Clear calling identity before getUserAccounts in

author Dmitry Dementyev <dementyev@google.com>

Tue, 4 Apr 2017 18:12:42 +0000 (11:12 -0700)

committer gitbuildkicker <android-build@google.com>

Thu, 6 Apr 2017 00:15:13 +0000 (17:15 -0700)
author Dmitry Dementyev <dementyev@google.com>
Tue, 4 Apr 2017 18:12:42 +0000 (11:12 -0700)
committer gitbuildkicker <android-build@google.com>
Thu, 6 Apr 2017 00:15:13 +0000 (17:15 -0700)
diff --git a/services/core/java/com/android/server/accounts/AccountManagerService.java b/services/core/java/com/android/server/accounts/AccountManagerService.java

index e560d32..738365d 100644 (file)
--- a/services/core/java/com/android/server/accounts/AccountManagerService.java
+++ b/services/core/java/com/android/server/accounts/AccountManagerService.java
@@ -427,14 +427,13 @@ public class AccountManagerService
      public boolean addAccountExplicitlyWithVisibility(Account account, String password,
              Bundle extras, Map packageToVisibility) {
          Bundle.setDefusable(extras, true);
-
-        final int callingUid = Binder.getCallingUid();
+        int callingUid = Binder.getCallingUid();
+        int userId = UserHandle.getCallingUserId();
          if (Log.isLoggable(TAG, Log.VERBOSE)) {
              Log.v(TAG, "addAccountExplicitly: " + account + ", caller's uid " + callingUid
                      + ", pid " + Binder.getCallingPid());
          }
          Preconditions.checkNotNull(account, "account cannot be null");
-        int userId = UserHandle.getCallingUserId();
          if (!isAccountManagedByCaller(account.type, callingUid, userId)) {
              String msg = String.format("uid %s cannot explicitly add accounts of type: %s",
                      callingUid, account.type);
@@ -461,9 +460,9 @@ public class AccountManagerService
      public Map<Account, Integer> getAccountsAndVisibilityForPackage(String packageName,
              String accountType) {
          int callingUid = Binder.getCallingUid();
+        int userId = UserHandle.getCallingUserId();
          boolean isSystemUid = UserHandle.isSameApp(callingUid, Process.SYSTEM_UID);
-        List<String> managedTypes =
-                getTypesForCaller(callingUid, UserHandle.getUserId(callingUid), isSystemUid);
+        List<String> managedTypes = getTypesForCaller(callingUid, userId, isSystemUid);
  
          if ((accountType != null && !managedTypes.contains(accountType))
                  || (accountType == null && !isSystemUid)) {
@@ -478,8 +477,9 @@ public class AccountManagerService
  
          long identityToken = clearCallingIdentity();
          try {
+            UserAccounts accounts = getUserAccounts(userId);
              return getAccountsAndVisibilityForPackage(packageName, managedTypes, callingUid,
-                    getUserAccounts(UserHandle.getUserId(callingUid)));
+                    accounts);
          } finally {
              restoreCallingIdentity(identityToken);
          }
@@ -490,12 +490,8 @@ public class AccountManagerService
       */
      private Map<Account, Integer> getAccountsAndVisibilityForPackage(String packageName,
              List<String> accountTypes, Integer callingUid, UserAccounts accounts) {
-        int uid = 0;
-        try {
-            uid = mPackageManager.getPackageUidAsUser(packageName,
-                    UserHandle.getUserId(callingUid));
-        } catch (NameNotFoundException e) {
-            Log.d(TAG, "Package not found " + e.getMessage());
+        if (!packageExistsForUser(packageName, accounts.userId)) {
+            Log.d(TAG, "Package not found " + packageName);
              return new LinkedHashMap<>();
          }
  
@@ -520,19 +516,26 @@ public class AccountManagerService
      public Map<String, Integer> getPackagesAndVisibilityForAccount(Account account) {
          Preconditions.checkNotNull(account, "account cannot be null");
          int callingUid = Binder.getCallingUid();
-        int userId = UserHandle.getUserId(callingUid);
-        UserAccounts accounts = getUserAccounts(userId);
+        int userId = UserHandle.getCallingUserId();
          if (!isAccountManagedByCaller(account.type, callingUid, userId)
                  && !isSystemUid(callingUid)) {
              String msg =
                      String.format("uid %s cannot get secrets for account %s", callingUid, account);
              throw new SecurityException(msg);
          }
-        synchronized (accounts.dbLock) {
-            synchronized (accounts.cacheLock) {
-                return getPackagesAndVisibilityForAccountLocked(account, accounts);
+
+        long identityToken = clearCallingIdentity();
+        try {
+            UserAccounts accounts = getUserAccounts(userId);
+            synchronized (accounts.dbLock) {
+                synchronized (accounts.cacheLock) {
+                    return getPackagesAndVisibilityForAccountLocked(account, accounts);
+                }
              }
+        } finally {
+            restoreCallingIdentity(identityToken);
          }
+
      }
  
