diff options
| -rw-r--r-- | api/current.txt | 8 | ||||
| -rw-r--r-- | api/test-current.txt | 8 | ||||
| -rw-r--r-- | core/java/android/accounts/AbstractAccountAuthenticator.java | 7 | ||||
| -rw-r--r-- | core/java/android/accounts/AccountManager.java | 11 | ||||
| -rw-r--r-- | services/core/java/com/android/server/accounts/AccountManagerService.java | 26 |
5 files changed, 44 insertions, 16 deletions
diff --git a/api/current.txt b/api/current.txt index d3d82160edd6..1d251ec4dbf3 100644 --- a/api/current.txt +++ b/api/current.txt @@ -2750,15 +2750,12 @@ package android.accounts { method public android.os.Bundle addAccountFromCredentials(android.accounts.AccountAuthenticatorResponse, android.accounts.Account, android.os.Bundle) throws android.accounts.NetworkErrorException; method public abstract android.os.Bundle confirmCredentials(android.accounts.AccountAuthenticatorResponse, android.accounts.Account, android.os.Bundle) throws android.accounts.NetworkErrorException; method public abstract android.os.Bundle editProperties(android.accounts.AccountAuthenticatorResponse, java.lang.String); - method public android.os.Bundle finishSession(android.accounts.AccountAuthenticatorResponse, java.lang.String, android.os.Bundle) throws android.accounts.NetworkErrorException; method public android.os.Bundle getAccountCredentialsForCloning(android.accounts.AccountAuthenticatorResponse, android.accounts.Account) throws android.accounts.NetworkErrorException; method public android.os.Bundle getAccountRemovalAllowed(android.accounts.AccountAuthenticatorResponse, android.accounts.Account) throws android.accounts.NetworkErrorException; method public abstract android.os.Bundle getAuthToken(android.accounts.AccountAuthenticatorResponse, android.accounts.Account, java.lang.String, android.os.Bundle) throws android.accounts.NetworkErrorException; method public abstract java.lang.String getAuthTokenLabel(java.lang.String); method public final android.os.IBinder getIBinder(); method public abstract android.os.Bundle hasFeatures(android.accounts.AccountAuthenticatorResponse, android.accounts.Account, java.lang.String[]) throws android.accounts.NetworkErrorException; - method public android.os.Bundle startAddAccountSession(android.accounts.AccountAuthenticatorResponse, java.lang.String, java.lang.String, java.lang.String[], android.os.Bundle) throws android.accounts.NetworkErrorException; - method public android.os.Bundle startUpdateCredentialsSession(android.accounts.AccountAuthenticatorResponse, android.accounts.Account, java.lang.String, android.os.Bundle) throws android.accounts.NetworkErrorException; method public abstract android.os.Bundle updateCredentials(android.accounts.AccountAuthenticatorResponse, android.accounts.Account, java.lang.String, android.os.Bundle) throws android.accounts.NetworkErrorException; field public static final java.lang.String KEY_CUSTOM_TOKEN_EXPIRY = "android.accounts.expiry"; } @@ -2796,7 +2793,6 @@ package android.accounts { method public void clearPassword(android.accounts.Account); method public android.accounts.AccountManagerFuture<android.os.Bundle> confirmCredentials(android.accounts.Account, android.os.Bundle, android.app.Activity, android.accounts.AccountManagerCallback<android.os.Bundle>, android.os.Handler); method public android.accounts.AccountManagerFuture<android.os.Bundle> editProperties(java.lang.String, android.app.Activity, android.accounts.AccountManagerCallback<android.os.Bundle>, android.os.Handler); - method public android.accounts.AccountManagerFuture<android.os.Bundle> finishSession(android.os.Bundle, android.app.Activity, android.accounts.AccountManagerCallback<android.os.Bundle>, android.os.Handler); method public static android.accounts.AccountManager get(android.content.Context); method public android.accounts.Account[] getAccounts(); method public android.accounts.Account[] getAccountsByType(java.lang.String); @@ -2824,8 +2820,6 @@ package android.accounts { method public void setAuthToken(android.accounts.Account, java.lang.String, java.lang.String); method public void setPassword(android.accounts.Account, java.lang.String); method public void setUserData(android.accounts.Account, java.lang.String, java.lang.String); - method