GET_ACCOUNTS_PRIVILEGED permission check for Account Discovery API.
GET_ACCOUNTS_PRIVELEGED still works in Android O, but authenticators can
limit visibility for apps with the permission.
Bug: 34841115
Test: cts, manual tests.
Change-Id: Ibd87f6172969c550b6166f88176924e517393763
diff --git a/services/core/java/com/android/server/accounts/AccountManagerService.java b/services/core/java/com/android/server/accounts/AccountManagerService.java
index fdd7cb1..fbc4440 100644
--- a/services/core/java/com/android/server/accounts/AccountManagerService.java
+++ b/services/core/java/com/android/server/accounts/AccountManagerService.java
@@ -636,11 +636,10 @@
return visibility;
}
- if (isPermittedForPackage(packageName, accounts.userId,
- Manifest.permission.GET_ACCOUNTS_PRIVILEGED)) {
- return AccountManager.VISIBILITY_VISIBLE;
- }
- // Profile owner gets visibility by default.
+ boolean isPrivileged = isPermittedForPackage(packageName, accounts.userId,
+ Manifest.permission.GET_ACCOUNTS_PRIVILEGED);
+
+ // Device/Profile owner gets visibility by default.
if (isProfileOwner(uid)) {
return AccountManager.VISIBILITY_VISIBLE;
}
@@ -650,7 +649,7 @@
boolean preO = isPreOApplication(packageName);
if ((signatureCheckResult != SIGNATURE_CHECK_MISMATCH)
|| (preO && checkGetAccountsPermission(packageName, accounts.userId))
- || canReadContacts) {
+ || canReadContacts || isPrivileged) {
// Use legacy for preO apps with GET_ACCOUNTS permission or pre/postO with signature
// match.
visibility = getAccountVisibility(account,