Revert "Permissions: GET_ACCOUNTS permission cleanup"

Temporarily revert ag/735253 until b/22902898 can be resolved with a
proper DMAgent prebuilt drop.

This reverts commit e7ed827.

Bug: 22902898

Author: Ian Pedowitz

core/java/android/accounts/AbstractAccountAuthenticator.java

@@ -138,9 +138,7 @@ public void addAccount(IAccountAuthenticatorResponse response, String accountTyp
                     new AccountAuthenticatorResponse(response),
                         accountType, authTokenType, features, options);
                 if (Log.isLoggable(TAG, Log.VERBOSE)) {
-                    if (result != null) {
-                        result.keySet(); // force it to be unparcelled
-                    }
+                    result.keySet(); // force it to be unparcelled
                     Log.v(TAG, "addAccount: result " + AccountManager.sanitizeResult(result));
                 }
                 if (result != null) {
@@ -162,9 +160,7 @@ public void confirmCredentials(IAccountAuthenticatorResponse response,
                 final Bundle result = AbstractAccountAuthenticator.this.confirmCredentials(
                     new AccountAuthenticatorResponse(response), account, options);
                 if (Log.isLoggable(TAG, Log.VERBOSE)) {
-                    if (result != null) {
-                        result.keySet(); // force it to be unparcelled
-                    }
+                    result.keySet(); // force it to be unparcelled
                     Log.v(TAG, "confirmCredentials: result "
                             + AccountManager.sanitizeResult(result));
                 }
@@ -189,9 +185,7 @@ public void getAuthTokenLabel(IAccountAuthenticatorResponse response,
                 result.putString(AccountManager.KEY_AUTH_TOKEN_LABEL,
                         AbstractAccountAuthenticator.this.getAuthTokenLabel(authTokenType));
                 if (Log.isLoggable(TAG, Log.VERBOSE)) {
-                    if (result != null) {
-                        result.keySet(); // force it to be unparcelled
-                    }
+                    result.keySet(); // force it to be unparcelled
                     Log.v(TAG, "getAuthTokenLabel: result "
                             + AccountManager.sanitizeResult(result));
                 }
@@ -215,9 +209,7 @@ public void getAuthToken(IAccountAuthenticatorResponse response,
                         new AccountAuthenticatorResponse(response), account,
                         authTokenType, loginOptions);
                 if (Log.isLoggable(TAG, Log.VERBOSE)) {
-                    if (result != null) {
-                        result.keySet(); // force it to be unparcelled
-                    }
+                    result.keySet(); // force it to be unparcelled
                     Log.v(TAG, "getAuthToken: result " + AccountManager.sanitizeResult(result));
                 }
                 if (result != null) {
@@ -242,10 +234,7 @@ public void updateCredentials(IAccountAuthenticatorResponse response, Account ac
                     new AccountAuthenticatorResponse(response), account,
                         authTokenType, loginOptions);
                 if (Log.isLoggable(TAG, Log.VERBOSE)) {
-                    // Result may be null.
-                    if (result != null) {
-                        result.keySet(); // force it to be unparcelled
-                    }
+                    result.keySet(); // force it to be unparcelled
                     Log.v(TAG, "updateCredentials: result "
                             + AccountManager.sanitizeResult(result));
                 }
@@ -501,7 +490,7 @@ public abstract Bundle getAuthToken(AccountAuthenticatorResponse response,
      * <ul>
      * <li> {@link AccountManager#KEY_INTENT}, or
      * <li> {@link AccountManager#KEY_ACCOUNT_NAME} and {@link AccountManager#KEY_ACCOUNT_TYPE} of
-     * the account whose credentials were updated, or
+     * the account that was added, or
      * <li> {@link AccountManager#KEY_ERROR_CODE} and {@link AccountManager#KEY_ERROR_MESSAGE} to
      * indicate an error
      * </ul>

