Do not allow updates to the _data column.
Fixes a security hole where applications can update the data location of
voicemail files to point to arbitrary file paths.
Voicemail provider stores the location of the data file in the _data column.
Applications can update this with an arbitrary file path as long as they
have the ADD_VOICEMAIL permission. Then they can subsequently read that
voicemail and obtain access to the file. This location is generated by the
provider and does not need to be updated by the applications.
(cherry picked from commit ab2a24c126f35ae4aefb469f91094e5972abd8f0)
2 files changed