30481342: Security Vulnerability - TOCTOU in MmsProvider allows access to files as phone (radio) uid - DO NOT MERGE
Problem: MmsProvider.openFile validated the current _data column
in the DB and then called ContentProvider.openFileHelper which was again
reading from the DB. A race condition could cause the second DB read to
read an updated, malicious value.
Fix: instead of doing the first DB check and calling
ContentProvider.openFileHelper, we're now just calling
MmsProvider.safeOpenFileHelper which does a single check.
Test: used the POC provided for this incident.
b/30481342
Change-Id: I643ad76bdbbbc68c4b7dbd18f7e76021396d5ed8
1 file changed