diff options
| author | 2016-09-01 23:07:54 +0000 | |
|---|---|---|
| committer | 2016-09-01 23:07:56 +0000 | |
| commit | a6cb2c28045a33a68ffb11dcded081e214d59c68 (patch) | |
| tree | 8b4c71e7ac2de7700c0f80b7b966951e1a56e8e6 | |
| parent | c742d9545547f147919f0e4b054719ddd1304373 (diff) | |
| parent | 65712b0ad3b03e65d4949e2cd749441b33576818 (diff) | |
Merge "White-list grandfathered sync adapters" into nyc-mr1-dev
| -rw-r--r-- | services/core/java/com/android/server/content/SyncManager.java | 31 | ||||
| -rw-r--r-- | services/core/java/com/android/server/content/SyncStorageEngine.java | 13 |
2 files changed, 43 insertions, 1 deletions
diff --git a/services/core/java/com/android/server/content/SyncManager.java b/services/core/java/com/android/server/content/SyncManager.java index f739fa81d5aa..705eae677d2b 100644 --- a/services/core/java/com/android/server/content/SyncManager.java +++ b/services/core/java/com/android/server/content/SyncManager.java @@ -645,6 +645,37 @@ public class SyncManager { mContext.startService(startServiceIntent); } }); + + // Sync adapters were able to access the synced account without the accounts + // permission which circumvents our permission model. Therefore, we require + // sync adapters that don't have access to the account to get user consent. + // This can be noisy, therefore we will white-list sync adapters installed + // before we started checking for account access because they already know + // the account (they run before) which is the genie is out of the bottle. + whiteListExistingSyncAdaptersIfNeeded(); + } + + private void whiteListExistingSyncAdaptersIfNeeded() { + if (!mSyncStorageEngine.shouldGrantSyncAdaptersAccountAccess()) { + return; + } + List<UserInfo> users = mUserManager.getUsers(true); + final int userCount = users.size(); + for (int i = 0; i < userCount; i++) { + UserHandle userHandle = users.get(i).getUserHandle(); + final int userId = userHandle.getIdentifier(); + for (RegisteredServicesCache.ServiceInfo<SyncAdapterType> service + : mSyncAdapters.getAllServices(userId)) { + String packageName = service.componentName.getPackageName(); + for (Account account : mAccountManager.getAccountsByTypeAsUser( + service.type.accountType, userHandle)) { + if (!canAccessAccount(account, packageName, userId)) { + mAccountManager.updateAppPermission(account, + AccountManager.ACCOUNT_ACCESS_TOKEN, service.uid, true); + } + } + } + } } private boolean isDeviceProvisioned() { diff --git a/services/core/java/com/android/server/content/SyncStorageEngine.java b/services/core/java/com/android/server/content/SyncStorageEngine.java index 64849aa321da..8289bae8793b 100644 --- a/services/core/java/com/android/server/content/SyncStorageEngine.java +++ b/services/core/java/com/android/server/content/SyncStorageEngine.java @@ -137,7 +137,7 @@ public class SyncStorageEngine extends Handler { private static final boolean SYNC_ENABLED_DEFAULT = false; // the version of the accounts xml file format - private static final int ACCOUNTS_VERSION = 2; + private static final int ACCOUNTS_VERSION = 3; private static HashMap<String, String> sAuthorityRenames; private static PeriodicSyncAddedListener mPeriodicSyncAddedListener; @@ -408,6 +408,8 @@ public class SyncStorageEngine extends Handler { private OnSyncRequestListener mSyncRequestListener; private OnAuthorityRemovedListener mAuthorityRemovedListener; + private boolean mGrantSyncAdaptersAccountAccess; + private SyncStorageEngine(Context context, File dataDir) { mContext = context; sSyncStorageEngine = this; @@ -1410,6 +1412,10 @@ public class SyncStorageEngine extends Handler { } } + public boolean shouldGrantSyncAdaptersAccountAccess() { + return mGrantSyncAdaptersAccountAccess; + } + /** * public for testing */ @@ -1464,6 +1470,11 @@ public class SyncStorageEngine extends Handler { } catch (NumberFormatException e) { version = 0; } + + if (version < 3) { + mGrantSyncAdaptersAccountAccess = true; + } + String nextIdString = parser.getAttributeValue(null, XML_ATTR_NEXT_AUTHORITY_ID); try { int id = (nextIdString == null) ? 0 : Integer.parseInt(nextIdString); |