drgreen/android_frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Delegate existence of account check to Authenticator.

Browse Source 
Current AccountManager code for getAuthToken checks if the account
in the request exists. If the account does not exist then it throws
an exception which leads to a runtime exception being thrown by
AccountManager in the client. In perticular, Checkin client code
hits this issue when accounts are deleted by user. As the exception
is thrown from the getAuthToken method call and is a RuntimeException
it is not caught by the client. Futhermore, Checkin runs in one of the
important processes and this exception makes the process crash.

This cl, does the following:
1) Delegates the account exists check to Authentictor which in turn
would cause an AuthenticatorException which is a checked exception.
2) Replaces some of the runtime exceptions thrown by AccountManagerService
with calling AccountManagerResponse.onError() which causes more graceful
failure on the client.
3) Correctly passes on the error returned by Authenticator to
AccountManager. Earlier if Authenticator returned an error code to
the AccountManager, it ignored the error and returned null token to the
client which was incorrect.

Bug: 10856295
Change-Id: Ie250fec601d46f6dfecd74677b478bfd4e9dcfad
This commit is contained in:
Jatin Lodhia
2013-11-07 00:14:25 -08:00
parent fed822cb8e
commit 09e7e0ef8b
1 changed files with 49 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
services/java/com/android/server/accounts/AccountManagerService.java
View File

