Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ffb46022 authored by Carlos Valdivia's avatar Carlos Valdivia
Browse files

Permissions: Fix account related permissions. 

Requires updating the docs in AccountManaager as well as the logic in
AccountManagerService.

MANAGE_ACCOUNTS, USE_CREDENTIALS, and AUTHENTCATE_ACCOUNTS are going
away. Where AUTHENTCATE_ACCOUNTS was required we now do signature
matching.

GET_ACCOUNTS is kept but has been grouped under contacts.

Bug: 20136477
Change-Id: Iabbb76dce8d1efc607c1f107911d7ddab598a481
parent cbf63d8a

api/current.txt

+0 −3
Original line number Diff line number Diff line
@@ -17,7 +17,6 @@ package android { 
    field public static final java.lang.String ACCESS_WIFI_STATE = "android.permission.ACCESS_WIFI_STATE";

    field public static final java.lang.String ACCOUNT_MANAGER = "android.permission.ACCOUNT_MANAGER";

    field public static final java.lang.String ADD_VOICEMAIL = "com.android.voicemail.permission.ADD_VOICEMAIL";

    field public static final java.lang.String AUTHENTICATE_ACCOUNTS = "android.permission.AUTHENTICATE_ACCOUNTS";

    field public static final java.lang.String BATTERY_STATS = "android.permission.BATTERY_STATS";

    field public static final java.lang.String BIND_ACCESSIBILITY_SERVICE = "android.permission.BIND_ACCESSIBILITY_SERVICE";

    field public static final java.lang.String BIND_APPWIDGET = "android.permission.BIND_APPWIDGET";
@@ -86,7 +85,6 @@ package android { 
    field public static final java.lang.String INTERNET = "android.permission.INTERNET";

    field public static final java.lang.String KILL_BACKGROUND_PROCESSES = "android.permission.KILL_BACKGROUND_PROCESSES";

    field public static final java.lang.String LOCATION_HARDWARE = "android.permission.LOCATION_HARDWARE";

    field public static final java.lang.String MANAGE_ACCOUNTS = "android.permission.MANAGE_ACCOUNTS";

    field public static final java.lang.String MANAGE_APP_TOKENS = "android.permission.MANAGE_APP_TOKENS";

    field public static final java.lang.String MANAGE_DOCUMENTS = "android.permission.MANAGE_DOCUMENTS";

    field public static final java.lang.String MASTER_CLEAR = "android.permission.MASTER_CLEAR";
@@ -145,7 +143,6 @@ package android { 
    field public static final java.lang.String TRANSMIT_IR = "android.permission.TRANSMIT_IR";

    field public static final java.lang.String UNINSTALL_SHORTCUT = "com.android.launcher.permission.UNINSTALL_SHORTCUT";

    field public static final java.lang.String UPDATE_DEVICE_STATS = "android.permission.UPDATE_DEVICE_STATS";

    field public static final java.lang.String USE_CREDENTIALS = "android.permission.USE_CREDENTIALS";

    field public static final java.lang.String USE_FINGERPRINT = "android.permission.USE_FINGERPRINT";

    field public static final java.lang.String USE_SIP = "android.permission.USE_SIP";

    field public static final java.lang.String VIBRATE = "android.permission.VIBRATE";

api/system-current.txt

+0 −3
Original line number Diff line number Diff line
@@ -24,7 +24,6 @@ package android { 
    field public static final java.lang.String ACCOUNT_MANAGER = "android.permission.ACCOUNT_MANAGER";

    field public static final java.lang.String ADD_VOICEMAIL = "com.android.voicemail.permission.ADD_VOICEMAIL";

    field public static final java.lang.String ALLOW_ANY_CODEC_FOR_PLAYBACK = "android.permission.ALLOW_ANY_CODEC_FOR_PLAYBACK";

    field public static final java.lang.String AUTHENTICATE_ACCOUNTS = "android.permission.AUTHENTICATE_ACCOUNTS";

    field public static final java.lang.String BACKUP = "android.permission.BACKUP";

    field public static final java.lang.String BATTERY_STATS = "android.permission.BATTERY_STATS";

    field public static final java.lang.String BIND_ACCESSIBILITY_SERVICE = "android.permission.BIND_ACCESSIBILITY_SERVICE";
@@ -117,7 +116,6 @@ package android { 
    field public static final java.lang.String LOCAL_MAC_ADDRESS = "android.permission.LOCAL_MAC_ADDRESS";

    field public static final java.lang.String LOCATION_HARDWARE = "android.permission.LOCATION_HARDWARE";

    field public static final java.lang.String LOOP_RADIO = "android.permission.LOOP_RADIO";

