Merge "Clear calling identity before getUserAccounts in AccountManagerService" into oc-dev (8c9f966e) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/accounts/AccountManagerService.java

+60 −27

Original line number	Diff line number	Diff line
		@@ -427,14 +427,13 @@ public class AccountManagerService
		public boolean addAccountExplicitlyWithVisibility(Account account, String password,
		Bundle extras, Map packageToVisibility) {
		Bundle.setDefusable(extras, true);

		final int callingUid = Binder.getCallingUid();
		int callingUid = Binder.getCallingUid();
		int userId = UserHandle.getCallingUserId();
		if (Log.isLoggable(TAG, Log.VERBOSE)) {
		Log.v(TAG, "addAccountExplicitly: " + account + ", caller's uid " + callingUid
		+ ", pid " + Binder.getCallingPid());
		}
		Preconditions.checkNotNull(account, "account cannot be null");
		int userId = UserHandle.getCallingUserId();
		if (!isAccountManagedByCaller(account.type, callingUid, userId)) {
		String msg = String.format("uid %s cannot explicitly add accounts of type: %s",
		callingUid, account.type);
		@@ -461,9 +460,9 @@ public class AccountManagerService
		public Map<Account, Integer> getAccountsAndVisibilityForPackage(String packageName,
		String accountType) {
		int callingUid = Binder.getCallingUid();
		int userId = UserHandle.getCallingUserId();
		boolean isSystemUid = UserHandle.isSameApp(callingUid, Process.SYSTEM_UID);
		List<String> managedTypes =
		getTypesForCaller(callingUid, UserHandle.getUserId(callingUid), isSystemUid);
		List<String> managedTypes = getTypesForCaller(callingUid, userId, isSystemUid);

		if ((accountType != null && !managedTypes.contains(accountType))
		\|\| (accountType == null && !isSystemUid)) {
		@@ -478,8 +477,9 @@ public class AccountManagerService

		long identityToken = clearCallingIdentity();
		try {
		UserAccounts accounts = getUserAccounts(userId);
		return getAccountsAndVisibilityForPackage(packageName, managedTypes, callingUid,
		getUserAccounts(UserHandle.getUserId(callingUid)));
		accounts);
		} finally {
		restoreCallingIdentity(identityToken);
		}
		@@ -490,12 +490,8 @@ public class AccountManagerService
		*/
		private Map<Account, Integer> getAccountsAndVisibilityForPackage(String packageName,
		List<String> accountTypes, Integer callingUid, UserAccounts accounts) {
		int uid = 0;
		try {
		uid = mPackageManager.getPackageUidAsUser(packageName,
		UserHandle.getUserId(callingUid));
		} catch (NameNotFoundException e) {
		Log.d(TAG, "Package not found " + e.getMessage());
		if (!packageExistsForUser(packageName, accounts.userId)) {
		Log.d(TAG, "Package not found " + packageName);
		return new LinkedHashMap<>();
		}

		@@ -520,19 +516,26 @@ public class AccountManagerService
		public Map<String, Integer> getPackagesAndVisibilityForAccount(Account account) {
		Preconditions.checkNotNull(account, "account cannot be null");
		int callingUid = Binder.getCallingUid();
		int userId = UserHandle.getUserId(callingUid);
		UserAccounts accounts = getUserAccounts(userId);
		int userId = UserHandle.getCallingUserId();
		if (!isAccountManagedByCaller(account.type, callingUid, userId)
		&& !isSystemUid(callingUid)) {
		String msg =
		String.format("uid %s cannot get secrets for account %s", callingUid, account);
		throw new SecurityException(msg);
		}

		long identityToken = clearCallingIdentity();
		try {
		UserAccounts accounts = getUserAccounts(userId);
		synchronized (accounts.dbLock) {
		synchronized (accounts.cacheLock) {
		return getPackagesAndVisibilityForAccountLocked(account, accounts);
		}
		}
		} finally {
		restoreCallingIdentity(identityToken);
		}

