[Security] Prevent malicious notifications from AMS.

There was a hole in the getAuthToken logic that allowed notifications
resulting from getAuthToken requests using notifyOnAuthFailure=true to
launch arbitrary activites on the device. This is because the
getAuthToken session overrode onResult (unlike addAccount, updateCreds,
or confirmCreds).

Bug: 13787929
Change-Id: Ife1d48835f48416c2f0690f1413a076b69215190

0 files changed, 0 insertions, 0 deletions