Add get_accounts app op

For each runtime permission we have an app op to toggle the permission for legacy apps as they cannot handle permission revocations. We were lacking an app op for get_accounts which prevented the user from controlling access to accounts regardelss that they change the state of the permission toggle in the UI. Even worse the permission UI is written with the assumption that every runtime permission has an app op and as a result revoking the contacts group (if the app requests the get_accounts permission) is reset back to allowed in the UI. bug:23854618 Change-Id: I9e3f9bfeb320bed561d718db99ee285915d5701b
author: Svetoslav <svetoslavganov@google.com> 2015-09-08 14:36:35 -0700
committer: Svetoslav <svetoslavganov@google.com> 2015-09-08 17:54:37 -0700
commit: ce852ddcecefc6b3e1265462f5c8670bd0e4ace1 (patch)
tree: ffc963c127af9f52503ab5985d43bd2481820680 /core
parent: 36866dc7347ba37ced74af6f8a6298c62282dacb (diff)
download: frameworks_base-ce852ddcecefc6b3e1265462f5c8670bd0e4ace1.zip
frameworks_base-ce852ddcecefc6b3e1265462f5c8670bd0e4ace1.tar.gz
frameworks_base-ce852ddcecefc6b3e1265462f5c8670bd0e4ace1.tar.bz2
3 files changed, 32 insertions, 14 deletions
diff --git a/core/java/android/accounts/AccountManager.java b/core/java/android/accounts/AccountManager.java
index 8c84b4d..9ef13de 100644
--- a/core/java/android/accounts/AccountManager.java
+++ b/core/java/android/accounts/AccountManager.java
@@ -426,7 +426,7 @@ public class AccountManager {
     @RequiresPermission(GET_ACCOUNTS)
     public Account[] getAccounts() {
         try {
-            return mService.getAccounts(null);
+            return mService.getAccounts(null, mContext.getOpPackageName());
         } catch (RemoteException e) {
             // won't ever happen
             throw new RuntimeException(e);
@@ -451,7 +451,7 @@ public class AccountManager {
     @RequiresPermission(GET_ACCOUNTS)
     public Account[] getAccountsAsUser(int userId) {
         try {
-            return mService.getAccountsAsUser(null, userId);
+            return mService.getAccountsAsUser(null, userId, mContext.getOpPackageName());
         } catch (RemoteException e) {
             // won't ever happen
             throw new RuntimeException(e);
@@ -468,7 +468,7 @@ public class AccountManager {
      */
     public Account[] getAccountsForPackage(String packageName, int uid) {
         try {
-            return mService.getAccountsForPackage(packageName, uid);
+            return mService.getAccountsForPackage(packageName, uid, mContext.getOpPackageName());
         } catch (RemoteException re) {
             // won't ever happen
             throw new RuntimeException(re);
@@ -485,7 +485,8 @@ public class AccountManager {
      */
     public Account[] getAccountsByTypeForPackage(String type, String packageName) {
         try {
-            return mService.getAccountsByTypeForPackage(type, packageName);
+            return mService.getAccountsByTypeForPackage(type, packageName,
+                    mContext.getOpPackageName());
         } catch (RemoteException re) {
             // won't ever happen
             throw new RuntimeException(re);
@@ -522,7 +523,8 @@ public class AccountManager {
     /** @hide Same as {@link #getAccountsByType(String)} but for a specific user. */
     public Account[] getAccountsByTypeAsUser(String type, UserHandle userHandle) {
         try {
-            return mService.getAccountsAsUser(type, userHandle.getIdentifier());
+            return mService.getAccountsAsUser(type, userHandle.getIdentifier(),
+                    mContext.getOpPackageName());
         } catch (RemoteException e) {
             // won't ever happen
             throw new RuntimeException(e);
@@ -610,7 +612,7 @@ public class AccountManager {
         if (features == null) throw new IllegalArgumentException("features is null");
         return new Future2Task<Boolean>(handler, callback) {
             public void doWork() throws RemoteException {
-                mService.hasFeatures(mResponse, account, features);
+                mService.hasFeatures(mResponse, account, features, mContext.getOpPackageName());
             }
             public Boolean bundleToResult(Bundle bundle) throws AuthenticatorException {
                 if (!bundle.containsKey(KEY_BOOLEAN_RESULT)) {
@@ -662,7 +664,8 @@ public class AccountManager {
         if (type == null) throw new IllegalArgumentException("type is null");
         return new Future2Task<Account[]>(handler, callback) {
             public void doWork() throws RemoteException {
-                mService.getAccountsByFeatures(mResponse, type, features);
+                mService.getAccountsByFeatures(mResponse, type, features,
+                        mContext.getOpPackageName());
             }
             public Account[] bundleToResult(Bundle bundle) throws AuthenticatorException {
                 if (!bundle.containsKey(KEY_ACCOUNTS)) {
diff --git a/core/java/android/accounts/IAccountManager.aidl b/core/java/android/accounts/IAccountManager.aidl
index 04b3c88..4378df4 100644
--- a/core/java/android/accounts/IAccountManager.aidl
+++ b/core/java/android/accounts/IAccountManager.aidl
@@ -30,12 +30,14 @@ interface IAccountManager {
     String getPassword(in Account account);
     String getUserData(in Account account, String key);
     AuthenticatorDescription[] getAuthenticatorTypes(int userId);
-    Account[] getAccounts(String accountType);
-    Account[] getAccountsForPackage(String packageName, int uid);
-    Account[] getAccountsByTypeForPackage(String type, String packageName);
-    Account[] getAccountsAsUser(String accountType, int userId);
-    void hasFeatures(in IAccountManagerResponse response, in Account account, in String[] features);
-    void getAccountsByFeatures(in IAccountManagerResponse response, String accountType, in String[] features);
+    Account[] getAccounts(String accountType, String opPackageName);
+    Account[] getAccountsForPackage(String packageName, int uid, String opPackageName);
+    Account[] getAccountsByTypeForPackage(String type, String packageName, String opPackageName);
+    Account[] getAccountsAsUser(String accountType, int userId, String opPackageName);
+    void hasFeatures(in IAccountManagerResponse response, in Account account, in String[] features,
+        String opPackageName);
+    void getAccountsByFeatures(in IAccountManagerResponse response, String accountType,
+        in String[] features, String opPackageName);
     boolean addAccountExplicitly(in Account account, String password, in Bundle extras);
     void removeAccount(in IAccountManagerResponse response, in Account account,
         boolean expectActivityLaunch);
diff --git a/core/java/android/app/AppOpsManager.java b/core/java/android/app/AppOpsManager.java
index 42ac67c..09c0a6e 100644
--- a/core/java/android/app/AppOpsManager.java
+++ b/core/java/android/app/AppOpsManager.java
@@ -235,8 +235,10 @@ public class AppOpsManager {
     public static final int OP_WRITE_EXTERNAL_STORAGE = 60;
     /** @hide Turned on the screen. */
     public static final int OP_TURN_SCREEN_ON = 61;
+    /** @hide Get device accounts. */
+    public static final int OP_GET_ACCOUNTS = 62;
     /** @hide */
-    public static final int _NUM_OP = 62;
+    public static final int _NUM_OP = 63;
 
