Merge commit 'e339464f1c8efe7e53b761cf44ff5be6e537ecad' into gingerbread-plus-aosp * commit 'e339464f1c8efe7e53b761cf44ff5be6e537ecad': Fix issue #2834005: Android Settings.Secure bypass
This commit is contained in:
@ -49,6 +49,7 @@ import org.xmlpull.v1.XmlPullParser;
|
||||
import org.xmlpull.v1.XmlPullParserException;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
@ -67,11 +68,29 @@ public class DatabaseHelper extends SQLiteOpenHelper {
|
||||
|
||||
private Context mContext;
|
||||
|
||||
private static final HashSet<String> mValidTables = new HashSet<String>();
|
||||
|
||||
static {
|
||||
mValidTables.add("system");
|
||||
mValidTables.add("secure");
|
||||
mValidTables.add("bluetooth_devices");
|
||||
mValidTables.add("bookmarks");
|
||||
|
||||
// These are old.
|
||||
mValidTables.add("favorites");
|
||||
mValidTables.add("gservices");
|
||||
mValidTables.add("old_favorites");
|
||||
}
|
||||
|
||||
public DatabaseHelper(Context context) {
|
||||
super(context, DATABASE_NAME, null, DATABASE_VERSION);
|
||||
mContext = context;
|
||||
}
|
||||
|
||||
public static boolean isValidTable(String name) {
|
||||
return mValidTables.contains(name);
|
||||
}
|
||||
|
||||
private void createSecureTable(SQLiteDatabase db) {
|
||||
db.execSQL("CREATE TABLE secure (" +
|
||||
"_id INTEGER PRIMARY KEY AUTOINCREMENT," +
|
||||
|
@ -83,6 +83,9 @@ public class SettingsProvider extends ContentProvider {
|
||||
SqlArguments(Uri url, String where, String[] args) {
|
||||
if (url.getPathSegments().size() == 1) {
|
||||
this.table = url.getPathSegments().get(0);
|
||||
if (!DatabaseHelper.isValidTable(this.table)) {
|
||||
throw new IllegalArgumentException("Bad root path: " + this.table);
|
||||
}
|
||||
this.where = where;
|
||||
this.args = args;
|
||||
} else if (url.getPathSegments().size() != 2) {
|
||||
@ -91,6 +94,9 @@ public class SettingsProvider extends ContentProvider {
|
||||
throw new UnsupportedOperationException("WHERE clause not supported: " + url);
|
||||
} else {
|
||||
this.table = url.getPathSegments().get(0);
|
||||
if (!DatabaseHelper.isValidTable(this.table)) {
|
||||
throw new IllegalArgumentException("Bad root path: " + this.table);
|
||||
}
|
||||
if ("system".equals(this.table) || "secure".equals(this.table)) {
|
||||
this.where = Settings.NameValueTable.NAME + "=?";
|
||||
this.args = new String[] { url.getPathSegments().get(1) };
|
||||
@ -105,6 +111,9 @@ public class SettingsProvider extends ContentProvider {
|
||||
SqlArguments(Uri url) {
|
||||
if (url.getPathSegments().size() == 1) {
|
||||
this.table = url.getPathSegments().get(0);
|
||||
if (!DatabaseHelper.isValidTable(this.table)) {
|
||||
throw new IllegalArgumentException("Bad root path: " + this.table);
|
||||
}
|
||||
this.where = null;
|
||||
this.args = null;
|
||||
} else {
|
||||
|
Reference in New Issue
Block a user