bbba171f0ba000b49f7b58f845f5100b74b81851 - platform/packages/providers/TelephonyProvider

commit	bbba171f0ba000b49f7b58f845f5100b74b81851	[log] [tgz]
author	Hall Liu <hallliu@google.com>	Wed Jul 17 15:51:07 2019 -0700
committer	Max Spector <mspector@google.com>	Thu Oct 10 18:43:08 2019 -0700
tree	e00f420381b127ab7a040d5b0554aff272aacafd
parent	86d1d9ea4e2e2cd92e0f7fadaff05580f9ef2405 [diff]

DO NOT MERGE Examine sort field for sensitive fields

Like with the selection field, the sort field poses a risk for SQL
injection attacks that can expose sensitive information. Filter the
supplied sort argument for sensitive fields and check permissions if
it contains any.

Bug: 135268868
Test: CTS
Change-Id: I3ded273feca374410bbe33312e5148ff5096975c
(cherry picked from commit ecf038d6ffb92810ba087da6e0cc81e095e083b2)

src/com/android/providers/telephony/TelephonyProvider.java[diff]

1 file changed

tree: e00f420381b127ab7a040d5b0554aff272aacafd

assets/
res/
src/
tests/
Android.bp
AndroidManifest.xml
CleanSpec.mk
MODULE_LICENSE_APACHE2
NOTICE
OWNERS