Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ecbe89da authored by Svetoslav Ganov's avatar Svetoslav Ganov Committed by android-build-merger
Browse files

Use correct UID checks and proper database lookup am: 7ee37f48 am: dc33730c 

am: 758fd538

Change-Id: If2318d2e79286b6219c0f39bb2d7726e808bad44
parents 065126bb 758fd538

services/core/java/com/android/server/accounts/AccountManagerService.java

+15 −10
Original line number Diff line number Diff line
@@ -2703,7 +2703,7 @@ public class AccountManagerService 


        final int callingUid = getCallingUid();

        clearCallingIdentity();

        if (callingUid != Process.SYSTEM_UID) {

        if (UserHandle.getAppId(callingUid) != Process.SYSTEM_UID) {

            throw new SecurityException("can only call from system");

        }

        int userId = UserHandle.getUserId(callingUid);
@@ -3874,7 +3874,7 @@ public class AccountManagerService 
    @Override

    public boolean hasAccountAccess(@NonNull Account account,  @NonNull String packageName,

            @NonNull UserHandle userHandle) {

        if (Binder.getCallingUid() != Process.SYSTEM_UID) {

        if (UserHandle.getAppId(Binder.getCallingUid()) != Process.SYSTEM_UID) {

            throw new SecurityException("Can be called only by system UID");

        }

        Preconditions.checkNotNull(account, "account cannot be null");
@@ -3923,7 +3923,7 @@ public class AccountManagerService 
    @Override

    public IntentSender createRequestAccountAccessIntentSenderAsUser(@NonNull Account account,

            @NonNull String packageName, @NonNull UserHandle userHandle) {

        if (Binder.getCallingUid() != Process.SYSTEM_UID) {

        if (UserHandle.getAppId(Binder.getCallingUid()) != Process.SYSTEM_UID) {

            throw new SecurityException("Can be called only by system UID");

        }
@@ -3945,10 +3945,15 @@ public class AccountManagerService 


        Intent intent = newRequestAccountAccessIntent(account, packageName, uid, null);



        final long identity = Binder.clearCallingIdentity();

        try {

            return PendingIntent.getActivityAsUser(

                    mContext, 0, intent, PendingIntent.FLAG_ONE_SHOT

                            | PendingIntent.FLAG_CANCEL_CURRENT | PendingIntent.FLAG_IMMUTABLE,

                    null, new UserHandle(userId)).getIntentSender();

        } finally {

            Binder.restoreCallingIdentity(identity);

        }

    }



    private Intent newRequestAccountAccessIntent(Account account, String packageName,
@@ -5780,10 +5785,10 @@ public class AccountManagerService 


    private boolean hasExplicitlyGrantedPermission(Account account, String authTokenType,

            int callerUid) {

        if (callerUid == Process.SYSTEM_UID) {

        if (UserHandle.getAppId(callerUid) == Process.SYSTEM_UID) {

            return true;

        }

        UserAccounts accounts = getUserAccountsForCaller();

        UserAccounts accounts = getUserAccounts(UserHandle.getUserId(callerUid));

        synchronized (accounts.cacheLock) {

            final SQLiteDatabase db = accounts.openHelper.getReadableDatabase();

            final String query;
@@ -5898,7 +5903,7 @@ public class AccountManagerService 
            throws RemoteException {

        final int callingUid = getCallingUid();



        if (callingUid != Process.SYSTEM_UID) {

        if (UserHandle.getAppId(callingUid) != Process.SYSTEM_UID) {

            throw new SecurityException();

        }