权限拒绝:打开未从 UID 1000 导出的提供程序
Permission Denial: opening provider that is not exported from UID 1000
我已经使用共享用户 ID android.uid.system 构建了一个已签名的应用程序(系统应用程序)。它包含一个 FileProvider,我需要一个 package install intent。
当我尝试使用包安装意图安装应用程序时,出现以下错误。
2020-01-16 23:44:48.506 5305-16771/com.google.android.packageinstaller W/InstallStaging: Error staging apk from content URI
java.lang.SecurityException: Permission Denial: opening provider com.example.example.CustomFileProvider from ProcessRecord{5bd7399 5305:com.google.android.packageinstaller/u0a13} (pid=5305, uid=10013) that is not exported from UID 1000
at android.os.Parcel.readException(Parcel.java:2004)
at android.os.Parcel.readException(Parcel.java:1950)
at android.app.IActivityManager$Stub$Proxy.getContentProvider(IActivityManager.java:4758)
at android.app.ActivityThread.acquireProvider(ActivityThread.java:5836)
at android.app.ContextImpl$ApplicationContentResolver.acquireUnstableProvider(ContextImpl.java:2526)
at android.content.ContentResolver.acquireUnstableProvider(ContentResolver.java:1780)
at android.content.ContentResolver.openTypedAssetFileDescriptor(ContentResolver.java:1394)
at android.content.ContentResolver.openAssetFileDescriptor(ContentResolver.java:1247)
at android.content.ContentResolver.openInputStream(ContentResolver.java:967)
at com.android.packageinstaller.InstallStaging$StagingAsyncTask.doInBackground(InstallStaging.java:167)
at com.android.packageinstaller.InstallStaging$StagingAsyncTask.doInBackground(InstallStaging.java:161)
at android.os.AsyncTask.call(AsyncTask.java:333)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at android.os.AsyncTask$SerialExecutor.run(AsyncTask.java:245)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1162)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:636)
at java.lang.Thread.run(Thread.java:764)
但是,如果我删除共享用户 ID(将其转换为用户应用程序而不是系统),程序包安装会起作用。
AndroidManifest:
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
xmlns:tools="http://schemas.android.com/tools"
package="com.example.example"
android:sharedUserId="android.uid.system">
...
<provider
android:name="com.example.example.CustomFileProvider"
android:authorities="${applicationId}.provider"
android:exported="false"
android:grantUriPermissions="true">
<meta-data
android:name="android.support.FILE_PROVIDER_PATHS"
android:resource="@xml/provider_paths" />
</provider>
提供商路径:
<?xml version="1.0" encoding="utf-8"?>
<paths>
<external-path name="external_files" path="."/>
<files-path name="files" path="." />
</paths>
软件包安装:
private static void OpenNewVersion(String location) {
Intent intent = new Intent("android.intent.action.VIEW");
intent.setDataAndType(getUriFromFile(location), "application/vnd.android.package-archive");
intent.addFlags(FLAG_GRANT_READ_URI_PERMISSION);
intent.setFlags(FLAG_ACTIVITY_NEW_TASK);
activity.startActivity(intent);
activity.finish();
}
private static Uri getUriFromFile(String location) {
return CustomFileProvider.getUriForFile(activity, activity.getApplicationContext().getPackageName() + ".provider", new File(location + fileName));
}
自定义文件提供者:
package com.example.example;
import android.support.v4.content.FileProvider;
public class CustomFileProvider extends FileProvider {}
我不明白为什么我不能将 FileProvider 作为系统应用程序使用。有解决办法吗?
如果您在 AndroidManifest.xml 中将 exported 更改为 true,FileProvider 会起作用。
像这样:
<provider
android:name="com.example.example.CustomFileProvider"
android:authorities="${applicationId}.provider"
android:exported="true"
android:grantUriPermissions="true">
<meta-data
android:name="android.support.FILE_PROVIDER_PATHS"
android:resource="@xml/provider_paths" />
</provider>
但是,这会造成巨大的安全风险。如果您将其更改为 true,所有其他应用程序将能够在未获得许可的情况下使用您的 FileProvider。
所以我决定创建自己的安装程序。这样我就不必使用 FileProvider.
