Re: [Replicant] [PATCH] Disable phone number lookup settings during upgrade

Denis 'GNUtoo' Carikli Thu, 10 Oct 2019 10:03:57 -0700

On Thu, 10 Oct 2019 00:12:56 +0300
Joonas Kylmälä <[email protected]> wrote:


> This disables during the upgrade settings that cause private
> information leaking through phone number lookup feature.
> 
> Signed-off-by: Joonas Kylmälä <[email protected]>
> ---
>  .../cyanogenmod/cmsettings/CMDatabaseHelper.java    | 21
> ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-)
> 
> diff --git
> a/packages/CMSettingsProvider/src/org/cyanogenmod/cmsettings/CMDatabaseHelper.java
> b/packages/CMSettingsProvider/src/org/cyanogenmod/cmsettings/CMDatabaseHelper.java
> index d35f449..1242c1a 100644 ---
> a/packages/CMSettingsProvider/src/org/cyanogenmod/cmsettings/CMDatabaseHelper.java
> +++
> b/packages/CMSettingsProvider/src/org/cyanogenmod/cmsettings/CMDatabaseHelper.java
> @@ -46,7 +46,7 @@ public class CMDatabaseHelper extends
> SQLiteOpenHelper{ private static final boolean LOCAL_LOGV = false;
> private static final String DATABASE_NAME = "cmsettings.db";
> -    private static final int DATABASE_VERSION = 6;
> +    private static final int DATABASE_VERSION = 7;
>  
>      public static class CMTableNames {
>          public static final String TABLE_SYSTEM = "system";
> @@ -232,6 +232,25 @@ public class CMDatabaseHelper extends
> SQLiteOpenHelper{ }
>              upgradeVersion = 6;
>          }
> +
> +        if (upgradeVersion < 7) {
> +            if (mUserHandle == UserHandle.USER_OWNER) {
> +                db.beginTransaction();
> +                SQLiteStatement stmt = null;
> +                try {
> +                    stmt = db.compileStatement("UPDATE system SET
> value = 0 WHERE name IN (?,?,?);");
> +                    stmt.bindString(1,
> CMSettings.System.ENABLE_FORWARD_LOOKUP);
> +                    stmt.bindString(2,
> CMSettings.System.ENABLE_PEOPLE_LOOKUP);
> +                    stmt.bindString(3,
> CMSettings.System.ENABLE_REVERSE_LOOKUP);
> +                    stmt.execute();
> +                    db.setTransactionSuccessful();
> +                } finally {
> +                    if (stmt != null) stmt.close();
> +                    db.endTransaction();
> +                }
> +            }
> +            upgradeVersion = 7;
> +        }
>          // *** Remember to update DATABASE_VERSION above!
>  
>          if (upgradeVersion < newVersion) {

Acked-by: Denis 'GNUtoo' Carikli <[email protected]>

Thanks a lot for this patch! It was needed to make a Replicant 6
release.

Denis.

pgplQM7ORrbLE.pgp
Description: OpenPGP digital signature

_______________________________________________
Replicant mailing list
[email protected]
https://lists.osuosl.org/mailman/listinfo/replicant

Re: [Replicant] [PATCH] Disable phone number lookup settings during upgrade

Reply via email to