Don't allow non-authorized apps to access auth tokens

For restricted profiles, if an app tries to guess an account name and
requests an auth token, even though the framework is going to prompt
for permission, it could be authorized by someone who can't read.

If the app is not opting in to see accounts, don't let it get auth tokens
by verifying first that it's in the list of known accounts.

Bug: 8736380
Change-Id: I6caf88cfe14aa1023d55bcb28ad80ccd89eeb79b

1 files changed, 5 insertions, 0 deletions

diff --git a/services/java/com/android/server/accounts/AccountManagerService.java b/services/java/com/android/server/accounts/AccountManagerService.java
index 241b224807fb..3b6393722e44 100644
--- a/services/java/com/android/server/accounts/AccountManagerService.java
+++ b/services/java/com/android/server/accounts/AccountManagerService.java
@@ -1265,6 +1265,11 @@ public class AccountManagerService
         final boolean customTokens =
             authenticatorInfo != null && authenticatorInfo.type.customTokens;
 
+        // Check to see that the app is authorized to access the account, in case it's a
+        // restricted account.
+        if (!ArrayUtils.contains(getAccounts((String) null), account)) {
+            throw new IllegalArgumentException("no such account");
+        }
         // skip the check if customTokens
         final int callerUid = Binder.getCallingUid();
         final boolean permissionGranted = customTokens ||