5d09c998a03eea53218c3b3c40e20db1b7693c9c |
|
07-Sep-2016 |
Svet Ganov <svetoslavganov@google.com> |
Backup account access grants Sync adapters without an account access cannot run until the user approves the account access (for the case the account access is not allowed by other policy such as being singed with the same cert as the authenticator). If the sync adapter does not have permission to access the account we ask the user to grant access and take a note. This CL adds backup for the explicit user grants. bug:31162498 Change-Id: I31e3f3d010475352c7c54255ac2d3a2fed4d0c72
/frameworks/base/core/java/android/accounts/AccountManagerInternal.java
|
f6d424f133563fb3fc75d8fd260e6e7ed4608ef6 |
|
21-Sep-2016 |
Svet Ganov <svetoslavganov@google.com> |
While-list apps to access account if already saw it Sync adapters without an account access cannot run until the user approves the account access (for the case the account access is not allowed by other policy such as being singed with the same cert as the authenticator). However, if the sync adapter package already got the account from another app which means it already saw the account we white-list the sync adapter app to access the account as it already saw it - the bird is out of the cage. bug:31162498 Change-Id: I2b72f3b0d6307561ed68db2f2e9c900b15e8d098
/frameworks/base/core/java/android/accounts/AccountManagerInternal.java
|
5cb2973495084f8ce3433b579e4b4962ed9d7efc |
|
12-Jul-2016 |
Svetoslav Ganov <svetoslavganov@google.com> |
Only sync adapters with access can see an account - framework It was possible for a sync adapter without accounts access to see the account which it is supposed to sync which can be used to identify the user. This change ensures that only sync adapters with account access can run (which results in seeing the account), otherwise we involve the user to approve access only to this account. A sync adapter can access an account if one of these is true: - it is signed as the authenticator for this account - has the GET_ACCOUNTS permission - has an auth token for the account - it is a preinstalled app (system or privileged) The main thing we need to figure out is if the extra prompts for giving access to a sync adapter to the account create too much friction. bug:28163381 Change-Id: Ie083bb681b5a2aed81ca5f6a062193a175fad77e
/frameworks/base/core/java/android/accounts/AccountManagerInternal.java
|