		}

		/**
		@@ -560,8 +563,8 @@ public class AccountManagerService
		Preconditions.checkNotNull(account, "account cannot be null");
		Preconditions.checkNotNull(packageName, "packageName cannot be null");
		int callingUid = Binder.getCallingUid();
		UserAccounts accounts = getUserAccounts(UserHandle.getUserId(callingUid));
		if (!isAccountManagedByCaller(account.type, callingUid, accounts.userId)
		int userId = UserHandle.getCallingUserId();
		if (!isAccountManagedByCaller(account.type, callingUid, userId)
		&& !isSystemUid(callingUid)) {
		String msg = String.format(
		"uid %s cannot get secrets for accounts of type: %s",
		@@ -569,7 +572,13 @@ public class AccountManagerService
		account.type);
		throw new SecurityException(msg);
		}
		long identityToken = clearCallingIdentity();
		try {
		UserAccounts accounts = getUserAccounts(userId);
		return resolveAccountVisibility(account, packageName, accounts);
		} finally {
		restoreCallingIdentity(identityToken);
		}
		}

		/**
		@@ -708,8 +717,8 @@ public class AccountManagerService
		Preconditions.checkNotNull(account, "account cannot be null");
		Preconditions.checkNotNull(packageName, "packageName cannot be null");
		int callingUid = Binder.getCallingUid();
		UserAccounts accounts = getUserAccounts(UserHandle.getUserId(callingUid));
		if (!isAccountManagedByCaller(account.type, callingUid, accounts.userId)
		int userId = UserHandle.getCallingUserId();
		if (!isAccountManagedByCaller(account.type, callingUid, userId)
		&& !isSystemUid(callingUid)) {
		String msg = String.format(
		"uid %s cannot get secrets for accounts of type: %s",
		@@ -717,8 +726,14 @@ public class AccountManagerService
		account.type);
		throw new SecurityException(msg);
		}
		long identityToken = clearCallingIdentity();
		try {
		UserAccounts accounts = getUserAccounts(userId);
		return setAccountVisibility(account, packageName, newVisibility, true /* notify */,
		accounts);
		} finally {
		restoreCallingIdentity(identityToken);
		}
		}

		/**
		@@ -805,8 +820,15 @@ public class AccountManagerService
		public void registerAccountListener(String[] accountTypes, String opPackageName) {
		int callingUid = Binder.getCallingUid();
		mAppOpsManager.checkPackage(callingUid, opPackageName);
		registerAccountListener(accountTypes, opPackageName,
		getUserAccounts(UserHandle.getUserId(callingUid)));

		int userId = UserHandle.getCallingUserId();
		long identityToken = clearCallingIdentity();
		try {
		UserAccounts accounts = getUserAccounts(userId);
		registerAccountListener(accountTypes, opPackageName, accounts);
		} finally {
		restoreCallingIdentity(identityToken);
		}
		}

		private void registerAccountListener(String[] accountTypes, String opPackageName,
		@@ -832,7 +854,18 @@ public class AccountManagerService
		public void unregisterAccountListener(String[] accountTypes, String opPackageName) {
		int callingUid = Binder.getCallingUid();
		mAppOpsManager.checkPackage(callingUid, opPackageName);
		UserAccounts accounts = getUserAccounts(UserHandle.getUserId(callingUid));
		int userId = UserHandle.getCallingUserId();
		long identityToken = clearCallingIdentity();
		try {
		UserAccounts accounts = getUserAccounts(userId);
		unregisterAccountListener(accountTypes, opPackageName, accounts);
		} finally {
		restoreCallingIdentity(identityToken);
		}
		}

		private void unregisterAccountListener(String[] accountTypes, String opPackageName,
		UserAccounts accounts) {
		synchronized (accounts.mReceiversForType) {
		if (accountTypes == null) {
		// null for any type
		@@ -903,7 +936,7 @@ public class AccountManagerService
		long identityToken = clearCallingIdentity();
		try {
		mPackageManager.getPackageUidAsUser(packageName, userId);
		return true; // package exist
		return true;
		} finally {
		restoreCallingIdentity(identityToken);
		}

services/tests/servicestests/src/com/android/server/accounts/AccountsDbTest.java

+1 −1

Original line number	Diff line number	Diff line
		@@ -149,7 +149,7 @@ public class AccountsDbTest {
		// 2nd account
		Account account2 = new Account("name", "example2.com");
		long accId2 = mAccountsDb.insertCeAccount(account2, "password");
		mAccountsDb.insertDeAccount(account2, accId);
		mAccountsDb.insertDeAccount(account2, accId2);
		mAccountsDb.insertAuthToken(accId2, "type", "token");

		mAccountsDb.deleteAuthTokensByAccountId(accId2);