am 828617b8: am 04311337: am cad5d8e3: am c72280d2: am 49e29575: am 21cf95e7: Don\'t allow clients to update or insert _data column data
* commit '828617b8277b346332dae15654ef6c28a9a2f422':
diff --git a/res/values-fa/strings.xml b/res/values-fa/strings.xml
index f710609..87e5239 100644
--- a/res/values-fa/strings.xml
+++ b/res/values-fa/strings.xml
@@ -16,6 +16,6 @@
<resources xmlns:android="http://schemas.android.com/apk/res/android"
xmlns:xliff="urn:oasis:names:tc:xliff:document:1.2">
- <string name="app_label" product="tablet" msgid="9194799012395299737">"پیکربندی شبکه تلفن همراه"</string>
+ <string name="app_label" product="tablet" msgid="9194799012395299737">"پیکربندی شبکهٔ تلفن همراه"</string>
<string name="app_label" product="default" msgid="4282451239358791628">"حافظه تلفن/پیام رسانی"</string>
</resources>
diff --git a/src/com/android/providers/telephony/MmsProvider.java b/src/com/android/providers/telephony/MmsProvider.java
index 3b17003..ac7c1f9 100644
--- a/src/com/android/providers/telephony/MmsProvider.java
+++ b/src/com/android/providers/telephony/MmsProvider.java
@@ -16,6 +16,7 @@
package com.android.providers.telephony;
+import android.app.AppOpsManager;
import android.content.ContentProvider;
import android.content.ContentResolver;
import android.content.ContentValues;
@@ -64,6 +65,7 @@
@Override
public boolean onCreate() {
+ setAppOps(AppOpsManager.OP_READ_SMS, AppOpsManager.OP_WRITE_SMS);
mOpenHelper = MmsSmsDatabaseHelper.getInstance(getContext());
return true;
}
diff --git a/src/com/android/providers/telephony/MmsSmsProvider.java b/src/com/android/providers/telephony/MmsSmsProvider.java
index 21dd188..ea0e39e 100644
--- a/src/com/android/providers/telephony/MmsSmsProvider.java
+++ b/src/com/android/providers/telephony/MmsSmsProvider.java
@@ -21,6 +21,7 @@
import java.util.List;
import java.util.Set;
+import android.app.AppOpsManager;
import android.content.ContentProvider;
import android.content.ContentValues;
import android.content.Context;
@@ -282,6 +283,7 @@
@Override
public boolean onCreate() {
+ setAppOps(AppOpsManager.OP_READ_SMS, AppOpsManager.OP_WRITE_SMS);
mOpenHelper = MmsSmsDatabaseHelper.getInstance(getContext());
mUseStrictPhoneNumberComparation =
getContext().getResources().getBoolean(
diff --git a/src/com/android/providers/telephony/SmsProvider.java b/src/com/android/providers/telephony/SmsProvider.java
index 15e008d..3538525 100644
--- a/src/com/android/providers/telephony/SmsProvider.java
+++ b/src/com/android/providers/telephony/SmsProvider.java
@@ -16,6 +16,7 @@
package com.android.providers.telephony;
+import android.app.AppOpsManager;
import android.content.ContentProvider;
import android.content.ContentResolver;
import android.content.ContentValues;
@@ -82,6 +83,7 @@
@Override
public boolean onCreate() {
+ setAppOps(AppOpsManager.OP_READ_SMS, AppOpsManager.OP_WRITE_SMS);
mOpenHelper = MmsSmsDatabaseHelper.getInstance(getContext());
return true;
}
diff --git a/src/com/android/providers/telephony/TelephonyProvider.java b/src/com/android/providers/telephony/TelephonyProvider.java
index b7cc7a9..f68ac51 100644
--- a/src/com/android/providers/telephony/TelephonyProvider.java
+++ b/src/com/android/providers/telephony/TelephonyProvider.java
@@ -458,10 +458,8 @@
@Override
public Cursor query(Uri url, String[] projectionIn, String selection,
String[] selectionArgs, String sort) {
-
- checkPermission();
-
SQLiteQueryBuilder qb = new SQLiteQueryBuilder();
+ qb.setStrict(true); // a little protection from injection attacks
qb.setTables("carriers");
int match = s_urlMatcher.match(url);
@@ -495,6 +493,24 @@
}
}
+ if (projectionIn != null) {
+ for (String column : projectionIn) {
+ if (Telephony.Carriers.TYPE.equals(column) ||
+ Telephony.Carriers.MMSC.equals(column) ||
+ Telephony.Carriers.MMSPROXY.equals(column) ||
+ Telephony.Carriers.MMSPORT.equals(column) ||
+ Telephony.Carriers.APN.equals(column)) {
+ // noop
+ } else {
+ checkPermission();
+ break;
+ }
+ }
+ } else {
+ // null returns all columns, so need permission check
+ checkPermission();
+ }
+
SQLiteDatabase db = mOpenHelper.getReadableDatabase();
Cursor ret = null;
try {