blob: 59163fa49144a8144bdd0fbc275076069f97b4d5 [file] [log] [blame]
// Copyright 2011 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
package org.chromium.components.signin;
import android.accounts.Account;
import android.accounts.AccountManager;
import android.accounts.AuthenticatorDescription;
import android.content.BroadcastReceiver;
import android.content.Context;
import android.content.Intent;
import android.content.IntentFilter;
import android.os.Build;
import android.os.Bundle;
import android.os.SystemClock;
import android.os.UserManager;
import androidx.annotation.MainThread;
import androidx.annotation.Nullable;
import androidx.annotation.VisibleForTesting;
import org.chromium.base.Callback;
import org.chromium.base.ContextUtils;
import org.chromium.base.Log;
import org.chromium.base.ObserverList;
import org.chromium.base.ThreadUtils;
import org.chromium.base.metrics.RecordHistogram;
import org.chromium.base.task.AsyncTask;
import org.chromium.components.signin.util.PatternMatcher;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.atomic.AtomicReference;
* AccountManagerFacade wraps our access of AccountManager in Android.
public class AccountManagerFacadeImpl implements AccountManagerFacade {
private static final String TAG = "Sync_Signin";
* An account feature (corresponding to a Gaia service flag) that specifies whether the account
* is a child account.
public static final String FEATURE_IS_CHILD_ACCOUNT_KEY = "service_uca";
* An account feature (corresponding to a Gaia service flag) that specifies whether the account
* is a USM account.
public static final String FEATURE_IS_USM_ACCOUNT_KEY = "service_usm";
public static final String ACCOUNT_RESTRICTION_PATTERNS_KEY = "RestrictAccountsToPatterns";
private final AccountManagerDelegate mDelegate;
private final ObserverList<AccountsChangeObserver> mObservers = new ObserverList<>();
// These two variables should be accessed from either UI thread or during initialization phase.
private PatternMatcher[] mAccountRestrictionPatterns;
private AccountManagerResult<List<Account>> mAllAccounts;
private final AtomicReference<AccountManagerResult<List<Account>>> mFilteredAccounts =
new AtomicReference<>();
private final CountDownLatch mPopulateAccountCacheLatch = new CountDownLatch(1);
private final ArrayList<Runnable> mCallbacksWaitingForCachePopulation = new ArrayList<>();
private int mUpdateTasksCounter;
private final ArrayList<Runnable> mCallbacksWaitingForPendingUpdates = new ArrayList<>();
private ObservableValue<Boolean> mUpdatePendingState = new MutableObservableValue<>(true);
* @param delegate the AccountManagerDelegate to use as a backend
public AccountManagerFacadeImpl(AccountManagerDelegate delegate) {
mDelegate = delegate;
new InitializeTask().executeOnExecutor(AsyncTask.SERIAL_EXECUTOR);
* Adds an observer to receive accounts change notifications.
* @param observer the observer to add.
public void addObserver(AccountsChangeObserver observer) {
boolean success = mObservers.addObserver(observer);
assert success : "Observer already added!";
* Removes an observer that was previously added using {@link #addObserver}.
* @param observer the observer to remove.
public void removeObserver(AccountsChangeObserver observer) {
boolean success = mObservers.removeObserver(observer);
assert success : "Can't find observer";
* Runs a callback after the account list cache is populated. In the callback
* {@link #getGoogleAccounts()} and similar methods are guaranteed to return instantly (without
* blocking and waiting for the cache to be populated). If the cache has already been populated,
* the callback will be posted on UI thread.
* @param runnable The callback to call after cache is populated. Invoked on the main thread.
public void runAfterCacheIsPopulated(Runnable runnable) {
if (isCachePopulated()) {
* Returns whether the account cache has already been populated. {@link #getGoogleAccounts()}
* and similar methods will return instantly if the cache has been populated, otherwise these
* methods may block waiting for the cache to be populated.
public boolean isCachePopulated() {
return mFilteredAccounts.get() != null;
* Retrieves all Google accounts on the device.
