Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
418,381 Commits 3 Branches 0 Tags
0e66ea6f3221aa8ccbb78ce38fbcaa67d8ea94f9
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Jeff Sharkey 0e66ea6f32 RESTRICT AUTOMERGE Strict SQLiteQueryBuilder needs to be stricter. 
Malicious callers can leak side-channel information by using
subqueries in any untrusted inputs where SQLite allows "expr" values.

This change offers setStrictGrammar() to prevent this by outright
blocking subqueries in WHERE and HAVING clauses, and by requiring
that GROUP BY and ORDER BY clauses be composed only of valid columns.

This change also offers setStrictColumns() to require that all
untrusted column names are valid, such as those in ContentValues.

Relaxes to always allow aggregation operators on returned columns,
since untrusted callers can always calculate these manually.

Bug: 135270103, 135269143
Test: atest android.database.sqlite.cts.SQLiteQueryBuilderTest
Test: atest FrameworksCoreTests:android.database.sqlite.SQLiteTokenizerTest
Change-Id: I0dacb53170ce573a2fe103cbff455782bfdb5d41
2019-09-10 21:16:10 +00:00
apct-tests/perftests
api
AM: make isHighEndGfx TestApi
2019-07-15 12:05:54 +02:00
cmds
Merge "StatsdStats: improve activation time logging" into qt-dev
2019-06-28 02:03:40 +00:00
config
Restore some greylist entries.
2019-06-28 10:15:37 +01:00
core
RESTRICT AUTOMERGE Strict SQLiteQueryBuilder needs to be stricter.
2019-09-10 21:16:10 +00:00
data
Keylayout for xbox pdp controller
2019-06-24 14:41:51 -07:00
docs
drm
graphics
docs: Added missing comma in RectF class description.
2019-07-30 18:57:37 +00:00
keystore
libs
Set idmap2 binary uid and gid after forking
2019-07-01 21:19:21 +00:00
location
lowpan
media
Merge "Media2: Make Javadoc consistent for recommending use of AndroidX" into qt-dev
2019-07-03 21:59:30 +00:00
native
nfc-extras
obex
opengl/java
packages
Use UnlockMethodCache#canSkipBouncer in user switcher
2019-09-04 22:55:12 +00:00
proto
Adds metrics categories for gesture navigation dialogs
2019-06-24 20:31:11 +00:00
rs
samples/training/network-usage
sax
services
Merge "Unset INSTALL_DISABLE_VERIFICATION flag if install is not from system" into qt-dev
2019-08-29 21:47:30 +00:00
startop
telecomm
Support indicating call direction on existing connections.
2019-06-25 13:48:29 -07:00
telephony
Add a blacklist for preinstalled carrier apps.
2019-08-08 15:05:06 +00:00
test-base
test-legacy
test-mock
test-runner
tests
Add SocketUtils CTS tests
2019-08-23 02:13:40 +00:00
tools
wifi
Merge "p2p: update documents about EXTRA_WIFI_P2P_GROUP in connection changed event" into qt-dev
2019-07-18 18:11:23 +00:00
.gitignore
Android.bp
API: Explicitly track incompatibilities with previous API versions
2019-08-12 16:11:57 +00:00
Android.mk
CleanSpec.mk
jarjar_rules_hidl.txt
MODULE_LICENSE_APACHE2
NOTICE
pathmap.mk
PREUPLOAD.cfg
Description
No description provided
21 GiB
Languages
Java 73.7%
Kotlin 14%
PowerBuilder 5.8%
C++ 5.2%
AIDL 1%