OSDN Git Service

(root) / android-x86 / frameworks-base.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 92e5e5e) | patch
RESTRICT AUTOMERGE
authorJeff Sharkey <jsharkey@android.com>
Thu, 18 Jul 2019 00:51:28 +0000 (18:51 -0600)
committerBryan Ferris <bferris@google.com>
Wed, 11 Sep 2019 23:52:37 +0000 (23:52 +0000)
commitf683c688d5fcd1c178aad2dc154ae5d7b5c60aa9
treeb136c0dc668c14ef5b6a31f8e73bf30b9467bd41tree | snapshot
parent92e5e5e45c171f88cb30d8044e43e40fd5437416commit | diff
RESTRICT AUTOMERGE
Enable stricter SQLiteQueryBuilder options.

Malicious callers can leak side-channel information by using
subqueries in any untrusted inputs where SQLite allows "expr" values.

This change starts using setStrictColumns() and setStrictGrammar()
on SQLiteQueryBuilder to block this class of attacks.  This means we
now need to define the projection mapping of valid columns, which
consists of both the columns defined in the public API and columns
read internally by DownloadInfo.Reader.

We're okay growing sAppReadableColumnsSet like this, since we're
relying on our trusted WHERE clause to filter away any rows that
don't belong to the calling UID.

Remove the legacy Lexer code, since we're now internally relying on
the robust and well-tested SQLiteTokenizer logic.

Bug: 135270103135269143
Test: cts-tradefed run cts -m CtsAppTestCases -t android.app.cts.DownloadManagerTest
Change-Id: Iec1e8ce18dc4a9564318e0473d9d3863c8c2988a
core/java/android/app/DownloadManager.java diff | blob | history
frameworks/base
About OSDN
Find Software
Develop Software
Help