Merge "Clear caller identity before calling dpm#getAccountTypesWithManagementDisabled" into udc-dev

author: Kholoud Mohamed <kholoudm@google.com> 2023-04-16 16:26:14 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> 2023-04-16 16:26:14 +0000
commit: bf90f82cb4d60ea3c9fde7ded9e823c2086a6ca3 (patch)
tree: 46f436cf21a99146a3847378bddac55c5ee4fb13
parent: d773fcca883a1895cdf199f4cf06425939511e79 (diff)
parent: 0c4304aba980e0806d5a5503dd143433f27dcd0b (diff)
1 files changed, 17 insertions, 15 deletions
diff --git a/services/core/java/com/android/server/accounts/AccountManagerService.java b/services/core/java/com/android/server/accounts/AccountManagerService.java
index 51d349f542d1..9f9642c34026 100644
--- a/services/core/java/com/android/server/accounts/AccountManagerService.java
+++ b/services/core/java/com/android/server/accounts/AccountManagerService.java
@@ -5912,22 +5912,24 @@ public class AccountManagerService
     }
 
     private boolean canUserModifyAccountsForType(int userId, String accountType, int callingUid) {
-        // the managing app can always modify accounts
-        if (isProfileOwner(callingUid)) {
-            return true;
-        }
-        DevicePolicyManager dpm = (DevicePolicyManager) mContext
-                .getSystemService(Context.DEVICE_POLICY_SERVICE);
-        String[] typesArray = dpm.getAccountTypesWithManagementDisabledAsUser(userId);
-        if (typesArray == null) {
-            return true;
-        }
-        for (String forbiddenType : typesArray) {
-            if (forbiddenType.equals(accountType)) {
-                return false;
+        return Binder.withCleanCallingIdentity(() -> {
+            // the managing app can always modify accounts
+            if (isProfileOwner(callingUid)) {
+                return true;
             }
-        }
-        return true;
+            DevicePolicyManager dpm = (DevicePolicyManager) mContext
+                    .getSystemService(Context.DEVICE_POLICY_SERVICE);
+            String[] typesArray = dpm.getAccountTypesWithManagementDisabledAsUser(userId);
+            if (typesArray == null) {
+                return true;
+            }
+            for (String forbiddenType : typesArray) {
+                if (forbiddenType.equals(accountType)) {
+                    return false;
+                }
+            }
+            return true;
+        });
     }
 
     private boolean isProfileOwner(int uid) {
author	Kholoud Mohamed <kholoudm@google.com>	2023-04-16 16:26:14 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	2023-04-16 16:26:14 +0000
commit	bf90f82cb4d60ea3c9fde7ded9e823c2086a6ca3 (patch)
tree	46f436cf21a99146a3847378bddac55c5ee4fb13
parent	d773fcca883a1895cdf199f4cf06425939511e79 (diff)
parent	0c4304aba980e0806d5a5503dd143433f27dcd0b (diff)