权限拒绝:打开未从 UID 1000 导出的提供程序

Permission Denial: opening provider that is not exported from UID 1000

我已经使用共享用户 ID android.uid.system 构建了一个已签名的应用程序(系统应用程序)。它包含一个 FileProvider,我需要一个 package install intent

当我尝试使用包安装意图安装应用程序时,出现以下错误。

2020-01-16 23:44:48.506 5305-16771/com.google.android.packageinstaller W/InstallStaging: Error staging apk from content URI
    java.lang.SecurityException: Permission Denial: opening provider com.example.example.CustomFileProvider from ProcessRecord{5bd7399 5305:com.google.android.packageinstaller/u0a13} (pid=5305, uid=10013) that is not exported from UID 1000
        at android.os.Parcel.readException(Parcel.java:2004)
        at android.os.Parcel.readException(Parcel.java:1950)
        at android.app.IActivityManager$Stub$Proxy.getContentProvider(IActivityManager.java:4758)
        at android.app.ActivityThread.acquireProvider(ActivityThread.java:5836)
        at android.app.ContextImpl$ApplicationContentResolver.acquireUnstableProvider(ContextImpl.java:2526)
        at android.content.ContentResolver.acquireUnstableProvider(ContentResolver.java:1780)
        at android.content.ContentResolver.openTypedAssetFileDescriptor(ContentResolver.java:1394)
        at android.content.ContentResolver.openAssetFileDescriptor(ContentResolver.java:1247)
        at android.content.ContentResolver.openInputStream(ContentResolver.java:967)
        at com.android.packageinstaller.InstallStaging$StagingAsyncTask.doInBackground(InstallStaging.java:167)
        at com.android.packageinstaller.InstallStaging$StagingAsyncTask.doInBackground(InstallStaging.java:161)
        at android.os.AsyncTask.call(AsyncTask.java:333)
        at java.util.concurrent.FutureTask.run(FutureTask.java:266)
        at android.os.AsyncTask$SerialExecutor.run(AsyncTask.java:245)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1162)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:636)
        at java.lang.Thread.run(Thread.java:764)

但是,如果我删除共享用户 ID(将其转换为用户应用程序而不是系统),程序包安装会起作用。

AndroidManifest:

<manifest xmlns:android="http://schemas.android.com/apk/res/android"
    xmlns:tools="http://schemas.android.com/tools"
    package="com.example.example"
    android:sharedUserId="android.uid.system">
    ...

<provider
   android:name="com.example.example.CustomFileProvider"
   android:authorities="${applicationId}.provider"
   android:exported="false"
   android:grantUriPermissions="true">
   <meta-data
      android:name="android.support.FILE_PROVIDER_PATHS"
      android:resource="@xml/provider_paths" />
</provider>

提供商路径:

<?xml version="1.0" encoding="utf-8"?>
<paths>
    <external-path name="external_files" path="."/>
    <files-path name="files" path="." />
</paths>

软件包安装:

private static void OpenNewVersion(String location) {
       Intent intent = new Intent("android.intent.action.VIEW");
       intent.setDataAndType(getUriFromFile(location), "application/vnd.android.package-archive");
       intent.addFlags(FLAG_GRANT_READ_URI_PERMISSION);
       intent.setFlags(FLAG_ACTIVITY_NEW_TASK);
       activity.startActivity(intent);
       activity.finish();
   }

   private static Uri getUriFromFile(String location) {
       return CustomFileProvider.getUriForFile(activity, activity.getApplicationContext().getPackageName() + ".provider", new File(location + fileName));
   }

自定义文件提供者:

package com.example.example;

import android.support.v4.content.FileProvider;

public class CustomFileProvider extends FileProvider {} 

我不明白为什么我不能将 FileProvider 作为系统应用程序使用。有解决办法吗?

如果您在 AndroidManifest.xml 中将 exported 更改为 true,FileProvider 会起作用。

像这样:

<provider
   android:name="com.example.example.CustomFileProvider"
   android:authorities="${applicationId}.provider"
   android:exported="true"
   android:grantUriPermissions="true">
   <meta-data
      android:name="android.support.FILE_PROVIDER_PATHS"
      android:resource="@xml/provider_paths" />
</provider>

但是,这会造成巨大的安全风险。如果您将其更改为 true,所有其他应用程序将能够在未获得许可的情况下使用您的 FileProvider

所以我决定创建自己的安装程序。这样我就不必使用 FileProvider.

详情: How to Update Android App Silently Without User Interaction

我用了一个ProgressDialog来给用户显示安装进度。

frameworks\base\services\core\java\com\android\server\uri\UriGrantsManagerService.java

    /**
 * Check if the targetPkg can be granted permission to access uri by
 * the callingUid using the given modeFlags.  Throws a security exception
 * if callingUid is not allowed to do this.  Returns the uid of the target
 * if the URI permission grant should be performed; returns -1 if it is not
 * needed (for example targetPkg already has permission to access the URI).
 * If you already know the uid of the target, you can supply it in
 * lastTargetUid else set that to -1.
 */
int checkGrantUriPermission(int callingUid, String targetPkg, GrantUri grantUri,
        final int modeFlags, int lastTargetUid) {
    if (!Intent.isAccessUriMode(modeFlags)) {
        return -1;
    }

    if (targetPkg != null) {
        if (DEBUG) Slog.v(TAG, "Checking grant " + targetPkg + " permission to " + grantUri);
    }

    final IPackageManager pm = AppGlobals.getPackageManager();

    // If this is not a content: uri, we can't do anything with it.
    if (!ContentResolver.SCHEME_CONTENT.equals(grantUri.uri.getScheme())) {
        if (DEBUG) Slog.v(TAG, "Can't grant URI permission for non-content URI: " + grantUri);
        return -1;
    }

    // Bail early if system is trying to hand out permissions directly; it
    // must always grant permissions on behalf of someone explicit.
    final int callingAppId = UserHandle.getAppId(callingUid);
    if ((callingAppId == SYSTEM_UID) || (callingAppId == ROOT_UID)) {
        if ("com.android.settings.files".equals(grantUri.uri.getAuthority())
                || "com.android.settings.module_licenses".equals(grantUri.uri.getAuthority())
                ) {
            // Exempted authority for
            // 1. cropping user photos and sharing a generated license html
            //    file in Settings app
            // 2. sharing a generated license html file in TvSettings app
            // 3. Sharing module license files from Settings app
        } else {
            Slog.w(TAG, "For security reasons, the system cannot issue a Uri permission"
                    + " grant to " + grantUri + "; use startActivityAsCaller() instead");
            return -1;
        }
    }