Google Git
Sign in
android / platform / packages / providers / TelephonyProvider / refs/tags/android-security-10.0.0_r58
tagc2be2f5de4b8185e5d05db809b39138bbb06b64f
taggerThe Android Open Source Project <initial-contribution@android.com>Wed Sep 08 14:02:55 2021 -0700
object9868943e2fbba60fa0a7950d7f17b870581767c7 
Android security 10.0.0 release 58
commit9868943e2fbba60fa0a7950d7f17b870581767c7[log] [tgz]
authorHall Liu <hallliu@google.com>Mon Aug 12 18:19:00 2019 -0700
committerMax Spector <mspector@google.com>Thu Oct 10 18:43:08 2019 -0700
treef828af997fa23784fe6236d1279eaa7afead1351
parentbbba171f0ba000b49f7b58f845f5100b74b81851 [diff]
DO NOT MERGE Fix the remaining holes for access to APN data

Add the following checks for preventing unauthorized access to the APN
username and password fields in the carrier db:
1. Check the query for sensitive fields no matter what URI is being
queried
2. Perform a case-insensitive search for sensitive fields
3. Always check the permission for accessing username/password if any
part of the query contains a subquery (detected via looking for the
"select" token).

Bug: 138802882
Test: CTS
Change-Id: I59b297642d2000dde0a83f77b20112c7382b7ef1
(cherry picked from commit 30a633ac17b2a6f35068cbb57c8f12c5c683b5f6)
1 file changed
tree: f828af997fa23784fe6236d1279eaa7afead1351
  1. assets/
  2. res/
  3. src/
  4. tests/
  5. Android.bp
  6. AndroidManifest.xml
  7. CleanSpec.mk
  8. MODULE_LICENSE_APACHE2
  9. NOTICE
  10. OWNERS