Application restrictions API
Adds the ability for apps to export some restrictions. The restrictions
are presented in Settings based on the restriction type. The user's
selections are stored by UserManagerService and provided to the
target user's application as a list of RestrictionEntry objects which
contain the key, value(s).
Also introduce a manifest entry for system apps to request that the
app be automatically installed in all users, so that they cannot be
deselected by the owner user.
Shared account filtering for non-whitelisted apps.
Change-Id: I15b741e3c0f3448883cb364c130783f1f6ea7ce6
diff --git a/services/java/com/android/server/accounts/AccountManagerService.java b/services/java/com/android/server/accounts/AccountManagerService.java
index 49295f5..09daf56 100644
--- a/services/java/com/android/server/accounts/AccountManagerService.java
+++ b/services/java/com/android/server/accounts/AccountManagerService.java
@@ -455,7 +455,6 @@
@Override
public void onServiceChanged(AuthenticatorDescription desc, int userId, boolean removed) {
- Slog.d(TAG, "onServiceChanged() for userId " + userId);
validateAccountsInternal(getUserAccounts(userId), false /* invalidateAuthenticatorCache */);
}
@@ -588,16 +587,12 @@
if (result != null) {
if (result.getBoolean(AccountManager.KEY_BOOLEAN_RESULT, false)) {
// Create a Session for the target user and pass in the bundle
- Slog.i(TAG, "getAccountCredentialsForCloning returned success, "
- + "sending result to target user");
completeCloningAccount(result, account, toAccounts);
} else {
- Slog.e(TAG, "getAccountCredentialsForCloning returned failure");
clonePassword(fromAccounts, toAccounts, account);
}
return;
} else {
- Slog.e(TAG, "getAccountCredentialsForCloning returned null");
clonePassword(fromAccounts, toAccounts, account);
super.onResult(result);
}
@@ -645,15 +640,12 @@
if (result != null) {
if (result.getBoolean(AccountManager.KEY_BOOLEAN_RESULT, false)) {
// TODO: Anything?
- Slog.i(TAG, "addAccount returned success");
} else {
// TODO: Show error notification
// TODO: Should we remove the shadow account to avoid retries?
- Slog.e(TAG, "addAccountFromCredentials returned failure");
}
return;
} else {
- Slog.e(TAG, "addAccountFromCredentials returned null");
super.onResult(result);
}
}
@@ -1433,6 +1425,17 @@
if (accountType == null) throw new IllegalArgumentException("accountType is null");
checkManageAccountsPermission();
+ // Is user allowed to modify accounts?
+ if (!getUserManager().getUserRestrictions(Binder.getCallingUserHandle())
+ .getBoolean(UserManager.ALLOW_MODIFY_ACCOUNTS)) {
+ try {
+ response.onError(AccountManager.ERROR_CODE_USER_RESTRICTED,
+ "User is not allowed to add an account!");
+ } catch (RemoteException re) {
+ }
+ return;
+ }
+
UserAccounts accounts = getUserAccountsForCaller();
final int pid = Binder.getCallingPid();
final int uid = Binder.getCallingUid();
@@ -1573,17 +1576,19 @@
private volatile Account[] mAccountsOfType = null;
private volatile ArrayList<Account> mAccountsWithFeatures = null;
private volatile int mCurrentAccount = 0;
+ private int mCallingUid;
public GetAccountsByTypeAndFeatureSession(UserAccounts accounts,
- IAccountManagerResponse response, String type, String[] features) {
+ IAccountManagerResponse response, String type, String[] features, int callingUid) {
super(accounts, response, type, false /* expectActivityLaunch */,
true /* stripAuthTokenFromResult */);
+ mCallingUid = callingUid;
mFeatures = features;
}
public void run() throws RemoteException {
synchronized (mAccounts.cacheLock) {
- mAccountsOfType = getAccountsFromCacheLocked(mAccounts, mAccountType);
+ mAccountsOfType = getAccountsFromCacheLocked(mAccounts, mAccountType, mCallingUid);
}
// check whether each account matches the requested features
mAccountsWithFeatures = new ArrayList<Account>(mAccountsOfType.length);
@@ -1668,10 +1673,11 @@
public Account[] getAccounts(int userId) {
checkReadAccountsPermission();
UserAccounts accounts = getUserAccounts(userId);
+ int callingUid = Binder.getCallingUid();
long identityToken = clearCallingIdentity();
try {
synchronized (accounts.cacheLock) {
- return getAccountsFromCacheLocked(accounts, null);
+ return getAccountsFromCacheLocked(accounts, null, callingUid);
}
} finally {
restoreCallingIdentity(identityToken);
@@ -1711,7 +1717,8 @@
UserAccounts userAccounts = getUserAccounts(userId);
if (userAccounts == null) continue;
synchronized (userAccounts.cacheLock) {
- Account[] accounts = getAccountsFromCacheLocked(userAccounts, null);