public android.accounts.AccountManagerFuture<android.os.Bundle> startAddAccountSession(java.lang.String, java.lang.String, java.lang.String[], android.os.Bundle, android.app.Activity, android.accounts.AccountManagerCallback<android.os.Bundle>, android.os.Handler); - method public android.accounts.AccountManagerFuture<android.os.Bundle> startUpdateCredentialsSession(android.accounts.Account, java.lang.String, android.os.Bundle, android.app.Activity, android.accounts.AccountManagerCallback<android.os.Bundle>, android.os.Handler); method public android.accounts.AccountManagerFuture<android.os.Bundle> updateCredentials(android.accounts.Account, java.lang.String, android.os.Bundle, android.app.Activity, android.accounts.AccountManagerCallback<android.os.Bundle>, android.os.Handler); field public static final java.lang.String ACTION_AUTHENTICATOR_INTENT = "android.accounts.AccountAuthenticator"; field public static final java.lang.String AUTHENTICATOR_ATTRIBUTES_NAME = "account-authenticator"; @@ -2842,8 +2836,6 @@ package android.accounts { field public static final java.lang.String KEY_ACCOUNT_AUTHENTICATOR_RESPONSE = "accountAuthenticatorResponse"; field public static final java.lang.String KEY_ACCOUNT_MANAGER_RESPONSE = "accountManagerResponse"; field public static final java.lang.String KEY_ACCOUNT_NAME = "authAccount"; - field public static final java.lang.String KEY_ACCOUNT_SESSION_BUNDLE = "accountSessionBundle"; - field public static final java.lang.String KEY_ACCOUNT_STATUS_TOKEN = "accountStatusToken"; field public static final java.lang.String KEY_ACCOUNT_TYPE = "accountType"; field public static final java.lang.String KEY_ANDROID_PACKAGE_NAME = "androidPackageName"; field public static final java.lang.String KEY_AUTHENTICATOR_TYPES = "authenticator_types"; diff --git a/api/test-current.txt b/api/test-current.txt index 62dc46a522f8..91dcf3424ce4 100644 --- a/api/test-current.txt +++ b/api/test-current.txt @@ -2750,15 +2750,12 @@ package android.accounts { method public android.os.Bundle addAccountFromCredentials(android.accounts.AccountAuthenticatorResponse, android.accounts.Account, android.os.Bundle) throws android.accounts.NetworkErrorException; method public abstract android.os.Bundle confirmCredentials(android.accounts.AccountAuthenticatorResponse, android.accounts.Account, android.os.Bundle) throws android.accounts.NetworkErrorException; method public abstract android.os.Bundle editProperties(android.accounts.AccountAuthenticatorResponse, java.lang.String); - method public android.os.Bundle finishSession(android.accounts.AccountAuthenticatorResponse, java.lang.String, android.os.Bundle) throws android.accounts.NetworkErrorException; method public android.os.Bundle getAccountCredentialsForCloning(android.accounts.AccountAuthenticatorResponse, android.accounts.Account) throws android.accounts.NetworkErrorException; method public android.os.Bundle getAccountRemovalAllowed(android.accounts.AccountAuthenticatorResponse, android.accounts.Account) throws android.accounts.NetworkErrorException; method public abstract android.os.Bundle getAuthToken(android.accounts.AccountAuthenticatorResponse, android.accounts.Account, java.lang.String, android.os.Bundle) throws android.accounts.NetworkErrorException; method public abstract java.lang.String getAuthTokenLabel(java.lang.String); method public final android.os.IBinder getIBinder(); method public abstract android.os.Bundle hasFeatures(android.accounts.AccountAuthenticatorResponse, android.accounts.Account, java.lang.String[]) throws android.accounts.NetworkErrorException; - method public android.os.Bundle startAddAccountSession(android.accounts.AccountAuthenticatorResponse, java.lang.String, java.lang.String, java.lang.String[], android.os.Bundle) throws android.accounts.NetworkErrorException; - method public android.os.Bundle startUpdateCredentialsSession(android.accounts.AccountAuthenticatorResponse, android.accounts.Account, java.lang.String, android.os.Bundle) throws android.accounts.NetworkErrorException; method public abstract android.os.Bundle updateCredentials(android.accounts.AccountAuthenticatorResponse, android.accounts.Account, java.lang.String, android.os.Bundle) throws