diff options
| author | Debashish Chatterjee <debashishc@google.com> | 2011-06-16 17:23:18 +0100 |
|---|---|---|
| committer | Debashish Chatterjee <debashishc@google.com> | 2011-06-17 18:30:03 +0100 |
| commit | 00e7c94b70f4b477653534dbe559d1759d796157 (patch) | |
| tree | e123ddaf228f904484cb99eeda9172e921c2c730 /src/com | |
| parent | 1975b56a3368b4b7684429ffa79e7b9dbc35b475 (diff) | |
| download | packages_providers_ContactsProvider-00e7c94b70f4b477653534dbe559d1759d796157.zip packages_providers_ContactsProvider-00e7c94b70f4b477653534dbe559d1759d796157.tar.gz packages_providers_ContactsProvider-00e7c94b70f4b477653534dbe559d1759d796157.tar.bz2 | |
Added checks in voicemail provider to not expose call_log fields.
- Voicemail provider now has check to ensure that no field outside of its
projection is accesible.
- Moved functionality to check ContentValues against a projection map to
DbQueryUtils.
- Associated test cases.
Change-Id: I23033c96f74f0ab981152f70e585c69ba5284602
Diffstat (limited to 'src/com')
3 files changed, 34 insertions, 15 deletions
diff --git a/src/com/android/providers/contacts/CallLogProvider.java b/src/com/android/providers/contacts/CallLogProvider.java index 689e6be..e7a6351 100644 --- a/src/com/android/providers/contacts/CallLogProvider.java +++ b/src/com/android/providers/contacts/CallLogProvider.java @@ -16,7 +16,10 @@ package com.android.providers.contacts; +import static com.android.providers.contacts.util.DbQueryUtils.checkForSupportedColumns; + import com.android.providers.contacts.ContactsDatabaseHelper.Tables; +import com.android.providers.contacts.util.DbQueryUtils; import android.content.ContentProvider; import android.content.ContentUris; @@ -151,7 +154,7 @@ public class CallLogProvider extends ContentProvider { @Override public Uri insert(Uri uri, ContentValues values) { - checkForSupportedColumns(values); + checkForSupportedColumns(sCallsProjectionMap, values); // Inserted the current country code, so we know the country // the number belongs to. values.put(Calls.COUNTRY_ISO, getCurrentCountryIso()); @@ -170,7 +173,7 @@ public class CallLogProvider extends ContentProvider { @Override public int update(Uri url, ContentValues values, String selection, String[] selectionArgs) { - checkForSupportedColumns(values); + checkForSupportedColumns(sCallsProjectionMap, values); final SQLiteDatabase db = mDbHelper.getWritableDatabase(); String where; final int matchedUriId = sURIMatcher.match(url); @@ -221,13 +224,4 @@ public class CallLogProvider extends ContentProvider { protected String getCurrentCountryIso() { return mCountryMonitor.getCountryIso(); } - - /** Checks if ContentValues contains none other than supported columns. */ - private void checkForSupportedColumns(ContentValues values) { - for (String requestedColumn : values.keySet()) { - if (!sCallsProjectionMap.keySet().contains(requestedColumn)) { - throw new IllegalArgumentException("Column '" + requestedColumn + "' is invalid."); - } - } - } } diff --git a/src/com/android/providers/contacts/VoicemailContentProvider.java b/src/com/android/providers/contacts/VoicemailContentProvider.java index c24fc03..52903d1 100644 --- a/src/com/android/providers/contacts/VoicemailContentProvider.java +++ b/src/com/android/providers/contacts/VoicemailContentProvider.java @@ -15,6 +15,7 @@ */ package com.android.providers.contacts; +import static com.android.providers.contacts.util.DbQueryUtils.checkForSupportedColumns; import static com.android.providers.contacts.util.DbQueryUtils.concatenateClauses; import static com.android.providers.contacts.util.DbQueryUtils.getEqualityClause; @@ -39,6 +40,7 @@ import android.util.Log; import com.android.providers.contacts.ContactsDatabaseHelper.Tables; import com.android.providers.contacts.ContactsDatabaseHelper.Views; import com.android.providers.contacts.util.CloseUtils; +import com.android.providers.contacts.util.DbQueryUtils; import com.android.providers.contacts.util.TypedUriMatcherImpl; import java.io.File; @@ -206,6 +208,7 @@ public class VoicemailContentProvider extends ContentProvider { private Uri insertInternal(UriData uriData, ContentValues values, boolean sendProviderChangedNotification) { + checkForSupportedColumns(sVoicemailProjectionMap, values); ContentValues copiedValues = new ContentValues(values); checkInsertSupported(uriData); checkAndAddSourcePackageIntoValues(uriData, copiedValues); @@ -231,16 +234,19 @@ public class VoicemailContentProvider extends ContentProvider { notifyChange(newUri, VoicemailContract.ACTION_NEW_VOICEMAIL); } // Populate the 'voicemail_uri' field to be used by the call_log provider. - updateVoicemailUri(newUri); + updateVoicemailUri(db, newUri); return newUri; } return null; } - private void updateVoicemailUri(Uri newUri) { + private void updateVoicemailUri(SQLiteDatabase db, Uri newUri) { ContentValues values = new ContentValues(); values.put(Calls.VOICEMAIL_URI, newUri.toString()); - update(newUri, values, null, null); + // Directly update the db because we cannot update voicemail_uri through external + // update() due to projectionMap check. This also avoids unnecessary permission + // checks that are already done as part of insert request. + db.update(VOICEMAILS_TABLE_NAME, values, getWhereClause(createUriData(newUri)), null); } private void checkAndAddSourcePackageIntoValues(UriData uriData, ContentValues values) { @@ -293,8 +299,9 @@ public class VoicemailContentProvider extends ContentProvider { public int update(Uri uri, ContentValues values, String selection, String[] selectionArgs) { checkCallerHasOwnPermission(); UriData uriData = createUriData(uri); - checkUpdateSupported(uriData); checkPackagePermission(uriData); + checkForSupportedColumns(sVoicemailProjectionMap, values); + checkUpdateSupported(uriData); final SQLiteDatabase db = mDbHelper.getWritableDatabase(); // TODO: This implementation does not allow bulk update because it only accepts // URI that include message Id. I think we do want to support bulk update. diff --git a/src/com/android/providers/contacts/util/DbQueryUtils.java b/src/com/android/providers/contacts/util/DbQueryUtils.java index 6db077f..0045c59 100644 --- a/src/com/android/providers/contacts/util/DbQueryUtils.java +++ b/src/com/android/providers/contacts/util/DbQueryUtils.java @@ -15,9 +15,12 @@ */ package com.android.providers.contacts.util; +import android.content.ContentValues; import android.database.DatabaseUtils; import android.text.TextUtils; +import java.util.HashMap; + /** * Static methods for helping us build database query selection strings. */ @@ -52,4 +55,19 @@ public class DbQueryUtils { } return builder.toString(); } + + /** + * Checks if the given ContentValues contains values within the projection + * map. + * @throws IllegalArgumentException if any value in values is not found in + * the projection map. + */ + public static void checkForSupportedColumns(HashMap<String, String> projectionMap, + ContentValues values) { + for (String requestedColumn : values.keySet()) { + if (!projectionMap.keySet().contains(requestedColumn)) { + throw new IllegalArgumentException("Column '" + requestedColumn + "' is invalid."); + } + } + } } |