Validate incoming authority values.
A single provider may offer multiple authorities, so we now pass along
the authority being requested. However, we need to validate that the
authority is actually serviced by the provider, similar to what we do
in validateIncomingUri().
Bug: 120673301
Test: atest android.content.cts
Test: atest android.provider.cts
Change-Id: Ia9734a42558ee9d46dc54f7e12b596cf03a520f5
diff --git a/core/java/android/content/ContentProvider.java b/core/java/android/content/ContentProvider.java
index 5a12e4e..ad18911 100644
--- a/core/java/android/content/ContentProvider.java
+++ b/core/java/android/content/ContentProvider.java
@@ -327,6 +327,7 @@
public ContentProviderResult[] applyBatch(String callingPkg, String authority,
ArrayList<ContentProviderOperation> operations)
throws OperationApplicationException {
+ validateIncomingAuthority(authority);
int numOperations = operations.size();
final int[] userIds = new int[numOperations];
for (int i = 0; i < numOperations; i++) {
@@ -447,6 +448,7 @@
@Override
public Bundle call(String callingPkg, String authority, String method, @Nullable String arg,
@Nullable Bundle extras) {
+ validateIncomingAuthority(authority);
Bundle.setDefusable(extras, true);
Trace.traceBegin(TRACE_TAG_DATABASE, "call");
final String original = setCallingPackage(callingPkg);