tag 7b4f95b775d915fb2b59dbef704cc97394570795
tagger The Android Open Source Project <initial-contribution@android.com> Mon Dec 02 15:19:44 2019 -0800
object ff2881a7c2232ab01b17b4076b1e1c1f62624a56

Android 8.0.0 Release 41 (5948681)

commit ff2881a7c2232ab01b17b4076b1e1c1f62624a56
author Hall Liu <hallliu@google.com> Mon Aug 12 18:19:00 2019 -0700
committer Max Spector <mspector@google.com> Wed Sep 18 17:13:50 2019 -0700
tree d5abb4bb91f64ec645793a53d78b8327039ab6b1
parent 6f05a3afcf563a83d8f5b2857ae7d50201965b19

Fix the remaining holes for access to APN data

Add the following checks for preventing unauthorized access to the APN
username and password fields in the carrier db:
1. Check the query for sensitive fields no matter what URI is being
queried
2. Perform a case-insensitive search for sensitive fields
3. Always check the permission for accessing username/password if any
part of the query contains a subquery (detected via looking for the
"select" token).

Bug: 138802882
Test: CTS
Change-Id: I59b297642d2000dde0a83f77b20112c7382b7ef1
Merged-In: I59b297642d2000dde0a83f77b20112c7382b7ef1
(cherry picked from commit 09a82c2251fe7c79b8e06c470f3f260e3c468ea2)