android.accounts.NetworkErrorException; field public static final java.lang.String KEY_CUSTOM_TOKEN_EXPIRY = "android.accounts.expiry"; } @@ -2796,7 +2793,6 @@ package android.accounts { method public void clearPassword(android.accounts.Account); method public android.accounts.AccountManagerFuture<android.os.Bundle> confirmCredentials(android.accounts.Account, android.os.Bundle, android.app.Activity, android.accounts.AccountManagerCallback<android.os.Bundle>, android.os.Handler); method public android.accounts.AccountManagerFuture<android.os.Bundle> editProperties(java.lang.String, android.app.Activity, android.accounts.AccountManagerCallback<android.os.Bundle>, android.os.Handler); - method public android.accounts.AccountManagerFuture<android.os.Bundle> finishSession(android.os.Bundle, android.app.Activity, android.accounts.AccountManagerCallback<android.os.Bundle>, android.os.Handler); method public static android.accounts.AccountManager get(android.content.Context); method public android.accounts.Account[] getAccounts(); method public android.accounts.Account[] getAccountsByType(java.lang.String); @@ -2824,8 +2820,6 @@ package android.accounts { method public void setAuthToken(android.accounts.Account, java.lang.String, java.lang.String); method public void setPassword(android.accounts.Account, java.lang.String); method public void setUserData(android.accounts.Account, java.lang.String, java.lang.String); - method public android.accounts.AccountManagerFuture<android.os.Bundle> startAddAccountSession(java.lang.String, java.lang.String, java.lang.String[], android.os.Bundle, android.app.Activity, android.accounts.AccountManagerCallback<android.os.Bundle>, android.os.Handler); - method public android.accounts.AccountManagerFuture<android.os.Bundle> startUpdateCredentialsSession(android.accounts.Account, java.lang.String, android.os.Bundle, android.app.Activity, android.accounts.AccountManagerCallback<android.os.Bundle>, android.os.Handler); method public android.accounts.AccountManagerFuture<android.os.Bundle> updateCredentials(android.accounts.Account, java.lang.String, android.os.Bundle, android.app.Activity, android.accounts.AccountManagerCallback<android.os.Bundle>, android.os.Handler); field public static final java.lang.String ACTION_AUTHENTICATOR_INTENT = "android.accounts.AccountAuthenticator"; field public static final java.lang.String AUTHENTICATOR_ATTRIBUTES_NAME = "account-authenticator"; @@ -2842,8 +2836,6 @@ package android.accounts { field public static final java.lang.String KEY_ACCOUNT_AUTHENTICATOR_RESPONSE = "accountAuthenticatorResponse"; field public static final java.lang.String KEY_ACCOUNT_MANAGER_RESPONSE = "accountManagerResponse"; field public static final java.lang.String KEY_ACCOUNT_NAME = "authAccount"; - field public static final java.lang.String KEY_ACCOUNT_SESSION_BUNDLE = "accountSessionBundle"; - field public static final java.lang.String KEY_ACCOUNT_STATUS_TOKEN = "accountStatusToken"; field public static final java.lang.String KEY_ACCOUNT_TYPE = "accountType"; field public static final java.lang.String KEY_ANDROID_PACKAGE_NAME = "androidPackageName"; field public static final java.lang.String KEY_AUTHENTICATOR_TYPES = "authenticator_types"; diff --git a/core/java/android/accounts/AbstractAccountAuthenticator.java b/core/java/android/accounts/AbstractAccountAuthenticator.java index a312e3f5b6a7..690e674a4812 100644 --- a/core/java/android/accounts/AbstractAccountAuthenticator.java +++ b/core/java/android/accounts/AbstractAccountAuthenticator.java @@ -25,6 +25,7 @@ import android.content.pm.PackageManager; import android.content.Context; import android.content.Intent; import android.Manifest; +import android.annotation.SystemApi; import android.util.Log; import java.util.Arrays; @@ -762,7 +763,9 @@ public abstract class AbstractAccountAuthenticator { * @throws NetworkErrorException if the authenticator could not honor the * request due to a network error * @see #finishSession(AccountAuthenticatorResponse, String, Bundle) + * @hide */ + @SystemApi public Bundle startAddAccountSession( final AccountAuthenticatorResponse response, final String accountType, @@ -818,7 +821,9 @@ public abstract class