2

I have built a signed application (system application) with a shared user id android.uid.system. It contains a FileProvider, which I need for a package install intent.

When I try to install the application with the package install intent the following error occurs.

2020-01-16 23:44:48.506 5305-16771/com.google.android.packageinstaller W/InstallStaging: Error staging apk from content URI
    java.lang.SecurityException: Permission Denial: opening provider com.example.example.CustomFileProvider from ProcessRecord{5bd7399 5305:com.google.android.packageinstaller/u0a13} (pid=5305, uid=10013) that is not exported from UID 1000
        at android.os.Parcel.readException(Parcel.java:2004)
        at android.os.Parcel.readException(Parcel.java:1950)
        at android.app.IActivityManager$Stub$Proxy.getContentProvider(IActivityManager.java:4758)
        at android.app.ActivityThread.acquireProvider(ActivityThread.java:5836)
        at android.app.ContextImpl$ApplicationContentResolver.acquireUnstableProvider(ContextImpl.java:2526)
        at android.content.ContentResolver.acquireUnstableProvider(ContentResolver.java:1780)
        at android.content.ContentResolver.openTypedAssetFileDescriptor(ContentResolver.java:1394)
        at android.content.ContentResolver.openAssetFileDescriptor(ContentResolver.java:1247)
        at android.content.ContentResolver.openInputStream(ContentResolver.java:967)
        at com.android.packageinstaller.InstallStaging$StagingAsyncTask.doInBackground(InstallStaging.java:167)
        at com.android.packageinstaller.InstallStaging$StagingAsyncTask.doInBackground(InstallStaging.java:161)
        at android.os.AsyncTask$2.call(AsyncTask.java:333)
        at java.util.concurrent.FutureTask.run(FutureTask.java:266)
        at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:245)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1162)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:636)
        at java.lang.Thread.run(Thread.java:764)

However, the package install works if I remove the shared user id (convert it to a user application instead of the system).

AndroidManifest:

<manifest xmlns:android="http://schemas.android.com/apk/res/android"
    xmlns:tools="http://schemas.android.com/tools"
    package="com.example.example"
    android:sharedUserId="android.uid.system">
    ...

<provider
   android:name="com.example.example.CustomFileProvider"
   android:authorities="${applicationId}.provider"
   android:exported="false"
   android:grantUriPermissions="true">
   <meta-data
      android:name="android.support.FILE_PROVIDER_PATHS"
      android:resource="@xml/provider_paths" />
</provider>

Provider Paths:

<?xml version="1.0" encoding="utf-8"?>
<paths>
    <external-path name="external_files" path="."/>
    <files-path name="files" path="." />
</paths>

PackageInstall:

private static void OpenNewVersion(String location) {
       Intent intent = new Intent("android.intent.action.VIEW");
       intent.setDataAndType(getUriFromFile(location), "application/vnd.android.package-archive");
       intent.addFlags(FLAG_GRANT_READ_URI_PERMISSION);
       intent.setFlags(FLAG_ACTIVITY_NEW_TASK);
       activity.startActivity(intent);
       activity.finish();
   }

   private static Uri getUriFromFile(String location) {
       return CustomFileProvider.getUriForFile(activity, activity.getApplicationContext().getPackageName() + ".provider", new File(location + fileName));
   }

CustomFileProvider:

package com.example.example;

import android.support.v4.content.FileProvider;

public class CustomFileProvider extends FileProvider {}

I don't understand why I can't use a FileProvider as a system application. Is there a fix for this?

Santanu Sur
  • 10,997
  • 7
  • 33
  • 52
Robbin
  • 21
  • 1
  • 4
  • Does this answer your question? [Android - file provider - permission denial](https://stackoverflow.com/questions/24467696/android-file-provider-permission-denial) – Sam Jul 26 '22 at 23:42

2 Answers2

0

The FileProvider works if you change exported to true in the AndroidManifest.xml.

Like this:

<provider
   android:name="com.example.example.CustomFileProvider"
   android:authorities="${applicationId}.provider"
   android:exported="true"
   android:grantUriPermissions="true">
   <meta-data
      android:name="android.support.FILE_PROVIDER_PATHS"
      android:resource="@xml/provider_paths" />
</provider>

However, this creates a huge security risk. If you change it to true, all other apps will be able to use your FileProvider without being given permission.

So I decided to create my own installer. This way I don't have to use the FileProvider.

Details: How to Update Android App Silently Without User Interaction

I used a ProgressDialog to show the user the installation progress.

Robbin
  • 21
  • 1
  • 4
  • Wow! A simple and common thing that should work out of the box is causing so much hassle for so many developers.... Apparently, Google doesn't care at all. – doctorram Sep 28 '21 at 18:08
  • This doesn't work anymore. On Android 13 (maybe also earlier) you get this when the app starts - RuntimeException: Unable to get provider androidx.core.content.FileProvider: java.lang.SecurityException: Provider must not be exported – grebulon Nov 14 '22 at 13:25
  • 1
    Does not work on Android 11. Now we get: java.lang.SecurityException: Provider must not be exported – Brent K. Jan 30 '23 at 20:25
-1

frameworks\base\services\core\java\com\android\server\uri\UriGrantsManagerService.java

    /**
 * Check if the targetPkg can be granted permission to access uri by
 * the callingUid using the given modeFlags.  Throws a security exception
 * if callingUid is not allowed to do this.  Returns the uid of the target
 * if the URI permission grant should be performed; returns -1 if it is not
 * needed (for example targetPkg already has permission to access the URI).
 * If you already know the uid of the target, you can supply it in
 * lastTargetUid else set that to -1.
 */
int checkGrantUriPermission(int callingUid, String targetPkg, GrantUri grantUri,
        final int modeFlags, int lastTargetUid) {
    if (!Intent.isAccessUriMode(modeFlags)) {
        return -1;
    }

    if (targetPkg != null) {
        if (DEBUG) Slog.v(TAG, "Checking grant " + targetPkg + " permission to " + grantUri);
    }

    final IPackageManager pm = AppGlobals.getPackageManager();

    // If this is not a content: uri, we can't do anything with it.
    if (!ContentResolver.SCHEME_CONTENT.equals(grantUri.uri.getScheme())) {
        if (DEBUG) Slog.v(TAG, "Can't grant URI permission for non-content URI: " + grantUri);
        return -1;
    }

    // Bail early if system is trying to hand out permissions directly; it
    // must always grant permissions on behalf of someone explicit.
    final int callingAppId = UserHandle.getAppId(callingUid);
    if ((callingAppId == SYSTEM_UID) || (callingAppId == ROOT_UID)) {
        if ("com.android.settings.files".equals(grantUri.uri.getAuthority())
                || "com.android.settings.module_licenses".equals(grantUri.uri.getAuthority())
                ) {
            // Exempted authority for
            // 1. cropping user photos and sharing a generated license html
            //    file in Settings app
            // 2. sharing a generated license html file in TvSettings app
            // 3. Sharing module license files from Settings app
        } else {
            Slog.w(TAG, "For security reasons, the system cannot issue a Uri permission"
                    + " grant to " + grantUri + "; use startActivityAsCaller() instead");
            return -1;
        }
    }
linton
  • 1
  • 1
    Code only solution is welcome but context should be added. I see that you have commented the code but can you please elaborate your answer by adding some context/text. How your solution will resolve the problem? – Ankit Singh May 15 '20 at 07:25