* @throws AccountManagerDelegateException if Google Play Services are out of date,
* Chrome lacks necessary permissions, etc.
public List<Account> getGoogleAccounts() throws AccountManagerDelegateException {
AccountManagerResult<List<Account>> maybeAccounts = mFilteredAccounts.get();
if (maybeAccounts == null) {
try {
// First call to update hasn't finished executing yet, should wait for it
long now = SystemClock.elapsedRealtime();
maybeAccounts = mFilteredAccounts.get();
if (ThreadUtils.runningOnUiThread()) {
SystemClock.elapsedRealtime() - now);
} catch (InterruptedException e) {
throw new RuntimeException("Interrupted waiting for accounts", e);
return maybeAccounts.get();
* Asynchronous version of {@link #getGoogleAccounts()}.
public void getGoogleAccounts(Callback<AccountManagerResult<List<Account>>> callback) {
runAfterCacheIsPopulated(() -> callback.onResult(mFilteredAccounts.get()));
* @return Whether or not there is an account authenticator for Google accounts.
public boolean hasGoogleAccountAuthenticator() {
AuthenticatorDescription[] descs = mDelegate.getAuthenticatorTypes();
for (AuthenticatorDescription desc : descs) {
if (AccountUtils.GOOGLE_ACCOUNT_TYPE.equals(desc.type)) return true;
return false;
* Synchronously gets an OAuth2 access token. May return a cached version, use
* {@link #invalidateAccessToken} to invalidate a token in the cache.
* @param account The {@link Account} for which the token is requested.
* @param scope OAuth2 scope for which the requested token should be valid.
* @return The OAuth2 access token as an AccessTokenData with a string and an expiration time..
public AccessTokenData getAccessToken(Account account, String scope) throws AuthException {
assert account != null;
assert scope != null;
// TODO(bsazonov): Rename delegate's getAuthToken to getAccessToken.
return mDelegate.getAuthToken(account, scope);
* Synchronously clears an OAuth2 access token from the cache. Use {@link #getAccessToken}
* to issue a new token after invalidating the old one.
* @param accessToken The access token to invalidate.
public void invalidateAccessToken(String accessToken) throws AuthException {
assert accessToken != null;
// TODO(bsazonov): Rename delegate's invalidateAuthToken to invalidateAccessToken.
// Incorrectly infers that this is called on a worker thread because of AsyncTask doInBackground
// overriding.
public void checkChildAccountStatus(Account account, Callback<Integer> callback) {
new AsyncTask<Integer>() {
public @ChildAccountStatus.Status Integer doInBackground() {
if (hasFeature(account, FEATURE_IS_CHILD_ACCOUNT_KEY)) {
return ChildAccountStatus.REGULAR_CHILD;
if (hasFeature(account, FEATURE_IS_USM_ACCOUNT_KEY)) {
return ChildAccountStatus.USM_CHILD;
return ChildAccountStatus.NOT_CHILD;
public void onPostExecute(@ChildAccountStatus.Status Integer value) {
* Creates an intent that will ask the user to add a new account to the device. See
* {@link AccountManager#addAccount} for details.
* @param callback The callback to get the created intent. Will be invoked on the main thread.
* If there is an issue while creating the intent, callback will receive null.
public void createAddAccountIntent(Callback<Intent> callback) {
* Asks the user to enter a new password for an account, updating the saved credentials for the
* account.
public void updateCredentials(
Account account, Activity activity, @Nullable Callback<Boolean> callback) {
mDelegate.updateCredentials(account, activity, callback);
* Gets profile data source.
* @return {@link ProfileDataSource} if it is supported by implementation, null otherwise.
public ProfileDataSource getProfileDataSource() {
return mDelegate.getProfileDataSource();
* Executes the callback after all pending account list updates finish. If there are no pending
* account list updates, executes the callback right away.
* @param callback the callback to be executed
public void waitForPendingUpdates(Runnable callback) {
if (!isUpdatePending().get()) {;
* Checks whether there are pending updates for account list cache.
* @return true if there are no pending updates, false otherwise
public ObservableValue<Boolean> isUpdatePending() {
return mUpdatePendingState;
* Returns the Gaia id for the account associated with the given email address.
* If an account with the given email address is not installed on the device
* then null is returned.
* This method will throw IllegalStateException if called on the main thread.
