Google Git
Sign in
android / platform / packages / providers / TelephonyProvider / 635720a91d98e7882f40d7101224b30782d53ea8
commit635720a91d98e7882f40d7101224b30782d53ea8[log] [tgz]
authorHall Liu <hallliu@google.com>Mon Aug 12 18:19:00 2019 -0700
committerMax Spector <mspector@google.com>Wed Sep 18 17:13:24 2019 -0700
tree69071227ab0ac8fcf0b501d84218075a3d1fae02
parentf0db5f8dcc98fd52d153e35e41cd19d81df333df [diff]
Fix the remaining holes for access to APN data

Add the following checks for preventing unauthorized access to the APN
username and password fields in the carrier db:
1. Check the query for sensitive fields no matter what URI is being
queried
2. Perform a case-insensitive search for sensitive fields
3. Always check the permission for accessing username/password if any
part of the query contains a subquery (detected via looking for the
"select" token).

Bug: 138802882
Test: CTS
Change-Id: I59b297642d2000dde0a83f77b20112c7382b7ef1
Merged-In: I59b297642d2000dde0a83f77b20112c7382b7ef1
(cherry picked from commit 09a82c2251fe7c79b8e06c470f3f260e3c468ea2)
1 file changed
tree: 69071227ab0ac8fcf0b501d84218075a3d1fae02
  1. res/
  2. src/
  3. tests/
  4. Android.mk
  5. AndroidManifest.xml
  6. CleanSpec.mk
  7. MODULE_LICENSE_APACHE2
  8. NOTICE
  9. OWNERS