    field public static final java.lang.String MANAGE_ACCOUNTS = "android.permission.MANAGE_ACCOUNTS";

    field public static final java.lang.String MANAGE_ACTIVITY_STACKS = "android.permission.MANAGE_ACTIVITY_STACKS";

    field public static final java.lang.String MANAGE_APP_TOKENS = "android.permission.MANAGE_APP_TOKENS";

    field public static final java.lang.String MANAGE_CA_CERTIFICATES = "android.permission.MANAGE_CA_CERTIFICATES";
@@ -217,7 +215,6 @@ package android { 
    field public static final java.lang.String UPDATE_DEVICE_STATS = "android.permission.UPDATE_DEVICE_STATS";

    field public static final java.lang.String UPDATE_LOCK = "android.permission.UPDATE_LOCK";

    field public static final java.lang.String USER_ACTIVITY = "android.permission.USER_ACTIVITY";

    field public static final java.lang.String USE_CREDENTIALS = "android.permission.USE_CREDENTIALS";

    field public static final java.lang.String USE_FINGERPRINT = "android.permission.USE_FINGERPRINT";

    field public static final java.lang.String USE_SIP = "android.permission.USE_SIP";

    field public static final java.lang.String VIBRATE = "android.permission.VIBRATE";

core/java/android/accounts/AccountManager.java

+47 −108

File changed.

Preview size limit exceeded, changes collapsed.

core/res/AndroidManifest.xml

+1 −23
Original line number Diff line number Diff line
@@ -980,33 +980,11 @@ 


    <!-- Allows access to the list of accounts in the Accounts Service -->

    <permission android:name="android.permission.GET_ACCOUNTS"

        android:permissionGroup="android.permission-group.ACCOUNTS"

        android:permissionGroup="android.permission-group.CONTACTS"

        android:protectionLevel="normal"

        android:description="@string/permdesc_getAccounts"

        android:label="@string/permlab_getAccounts" />



    <!-- Allows an application to act as an AccountAuthenticator for

         the AccountManager -->

    <permission android:name="android.permission.AUTHENTICATE_ACCOUNTS"

        android:permissionGroup="android.permission-group.ACCOUNTS"

        android:protectionLevel="dangerous"

        android:label="@string/permlab_authenticateAccounts"

        android:description="@string/permdesc_authenticateAccounts" />



    <!-- Allows an application to request authtokens from the AccountManager -->

    <permission android:name="android.permission.USE_CREDENTIALS"

        android:permissionGroup="android.permission-group.ACCOUNTS"

        android:protectionLevel="dangerous"

        android:label="@string/permlab_useCredentials"

        android:description="@string/permdesc_useCredentials" />



    <!-- Allows an application to manage the list of accounts in the AccountManager -->

    <permission android:name="android.permission.MANAGE_ACCOUNTS"

        android:permissionGroup="android.permission-group.ACCOUNTS"

        android:protectionLevel="dangerous"

        android:label="@string/permlab_manageAccounts"

        android:description="@string/permdesc_manageAccounts" />



    <!-- @SystemApi Allows applications to call into AccountAuthenticators.

    <p>Not for use by third-party applications. -->

    <permission android:name="android.permission.ACCOUNT_MANAGER"

core/res/res/values/strings.xml

+0 −21
Original line number Diff line number Diff line
@@ -1113,27 +1113,6 @@ 
      the list of accounts known by the phone.  This may include any accounts

      created by applications you have installed.</string>





    <!-- Title of an application permission, listed so the user can choose whether they want to allow the application to do this. -->

    <string name="permlab_authenticateAccounts">create accounts and set passwords</string>

    <!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. -->

    <string name="permdesc_authenticateAccounts">Allows the app

    to use the account authenticator capabilities of the

    AccountManager, including creating accounts and getting and

    setting their passwords.</string>



    <!-- Title of an application permission, listed so the user can choose whether they want to allow the application to do this. -->

    <string name="permlab_manageAccounts">add or remove accounts</string>

    <!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. -->

    <string name="permdesc_manageAccounts">Allows the app to

    perform operations like adding and removing accounts, and deleting

    their password.</string>



    <!-- Title of an application permission, listed so the user can choose whether they want to allow the application to do this. -->

    <string name="permlab_useCredentials">use accounts on the device</string>

    <!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. -->

    <string name="permdesc_useCredentials">Allows the app to request authentication tokens.</string>



    <!-- Title of an application permission, listed so the user can choose whether they want to allow the application to do this. -->

    <string name="permlab_accessNetworkState">view network connections</string>

    <!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. -->