     /** Access to coarse location information. */
     public static final String OPSTR_COARSE_LOCATION = "android:coarse_location";
@@ -331,6 +333,9 @@ public class AppOpsManager {
     /** Required to write/modify/update system settingss. */
     public static final String OPSTR_WRITE_SETTINGS
             = "android:write_settings";
+    /** @hide Get device accounts. */
+    public static final String OPSTR_GET_ACCOUNTS
+            = "android:get_accounts";
 
     /**
      * This maps each operation to the operation that serves as the
@@ -403,6 +408,7 @@ public class AppOpsManager {
             OP_READ_EXTERNAL_STORAGE,
             OP_WRITE_EXTERNAL_STORAGE,
             OP_TURN_SCREEN_ON,
+            OP_GET_ACCOUNTS,
     };
 
     /**
@@ -472,6 +478,7 @@ public class AppOpsManager {
             OPSTR_READ_EXTERNAL_STORAGE,
             OPSTR_WRITE_EXTERNAL_STORAGE,
             null,
+            OPSTR_GET_ACCOUNTS
     };
 
     /**
@@ -541,6 +548,7 @@ public class AppOpsManager {
             "READ_EXTERNAL_STORAGE",
             "WRITE_EXTERNAL_STORAGE",
             "TURN_ON_SCREEN",
+            "GET_ACCOUNTS",
     };
 
     /**
@@ -610,6 +618,7 @@ public class AppOpsManager {
             Manifest.permission.READ_EXTERNAL_STORAGE,
             Manifest.permission.WRITE_EXTERNAL_STORAGE,
             null, // no permission for turning the screen on
+            Manifest.permission.GET_ACCOUNTS
     };
 
     /**
@@ -680,6 +689,7 @@ public class AppOpsManager {
             null, // READ_EXTERNAL_STORAGE
             null, // WRITE_EXTERNAL_STORAGE
             null, // TURN_ON_SCREEN
+            null, // GET_ACCOUNTS
     };
 
     /**
@@ -749,6 +759,7 @@ public class AppOpsManager {
             false, // READ_EXTERNAL_STORAGE
             false, // WRITE_EXTERNAL_STORAGE
             false, // TURN_ON_SCREEN
+            false, // GET_ACCOUNTS
     };
 
     /**
@@ -817,6 +828,7 @@ public class AppOpsManager {
             AppOpsManager.MODE_ALLOWED,
             AppOpsManager.MODE_ALLOWED,
             AppOpsManager.MODE_ALLOWED,  // OP_TURN_ON_SCREEN
+            AppOpsManager.MODE_ALLOWED,
     };
 
     /**
@@ -889,6 +901,7 @@ public class AppOpsManager {
             false,
             false,
             false,
+            false
     };
 
     /**
author	Svetoslav <svetoslavganov@google.com>	2015-09-08 14:36:35 -0700
committer	Svetoslav <svetoslavganov@google.com>	2015-09-08 17:54:37 -0700
commit	ce852ddcecefc6b3e1265462f5c8670bd0e4ace1 (patch)
tree	ffc963c127af9f52503ab5985d43bd2481820680 /core
parent	36866dc7347ba37ced74af6f8a6298c62282dacb (diff)
download	frameworks_base-ce852ddcecefc6b3e1265462f5c8670bd0e4ace1.zip frameworks_base-ce852ddcecefc6b3e1265462f5c8670bd0e4ace1.tar.gz frameworks_base-ce852ddcecefc6b3e1265462f5c8670bd0e4ace1.tar.bz2