Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 8b75ebf0 authored by Hongming Jin's avatar Hongming Jin Committed by android-build-merger
Browse files

Only return password for account session flow if the caller is signed with... 

Only return password for account session flow if the caller is signed with system key and have get_password permission.
am: 9342e137

Change-Id: I932c85bdc302899b42342d3efc249a5420da764c
parents 72ed4c37 9342e137

core/java/android/accounts/AccountManager.java

+0 −4
Original line number Diff line number Diff line
@@ -2676,8 +2676,6 @@ public class AccountManager { 
     *         <ul>

     *         <li>{@link #KEY_ACCOUNT_SESSION_BUNDLE} - encrypted Bundle for

     *         adding the the to the device later.

     *         <li>{@link #KEY_PASSWORD} - optional, the password or password

     *         hash of the account.

     *         <li>{@link #KEY_ACCOUNT_STATUS_TOKEN} - optional, token to check

     *         status of the account

     *         </ul>
@@ -2765,8 +2763,6 @@ public class AccountManager { 
     *         <ul>

     *         <li>{@link #KEY_ACCOUNT_SESSION_BUNDLE} - encrypted Bundle for

     *         updating the local credentials on device later.

     *         <li>{@link #KEY_PASSWORD} - optional, the password or password

     *         hash of the account

     *         <li>{@link #KEY_ACCOUNT_STATUS_TOKEN} - optional, token to check

     *         status of the account

     *         </ul>

services/core/java/com/android/server/accounts/AccountManagerService.java

+6 −6
Original line number Diff line number Diff line
@@ -2704,10 +2704,9 @@ public class AccountManagerService 
        boolean isPasswordForwardingAllowed = isPermitted(

                callerPkg, uid, Manifest.permission.GET_PASSWORD);



        int usrId = UserHandle.getCallingUserId();

        long identityToken = clearCallingIdentity();

        try {

            UserAccounts accounts = getUserAccounts(usrId);

            UserAccounts accounts = getUserAccounts(userId);

            logRecordWithUid(accounts, DebugDbHelper.ACTION_CALLED_START_ACCOUNT_ADD,

                    TABLE_ACCOUNTS, uid);

            new StartAccountSession(
@@ -2768,10 +2767,6 @@ public class AccountManagerService 
                checkKeyIntent(

                        Binder.getCallingUid(),

                        intent);

                // Omit passwords if the caller isn't permitted to see them.

                if (!mIsPasswordForwardingAllowed) {

                    result.remove(AccountManager.KEY_PASSWORD);

                }

            }

            IAccountManagerResponse response;

            if (mExpectActivityLaunch && result != null
@@ -2801,6 +2796,11 @@ public class AccountManagerService 
                return;

            }



            // Omit passwords if the caller isn't permitted to see them.

            if (!mIsPasswordForwardingAllowed) {

                result.remove(AccountManager.KEY_PASSWORD);

            }



            // Strip auth token from result.

            result.remove(AccountManager.KEY_AUTHTOKEN);