Merge "[Security] Prevent malicious notifications from AMS." into nyc-dev

                }

            }

            new Session(accounts, response, account.type, expectActivityLaunch,

                    false /* stripAuthTokenFromResult */, account.name,

            new Session(

                    accounts,

                    response,

                    account.type,

                    expectActivityLaunch,

                    false /* stripAuthTokenFromResult */,

                    account.name,

                    false /* authDetailsRequired */) {

                @Override

                protected String toDebugString(long now) {

                        Intent intent = result.getParcelable(AccountManager.KEY_INTENT);

                        if (intent != null && notifyOnAuthFailure && !customTokens) {

                            /*

                             * Make sure that the supplied intent is owned by the authenticator

                             * giving it to the system. Otherwise a malicious authenticator could

                             * have users launching arbitrary activities by tricking users to

                             * interact with malicious notifications.

                             */

                            checkKeyIntent(

                                    Binder.getCallingUid(),

                                    intent);

                            doNotification(mAccounts,

                                    account, result.getString(AccountManager.KEY_AUTH_FAILED_MESSAGE),

                                    intent, accounts.userId);