Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ebae3b55 authored by Hongming Jin's avatar Hongming Jin Committed by Android (Google) Code Review
Browse files

Merge "Only return password for account session flow if the caller is signed... 

Merge "Only return password for account session flow if the caller is signed with system key and have get_password permission."
parents ebc8367f 368aa190

core/java/android/accounts/AccountManager.java

+0 −4
Original line number Diff line number Diff line
@@ -2785,8 +2785,6 @@ public class AccountManager { 
     *         <ul>

     *         <li>{@link #KEY_ACCOUNT_SESSION_BUNDLE} - encrypted Bundle for

     *         adding the the to the device later.

     *         <li>{@link #KEY_PASSWORD} - optional, the password or password

     *         hash of the account.

     *         <li>{@link #KEY_ACCOUNT_STATUS_TOKEN} - optional, token to check

     *         status of the account

     *         </ul>
@@ -2872,8 +2870,6 @@ public class AccountManager { 
     *         <ul>

     *         <li>{@link #KEY_ACCOUNT_SESSION_BUNDLE} - encrypted Bundle for

     *         updating the local credentials on device later.

     *         <li>{@link #KEY_PASSWORD} - optional, the password or password

     *         hash of the account

     *         <li>{@link #KEY_ACCOUNT_STATUS_TOKEN} - optional, token to check

     *         status of the account

     *         </ul>

services/core/java/com/android/server/accounts/AccountManagerService.java

+6 −6
Original line number Diff line number Diff line
@@ -3142,10 +3142,9 @@ public class AccountManagerService 
        boolean isPasswordForwardingAllowed = isPermitted(

                callerPkg, uid, Manifest.permission.GET_PASSWORD);



        int usrId = UserHandle.getCallingUserId();

        long identityToken = clearCallingIdentity();

        try {

            UserAccounts accounts = getUserAccounts(usrId);

            UserAccounts accounts = getUserAccounts(userId);

            logRecordWithUid(accounts, DebugDbHelper.ACTION_CALLED_START_ACCOUNT_ADD,

                    TABLE_ACCOUNTS, uid);

            new StartAccountSession(
@@ -3206,10 +3205,6 @@ public class AccountManagerService 
                checkKeyIntent(

                        Binder.getCallingUid(),

                        intent);

                // Omit passwords if the caller isn't permitted to see them.

                if (!mIsPasswordForwardingAllowed) {

                    result.remove(AccountManager.KEY_PASSWORD);

                }

            }

            IAccountManagerResponse response;

            if (mExpectActivityLaunch && result != null
@@ -3239,6 +3234,11 @@ public class AccountManagerService 
                return;

            }



            // Omit passwords if the caller isn't permitted to see them.

            if (!mIsPasswordForwardingAllowed) {

                result.remove(AccountManager.KEY_PASSWORD);

            }



            // Strip auth token from result.

            result.remove(AccountManager.KEY_AUTHTOKEN);