575645776d402fa86b7b1317fd852955cc3c000e - platform/packages/providers/TelephonyProvider

commit	575645776d402fa86b7b1317fd852955cc3c000e	[log] [tgz]
author	Hall Liu <hallliu@google.com>	Wed Jul 17 15:51:07 2019 -0700
committer	Max Spector <mspector@google.com>	Wed Sep 18 17:14:15 2019 -0700
tree	7d185595901938ba75d5485012624c7ce5e19fb4
parent	2f3fe95c140ea37550454e5e5fec4b7d774064ce [diff]

Examine sort field for sensitive fields

Like with the selection field, the sort field poses a risk for SQL
injection attacks that can expose sensitive information. Filter the
supplied sort argument for sensitive fields and check permissions if
it contains any.

Bug: 135268868
Test: CTS
Change-Id: I3ded273feca374410bbe33312e5148ff5096975c
Merged-In: I3ded273feca374410bbe33312e5148ff5096975c
Merged-In: Ia7be0ecdfca5e7adf6163dc015a413a98f1b9287
(cherry picked from commit 1e324464f36eff033af64099fe6bb6a7d1ab0463)

src/com/android/providers/telephony/TelephonyProvider.java[diff]

1 file changed

tree: 7d185595901938ba75d5485012624c7ce5e19fb4

assets/
res/
src/
tests/
Android.mk
AndroidManifest.xml
CleanSpec.mk
MODULE_LICENSE_APACHE2
NOTICE
OWNERS