与 FileProvider 共享文件时，带有 grantUriPermission 的 SecurityException [英] SecurityException with grantUriPermission when sharing a file with FileProvider

问题描述

我有两个应用程序.我正在尝试使用 FileProvider 将文件从应用程序 A 共享到应用程序 B.应用程序 A 调用应用程序 B 中的 ContentProvider 上的 insert 方法插入一条记录.插入的数据包括我想从 App A 共享的文件的 Uri.然后 App B 中的 ContentProvider 会尝试从 App A 读取共享文件.由于我没有使用 Intent 来共享文件，因此我在 App A 中调用 Context.grantUriPermission 以允许读取(有时写入):

I have two applications. I'm trying to share a file from application A to application B using a FileProvider. Application A calls the insert method on a ContentProvider in Application B to insert a record. The data inserted includes the Uri to the file I want to share from App A. The ContentProvider in App B would then try to read the shared file from App A. Since I'm not using an Intent to share the file, I'm calling Context.grantUriPermission in App A to allow the read (and at times write):

mContext.grantUriPermission(MyPackageName, contentUri, Intent.FLAG_GRANT_READ_URI_PERMISSION | Intent.FLAG_GRANT_WRITE_URI_PERMISSION);

然而，执行这一行给了我(为了保护无辜者而改变名字):

However, executing this line gives me (Names changed to protect the innocent):

java.lang.SecurityException: Uid 10066 does not have permission to uri content://au.com.example.AppA.fileprovider/MyFolder/MyFileName
at android.os.Parcel.readException(Parcel.java:1322)
at android.os.Parcel.readException(Parcel.java:1276)
at android.app.ActivityManagerProxy.grantUriPermission(ActivityManagerNative.java:2374)
at android.app.ContextImpl.grantUriPermission(ContextImpl.java:1371)
at android.content.ContextWrapper.grantUriPermission(ContextWrapper.java:400)
at etc...

App A 在 Manifest 文件中有以下内容:

App A has the following in the Manifest file:

<provider
    android:name="android.support.v4.content.FileProvider"
    android:authorities="au.com.example.AppA.fileprovider"
    android:exported="false"
    android:grantUriPermissions="true"
    android:readPermission="au.com.example.READ_CONTENT"
    android:writePermission="au.com.example.WRITE_CONTENT" >
    <meta-data
        android:name="android.support.FILE_PROVIDER_PATHS"
        android:resource="@xml/filepaths" />
</provider>

filepaths.xml 具有:

filepaths.xml has:

<paths>
    <files-path
        name="MyFolder"
        path="MyFolder/" />
</paths>

App A 和 App B 都有以下内容:

Both App A and App B have the following:

<uses-permission android:name="au.com.example.READ_CONTENT" />
<uses-permission android:name="au.com.example.WRITE_CONTENT" />

我已尝试在两个应用中定义权限.它们都使用相同的调试签名进行签名:

I've tried defining the permissions in both apps. They are both signed with the same debug signature:

<permission
    android:name="au.com.example.READ_CONTENT"
    android:permissionGroup="MyGroup"
    android:protectionLevel="signature" >
</permission>
<permission
    android:name="au.com.example.WRITE_CONTENT"
    android:permissionGroup="MyGroup"
    android:protectionLevel="signature" >
</permission>

文件最终的实际路径是:

The actual path the file ends up in is:

/data/data/au.com.example.AppA/files/MyFolder

在这一点上我被难住了.我不知道为什么我不能授予我刚刚在同一个应用程序中创建的文件的权限.所以我的问题是:为什么我会收到此异常以及如何成功授予 App B 权限?

At this point I'm stumped. I don't know why I can't grant permission for a file I just created within the same application. So my questions are: Why am I getting this exception and how can I successfully grant permission to App B?

推荐答案

好吧，经过一周的反复试验，似乎答案是不指定权限.所以 App A Manifest 应该包含:

Well, after a week and a lot of trial and error, it seems the answer is to not specify permissions. So the App A Manifest should instead contain:

<provider
    android:name="android.support.v4.content.FileProvider"
    android:authorities="au.com.example.AppA.fileprovider"
    android:exported="false"
    android:grantUriPermissions="true" >
    <meta-data
        android:name="android.support.FILE_PROVIDER_PATHS"
        android:resource="@xml/filepaths" />
</provider>

即，我删除了读写权限.我最初的理解是，并且未能找到另有说明的文档，这些是限制访问所必需的.但是，我发现它们实际上会干扰并导致 Context.grantUriPermission 失败.访问已经受到限制.

ie, I removed the read and write permissions. My initial understanding, and failing to find documentation that said otherwise, was these were necessary to restrict access. However, I've found they actually interfere and cause Context.grantUriPermission to fail. Access is limited already.

为了完成图片并回答我问题的第二部分，我发现了以下内容:

To complete the picture, and answer the second part of my question, I found the following:

Android 权限在 Widget RemoteViewsFactory for Content 中拒绝

我不得不补充:

final long token = Binder.clearCallingIdentity();
try {
    [retrieve file here]
} finally {
    Binder.restoreCallingIdentity(token);
}

发送给 App B 中的 Content Provider.否则也会出现安全错误.

to the Content Provider in App B. Otherwise it would get security errors as well.

这篇关于与 FileProvider 共享文件时，带有 grantUriPermission 的 SecurityException的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！