i have file content provider , given other applications open file.
androidmainfest.xml:
<provider android:name="com.sap.mcm.android.content.filecontentprovider" android:authorities="com.sap.mcm.android.provider" android:exported="true" android:granturipermissions="true" <grant-uri-permission android:pathpattern="/unencrypted/" /> </provider> by adding code assume applications has uri permissions can access file content provider open file.
- is assumption right?
- in manner secured interms of attacking vulnerable content providers?
- how test ensure there no security threat using above code?
correct way of exporting provider uri permission
androidmainfest.xml:
<provider android:name="com.sap.mcm.android.content.filecontentprovider" android:authorities="com.sap.mcm.android.provider" android:exported="false" android:granturipermissions="true </provider> open file intent should set below flag intent.setflags(intent.flag_grant_read_uri_permission);
Comments
Post a Comment