-
Andre Furtado authored
30481342: Security Vulnerability - TOCTOU in MmsProvider allows access to files as phone (radio) uid Problem: MmsProvider.openFile validated the current _data column in the DB and then called ContentProvider.openFileHelper which was again reading from the DB. A race condition could cause the second DB read to read an updated, malicious value. Fix: instead of doing the first DB check and calling ContentProvider.openFileHelper, we're now just calling MmsProvider.safeOpenFileHelper which does a single check. Test: used the POC provided for this incident. b/30481342 Change-Id: I653129359130b9fae59d4c355320b266c158a698 (cherry picked from commit 5bc7f968)
98faa36c
