DO NOT MERGE. KEY_INTENT shouldn't grant permissions. (ca7ffa06) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/accounts/AccountManagerService.java

+10 −0

Original line number	Diff line number	Diff line
		@@ -1669,6 +1669,11 @@ public class AccountManagerService

		Intent intent = result.getParcelable(AccountManager.KEY_INTENT);
		if (intent != null && notifyOnAuthFailure && !customTokens) {
		intent.setFlags(
		intent.getFlags() & ~(Intent.FLAG_GRANT_READ_URI_PERMISSION
		\| Intent.FLAG_GRANT_WRITE_URI_PERMISSION
		\| Intent.FLAG_GRANT_PERSISTABLE_URI_PERMISSION
		\| Intent.FLAG_GRANT_PREFIX_URI_PERMISSION));
		doNotification(mAccounts,
		account, result.getString(AccountManager.KEY_AUTH_FAILED_MESSAGE),
		intent, accounts.userId);
		@@ -2563,6 +2568,11 @@ public class AccountManagerService
		Intent intent = null;
		if (result != null
		&& (intent = result.getParcelable(AccountManager.KEY_INTENT)) != null) {
		intent.setFlags(
		intent.getFlags() & ~(Intent.FLAG_GRANT_READ_URI_PERMISSION
		\| Intent.FLAG_GRANT_WRITE_URI_PERMISSION
		\| Intent.FLAG_GRANT_PERSISTABLE_URI_PERMISSION
		\| Intent.FLAG_GRANT_PREFIX_URI_PERMISSION));
		/*
		* The Authenticator API allows third party authenticators to
		* supply arbitrary intents to other apps that they can run,