DO NOT MERGE Examine sort field for sensitive fields

Like with the selection field, the sort field poses a risk for SQL
injection attacks that can expose sensitive information. Filter the
supplied sort argument for sensitive fields and check permissions if
it contains any.

Bug: 135268868
Test: CTS
Change-Id: I3ded273feca374410bbe33312e5148ff5096975c
(cherry picked from commit ecf038d6ffb92810ba087da6e0cc81e095e083b2)
diff --git a/src/com/android/providers/telephony/TelephonyProvider.java b/src/com/android/providers/telephony/TelephonyProvider.java
index 918a841..c7f1c9b 100644
--- a/src/com/android/providers/telephony/TelephonyProvider.java
+++ b/src/com/android/providers/telephony/TelephonyProvider.java
@@ -138,7 +138,6 @@
 import java.util.Locale;
 import java.util.Map;
 import java.util.Set;
-import java.util.function.Consumer;
 import java.util.zip.CRC32;
 
 public class TelephonyProvider extends ContentProvider
@@ -2819,7 +2818,7 @@
         List<String> constraints = new ArrayList<String>();
 
         int match = s_urlMatcher.match(url);
-        checkQueryPermission(match, projectionIn, selection);
+        checkQueryPermission(match, projectionIn, selection, sort);
         switch (match) {
             case URL_TELEPHONY_USING_SUBID: {
                 subIdString = url.getLastPathSegment();
@@ -3028,19 +3027,21 @@
         return ret;
     }
 
-    private void checkQueryPermission(int match, String[] projectionIn, String selection) {
+    private void checkQueryPermission(int match, String[] projectionIn, String selection,
+            String sort) {
         if (match != URL_SIMINFO && match != URL_SIMINFO_USING_SUBID) {
             // Determine if we need to do a check for fields in the selection
-            boolean selectionContainsSensitiveFields;
+            boolean selectionOrSortContainsSensitiveFields;
             try {
-                selectionContainsSensitiveFields = containsSensitiveFields(selection);
+                selectionOrSortContainsSensitiveFields = containsSensitiveFields(selection);
+                selectionOrSortContainsSensitiveFields |= containsSensitiveFields(sort);
             } catch (IllegalArgumentException e) {
                 // Malformed sql, check permission anyway and return.
                 checkPermission();
                 return;
             }
 
-            if (selectionContainsSensitiveFields) {
+            if (selectionOrSortContainsSensitiveFields) {
                 try {
                     checkPermission();
                 } catch (SecurityException e) {