@ -190,10 +190,10 @@ public class AccountManagerService
private final HashMap<String, Account[]> accountCache =
new LinkedHashMap<String, Account[]>();
/** protected by the {@link #cacheLock} */
private HashMap<Account, HashMap<String, String>> userDataCache =
private final HashMap<Account, HashMap<String, String>> userDataCache =
new HashMap<Account, HashMap<String, String>>();
/** protected by the {@link #cacheLock} */
private HashMap<Account, HashMap<String, String>> authTokenCache =
private final HashMap<Account, HashMap<String, String>> authTokenCache =
new HashMap<Account, HashMap<String, String>>();
UserAccounts(Context context, int userId) {
@ -475,6 +475,7 @@ public class AccountManagerService
validateAccountsInternal(getUserAccounts(userId), false /* invalidateAuthenticatorCache */);
}
@Override
public String getPassword(Account account) {
if (Log.isLoggable(TAG, Log.VERBOSE)) {
Log.v(TAG, "getPassword: " + account
@ -514,6 +515,7 @@ public class AccountManagerService
}
}
@Override
public String getUserData(Account account, String key) {
if (Log.isLoggable(TAG, Log.VERBOSE)) {
Log.v(TAG, "getUserData: " + account
@ -533,6 +535,7 @@ public class AccountManagerService
}
}
@Override
public AuthenticatorDescription[] getAuthenticatorTypes() {
if (Log.isLoggable(TAG, Log.VERBOSE)) {
Log.v(TAG, "getAuthenticatorTypes: "
@ -763,6 +766,7 @@ public class AccountManagerService
return db.insert(TABLE_EXTRAS, EXTRAS_KEY, values);
}
@Override
public void hasFeatures(IAccountManagerResponse response,
Account account, String[] features) {
if (Log.isLoggable(TAG, Log.VERBOSE)) {
@ -840,6 +844,7 @@ public class AccountManagerService
}
}
@Override
public void removeAccount(IAccountManagerResponse response, Account account) {
if (Log.isLoggable(TAG, Log.VERBOSE)) {
Log.v(TAG, "removeAccount: " + account
@ -1049,6 +1054,7 @@ public class AccountManagerService
}
}
@Override
public String peekAuthToken(Account account, String authTokenType) {
if (Log.isLoggable(TAG, Log.VERBOSE)) {
Log.v(TAG, "peekAuthToken: " + account
@ -1068,6 +1074,7 @@ public class AccountManagerService
}
}
@Override
public void setAuthToken(Account account, String authTokenType, String authToken) {
if (Log.isLoggable(TAG, Log.VERBOSE)) {
Log.v(TAG, "setAuthToken: " + account
@ -1087,6 +1094,7 @@ public class AccountManagerService
}
}
@Override
public void setPassword(Account account, String password) {
if (Log.isLoggable(TAG, Log.VERBOSE)) {
Log.v(TAG, "setAuthToken: " + account
@ -1135,6 +1143,7 @@ public class AccountManagerService
mContext.sendBroadcastAsUser(ACCOUNTS_CHANGED_INTENT, new UserHandle(userId));
}
@Override
public void clearPassword(Account account) {
if (Log.isLoggable(TAG, Log.VERBOSE)) {
Log.v(TAG, "clearPassword: " + account
@ -1152,6 +1161,7 @@ public class AccountManagerService
}
}
@Override
public void setUserData(Account account, String key, String value) {
if (Log.isLoggable(TAG, Log.VERBOSE)) {
Log.v(TAG, "setUserData: " + account
@ -1225,6 +1235,7 @@ public class AccountManagerService
}
}
@Override
public void getAuthTokenLabel(IAccountManagerResponse response, final String accountType,
final String authTokenType)
throws RemoteException {
@ -1271,6 +1282,7 @@ public class AccountManagerService
}
}
@Override
public void getAuthToken(IAccountManagerResponse response, final Account account,
final String authTokenType, final boolean notifyOnAuthFailure,
final boolean expectActivityLaunch, Bundle loginOptionsIn) {
@ -1284,8 +1296,22 @@ public class AccountManagerService
+ ", pid " + Binder.getCallingPid());
}
if (response == null) throw new IllegalArgumentException("response is null");
if (account == null) throw new IllegalArgumentException("account is null");
if (authTokenType == null) throw new IllegalArgumentException("authTokenType is null");
try {
if (account == null) {
Slog.w(TAG, "getAuthToken called with null account");
response.onError(AccountManager.ERROR_CODE_BAD_ARGUMENTS, "account is null");
return;
}
if (authTokenType == null) {
Slog.w(TAG, "getAuthToken called with null authTokenType");
response.onError(AccountManager.ERROR_CODE_BAD_ARGUMENTS, "authTokenType is null");
return;
}
} catch (RemoteException e) {
Slog.w(TAG, "Failed to report error back to the client." + e);
return;
}
checkBinderPermission(Manifest.permission.USE_CREDENTIALS);
final UserAccounts accounts = getUserAccountsForCaller();
final RegisteredServicesCache.ServiceInfo<AuthenticatorDescription> authenticatorInfo;
@ -1294,11 +1320,6 @@ public class AccountManagerService
final boolean customTokens =
authenticatorInfo != null && authenticatorInfo.type.customTokens;
// Check to see that the app is authorized to access the account, in case it's a
// restricted account.
if (!ArrayUtils.contains(getAccounts((String) null), account)) {
throw new IllegalArgumentException("no such account");
}
// skip the check if customTokens
final int callerUid = Binder.getCallingUid();
final boolean permissionGranted = customTokens ||
@ -1472,6 +1493,7 @@ public class AccountManagerService
return id;
}
@Override
public void addAccount(final IAccountManagerResponse response, final String accountType,
final String authTokenType, final String[] requiredFeatures,
final boolean expectActivityLaunch, final Bundle optionsIn) {
@ -1582,6 +1604,7 @@ public class AccountManagerService
}
}
@Override
public void updateCredentials(IAccountManagerResponse response, final Account account,
final String authTokenType, final boolean expectActivityLaunch,
final Bundle loginOptions) {
@ -1620,6 +1643,7 @@ public class AccountManagerService
}
}
@Override
public void editProperties(IAccountManagerResponse response, final String accountType,
final boolean expectActivityLaunch) {
if (Log.isLoggable(TAG, Log.VERBOSE)) {
@ -1657,7 +1681,7 @@ public class AccountManagerService
private volatile Account[] mAccountsOfType = null;
private volatile ArrayList<Account> mAccountsWithFeatures = null;
private volatile int mCurrentAccount = 0;
private int mCallingUid;
private final int mCallingUid;
public GetAccountsByTypeAndFeatureSession(UserAccounts accounts,
IAccountManagerResponse response, String type, String[] features, int callingUid) {
@ -1941,6 +1965,7 @@ public class AccountManagerService
return getAccountsAsUser(type, UserHandle.getCallingUserId(), packageName, packageUid);
}
@Override
public void getAccountsByFeatures(IAccountManagerResponse response,
String type, String[] features) {
if (Log.isLoggable(TAG, Log.VERBOSE)) {
@ -2069,6 +2094,7 @@ public class AccountManagerService
unbind();
}
@Override
public void binderDied() {
mResponse = null;
close();
@ -2112,6 +2138,7 @@ public class AccountManagerService
mMessageHandler.removeMessages(MESSAGE_TIMED_OUT, this);
}
@Override
public void onServiceConnected(ComponentName name, IBinder service) {
mAuthenticator = IAccountAuthenticator.Stub.asInterface(service);
try {
@ -2122,6 +2149,7 @@ public class AccountManagerService
}
}
@Override
public void onServiceDisconnected(ComponentName name) {
mAuthenticator = null;
IAccountManagerResponse response = getResponseAndClose();
@ -2217,7 +2245,14 @@ public class AccountManagerService
Log.v(TAG, getClass().getSimpleName()
+ " calling onResult() on response " + response);
}
response.onResult(result);
if ((result.getInt(AccountManager.KEY_ERROR_CODE, -1) > 0) &&
(intent == null)) {
// All AccountManager error codes are greater than 0
response.onError(result.getInt(AccountManager.KEY_ERROR_CODE),
result.getString(AccountManager.KEY_ERROR_MESSAGE));
} else {
response.onResult(result);
}
}
} catch (RemoteException e) {
// if the caller is dead then there is no one to care about remote exceptions
@ -2228,10 +2263,12 @@ public class AccountManagerService
}
}
@Override
public void onRequestContinued() {
mNumRequestContinued++;
}
@Override
public void onError(int errorCode, String errorMessage) {
mNumErrors++;
IAccountManagerResponse response = getResponseAndClose();
@ -2731,6 +2768,7 @@ public class AccountManagerService
return true;
}
@Override
public void updateAppPermission(Account account, String authTokenType, int uid, boolean value)
throws RemoteException {
final int callingUid = getCallingUid();