Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit adc90620 authored by Hongming Jin's avatar Hongming Jin Committed by android-build-merger
Browse files

Only return password for account session flow if the caller is signed with... 

Only return password for account session flow if the caller is signed with system key and have get_password permission. am: 9342e137
am: 8b75ebf0

Change-Id: I95794bb5269c849fe740576a344e43da4306ac56
parents 66184283 8b75ebf0

core/java/android/accounts/AccountManager.java

+0 −4
Original line number Diff line number Diff line
@@ -2703,8 +2703,6 @@ public class AccountManager { 
     *         <ul>

     *         <li>{@link #KEY_ACCOUNT_SESSION_BUNDLE} - encrypted Bundle for

     *         adding the the to the device later.

     *         <li>{@link #KEY_PASSWORD} - optional, the password or password

     *         hash of the account.

     *         <li>{@link #KEY_ACCOUNT_STATUS_TOKEN} - optional, token to check

     *         status of the account

     *         </ul>
@@ -2792,8 +2790,6 @@ public class AccountManager { 
     *         <ul>

     *         <li>{@link #KEY_ACCOUNT_SESSION_BUNDLE} - encrypted Bundle for

     *         updating the local credentials on device later.

     *         <li>{@link #KEY_PASSWORD} - optional, the password or password

     *         hash of the account

     *         <li>{@link #KEY_ACCOUNT_STATUS_TOKEN} - optional, token to check

     *         status of the account

     *         </ul>

services/core/java/com/android/server/accounts/AccountManagerService.java

+6 −6
Original line number Diff line number Diff line
@@ -2852,10 +2852,9 @@ public class AccountManagerService 
        boolean isPasswordForwardingAllowed = isPermitted(

                callerPkg, uid, Manifest.permission.GET_PASSWORD);



        int usrId = UserHandle.getCallingUserId();

        long identityToken = clearCallingIdentity();

        try {

            UserAccounts accounts = getUserAccounts(usrId);

            UserAccounts accounts = getUserAccounts(userId);

            logRecordWithUid(accounts, DebugDbHelper.ACTION_CALLED_START_ACCOUNT_ADD,

                    TABLE_ACCOUNTS, uid);

            new StartAccountSession(
@@ -2916,10 +2915,6 @@ public class AccountManagerService 
                checkKeyIntent(

                        Binder.getCallingUid(),

                        intent);

                // Omit passwords if the caller isn't permitted to see them.

                if (!mIsPasswordForwardingAllowed) {

                    result.remove(AccountManager.KEY_PASSWORD);

                }

            }

            IAccountManagerResponse response;

            if (mExpectActivityLaunch && result != null
@@ -2949,6 +2944,11 @@ public class AccountManagerService 
                return;

            }



            // Omit passwords if the caller isn't permitted to see them.

            if (!mIsPasswordForwardingAllowed) {

                result.remove(AccountManager.KEY_PASSWORD);

            }



            // Strip auth token from result.

            result.remove(AccountManager.KEY_AUTHTOKEN);