diff options
author | Fred Quintana <fredq@google.com> | 2010-02-24 13:40:54 -0800 |
---|---|---|
committer | Fred Quintana <fredq@google.com> | 2010-02-24 14:50:30 -0800 |
commit | b38eb14dbf58c8230f5b54c481b85587d9ef7c78 (patch) | |
tree | 7a2e995fd697299891aaca147f419abce8ee10c9 /core/java/android/accounts | |
parent | 753759093424341f4fc7759cb9754e02ecf8e872 (diff) | |
download | frameworks_base-b38eb14dbf58c8230f5b54c481b85587d9ef7c78.zip frameworks_base-b38eb14dbf58c8230f5b54c481b85587d9ef7c78.tar.gz frameworks_base-b38eb14dbf58c8230f5b54c481b85587d9ef7c78.tar.bz2 |
allow permission USE_CREDENTIALS for AccountManager.invalidateAuthToken as well as the previous MANAGE_ACCOUNTS
Diffstat (limited to 'core/java/android/accounts')
-rw-r--r-- | core/java/android/accounts/AccountManager.java | 3 | ||||
-rw-r--r-- | core/java/android/accounts/AccountManagerService.java | 30 |
2 files changed, 22 insertions, 11 deletions
diff --git a/core/java/android/accounts/AccountManager.java b/core/java/android/accounts/AccountManager.java index 3161826..e2263fc 100644 --- a/core/java/android/accounts/AccountManager.java +++ b/core/java/android/accounts/AccountManager.java @@ -516,7 +516,8 @@ public class AccountManager { * <p>It is safe to call this method from the main thread. * * <p>This method requires the caller to hold the permission - * {@link android.Manifest.permission#MANAGE_ACCOUNTS}. + * {@link android.Manifest.permission#MANAGE_ACCOUNTS} or + * {@link android.Manifest.permission#USE_CREDENTIALS} * * @param accountType The account type of the auth token to invalidate * @param authToken The auth token to invalidate diff --git a/core/java/android/accounts/AccountManagerService.java b/core/java/android/accounts/AccountManagerService.java index d4f4d13..2aaf5b0 100644 --- a/core/java/android/accounts/AccountManagerService.java +++ b/core/java/android/accounts/AccountManagerService.java @@ -565,7 +565,7 @@ public class AccountManagerService } public void invalidateAuthToken(String accountType, String authToken) { - checkManageAccountsPermission(); + checkManageAccountsOrUseCredentialsPermissions(); long identityToken = clearCallingIdentity(); try { SQLiteDatabase db = mOpenHelper.getWritableDatabase(); @@ -1747,17 +1747,22 @@ public class AccountManagerService } } - private void checkBinderPermission(String permission) { + /** Succeeds if any of the specified permissions are granted. */ + private void checkBinderPermission(String... permissions) { final int uid = Binder.getCallingUid(); - if (mContext.checkCallingOrSelfPermission(permission) != - PackageManager.PERMISSION_GRANTED) { - String msg = "caller uid " + uid + " lacks " + permission; - Log.w(TAG, msg); - throw new SecurityException(msg); - } - if (Log.isLoggable(TAG, Log.VERBOSE)) { - Log.v(TAG, "caller uid " + uid + " has " + permission); + + for (String perm : permissions) { + if (mContext.checkCallingOrSelfPermission(perm) == PackageManager.PERMISSION_GRANTED) { + if (Log.isLoggable(TAG, Log.VERBOSE)) { + Log.v(TAG, "caller uid " + uid + " has " + perm); + } + return; + } } + + String msg = "caller uid " + uid + " lacks any of " + TextUtils.join(",", permissions); + Log.w(TAG, msg); + throw new SecurityException(msg); } private boolean inSystemImage(int callerUid) { @@ -1848,6 +1853,11 @@ public class AccountManagerService checkBinderPermission(Manifest.permission.MANAGE_ACCOUNTS); } + private void checkManageAccountsOrUseCredentialsPermissions() { + checkBinderPermission(Manifest.permission.MANAGE_ACCOUNTS, + Manifest.permission.USE_CREDENTIALS); + } + /** * Allow callers with the given uid permission to get credentials for account/authTokenType. * <p> |