AbstractAccountAuthenticator { * @throws NetworkErrorException if the authenticator could not honor the * request due to a network error * @see #finishSession(AccountAuthenticatorResponse, String, Bundle) + * @hide */ + @SystemApi public Bundle startUpdateCredentialsSession( final AccountAuthenticatorResponse response, final Account account, @@ -870,7 +875,9 @@ public abstract class AbstractAccountAuthenticator { * </ul> * @throws NetworkErrorException * @see #startAddAccountSession and #startUpdateCredentialsSession + * @hide */ + @SystemApi public Bundle finishSession( final AccountAuthenticatorResponse response, final String accountType, diff --git a/core/java/android/accounts/AccountManager.java b/core/java/android/accounts/AccountManager.java index ada1ac268fc0..2449ee51c682 100644 --- a/core/java/android/accounts/AccountManager.java +++ b/core/java/android/accounts/AccountManager.java @@ -19,6 +19,7 @@ package android.accounts; import android.annotation.NonNull; import android.annotation.RequiresPermission; import android.annotation.Size; +import android.annotation.SystemApi; import android.app.Activity; import android.content.BroadcastReceiver; import android.content.ComponentName; @@ -244,14 +245,18 @@ public class AccountManager { * Bundle key used for a {@link Bundle} in result from * {@link #startAddAccountSession} and friends which returns session data * for installing an account later. + * @hide */ + @SystemApi public static final String KEY_ACCOUNT_SESSION_BUNDLE = "accountSessionBundle"; /** * Bundle key used for the {@link String} account status token in result * from {@link #startAddAccountSession} and friends which returns * information about a particular account. + * @hide */ + @SystemApi public static final String KEY_ACCOUNT_STATUS_TOKEN = "accountStatusToken"; public static final String ACTION_AUTHENTICATOR_INTENT = @@ -2667,7 +2672,9 @@ public class AccountManager { * trouble * </ul> * @see #finishSession + * @hide */ + @SystemApi public AccountManagerFuture<Bundle> startAddAccountSession( final String accountType, final String authTokenType, @@ -2749,7 +2756,9 @@ public class AccountManager { * trouble * </ul> * @see #finishSession + * @hide */ + @SystemApi public AccountManagerFuture<Bundle> startUpdateCredentialsSession( final Account account, final String authTokenType, @@ -2818,7 +2827,9 @@ public class AccountManager { * trouble * </ul> * @see #startAddAccountSession and #startUpdateCredentialsSession + * @hide */ + @SystemApi public AccountManagerFuture<Bundle> finishSession( final Bundle sessionBundle, final Activity activity, diff --git a/services/core/java/com/android/server/accounts/AccountManagerService.java b/services/core/java/com/android/server/accounts/AccountManagerService.java index 11f9e2d58c31..f345d7e91ace 100644 --- a/services/core/java/com/android/server/accounts/AccountManagerService.java +++ b/services/core/java/com/android/server/accounts/AccountManagerService.java @@ -2312,6 +2312,14 @@ public class AccountManagerService } final int uid = Binder.getCallingUid(); + // Only allow system to start session + if (!isSystemUid(uid)) { + String msg = String.format( + "uid %s cannot stat add account session.", + uid); + throw new SecurityException(msg); + } + final int userId = UserHandle.getUserId(uid); if (!canUserModifyAccounts(userId, uid)) { try { @@ -2499,6 +2507,14 @@ public class AccountManagerService } final int uid = Binder.getCallingUid(); + // Only allow system to finish session + if (!isSystemUid(uid)) { + String msg = String.format( + "uid %s cannot finish session.", + uid); + throw new SecurityException(msg); + } + final int userId = UserHandle.getUserId(uid); if (!canUserModifyAccounts(userId, uid)) { sendErrorResponse(response, @@ -2717,6 +2733,16 @@ public class AccountManagerService if (account == null) { throw new IllegalArgumentException("account is null"); } + + final int uid = Binder.getCallingUid(); + // Only allow system to start session + if (!isSystemUid(uid)) { + String msg = String.format( + "uid %s cannot start update credentials session.", + uid); + throw new SecurityException(msg); + } + int userId = UserHandle.getCallingUserId(); long identityToken = clearCallingIdentity(); try { |