Home > Back-end >  Grant read access to FileProvider to any client app without knowing their package name
Grant read access to FileProvider to any client app without knowing their package name

Time:01-13

In the context of a MediaBrowserService for audio playback I need to provide image files via a ContentProvider (FileProvider). The URIs are propagated via meta data related to media browsing and playback. There are no Intents involved.

I need to grant read permission to any client app that tries to access the image files. As far as I can tell the only way to grant permission is via Context.grantUriPermission(). This involves knowing the package name of the client app. And that is my problem: at the time the URI is prepared and added to the meta data, I don't know (reliably) which apps will access the content.

To be more conrete: In an Android Automotive OS environment, the system media browser app will browse my content. It won't render images provided as Bitmap objects or images represented as online URLs. The only way I found to make it render images is via ContentProvider URIs. I do know the package name of the system media browser during browsing so granting file read permission works fine here.

But there are multiple apps accessing the meta data involved during playback. For instance the launcher app displays information about the media that is currently played. The launcher crashes trying to access the media art.

I do know the package names of the apps involved an could just hard code them. I guess I don't need to explain why I don't want to do that. I could query the package names of all apps installed on the device (at least that's what I assume), but that doesn't feel appropriate. Also theoretically additional related apps might be installed on the device later and then they will lack the required permission.

What I am looking for is a clean way to determine the package names of any app trying to access my FileProvider so I can grant read permission to it. Or any other way to grant read permission. In fact, I don't want to prohibit read access to the provider at all, so I would prefer to export the ContentProvider but that's not allowed anymore. Can anybody help me out here please?

CodePudding user response:

FileProvider does not support your scenario, due to decisions made by its developers.

As blackapps mentioned in a comment, you will need to create a custom ContentProvider that happens to serve files. Then you can elect to export that provider and not apply a read permission to it. However, be very careful that your ContentProvider only serves files that you want it to, and that attackers cannot use hacks like ../ in path segments to trick you into serving files outside of those.

  • Related