); long identityToken = clearCallingIdentity(); try { UserAccounts accounts = getUserAccounts(userId); unregisterAccountListener(accountTypes, opPackageName, accounts); } finally { restoreCallingIdentity(identityToken); } } private void unregisterAccountListener(String[] accountTypes, String opPackageName, UserAccounts accounts) { synchronized (accounts.mReceiversForType) { synchronized (accounts.mReceiversForType) { if (accountTypes == null) { if (accountTypes == null) { // null for any type // null for any type Loading Loading @@ -903,7 +936,7 @@ public class AccountManagerService long identityToken = clearCallingIdentity(); long identityToken = clearCallingIdentity(); try { try { mPackageManager.getPackageUidAsUser(packageName, userId); mPackageManager.getPackageUidAsUser(packageName, userId); return true; // package exist return true; } finally { } finally { restoreCallingIdentity(identityToken); restoreCallingIdentity(identityToken); } } Loading
services/tests/servicestests/src/com/android/server/accounts/AccountsDbTest.java +1 −1 Original line number Original line Diff line number Diff line Loading @@ -149,7 +149,7 @@ public class AccountsDbTest { // 2nd account // 2nd account Account account2 = new Account("name", "example2.com"); Account account2 = new Account("name", "example2.com"); long accId2 = mAccountsDb.insertCeAccount(account2, "password"); long accId2 = mAccountsDb.insertCeAccount(account2, "password"); mAccountsDb.insertDeAccount(account2, accId); mAccountsDb.insertDeAccount(account2, accId2); mAccountsDb.insertAuthToken(accId2, "type", "token"); mAccountsDb.insertAuthToken(accId2, "type", "token"); mAccountsDb.deleteAuthTokensByAccountId(accId2); mAccountsDb.deleteAuthTokensByAccountId(accId2); Loading
