From 019aa3485c6c4c31f0835916865b7cb38274c024 Mon Sep 17 00:00:00 2001
From: twyen <twyen@google.com>
Date: Tue, 13 Mar 2018 12:00:56 -0700
Subject: Sanitize inputs for PreferredSimFallbackProvider.query()

SQLiteQueryBuilder.query() is used in strict mode with a projection map.

Bug: 74601176
Test: Unit tests
PiperOrigin-RevId: 188907943
Change-Id: I2f34e185ad175695d941697cd0dbdc8ad6172321
---
 .../impl/PreferredSimFallbackProvider.java         | 33 +++++++++++++++-------
 1 file changed, 23 insertions(+), 10 deletions(-)

diff --git a/java/com/android/dialer/preferredsim/impl/PreferredSimFallbackProvider.java b/java/com/android/dialer/preferredsim/impl/PreferredSimFallbackProvider.java
index 2263e9e38..515ed9658 100644
--- a/java/com/android/dialer/preferredsim/impl/PreferredSimFallbackProvider.java
+++ b/java/com/android/dialer/preferredsim/impl/PreferredSimFallbackProvider.java
@@ -21,12 +21,14 @@ import android.content.ContentProvider;
 import android.content.ContentValues;
 import android.content.pm.PackageManager;
 import android.database.Cursor;
+import android.database.sqlite.SQLiteQueryBuilder;
 import android.net.Uri;
 import android.support.annotation.NonNull;
 import android.support.annotation.Nullable;
 import android.text.TextUtils;
 import com.android.dialer.preferredsim.PreferredSimFallbackContract;
 import com.android.dialer.preferredsim.PreferredSimFallbackContract.PreferredSim;
+import com.google.common.collect.ImmutableMap;
 
 /**
  * Content provider for preferred SIM columns that is only available in ContactsProvider after P.
@@ -39,6 +41,15 @@ public class PreferredSimFallbackProvider extends ContentProvider {
 
   private static final String UPDATE_ID_SELECTION = PreferredSim.DATA_ID + " = ?";
 
+  private static final ImmutableMap<String, String> PROJECTION_MAP =
+      ImmutableMap.of(
+          PreferredSim.DATA_ID,
+          PreferredSim.DATA_ID,
+          PreferredSim.PREFERRED_PHONE_ACCOUNT_COMPONENT_NAME,
+          PreferredSim.PREFERRED_PHONE_ACCOUNT_COMPONENT_NAME,
+          PreferredSim.PREFERRED_PHONE_ACCOUNT_ID,
+          PreferredSim.PREFERRED_PHONE_ACCOUNT_ID);
+
   private PreferredSimDatabaseHelper databaseHelper;
 
   @Override
@@ -56,16 +67,18 @@ public class PreferredSimFallbackProvider extends ContentProvider {
       @Nullable String[] selectionArgs,
       @Nullable String sortOrder) {
     checkReadContactsPermission();
-    return databaseHelper
-        .getReadableDatabase()
-        .query(
-            PreferredSimDatabaseHelper.TABLE,
-            projection,
-            selection,
-            selectionArgs,
-            null,
-            null,
-            sortOrder);
+    SQLiteQueryBuilder queryBuilder = new SQLiteQueryBuilder();
+    queryBuilder.setStrict(true);
+    queryBuilder.setProjectionMap(PROJECTION_MAP);
+    queryBuilder.setTables(PreferredSimDatabaseHelper.TABLE);
+    return queryBuilder.query(
+        databaseHelper.getReadableDatabase(),
+        projection,
+        selection,
+        selectionArgs,
+        null,
+        null,
+        sortOrder);
   }
 
   @Nullable
-- 
cgit v1.2.3