Android 9.0.0 release 50
-----BEGIN PGP SIGNATURE-----

iF0EABECAB0WIQRDQNE1cO+UXoOBCWTorT+BmrEOeAUCXcBYUgAKCRDorT+BmrEO
eITMAKCSXv9wOrqbOSrPYzI922sBkXnyMQCfalnwNtVF6i98zc5frS+jcjxS3JE=
=W+sL
-----END PGP SIGNATURE-----
RESTRICT AUTOMERGE
Strict SQLiteQueryBuilder needs to be stricter.

Malicious callers can leak side-channel information by using
subqueries in any untrusted inputs where SQLite allows "expr" values.

This change offers setStrictGrammar() to prevent this by outright
blocking subqueries in WHERE and HAVING clauses, and by requiring
that GROUP BY and ORDER BY clauses be composed only of valid columns.

This change also offers setStrictColumns() to require that all
untrusted column names are valid, such as those in ContentValues.

Relaxes to always allow aggregation operators on returned columns,
since untrusted callers can always calculate these manually.

Bug: 135270103
Bug: 135269143
Test: atest android.database.sqlite.cts.SQLiteQueryBuilderTest
Test: atest FrameworksCoreTests:android.database.sqlite.SQLiteTokenizerTest
Exempt-From-Owner-Approval: already approved in downstream branch
Change-Id: I6290afd19c966a8bdca71c377c88210d921a9f25
(cherry picked from commit 216bbc2a2e4f697d88f8fd633646e3c0433246f1)
3 files changed