Don't allow non-authorized apps to access auth tokens For restricted profiles, if an app tries to guess an account name and requests an auth token, even though the framework is going to prompt for permission, it could be authorized by someone who can't read. If the app is not opting in to see accounts, don't let it get auth tokens by verifying first that it's in the list of known accounts. Bug: 8736380 Change-Id: I6caf88cfe14aa1023d55bcb28ad80ccd89eeb79b

commit: d20ea2f158000fd83528ef95e4e5fc6ff8c78b81 [log] [tgz]
author: Amith Yamasani <yamasani@google.com> Wed May 08 12:57:01 2013 -0700
committer: Amith Yamasani <yamasani@google.com> Wed May 08 12:57:01 2013 -0700
tree: d0f110f167516f146bb4b2bdc2815a30528c3b1c
parent: e2322bdd7865552aa31f93bbf4e60d4d9a7d0973 [diff] [blame]
diff --git a/services/java/com/android/server/accounts/AccountManagerService.java b/services/java/com/android/server/accounts/AccountManagerService.java
index 241b224..3b63937 100644
--- a/services/java/com/android/server/accounts/AccountManagerService.java
+++ b/services/java/com/android/server/accounts/AccountManagerService.java

@@ -1265,6 +1265,11 @@
         final boolean customTokens =
             authenticatorInfo != null && authenticatorInfo.type.customTokens;
 
+        // Check to see that the app is authorized to access the account, in case it's a
+        // restricted account.
+        if (!ArrayUtils.contains(getAccounts((String) null), account)) {
+            throw new IllegalArgumentException("no such account");
+        }
         // skip the check if customTokens
         final int callerUid = Binder.getCallingUid();
         final boolean permissionGranted = customTokens ||
commit	d20ea2f158000fd83528ef95e4e5fc6ff8c78b81	[log] [tgz]
author	Amith Yamasani <yamasani@google.com>	Wed May 08 12:57:01 2013 -0700
committer	Amith Yamasani <yamasani@google.com>	Wed May 08 12:57:01 2013 -0700
tree	d0f110f167516f146bb4b2bdc2815a30528c3b1c
parent	e2322bdd7865552aa31f93bbf4e60d4d9a7d0973 [diff] [blame]