Gitiles
Code Review Sign In
review.blissroms.org / platform_packages_providers_TelephonyProvider / 02e896c5f86ced36e127dac4bccc7743bb29ac77^1..02e896c5f86ced36e127dac4bccc7743bb29ac77 / .
commit02e896c5f86ced36e127dac4bccc7743bb29ac77[log] [tgz]
authorHall Liu <hallliu@google.com>Fri Sep 06 16:35:58 2019 -0700
committerHall Liu <hallliu@google.com>Tue Sep 10 20:21:37 2019 +0000
tree0fe453592de3ed345ca4472a964dd14abb43e3b2
parent7e763845242955fbe7935078eb17ee6758763a10 [diff]
parent72b6ac9075afff486072049416d38b44c046c9f2 [diff]
resolve merge conflicts of 72b6ac9075afff486072049416d38b44c046c9f2 to pi-dev

Test: compile
Bug: 138802882
Change-Id: I4e077177577e7d583754f3e3d55c507aeb83b5fb
Merged-In: I59b297642d2000dde0a83f77b20112c7382b7ef1

diff --git a/src/com/android/providers/telephony/TelephonyProvider.java b/src/com/android/providers/telephony/TelephonyProvider.java
index 5ff0294..adf3bba 100644
--- a/src/com/android/providers/telephony/TelephonyProvider.java
+++ b/src/com/android/providers/telephony/TelephonyProvider.java

@@ -190,6 +190,9 @@
 
     private static final String DEFAULT_PROTOCOL = "IP";
     private static final String DEFAULT_ROAMING_PROTOCOL = "IP";
+    // Used to check if certain queries contain subqueries that may attempt to access sensitive
+    // fields in the carriers db.
+    private static final String SQL_SELECT_TOKEN = "select";
 
     private static final UriMatcher s_urlMatcher = new UriMatcher(UriMatcher.NO_MATCH);
 
@@ -2512,25 +2515,26 @@
             qb.appendWhere(TextUtils.join(" AND ", constraints));
         }
 
-        if (match != URL_SIMINFO) {
-            // Determine if we need to do a check for fields in the selection
-            boolean selectionOrSortContainsSensitiveFields;
-            try {
-                selectionOrSortContainsSensitiveFields = containsSensitiveFields(selection);
-                selectionOrSortContainsSensitiveFields |= containsSensitiveFields(sort);
-            } catch (Exception e) {
-                // Malformed sql, check permission anyway.
-                selectionOrSortContainsSensitiveFields = true;
-            }
+        // Determine if we need to do a check for fields in the selection
+        boolean selectionOrSortContainsSensitiveFields;
+        try {
+            selectionOrSortContainsSensitiveFields = containsSensitiveFields(selection);
+            selectionOrSortContainsSensitiveFields |= containsSensitiveFields(sort);
+        } catch (Exception e) {
+            // Malformed sql, check permission anyway.
+            selectionOrSortContainsSensitiveFields = true;
+        }
 
-            if (selectionOrSortContainsSensitiveFields) {
-                try {
-                    checkPermission();
-                } catch (SecurityException e) {
-                    EventLog.writeEvent(0x534e4554, "124107808", Binder.getCallingUid());
-                    throw e;
-                }
+        if (selectionOrSortContainsSensitiveFields) {
+            try {
+                checkPermission();
+            } catch (SecurityException e) {
+                EventLog.writeEvent(0x534e4554, "124107808", Binder.getCallingUid());
+                throw e;
             }
+        }
+
+        if (match != URL_SIMINFO) {
             if (projectionIn != null) {
                 for (String column : projectionIn) {
                     if (TYPE.equals(column) ||
@@ -2578,9 +2582,10 @@
     private boolean containsSensitiveFields(String sqlStatement) {
         try {
             SqlTokenFinder.findTokens(sqlStatement, s -> {
-                switch (s) {
+                switch (s.toLowerCase()) {
                     case USER:
                     case PASSWORD:
+                    case SQL_SELECT_TOKEN:
                         throw new SecurityException();
                 }
             });