Merge "Add a privileged permission to get user accounts" into mnc-dev
diff --git a/api/current.txt b/api/current.txt
index 741ff9b..462ca0a 100644
--- a/api/current.txt
+++ b/api/current.txt
@@ -66,6 +66,7 @@
field public static final java.lang.String FACTORY_TEST = "android.permission.FACTORY_TEST";
field public static final java.lang.String FLASHLIGHT = "android.permission.FLASHLIGHT";
field public static final java.lang.String GET_ACCOUNTS = "android.permission.GET_ACCOUNTS";
+ field public static final java.lang.String GET_ACCOUNTS_PRIVILEGED = "android.permission.GET_ACCOUNTS_PRIVILEGED";
field public static final java.lang.String GET_PACKAGE_SIZE = "android.permission.GET_PACKAGE_SIZE";
field public static final deprecated java.lang.String GET_TASKS = "android.permission.GET_TASKS";
field public static final java.lang.String GLOBAL_SEARCH = "android.permission.GLOBAL_SEARCH";
diff --git a/api/system-current.txt b/api/system-current.txt
index 4c2d7b1..d6e3c03 100644
--- a/api/system-current.txt
+++ b/api/system-current.txt
@@ -95,6 +95,7 @@
field public static final java.lang.String FORCE_BACK = "android.permission.FORCE_BACK";
field public static final java.lang.String FORCE_STOP_PACKAGES = "android.permission.FORCE_STOP_PACKAGES";
field public static final java.lang.String GET_ACCOUNTS = "android.permission.GET_ACCOUNTS";
+ field public static final java.lang.String GET_ACCOUNTS_PRIVILEGED = "android.permission.GET_ACCOUNTS_PRIVILEGED";
field public static final java.lang.String GET_APP_OPS_STATS = "android.permission.GET_APP_OPS_STATS";
field public static final java.lang.String GET_PACKAGE_IMPORTANCE = "android.permission.GET_PACKAGE_IMPORTANCE";
field public static final java.lang.String GET_PACKAGE_SIZE = "android.permission.GET_PACKAGE_SIZE";
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
index 92862f5..3e22e09 100644
--- a/core/res/AndroidManifest.xml
+++ b/core/res/AndroidManifest.xml
@@ -1749,6 +1749,10 @@
<!-- ==================================== -->
<eat-comment />
+ <!-- @SystemApi Allows access to the list of accounts in the Accounts Service. -->
+ <permission android:name="android.permission.GET_ACCOUNTS_PRIVILEGED"
+ android:protectionLevel="signature|privileged" />
+
<!-- @SystemApi Allows applications to RW to diagnostic resources.
<p>Not for use by third-party applications. -->
<permission android:name="android.permission.DIAGNOSTIC"
diff --git a/services/core/java/com/android/server/accounts/AccountManagerService.java b/services/core/java/com/android/server/accounts/AccountManagerService.java
index cb294fd..32fd56a 100644
--- a/services/core/java/com/android/server/accounts/AccountManagerService.java
+++ b/services/core/java/com/android/server/accounts/AccountManagerService.java
@@ -3799,7 +3799,8 @@
* access accounts of the specified account.
*/
boolean isPermitted =
- isPermitted(callingUid, Manifest.permission.GET_ACCOUNTS);
+ isPermitted(callingUid, Manifest.permission.GET_ACCOUNTS,
+ Manifest.permission.GET_ACCOUNTS_PRIVILEGED);
boolean isAccountManagedByCaller = isAccountManagedByCaller(accountType, callingUid);
Log.w(TAG, String.format(
"isReadAccountPermitted: isPermitted: %s, isAM: %s",