Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit cc5a96ef authored by Rhed Jao's avatar Rhed Jao
Browse files

Enforce package visibility filtering on getAuthenticatorTypes API 

Remove the authenticator from the result, if it't not visible to the
caller.

Bug: 154726397
Test: atest CtsAccountManagerTestCases
Test: atest CtsAccountsHostTestCases
Test: atest CtsAppEnumerationTestCases
Change-Id: I4c8be5b75dde2b6d991084eee4624d9012f5d924
parent c1ebe670

core/java/android/accounts/AccountManager.java

+3 −0
Original line number Diff line number Diff line
@@ -623,6 +623,9 @@ public class AccountManager { 
     *

     * <p>No permission is required to call this method.

     *

     * <p>Caller targeting API level 34 and above, the results are filtered

     * by the rules of <a href="/training/basics/intents/package-visibility">package visibility</a>.

     *

     * @return An array of {@link AuthenticatorDescription} for every

     *     authenticator known to the AccountManager service.  Empty (never

     *     null) if no authenticators are known.

services/core/java/com/android/server/accounts/AccountManagerService.java

+8 −8
Original line number Diff line number Diff line
@@ -1649,7 +1649,7 @@ public class AccountManagerService 


        final long identityToken = clearCallingIdentity();

        try {

            return getAuthenticatorTypesInternal(userId);

            return getAuthenticatorTypesInternal(userId, callingUid);



        } finally {

            restoreCallingIdentity(identityToken);
@@ -1659,19 +1659,19 @@ public class AccountManagerService 
    /**

     * Should only be called inside of a clearCallingIdentity block.

     */

    private AuthenticatorDescription[] getAuthenticatorTypesInternal(int userId) {

    private AuthenticatorDescription[] getAuthenticatorTypesInternal(int userId, int callingUid) {

        mAuthenticatorCache.updateServices(userId);

        Collection<AccountAuthenticatorCache.ServiceInfo<AuthenticatorDescription>>

                authenticatorCollection = mAuthenticatorCache.getAllServices(userId);

        AuthenticatorDescription[] types =

                new AuthenticatorDescription[authenticatorCollection.size()];

        int i = 0;

        final List<AuthenticatorDescription> types =

                new ArrayList<>(authenticatorCollection.size());

        for (AccountAuthenticatorCache.ServiceInfo<AuthenticatorDescription> authenticator

                : authenticatorCollection) {

            types[i] = authenticator.type;

            i++;

            if (canCallerAccessPackage(authenticator.type.packageName, callingUid, userId)) {

                types.add(authenticator.type);

            }

        return types;

        }

        return types.toArray(new AuthenticatorDescription[types.size()]);

    }



    private boolean isCrossUser(int callingUid, int userId) {