+ Account[] accounts = getAccountsFromCacheLocked(userAccounts, null,
+ Binder.getCallingUid());
for (int a = 0; a < accounts.length; a++) {
runningAccounts.add(new AccountAndUser(accounts[a], userId));
}
@@ -1725,9 +1732,10 @@
@Override
public Account[] getAccountsAsUser(String type, int userId) {
+ final int callingUid = Binder.getCallingUid();
// Only allow the system process to read accounts of other users
if (userId != UserHandle.getCallingUserId()
- && Binder.getCallingUid() != android.os.Process.myUid()) {
+ && callingUid != android.os.Process.myUid()) {
throw new SecurityException("User " + UserHandle.getCallingUserId()
+ " trying to get account for " + userId);
}
@@ -1742,7 +1750,7 @@
long identityToken = clearCallingIdentity();
try {
synchronized (accounts.cacheLock) {
- return getAccountsFromCacheLocked(accounts, type);
+ return getAccountsFromCacheLocked(accounts, type, callingUid);
}
} finally {
restoreCallingIdentity(identityToken);
@@ -1826,19 +1834,21 @@
if (type == null) throw new IllegalArgumentException("accountType is null");
checkReadAccountsPermission();
UserAccounts userAccounts = getUserAccountsForCaller();
+ int callingUid = Binder.getCallingUid();
long identityToken = clearCallingIdentity();
try {
if (features == null || features.length == 0) {
Account[] accounts;
synchronized (userAccounts.cacheLock) {
- accounts = getAccountsFromCacheLocked(userAccounts, type);
+ accounts = getAccountsFromCacheLocked(userAccounts, type, callingUid);
}
Bundle result = new Bundle();
result.putParcelableArray(AccountManager.KEY_ACCOUNTS, accounts);
onResult(response, result);
return;
}
- new GetAccountsByTypeAndFeatureSession(userAccounts, response, type, features).bind();
+ new GetAccountsByTypeAndFeatureSession(userAccounts, response, type, features,
+ callingUid).bind();
} finally {
restoreCallingIdentity(identityToken);
}
@@ -2352,7 +2362,8 @@
}
}
} else {
- Account[] accounts = getAccountsFromCacheLocked(userAccounts, null /* type */);
+ Account[] accounts = getAccountsFromCacheLocked(userAccounts, null /* type */,
+ android.os.Process.myUid());
fout.println("Accounts: " + accounts.length);
for (Account account : accounts) {
fout.println(" " + account);
@@ -2691,13 +2702,56 @@
accounts.accountCache.put(account.type, newAccountsForType);
}
- protected Account[] getAccountsFromCacheLocked(UserAccounts userAccounts, String accountType) {
+ private Account[] filterSharedAccounts(UserAccounts userAccounts, Account[] unfiltered,
+ int callingUid) {
+ if (getUserManager() == null || userAccounts == null || userAccounts.userId < 0
+ || callingUid == android.os.Process.myUid()) {
+ return unfiltered;
+ }
+ if (mUserManager.getUserInfo(userAccounts.userId).isRestricted()) {
+ String[] packages = mPackageManager.getPackagesForUid(callingUid);
+ // If any of the packages includes a white listed package, return the full set,
+ // otherwise return non-shared accounts only.
+ // This might be a temporary way to specify a whitelist
+ String whiteList = mContext.getResources().getString(
+ com.android.internal.R.string.config_appsAuthorizedForSharedAccounts);
+ for (String packageName : packages) {
+ if (whiteList.contains(";" + packageName + ";")) {
+ return unfiltered;
+ }
+ }
+ ArrayList<Account> allowed = new ArrayList<Account>();
+ Account[] sharedAccounts = getSharedAccountsAsUser(userAccounts.userId);
+ if (sharedAccounts == null || sharedAccounts.length == 0) return unfiltered;
+ for (Account account : unfiltered) {
+ boolean found = false;
+ for (Account shared : sharedAccounts) {
+ if (shared.equals(account)) {
+ found = true;
+ break;
+ }
+ }
+ if (!found) {
+ allowed.add(account);
+ }
+ }
+ Account[] filtered = new Account[allowed.size()];
+ allowed.toArray(filtered);
+ return filtered;
+ } else {
+ return unfiltered;
+ }
+ }
+
+ protected Account[] getAccountsFromCacheLocked(UserAccounts userAccounts, String accountType,
+ int callingUid) {
if (accountType != null) {
final Account[] accounts = userAccounts.accountCache.get(accountType);
if (accounts == null) {
return EMPTY_ACCOUNT_ARRAY;
} else {
- return Arrays.copyOf(accounts, accounts.length);
+ return filterSharedAccounts(userAccounts, Arrays.copyOf(accounts, accounts.length),
+ callingUid);
}
} else {
int totalLength = 0;
@@ -2714,7 +2768,7 @@
accountsOfType.length);
totalLength += accountsOfType.length;
}
- return accounts;
+ return filterSharedAccounts(userAccounts, accounts, callingUid);
}
}