refs/tags/FP2-open-16.10.0 - fp2-dev/platform/packages/providers/TelephonyProvider

commit	592ad6dcbd8593e422a7a8225b937ce664bcff1d	[log] [tgz]
author	Teow Wan Yee <wy.teow@hi-p.com>	Tue Sep 20 16:05:14 2016 +0800
committer	Jeron Susan <jeron.susan@hi-p.com>	Fri Sep 23 09:37:25 2016 +0800
tree	a6fa4eddd87d3dc7e3af62527e1d6b79f7a17918
parent	e0131d9b3b9e77678dacc79e31987f8ac0087de4 [diff]

FPII-2379 : Elevation of privilege vulnerability in Telephony CVE-2016-3914
A-30481342

MmsProvider.openFile validates the current_data column in the database (DB)
and then calls ContentProvider.openFileHelper, which reads from the DB again.
A race condition could cause the second DB read to read an updated, malicious value.
The fix is designed to call MmsProvider.safeOpenFileHelper instead of conducting
the first DB check and calling ContentProvider.openFileHelper.

Change-Id: Iee7dc3d8da17439be8c1c12a45b58cdb13fa71e0

src/com/android/providers/telephony/MmsProvider.java[diff]

1 file changed

tree: a6fa4eddd87d3dc7e3af62527e1d6b79f7a17918

res/
src/
Android.mk
AndroidManifest.xml
CleanSpec.mk
MODULE_LICENSE_APACHE2
NOTICE