core/java/android/accounts/AccountManager.java

@@ -333,7 +333,7 @@ public String getPassword(final Account account) {
         try {
             return mService.getPassword(account);
         } catch (RemoteException e) {
-            // won't ever happen
+            // will never happen
             throw new RuntimeException(e);
         }
     }
@@ -362,7 +362,7 @@ public String getUserData(final Account account, final String key) {
         try {
             return mService.getUserData(account, key);
         } catch (RemoteException e) {
-            // won't ever happen
+            // will never happen
             throw new RuntimeException(e);
         }
     }
@@ -415,10 +415,8 @@ public AuthenticatorDescription[] getAuthenticatorTypesAsUser(int userId) {
      *
      * <p>It is safe to call this method from the main thread.
      *
-     * <p>Clients of this method that have not been granted the
-     * {@link android.Manifest.permission#GET_ACCOUNTS} permission,
-     * will only see those accounts managed by AbstractAccountAuthenticators whose
-     * signature matches the client.
+     * <p>This method requires the caller to hold the permission
+     * {@link android.Manifest.permission#GET_ACCOUNTS}.
      *
      * @return An array of {@link Account}, one for each account.  Empty
      *     (never null) if no accounts have been added.
@@ -440,10 +438,8 @@ public Account[] getAccounts() {
      *
      * <p>It is safe to call this method from the main thread.
      *
-     * <p>Clients of this method that have not been granted the
-     * {@link android.Manifest.permission#GET_ACCOUNTS} permission,
-     * will only see those accounts managed by AbstractAccountAuthenticators whose
-     * signature matches the client.
+     * <p>This method requires the caller to hold the permission
+     * {@link android.Manifest.permission#GET_ACCOUNTS}.
      *
      * @return An array of {@link Account}, one for each account.  Empty
      *     (never null) if no accounts have been added.
@@ -470,7 +466,7 @@ public Account[] getAccountsForPackage(String packageName, int uid) {
         try {
             return mService.getAccountsForPackage(packageName, uid);
         } catch (RemoteException re) {
-            // won't ever happen
+            // possible security exception
             throw new RuntimeException(re);
         }
     }
@@ -487,7 +483,7 @@ public Account[] getAccountsByTypeForPackage(String type, String packageName) {
         try {
             return mService.getAccountsByTypeForPackage(type, packageName);
         } catch (RemoteException re) {
-            // won't ever happen
+            // possible security exception
             throw new RuntimeException(re);
         }
     }
@@ -501,10 +497,9 @@ public Account[] getAccountsByTypeForPackage(String type, String packageName) {
      *
      * <p>It is safe to call this method from the main thread.
      *
-     * <p>Clients of this method that have not been granted the
-     * {@link android.Manifest.permission#GET_ACCOUNTS} permission,
-     * will only see those accounts managed by AbstractAccountAuthenticators whose
-     * signature matches the client.
+     * <p>This method requires the caller to hold the permission
+     * {@link android.Manifest.permission#GET_ACCOUNTS} or share a uid with the
+     * authenticator that owns the account type.
      *
      * <p><b>NOTE:</b> If targeting your app to work on API level 22 and before,
      * GET_ACCOUNTS permission is needed for those platforms, irrespective of uid
@@ -590,8 +585,7 @@ public String bundleToResult(Bundle bundle) throws AuthenticatorException {
      * {@link AccountManagerFuture} must not be used on the main thread.
      *
      * <p>This method requires the caller to hold the permission
-     * {@link android.Manifest.permission#GET_ACCOUNTS} or be a signature
-     * match with the AbstractAccountAuthenticator that manages the account.
+     * {@link android.Manifest.permission#GET_ACCOUNTS}.
      *
      * @param account The {@link Account} to test
      * @param features An array of the account features to check
@@ -634,10 +628,9 @@ public Boolean bundleToResult(Bundle bundle) throws AuthenticatorException {
      * <p>This method may be called from any thread, but the returned
      * {@link AccountManagerFuture} must not be used on the main thread.
      *
-     * <p>Clients of this method that have not been granted the
-     * {@link android.Manifest.permission#GET_ACCOUNTS} permission,
-     * will only see those accounts managed by AbstractAccountAuthenticators whose
-     * signature matches the client.
+     * <p>This method requires the caller to hold the permission
+     * {@link android.Manifest.permission#GET_ACCOUNTS} or share a uid with the
+     * authenticator that owns the account type.
      *
      * @param type The type of accounts to return, must not be null
      * @param features An array of the account features to require,
@@ -708,7 +701,7 @@ public boolean addAccountExplicitly(Account account, String password, Bundle use
         try {
             return mService.addAccountExplicitly(account, password, userdata);
         } catch (RemoteException e) {
-            // Can happen if there was a SecurityException was thrown.
+            // won't ever happen
             throw new RuntimeException(e);
         }
     }
@@ -973,7 +966,7 @@ public boolean removeAccountExplicitly(Account account) {
         try {
             return mService.removeAccountExplicitly(account);
         } catch (RemoteException e) {
-            // May happen if the caller doesn't match the signature of the authenticator.
+            // won't ever happen
             throw new RuntimeException(e);
         }
     }
@@ -1121,7 +1114,7 @@ public void setUserData(final Account account, final String key, final String va
         try {
             mService.setUserData(account, key, value);
         } catch (RemoteException e) {
-            // Will happen if there is not signature match.
+            // won't ever happen
             throw new RuntimeException(e);
         }
     }
@@ -1740,7 +1733,7 @@ public void doWork() throws RemoteException {
      *     with these fields if an activity was supplied and the account
      *     credentials were successfully updated:
      * <ul>
-     * <li> {@link #KEY_ACCOUNT_NAME} - the name of the account
+     * <li> {@link #KEY_ACCOUNT_NAME} - the name of the account created
      * <li> {@link #KEY_ACCOUNT_TYPE} - the type of the account
      * </ul>
      *
@@ -2508,13 +2501,11 @@ public void onReceive(final Context context, final Intent intent) {
      * listeners are added in an Activity or Service's {@link Activity#onCreate}
      * and removed in {@link Activity#onDestroy}.
      *
-     * <p>The listener will only be informed of accounts that would be returned
-     * to the caller via {@link #getAccounts()}. Typically this means that to
-     * get any accounts, the caller will need to be grated the GET_ACCOUNTS
-     * permission.
-     *
      * <p>It is safe to call this method from the main thread.
      *
+     * <p>This method requires the caller to hold the permission
+     * {@link android.Manifest.permission#GET_ACCOUNTS}.
+     *
      * @param listener The listener to send notifications to
      * @param handler {@link Handler} identifying the thread to use
      *     for notifications, null for the main thread