Make CREATOR columns read-only and auto set them in provider
- If an app (not SYSTEM or PHONE) tries to set CREATOR column when
inserting a message, it will be silently overridden by the true pacakge
name of the caller. Or if it tries to update the column, it will be
sliently dropped.
- Also fixed some PII issues
b/18393308
Change-Id: I4ac739b9a6cb78797f006f17c0eed3eeb64cc65e
diff --git a/src/com/android/providers/telephony/MmsProvider.java b/src/com/android/providers/telephony/MmsProvider.java
index 129c480..5344881 100644
--- a/src/com/android/providers/telephony/MmsProvider.java
+++ b/src/com/android/providers/telephony/MmsProvider.java
@@ -28,6 +28,7 @@
import android.database.sqlite.SQLiteOpenHelper;
import android.database.sqlite.SQLiteQueryBuilder;
import android.net.Uri;
+import android.os.Binder;
import android.os.FileUtils;
import android.os.ParcelFileDescriptor;
import android.os.UserHandle;
@@ -35,10 +36,11 @@
import android.provider.Telephony;
import android.provider.Telephony.CanonicalAddressesColumns;
import android.provider.Telephony.Mms;
-import android.provider.Telephony.MmsSms;
import android.provider.Telephony.Mms.Addr;
import android.provider.Telephony.Mms.Part;
import android.provider.Telephony.Mms.Rate;
+import android.provider.Telephony.MmsSms;
+import android.provider.Telephony.Threads;
import android.text.TextUtils;
import android.util.Log;
@@ -49,8 +51,6 @@
import java.io.FileNotFoundException;
import java.io.IOException;
-import android.provider.Telephony.Threads;
-
/**
* The class to provide base facility to access MMS related content,
* which is stored in a SQLite database and in the file system.
@@ -279,6 +279,7 @@
if (values != null && values.containsKey(Part._DATA)) {
return null;
}
+ final int callerUid = Binder.getCallingUid();
int msgBox = Mms.MESSAGE_BOX_ALL;
boolean notify = true;
@@ -371,19 +372,27 @@
finalValues.put(Mms.THREAD_ID, Threads.getOrCreateThreadId(getContext(), address));
}
+ if (ProviderUtil.shouldSetCreator(finalValues, callerUid)) {
+ // Only SYSTEM or PHONE can set CREATOR
+ // If caller is not SYSTEM or PHONE, or SYSTEM or PHONE does not set CREATOR
+ // set CREATOR using the truth on caller.
+ // Note: Inferring package name from UID may include unrelated package names
+ finalValues.put(Telephony.Mms.CREATOR,
+ ProviderUtil.getPackageNamesByUid(getContext(), callerUid));
+ }
+
if ((rowId = db.insert(table, null, finalValues)) <= 0) {
- Log.e(TAG, "MmsProvider.insert: failed! " + finalValues);
+ Log.e(TAG, "MmsProvider.insert: failed!");
return null;
}
res = Uri.parse(res + "/" + rowId);
-
} else if (table.equals(TABLE_ADDR)) {
finalValues = new ContentValues(values);
finalValues.put(Addr.MSG_ID, uri.getPathSegments().get(0));
if ((rowId = db.insert(table, null, finalValues)) <= 0) {
- Log.e(TAG, "Failed to insert address: " + finalValues);
+ Log.e(TAG, "Failed to insert address");
return null;
}
@@ -452,7 +461,7 @@
}
if ((rowId = db.insert(table, null, finalValues)) <= 0) {
- Log.e(TAG, "MmsProvider.insert: failed! " + finalValues);
+ Log.e(TAG, "MmsProvider.insert: failed!");
return null;
}
@@ -504,7 +513,7 @@
}
if ((rowId = db.insert(table, null, finalValues)) <= 0) {
- Log.e(TAG, "MmsProvider.insert: failed! " + finalValues);
+ Log.e(TAG, "MmsProvider.insert: failed!");
return null;
}
res = Uri.parse(res + "/drm/" + rowId);
@@ -697,6 +706,7 @@
if (values != null && values.containsKey(Part._DATA)) {
return 0;
}
+ final int callerUid = Binder.getCallingUid();
int match = sURLMatcher.match(uri);
if (LOCAL_LOGV) {
Log.v(TAG, "Update uri=" + uri + ", match=" + match);
@@ -749,6 +759,12 @@
if (table.equals(TABLE_PDU)) {
// Filter keys that we don't support yet.
filterUnsupportedKeys(values);
+ if (ProviderUtil.shouldRemoveCreator(values, callerUid)) {
+ // CREATOR should not be changed by non-SYSTEM/PHONE apps
+ Log.w(TAG, ProviderUtil.getPackageNamesByUid(getContext(), callerUid) +
+ " tries to update CREATOR");
+ values.remove(Mms.CREATOR);
+ }
finalValues = new ContentValues(values);
if (msgId != null) {