git.osdn.net Git - android-x86/frameworks-base.git/commit

author	Jeff Sharkey <jsharkey@android.com>
	Thu, 18 Jul 2019 00:51:28 +0000 (18:51 -0600)
committer	Max Spector <mspector@google.com>
	Thu, 19 Sep 2019 00:14:55 +0000 (17:14 -0700)
commit	95c83b30f2f504e2871b0d7203a0016957ba251d
tree	0f1a6c3d121cce3620312619b8a5f9b3cbcb68a6	tree \| snapshot
parent	54f00e8302da5750b9d0be70fce88238e599ec99	commit \| diff

RESTRICT AUTOMERGE
Enable stricter SQLiteQueryBuilder options.

Malicious callers can leak side-channel information by using
subqueries in any untrusted inputs where SQLite allows "expr" values.

This change starts using setStrictColumns() and setStrictGrammar()
on SQLiteQueryBuilder to block this class of attacks. This means we
now need to define the projection mapping of valid columns, which
consists of both the columns defined in the public API and columns
read internally by DownloadInfo.Reader.

We're okay growing sAppReadableColumnsSet like this, since we're
relying on our trusted WHERE clause to filter away any rows that
don't belong to the calling UID.

Remove the legacy Lexer code, since we're now internally relying on
the robust and well-tested SQLiteTokenizer logic.

Bug: 135270103
Bug: 135269143
Test: atest DownloadProviderTests
Test: atest CtsAppTestCases:android.app.cts.DownloadManagerTest
Change-Id: Iec1e8ce18dc4a9564318e0473d9d3863c8c2988a
(cherry picked from commit 382d5c0c199f3743514e024d2fd921248f7b14b3)