      /**
@@ -560,8 +563,8 @@ public class AccountManagerService
          Preconditions.checkNotNull(account, "account cannot be null");
          Preconditions.checkNotNull(packageName, "packageName cannot be null");
          int callingUid = Binder.getCallingUid();
-        UserAccounts accounts = getUserAccounts(UserHandle.getUserId(callingUid));
-        if (!isAccountManagedByCaller(account.type, callingUid, accounts.userId)
+        int userId = UserHandle.getCallingUserId();
+        if (!isAccountManagedByCaller(account.type, callingUid, userId)
              && !isSystemUid(callingUid)) {
              String msg = String.format(
                      "uid %s cannot get secrets for accounts of type: %s",
@@ -569,7 +572,13 @@ public class AccountManagerService
                      account.type);
              throw new SecurityException(msg);
          }
-        return resolveAccountVisibility(account, packageName, accounts);
+        long identityToken = clearCallingIdentity();
+        try {
+            UserAccounts accounts = getUserAccounts(userId);
+            return resolveAccountVisibility(account, packageName, accounts);
+        } finally {
+            restoreCallingIdentity(identityToken);
+        }
      }
  
      /**
@@ -708,8 +717,8 @@ public class AccountManagerService
          Preconditions.checkNotNull(account, "account cannot be null");
          Preconditions.checkNotNull(packageName, "packageName cannot be null");
          int callingUid = Binder.getCallingUid();
-        UserAccounts accounts = getUserAccounts(UserHandle.getUserId(callingUid));
-        if (!isAccountManagedByCaller(account.type, callingUid, accounts.userId)
+        int userId = UserHandle.getCallingUserId();
+        if (!isAccountManagedByCaller(account.type, callingUid, userId)
              && !isSystemUid(callingUid)) {
              String msg = String.format(
                      "uid %s cannot get secrets for accounts of type: %s",
@@ -717,8 +726,14 @@ public class AccountManagerService
                      account.type);
              throw new SecurityException(msg);
          }
-        return setAccountVisibility(account, packageName, newVisibility, true /* notify */,
+        long identityToken = clearCallingIdentity();
+        try {
+            UserAccounts accounts = getUserAccounts(userId);
+            return setAccountVisibility(account, packageName, newVisibility, true /* notify */,
                  accounts);
+        } finally {
+            restoreCallingIdentity(identityToken);
+        }
      }
  
      /**
@@ -805,8 +820,15 @@ public class AccountManagerService
      public void registerAccountListener(String[] accountTypes, String opPackageName) {
          int callingUid = Binder.getCallingUid();
          mAppOpsManager.checkPackage(callingUid, opPackageName);
-        registerAccountListener(accountTypes, opPackageName,
-            getUserAccounts(UserHandle.getUserId(callingUid)));
+
+        int userId = UserHandle.getCallingUserId();
+        long identityToken = clearCallingIdentity();
+        try {
+            UserAccounts accounts = getUserAccounts(userId);
+            registerAccountListener(accountTypes, opPackageName, accounts);
+        } finally {
+            restoreCallingIdentity(identityToken);
+        }
      }
  
      private void registerAccountListener(String[] accountTypes, String opPackageName,
@@ -832,7 +854,18 @@ public class AccountManagerService
      public void unregisterAccountListener(String[] accountTypes, String opPackageName) {
          int callingUid = Binder.getCallingUid();
          mAppOpsManager.checkPackage(callingUid, opPackageName);
-        UserAccounts accounts = getUserAccounts(UserHandle.getUserId(callingUid));
+        int userId = UserHandle.getCallingUserId();
+        long identityToken = clearCallingIdentity();
+        try {
+            UserAccounts accounts = getUserAccounts(userId);
+            unregisterAccountListener(accountTypes, opPackageName, accounts);
+        } finally {
+            restoreCallingIdentity(identityToken);
+        }
+    }
+
+    private void unregisterAccountListener(String[] accountTypes, String opPackageName,
+            UserAccounts accounts) {
          synchronized (accounts.mReceiversForType) {
              if (accountTypes == null) {
                  // null for any type
@@ -903,7 +936,7 @@ public class AccountManagerService
              long identityToken = clearCallingIdentity();
              try {
                  mPackageManager.getPackageUidAsUser(packageName, userId);
-                return true; // package exist
+                return true;
              } finally {
                  restoreCallingIdentity(identityToken);
              }
diff --git a/services/tests/servicestests/src/com/android/server/accounts/AccountsDbTest.java b/services/tests/servicestests/src/com/android/server/accounts/AccountsDbTest.java

index aa37407..5d0c23f 100644 (file)
--- a/services/tests/servicestests/src/com/android/server/accounts/AccountsDbTest.java
+++ b/services/tests/servicestests/src/com/android/server/accounts/AccountsDbTest.java
@@ -149,7 +149,7 @@ public class AccountsDbTest {
          // 2nd account
          Account account2 = new Account("name", "example2.com");
          long accId2 = mAccountsDb.insertCeAccount(account2, "password");
-        mAccountsDb.insertDeAccount(account2, accId);
+        mAccountsDb.insertDeAccount(account2, accId2);
          mAccountsDb.insertAuthToken(accId2, "type", "token");
  
          mAccountsDb.deleteAuthTokensByAccountId(accId2);
author	Dmitry Dementyev <dementyev@google.com>
	Tue, 4 Apr 2017 18:12:42 +0000 (11:12 -0700)
committer	gitbuildkicker <android-build@google.com>
	Thu, 6 Apr 2017 00:15:13 +0000 (17:15 -0700)
services/core/java/com/android/server/accounts/AccountManagerService.java		patch \| blob \| history
services/tests/servicestests/src/com/android/server/accounts/AccountsDbTest.java		patch \| blob \| history