I have a content provider class implemented as a static Java library, and App-A is linking to the library and storing the data in the provider. App-A is defining the content provider in its manifest as below with custom read and write permission. Everything is fine with App-A.
APP-A Manifest: <?xml version="1.0" encoding="utf-8"?> <manifest xmlns:android="http://schemas.android.com/apk/res/android"; package="com.example.Arithmetic.app"> <uses-sdk android:minSdkVersion="16" android:targetSdkVersion="23" /> <application android:allowBackup="true" android:icon="@mipmap/ic_launcher" android:label="@string/app_name" android:supportsRtl="true" android:theme="@style/AppTheme"> <activity android:name=".MyArithmeticActivity"> <intent-filter> <action android:name="android.intent.action.MAIN" /> <category android:name="android.intent.category.LAUNCHER" /> </intent-filter> </activity> <permission android:name="com.example.database.MyContentProvider.READ" android:label= "MyContentProvider_READ_label" android:protectionLevel="normal"/> <permission android:name="com.example.database.MyContentProvider.WRITE" android:label= "MyContentProvider_WRITE_label" android:protectionLevel="normal"/> <provider android:name="com.example.database.MyContentProvider" android:authorities="com.example.database.MyContentProvider" android:enabled="true" android:exported="true" android:grantUriPermissions="true" android:protectionLevel="normal" android:readPermission="com.example.database.MyContentProvider.READ" android:writePermission="com.example.database.MyContentProvider.WRITE" > </application> </manifest> And in App-B, I want to access the content provider (com.example.database.MyContentProvider) so I have included that custom permission in the App-B manifest as below. <?xml version="1.0" encoding="utf-8"?> <manifest xmlns:android="http://schemas.android.com/apk/res/android"; package="com.equation.android.helloword" android:versionCode="1" android:versionName="1.0" > <uses-sdk android:minSdkVersion="16" android:targetSdkVersion="23" /> <uses-permission android:name="com.example.database.MyContentProvider.READ"/> <uses-permission android:name="com.example.database.MyContentProvider.WRITE"/> <application android:allowBackup="true" android:icon="@drawable/ic_launcher" android:label="@string/app_name" android:theme="@style/AppTheme" > <activity android:name="com.equation.android.helloword.MainActivity" android:label="@string/title_activity_main" > <intent-filter> <action android:name="android.intent.action.MAIN" /> <category android:name="android.intent.category.LAUNCHER" /> </intent-filter> </activity> </application> </manifest> But when App-B access content provider, below security exception was thrown at run time. What I am doing wrong?, just for testing, if I change the permission of the content provider to any of the system defined permission (e.g android.permission.READ_USER_DICTIONARY) like below App-B able to access the provider using android.permission.READ_USER_DICTIONARY permission, Similarly if App-A don't define any permission for the content provider, App-B is able to access the provider (expected obviously), so why App-B is NOT able to access provider when its protected by custom permission. <provider android:name="com.example.database.MyContentProvider" android:authorities="com.example.database.MyContentProvider" android:enabled="true" android:exported="true" android:grantUriPermissions="true" android:protectionLevel="normal" android:readPermission="android.permission.READ_USER_DICTIONARY" android:writePermission="android.permission.READ_USER_DICTIONARY" > Exception I get from App-B when its accessing content provider is below. 01-01 02:20:14.381 4594 4594 E AndroidRuntime: FATAL EXCEPTION: main 01-01 02:20:14.381 4594 4594 E AndroidRuntime: Process: com.equation.android.helloword, PID: 4594 01-01 02:20:14.381 4594 4594 E AndroidRuntime: java.lang.SecurityException: Permission Denial: opening provider com.example.database.MyContentProvider from ProcessR ecord{734d867 4594:com.equation.android.helloword/u0a88} (pid=4594, uid=10088) requires com.example.database.MyContentProvider.READ or com.example.database.MyContentProvider.WRITE MY development environment is Android M, SDK version 23. Regards, Senthil. -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to android-security-discuss+unsubscr...@googlegroups.com. Visit this group at https://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/d/optout.