* @param accountEmail The email address of a Google account.
public String getAccountGaiaId(String accountEmail) {
return mDelegate.getAccountGaiaId(accountEmail);
* Checks whether Google Play services is available.
public boolean isGooglePlayServicesAvailable() {
return mDelegate.isGooglePlayServicesAvailable();
private boolean hasFeature(Account account, String feature) {
return mDelegate.hasFeatures(account, new String[] {feature});
private void updateAccounts() {
new UpdateAccountsTask().executeOnExecutor(AsyncTask.SERIAL_EXECUTOR);
private void updateAccountRestrictionPatterns() {
new UpdateAccountRestrictionPatternsTask().executeOnExecutor(AsyncTask.SERIAL_EXECUTOR);
private void subscribeToAppRestrictionChanges() {
IntentFilter filter = new IntentFilter(Intent.ACTION_APPLICATION_RESTRICTIONS_CHANGED);
BroadcastReceiver receiver = new BroadcastReceiver() {
public void onReceive(Context context, Intent intent) {
ContextUtils.getApplicationContext().registerReceiver(receiver, filter);
private AccountManagerResult<List<Account>> getAllAccounts() {
try {
List<Account> accounts = Arrays.asList(mDelegate.getAccountsSync());
return new AccountManagerResult<>(Collections.unmodifiableList(accounts));
} catch (AccountManagerDelegateException ex) {
return new AccountManagerResult<>(ex);
private AccountManagerResult<List<Account>> getFilteredAccounts() {
if (mAllAccounts.hasException() || mAccountRestrictionPatterns == null) return mAllAccounts;
ArrayList<Account> filteredAccounts = new ArrayList<>();
for (Account account : mAllAccounts.getValue()) {
for (PatternMatcher pattern : mAccountRestrictionPatterns) {
if (pattern.matches( {
break; // Don't check other patterns
return new AccountManagerResult<>(Collections.unmodifiableList(filteredAccounts));
private static PatternMatcher[] getAccountRestrictionPatterns() {
try {
if (Build.VERSION.SDK_INT < Build.VERSION_CODES.JELLY_BEAN_MR2) return null;
String[] patterns = getAccountRestrictionPatternPostJellyBeanMr2();
if (patterns == null) return null;
ArrayList<PatternMatcher> matchers = new ArrayList<>();
for (String pattern : patterns) {
matchers.add(new PatternMatcher(pattern));
return matchers.toArray(new PatternMatcher[0]);
} catch (PatternMatcher.IllegalPatternException ex) {
Log.e(TAG, "Can't get account restriction patterns", ex);
return null;
private static String[] getAccountRestrictionPatternPostJellyBeanMr2() {
// This method uses AppRestrictions directly, rather than using the Policy interface,
// because it must be callable in contexts in which the native library hasn't been loaded.
Context context = ContextUtils.getApplicationContext();
UserManager userManager = (UserManager) context.getSystemService(Context.USER_SERVICE);
Bundle appRestrictions = userManager.getApplicationRestrictions(context.getPackageName());
return appRestrictions.getStringArray(ACCOUNT_RESTRICTION_PATTERNS_KEY);
private void setAccountRestrictionPatterns(PatternMatcher[] patternMatchers) {
mAccountRestrictionPatterns = patternMatchers;
private void setAllAccounts(AccountManagerResult<List<Account>> allAccounts) {
mAllAccounts = allAccounts;
private void fireOnAccountsChangedNotification() {
for (AccountsChangeObserver observer : mObservers) {
private void incrementUpdateCounter() {
assert mUpdateTasksCounter >= 0;
if (mUpdateTasksCounter++ > 0) return;
private void decrementUpdateCounter() {
assert mUpdateTasksCounter > 0;
if (--mUpdateTasksCounter > 0) return;
for (Runnable callback : mCallbacksWaitingForPendingUpdates) {;
private class InitializeTask extends AsyncTask<Void> {
protected void onPreExecute() {
protected Void doInBackground() {
mAccountRestrictionPatterns = getAccountRestrictionPatterns();
mAllAccounts = getAllAccounts();
// It's important that countDown() is called on background thread and not in
// onPostExecute, as UI thread may be blocked in getGoogleAccounts waiting on the latch.
return null;
protected void onPostExecute(Void v) {
// Records number of Android accounts present on device.
"Signin.AndroidNumberOfDeviceAccounts", tryGetGoogleAccounts().size(), 50);
for (Runnable callback : mCallbacksWaitingForCachePopulation) {;
private class UpdateAccountRestrictionPatternsTask extends AsyncTask<PatternMatcher[]> {
protected void onPreExecute() {
protected PatternMatcher[] doInBackground() {
return getAccountRestrictionPatterns();
protected void onPostExecute(PatternMatcher[] patternMatchers) {
private class UpdateAccountsTask extends AsyncTask<AccountManagerResult<List<Account>>> {
protected void onPreExecute() {
protected AccountManagerResult<List<Account>> doInBackground() {
return getAllAccounts();
protected void onPostExecute(AccountManagerResult<List<Account>> allAccounts) {