From 21742874f7ea8b7554bdf2fc8458dbf460e9b0fa Mon Sep 17 00:00:00 2001
From: Amit Mahajan <amitmahajan@google.com>
Date: Wed, 28 Oct 2015 13:43:01 -0700
Subject: [PATCH] Validate the uri received in ApnEditor.

Uri should only refer to telephony carriers and no other provider.

Bug: 11184401
Change-Id: I38c25a37a48883f971c4f405a98db5066a707909
---
 src/com/android/settings/ApnEditor.java | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/src/com/android/settings/ApnEditor.java b/src/com/android/settings/ApnEditor.java
index e785abb6f7e..20fb9eae09e 100644
--- a/src/com/android/settings/ApnEditor.java
+++ b/src/com/android/settings/ApnEditor.java
@@ -203,10 +203,22 @@ public class ApnEditor extends InstrumentedPreferenceActivity
         mFirstTime = icicle == null;
 
         if (action.equals(Intent.ACTION_EDIT)) {
-            mUri = intent.getData();
+            Uri uri = intent.getData();
+            if (!uri.isPathPrefixMatch(Telephony.Carriers.CONTENT_URI)) {
+                Log.e(TAG, "Edit request not for carrier table. Uri: " + uri);
+                finish();
+                return;
+            }
+            mUri = uri;
         } else if (action.equals(Intent.ACTION_INSERT)) {
             if (mFirstTime || icicle.getInt(SAVED_POS) == 0) {
-                mUri = getContentResolver().insert(intent.getData(), new ContentValues());
+                Uri uri = intent.getData();
+                if (!uri.isPathPrefixMatch(Telephony.Carriers.CONTENT_URI)) {
+                    Log.e(TAG, "Insert request not for carrier table. Uri: " + uri);
+                    finish();
+                    return;
+                }
+                mUri = getContentResolver().insert(uri, new ContentValues());
             } else {
                 mUri = ContentUris.withAppendedId(Telephony.Carriers.CONTENT_URI,
                         icicle.getInt(SAVED_POS));