d20ea2f158
For restricted profiles, if an app tries to guess an account name and requests an auth token, even though the framework is going to prompt for permission, it could be authorized by someone who can't read. If the app is not opting in to see accounts, don't let it get auth tokens by verifying first that it's in the list of known accounts. Bug: 8736380 Change-Id: I6caf88cfe14aa1023d55bcb28ad80ccd89eeb79b