Validate incoming authority values.

A single provider may offer multiple authorities, so we now pass along the authority being requested. However, we need to validate that the authority is actually serviced by the provider, similar to what we do in validateIncomingUri(). Bug: 120673301 Test: atest android.content.cts Test: atest android.provider.cts Change-Id: Ia9734a42558ee9d46dc54f7e12b596cf03a520f5

Validate incoming authority values.
2de00bf3 · Jeff Sharkey · 95268aeb · 2de00bf3
Commit 2de00bf3 authored 6 years ago by Jeff Sharkey
--- a/core/java/android/content/ContentProvider.java
+++ b/core/java/android/content/ContentProvider.java
@@ -327,6 +327,7 @@ public abstract class ContentProvider implements ContentInterface, ComponentCall
        public ContentProviderResult[] applyBatch(String callingPkg, String authority,
                ArrayList<ContentProviderOperation> operations)
                throws OperationApplicationException {
+            validateIncomingAuthority(authority);
            int numOperations = operations.size();
            final int[] userIds = new int[numOperations];
            for (int i = 0; i < numOperations; i++) {
@@ -447,6 +448,7 @@ public abstract class ContentProvider implements ContentInterface, ComponentCall
        @Override
        public Bundle call(String callingPkg, String authority, String method, @Nullable String arg,
                @Nullable Bundle extras) {
+            validateIncomingAuthority(authority);
            Bundle.setDefusable(extras, true);
            Trace.traceBegin(TRACE_TAG_DATABASE, "call");
            final String original = setCallingPackage(callingPkg);