详情:
How to Update Android App Silently Without User Interaction
我用了一个ProgressDialog来给用户显示安装进度。
frameworks\base\services\core\java\com\android\server\uri\UriGrantsManagerService.java
/**
* Check if the targetPkg can be granted permission to access uri by
* the callingUid using the given modeFlags. Throws a security exception
* if callingUid is not allowed to do this. Returns the uid of the target
* if the URI permission grant should be performed; returns -1 if it is not
* needed (for example targetPkg already has permission to access the URI).
* If you already know the uid of the target, you can supply it in
* lastTargetUid else set that to -1.
*/
int checkGrantUriPermission(int callingUid, String targetPkg, GrantUri grantUri,
final int modeFlags, int lastTargetUid) {
if (!Intent.isAccessUriMode(modeFlags)) {
return -1;
}
if (targetPkg != null) {
if (DEBUG) Slog.v(TAG, "Checking grant " + targetPkg + " permission to " + grantUri);
}
final IPackageManager pm = AppGlobals.getPackageManager();
// If this is not a content: uri, we can't do anything with it.
if (!ContentResolver.SCHEME_CONTENT.equals(grantUri.uri.getScheme())) {
if (DEBUG) Slog.v(TAG, "Can't grant URI permission for non-content URI: " + grantUri);
return -1;
}
// Bail early if system is trying to hand out permissions directly; it
// must always grant permissions on behalf of someone explicit.
final int callingAppId = UserHandle.getAppId(callingUid);
if ((callingAppId == SYSTEM_UID) || (callingAppId == ROOT_UID)) {
if ("com.android.settings.files".equals(grantUri.uri.getAuthority())
|| "com.android.settings.module_licenses".equals(grantUri.uri.getAuthority())
) {
// Exempted authority for
// 1. cropping user photos and sharing a generated license html
// file in Settings app
// 2. sharing a generated license html file in TvSettings app
// 3. Sharing module license files from Settings app
} else {
Slog.w(TAG, "For security reasons, the system cannot issue a Uri permission"
+ " grant to " + grantUri + "; use startActivityAsCaller() instead");
return -1;
}
}
我已经使用共享用户 ID android.uid.system 构建了一个已签名的应用程序(系统应用程序)。它包含一个 FileProvider,我需要一个 package install intent。
当我尝试使用包安装意图安装应用程序时,出现以下错误。
2020-01-16 23:44:48.506 5305-16771/com.google.android.packageinstaller W/InstallStaging: Error staging apk from content URI
java.lang.SecurityException: Permission Denial: opening provider com.example.example.CustomFileProvider from ProcessRecord{5bd7399 5305:com.google.android.packageinstaller/u0a13} (pid=5305, uid=10013) that is not exported from UID 1000
at android.os.Parcel.readException(Parcel.java:2004)
at android.os.Parcel.readException(Parcel.java:1950)
at android.app.IActivityManager$Stub$Proxy.getContentProvider(IActivityManager.java:4758)
at android.app.ActivityThread.acquireProvider(ActivityThread.java:5836)
at android.app.ContextImpl$ApplicationContentResolver.acquireUnstableProvider(ContextImpl.java:2526)
at android.content.ContentResolver.acquireUnstableProvider(ContentResolver.java:1780)
at android.content.ContentResolver.openTypedAssetFileDescriptor(ContentResolver.java:1394)
at android.content.ContentResolver.openAssetFileDescriptor(ContentResolver.java:1247)
at android.content.ContentResolver.openInputStream(ContentResolver.java:967)
at com.android.packageinstaller.InstallStaging$StagingAsyncTask.doInBackground(InstallStaging.java:167)
at com.android.packageinstaller.InstallStaging$StagingAsyncTask.doInBackground(InstallStaging.java:161)
at android.os.AsyncTask.call(AsyncTask.java:333)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at android.os.AsyncTask$SerialExecutor.run(AsyncTask.java:245)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1162)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:636)
at java.lang.Thread.run(Thread.java:764)
但是,如果我删除共享用户 ID(将其转换为用户应用程序而不是系统),程序包安装会起作用。
AndroidManifest:
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
xmlns:tools="http://schemas.android.com/tools"
package="com.example.example"
android:sharedUserId="android.uid.system">
...
