Sanitize inputs for PreferredSimFallbackProvider.query()

SQLiteQueryBuilder.query() is used in strict mode with a projection map. Bug: 74601176 Test: Unit tests PiperOrigin-RevId: 188907943 Change-Id: I2f34e185ad175695d941697cd0dbdc8ad6172321
author: twyen <twyen@google.com> 2018-03-13 12:00:56 -0700
committer: Copybara-Service <copybara-piper@google.com> 2018-03-13 12:04:10 -0700
commit: 019aa3485c6c4c31f0835916865b7cb38274c024 (patch)
tree: 955f50f0db9d423c80189e5e32f29427f09673e4
parent: 6a65954b73d61336af214ca4aed39a7ba679eb62 (diff)
1 files changed, 23 insertions, 10 deletions
diff --git a/java/com/android/dialer/preferredsim/impl/PreferredSimFallbackProvider.java b/java/com/android/dialer/preferredsim/impl/PreferredSimFallbackProvider.java
index 2263e9e38..515ed9658 100644
--- a/java/com/android/dialer/preferredsim/impl/PreferredSimFallbackProvider.java
+++ b/java/com/android/dialer/preferredsim/impl/PreferredSimFallbackProvider.java
@@ -21,12 +21,14 @@ import android.content.ContentProvider;
 import android.content.ContentValues;
 import android.content.pm.PackageManager;
 import android.database.Cursor;
+import android.database.sqlite.SQLiteQueryBuilder;
 import android.net.Uri;
 import android.support.annotation.NonNull;
 import android.support.annotation.Nullable;
 import android.text.TextUtils;
 import com.android.dialer.preferredsim.PreferredSimFallbackContract;
 import com.android.dialer.preferredsim.PreferredSimFallbackContract.PreferredSim;
+import com.google.common.collect.ImmutableMap;
 
 /**
  * Content provider for preferred SIM columns that is only available in ContactsProvider after P.
@@ -39,6 +41,15 @@ public class PreferredSimFallbackProvider extends ContentProvider {
 
   private static final String UPDATE_ID_SELECTION = PreferredSim.DATA_ID + " = ?";
 
+  private static final ImmutableMap<String, String> PROJECTION_MAP =
+      ImmutableMap.of(
+          PreferredSim.DATA_ID,
+          PreferredSim.DATA_ID,
+          PreferredSim.PREFERRED_PHONE_ACCOUNT_COMPONENT_NAME,
+          PreferredSim.PREFERRED_PHONE_ACCOUNT_COMPONENT_NAME,
+          PreferredSim.PREFERRED_PHONE_ACCOUNT_ID,
+          PreferredSim.PREFERRED_PHONE_ACCOUNT_ID);
+
   private PreferredSimDatabaseHelper databaseHelper;
 
   @Override
@@ -56,16 +67,18 @@ public class PreferredSimFallbackProvider extends ContentProvider {
       @Nullable String[] selectionArgs,
       @Nullable String sortOrder) {
     checkReadContactsPermission();
-    return databaseHelper
-        .getReadableDatabase()
-        .query(
-            PreferredSimDatabaseHelper.TABLE,
-            projection,
-            selection,
-            selectionArgs,
-            null,
-            null,
-            sortOrder);
+    SQLiteQueryBuilder queryBuilder = new SQLiteQueryBuilder();
+    queryBuilder.setStrict(true);
+    queryBuilder.setProjectionMap(PROJECTION_MAP);
+    queryBuilder.setTables(PreferredSimDatabaseHelper.TABLE);
+    return queryBuilder.query(
+        databaseHelper.getReadableDatabase(),
+        projection,
+        selection,
+        selectionArgs,
+        null,
+        null,
+        sortOrder);
   }
 
   @Nullable
author	twyen <twyen@google.com>	2018-03-13 12:00:56 -0700
committer	Copybara-Service <copybara-piper@google.com>	2018-03-13 12:04:10 -0700
commit	019aa3485c6c4c31f0835916865b7cb38274c024 (patch)
tree	955f50f0db9d423c80189e5e32f29427f09673e4
parent	6a65954b73d61336af214ca4aed39a7ba679eb62 (diff)