We can't be as clever as we'd like.

We had hoped that SQLiteQueryBuilder could enforce some pretty strict
grammar rules, but there are apps depending on the full quirkiness
of what SQLite will allow, which is pretty much "expr" everywhere.

So we shift our strategy from a whitelist-style approach to a
blacklist-style one, where we're willing to let any valid keyword
be used _except_ for ones we know are rooted in abuse, such as
performing SELECT subqueries or relying on SQL injection to blur
the lines between well-defined clauses.

Bug: 146478800, 146482076
Test: atest --test-mapping packages/providers/MediaProvider
Change-Id: Ib57ceab0e229e01177cabd8277f3c989c817b10c

0 files changed, 0 insertions, 0 deletions