<provider
android:name="com.example.example.CustomFileProvider"
android:authorities="${applicationId}.provider"
android:exported="false"
android:grantUriPermissions="true">
<meta-data
android:name="android.support.FILE_PROVIDER_PATHS"
android:resource="@xml/provider_paths" />
</provider>
提供商路径:
<?xml version="1.0" encoding="utf-8"?>
<paths>
<external-path name="external_files" path="."/>
<files-path name="files" path="." />
</paths>
软件包安装:
private static void OpenNewVersion(String location) {
Intent intent = new Intent("android.intent.action.VIEW");
intent.setDataAndType(getUriFromFile(location), "application/vnd.android.package-archive");
intent.addFlags(FLAG_GRANT_READ_URI_PERMISSION);
intent.setFlags(FLAG_ACTIVITY_NEW_TASK);
activity.startActivity(intent);
activity.finish();
}
private static Uri getUriFromFile(String location) {
return CustomFileProvider.getUriForFile(activity, activity.getApplicationContext().getPackageName() + ".provider", new File(location + fileName));
}
自定义文件提供者:
package com.example.example;
import android.support.v4.content.FileProvider;
public class CustomFileProvider extends FileProvider {}
我不明白为什么我不能将 FileProvider 作为系统应用程序使用。有解决办法吗?
如果您在 AndroidManifest.xml 中将 exported 更改为 true,FileProvider 会起作用。
像这样:
<provider
android:name="com.example.example.CustomFileProvider"
android:authorities="${applicationId}.provider"
android:exported="true"
android:grantUriPermissions="true">
<meta-data
android:name="android.support.FILE_PROVIDER_PATHS"
android:resource="@xml/provider_paths" />
</provider>
但是,这会造成巨大的安全风险。如果您将其更改为 true,所有其他应用程序将能够在未获得许可的情况下使用您的 FileProvider。
所以我决定创建自己的安装程序。这样我就不必使用 FileProvider.
详情: How to Update Android App Silently Without User Interaction
我用了一个ProgressDialog来给用户显示安装进度。
frameworks\base\services\core\java\com\android\server\uri\UriGrantsManagerService.java
/**
* Check if the targetPkg can be granted permission to access uri by
* the callingUid using the given modeFlags. Throws a security exception
* if callingUid is not allowed to do this. Returns the uid of the target
* if the URI permission grant should be performed; returns -1 if it is not
* needed (for example targetPkg already has permission to access the URI).
* If you already know the uid of the target, you can supply it in
* lastTargetUid else set that to -1.
*/
int checkGrantUriPermission(int callingUid, String targetPkg, GrantUri grantUri,
final int modeFlags, int lastTargetUid) {
if (!Intent.isAccessUriMode(modeFlags)) {
return -1;
}
if (targetPkg != null) {
if (DEBUG) Slog.v(TAG, "Checking grant " + targetPkg + " permission to " + grantUri);
}
final IPackageManager pm = AppGlobals.getPackageManager();
// If this is not a content: uri, we can't do anything with it.
if (!ContentResolver.SCHEME_CONTENT.equals(grantUri.uri.getScheme())) {
if (DEBUG) Slog.v(TAG, "Can't grant URI permission for non-content URI: " + grantUri);
return -1;
}
// Bail early if system is trying to hand out permissions directly; it
// must always grant permissions on behalf of someone explicit.
final int callingAppId = UserHandle.getAppId(callingUid);
if ((callingAppId == SYSTEM_UID) || (callingAppId == ROOT_UID)) {
if ("com.android.settings.files".equals(grantUri.uri.getAuthority())
|| "com.android.settings.module_licenses".equals(grantUri.uri.getAuthority())
) {
// Exempted authority for
// 1. cropping user photos and sharing a generated license html
// file in Settings app
// 2. sharing a generated license html file in TvSettings app
// 3. Sharing module license files from Settings app
} else {
Slog.w(TAG, "For security reasons, the system cannot issue a Uri permission"
+ " grant to " + grantUri + "; use startActivityAsCaller() instead");
return -1;
}
}