diff options
| author | Brad Fitzpatrick <bradfitz@android.com> | 2010-02-19 10:59:01 -0800 |
|---|---|---|
| committer | Brad Fitzpatrick <bradfitz@android.com> | 2010-02-22 09:09:21 -0800 |
| commit | d833023307494d5bfe3fdc1ce79761fb8c9f49a6 (patch) | |
| tree | 575c66ec703bcc86cbdfef039fca5ddc5d5df34a | |
| parent | fed93779a3e144eaa44012b802feb20d194b3a97 (diff) | |
| download | frameworks_base-d833023307494d5bfe3fdc1ce79761fb8c9f49a6.zip frameworks_base-d833023307494d5bfe3fdc1ce79761fb8c9f49a6.tar.gz frameworks_base-d833023307494d5bfe3fdc1ce79761fb8c9f49a6.tar.bz2 | |
Don't let email addresses in database names get into the EventLog.
Because some apps make SQLite database names containing email
addresses, we take care not to log those email addresses in the
EventLog, so other apps with READ_LOGS access can't read them.
| -rw-r--r-- | core/java/android/database/sqlite/SQLiteDatabase.java | 35 |
1 files changed, 34 insertions, 1 deletions
diff --git a/core/java/android/database/sqlite/SQLiteDatabase.java b/core/java/android/database/sqlite/SQLiteDatabase.java index 9ac8a4d..8fd8e28 100644 --- a/core/java/android/database/sqlite/SQLiteDatabase.java +++ b/core/java/android/database/sqlite/SQLiteDatabase.java @@ -41,6 +41,7 @@ import java.util.Random; import java.util.Set; import java.util.WeakHashMap; import java.util.concurrent.locks.ReentrantLock; +import java.util.regex.Pattern; /** * Exposes methods to manage a SQLite database. @@ -199,6 +200,10 @@ public class SQLiteDatabase extends SQLiteClosable { private static final int SLEEP_AFTER_YIELD_QUANTUM = 1000; + // The pattern we remove from database filenames before + // potentially logging them. + private static final Pattern EMAIL_IN_DB_PATTERN = Pattern.compile("[\\w\\.\\-]+@[\\w\\.\\-]+"); + private long mLastLockMessageTime = 0L; // Things related to query logging/sampling for debugging @@ -222,6 +227,9 @@ public class SQLiteDatabase extends SQLiteClosable { /** The path for the database file */ private String mPath; + /** The anonymized path for the database file for logging purposes */ + private String mPathForLogs = null; // lazily populated + /** The flags passed to open/create */ private int mFlags; @@ -1833,7 +1841,32 @@ public class SQLiteDatabase extends SQLiteClosable { if (blockingPackage == null) blockingPackage = ""; EventLog.writeEvent( - EVENT_DB_OPERATION, mPath, sql, durationMillis, blockingPackage, samplePercent); + EVENT_DB_OPERATION, + getPathForLogs(), + sql, + durationMillis, + blockingPackage, + samplePercent); + } + + /** + * Removes email addresses from database filenames before they're + * logged to the EventLog where otherwise apps could potentially + * read them. + */ + private String getPathForLogs() { + if (mPathForLogs != null) { + return mPathForLogs; + } + if (mPath == null) { + return null; + } + if (mPath.indexOf('@') == -1) { + mPathForLogs = mPath; + } else { + mPathForLogs = EMAIL_IN_DB_PATTERN.matcher(mPath).replaceAll("XX@YY"); + } + return mPathForLogs; } /** |