Android 9.0.0 release 48
-----BEGIN PGP SIGNATURE-----

iF0EABECAB0WIQRDQNE1cO+UXoOBCWTorT+BmrEOeAUCXXL97gAKCRDorT+BmrEO
eCZOAJ9qvoyd1G3wgFjngRsqSZTbbL4sEQCgjNeFfZfNZFxEX7Vh+DMmEy3CpDA=
=vhOv
-----END PGP SIGNATURE-----
DO NOT MERGE. All untrusted selections must go through builder.

When accepting untrusted selections, they must be passed directly
to SQLiteQueryBuilder to ensure that setStrict() can be applied to
check for malicious callers sending unbalanced parentheses.  This
means we can't mix local and remote selections; they always need to
be kept separate.

Use newly added SQLiteQueryBuilder functionality to apply strict
detection to update() and delete() calls.

Only allow the owner of a particular download to query the headers
for that download.  Only delete headers for a download once we've
confirmed that caller can modify that download.

Test: atest packages/providers/DownloadProvider/tests/
Test: atest cts/tests/app/src/android/app/cts/DownloadManagerTest.java
Bug: 111085900
Change-Id: I9fd8e0d3cf80d7603bf0092f36fe449467090821
Merged-In: I9fd8e0d3cf80d7603bf0092f36fe449467090821
(cherry picked from commit 64b55ea82b1f394369237601ae1f1c78b776aabc)
1 file changed