AccountManager: make account session APIs SystemApi.
Make startAddAccountSession, startUpdateCredentialsSession and
finishSession Apis SystemApi.
Change-Id: Iaedfe546e9b87a2ee8dd2d19e8c28b7f1d59c111
diff --git a/services/core/java/com/android/server/accounts/AccountManagerService.java b/services/core/java/com/android/server/accounts/AccountManagerService.java
index aa99442..2d8d6f2 100644
--- a/services/core/java/com/android/server/accounts/AccountManagerService.java
+++ b/services/core/java/com/android/server/accounts/AccountManagerService.java
@@ -2312,6 +2312,14 @@
}
final int uid = Binder.getCallingUid();
+ // Only allow system to start session
+ if (!isSystemUid(uid)) {
+ String msg = String.format(
+ "uid %s cannot stat add account session.",
+ uid);
+ throw new SecurityException(msg);
+ }
+
final int userId = UserHandle.getUserId(uid);
if (!canUserModifyAccounts(userId, uid)) {
try {
@@ -2499,6 +2507,14 @@
}
final int uid = Binder.getCallingUid();
+ // Only allow system to finish session
+ if (!isSystemUid(uid)) {
+ String msg = String.format(
+ "uid %s cannot finish session.",
+ uid);
+ throw new SecurityException(msg);
+ }
+
final int userId = UserHandle.getUserId(uid);
if (!canUserModifyAccounts(userId, uid)) {
sendErrorResponse(response,
@@ -2717,6 +2733,16 @@
if (account == null) {
throw new IllegalArgumentException("account is null");
}
+
+ final int uid = Binder.getCallingUid();
+ // Only allow system to start session
+ if (!isSystemUid(uid)) {
+ String msg = String.format(
+ "uid %s cannot start update credentials session.",
+ uid);
+ throw new SecurityException(msg);
+ }
+
int userId = UserHandle.getCallingUserId();
long identityToken = clearCallingIdentity();
try {