Android - file provider - permission denial

Question

I have two apps : app1 and app2.

App2 has :

<provider
        android:name="android.support.v4.content.FileProvider"
        android:authorities="com.android.provider.ImageSharing"
        android:exported="false"
        android:grantUriPermissions="true" >
        <meta-data
            android:name="android.support.FILE_PROVIDER_PATHS"
            android:resource="@xml/paths" />
</provider>

paths.xml :

<paths>

     <files-path name="my_images" path="images/"/>

</paths>

App2 receives request in its Activity from App1 to get URI for an image. The App2 Activity does the following once URI is decided :

Intent intent = new Intent();

intent.setDataAndType(contentUri, getContentResolver().getType(contentUri));

int uid = Binder.getCallingUid();
String callingPackage = getPackageManager().getNameForUid(uid);

getApplicationContext().grantUriPermission(callingPackage, contentUri,
                    Intent.FLAG_GRANT_READ_URI_PERMISSION);

setResult(Activity.RESULT_OK, intent);
finish();

On receiving the result back from App2, App1 does the following :

Uri imageUri = data.getData();
if(imageUri != null) {
    ImageView iv = (ImageView) layoutView.findViewById(R.id.imageReceived);
    iv.setImageURI(imageUri);
}

In App1, on returning from App2, I get the following exception :

java.lang.SecurityException: Permission Denial: opening provider android.support.v4.content.FileProvider from ProcessRecord{52a99eb0 3493:com.android.App1.app/u0a57} (pid=3493, uid=10057) that is not exported from uid 10058

What am I doing wrong ?

Answer 1

If anyone is getting this issue on new versions of Android, make sure that the authority string that you are passing to getUriForFile() is the same as what you declared in the manifest file.

Answer 2

Make sure the authority string is unique per app. I cloned another app with the same authority string which caused the error

File file = new File("whatever");
URI uri = FileProvider.getUriForFile(context, "unique authority string", file);

Answer 3

I got it that way

try{
    Intent(MediaStore.ACTION_IMAGE_CAPTURE).also { takePictureIntent ->
        takePictureIntent.resolveActivity(packageManager)?.also {
                val photoFile: File? = try {
                    createImageFile()
                } catch (ex: IOException) {
                    null
                }
            photoFile?.also {
                val photoURI: Uri = FileProvider.getUriForFile(
                    this,
                    "$packageName.fileprovider",
                    it
                )
                    if (Build.VERSION.SDK_INT <= Build.VERSION_CODES.LOLLIPOP) {
                        val permissionTemp =  Intent.FLAG_GRANT_READ_URI_PERMISSION and Intent.FLAG_GRANT_WRITE_URI_PERMISSION
                        grantUriPermission(packageName, Uri.fromFile(photoFile), permissionTemp)
                        takePictureIntent.putExtra(MediaStore.EXTRA_OUTPUT, Uri.fromFile(photoFile))
                    }else{
                        takePictureIntent.putExtra(MediaStore.EXTRA_OUTPUT, photoURI)
                    }
                startActivityForResult(takePictureIntent, REQUEST_IMAGE_CAPTURE)
            }
        }
    }
}
    catch (ex: IOException){
    Log.d("IOException", "${ex.printStackTrace()}")
}

file_provider_paths.xml

<paths>
   <external-files-path name="my_images" path="/" />
   <external-path name="my_images" path="/"/>
   <external-path name="external" path="." />
   <external-files-path name="external_files" path="." />
   <files-path name="files" path="." />
</paths>

and then just follow the documentation Take photos

Answer 4

in my case I was to share a picture with text and solution was to add both flags, read FLAG_GRANT_READ_URI_PERMISSION and write FLAG_GRANT_WRITE_URI_PERMISSION as below:

        Intent intent = new Intent(android.content.Intent.ACTION_SEND);
    intent.putExtra(Intent.EXTRA_STREAM, uri);
    intent.addFlags(Intent.FLAG_GRANT_READ_URI_PERMISSION);
    intent.addFlags(Intent.FLAG_GRANT_WRITE_URI_PERMISSION);
    intent.setType("image/png");
    intent.putExtra(android.content.Intent.EXTRA_SUBJECT, getString(R.string.txtShareAppTitle));
    intent.putExtra(Intent.EXTRA_TEXT, getString(R.string.txtShareApp) ;
    startActivity(intent);

Answer 5

How you can capture image using camera on Nougat using File Provider.

To read about about file provider follow this link File Provider

,and kit kat and marshmallow follow these steps. First of all ad tag provider under application tag in MainfestFile.

 <provider
        android:name="android.support.v4.content.FileProvider"
        android:authorities="${applicationId}.provider"
        android:exported="false"
        android:grantUriPermissions="true">
        <meta-data
            android:name="android.support.FILE_PROVIDER_PATHS"
            android:resource="@xml/provider_paths"/>
    </provider>

create a file name with (provider_paths.xml) under res folder

<paths xmlns:android="http://schemas.android.com/apk/res/android">
<external-path name="external_files" path="."/>

I have solved this issue it comes on kit kitkat version

private void takePicture() {
    Intent takePictureIntent = new Intent(MediaStore.ACTION_IMAGE_CAPTURE);
    if (takePictureIntent.resolveActivity(getPackageManager()) != null) {
        Uri photoURI = null;
        try {
            File photoFile = createImageFileWith();
            path = photoFile.getAbsolutePath();
            photoURI = FileProvider.getUriForFile(MainActivity.this,
                    getString(R.string.file_provider_authority),
                    photoFile);

        } catch (IOException ex) {
            Log.e("TakePicture", ex.getMessage());
        }
        takePictureIntent.putExtra(MediaStore.EXTRA_OUTPUT, photoURI);
        if (Build.VERSION.SDK_INT <= Build.VERSION_CODES.LOLLIPOP) {
            takePictureIntent.setClipData(ClipData.newRawUri("", photoURI));
            takePictureIntent.addFlags(Intent.FLAG_GRANT_WRITE_URI_PERMISSION|Intent.FLAG_GRANT_READ_URI_PERMISSION);
        }
        startActivityForResult(takePictureIntent, PHOTO_REQUEST_CODE);
    }
}

  private File createImageFile() throws IOException {
    // Create an image file name
    String timeStamp = new SimpleDateFormat("yyyyMMdd_HHmmss", Locale.ENGLISH).format(new Date());
    String imageFileName = "JPEG_" + timeStamp + "_";
    File storageDir = new File(Environment.getExternalStoragePublicDirectory(
            Environment.DIRECTORY_DCIM), "Camera");
    File image = File.createTempFile(
            imageFileName,  /* prefix */
            ".jpg",         /* suffix */
            storageDir      /* directory */
    );

    // Save a file: path for use with ACTION_VIEW intents
    mCurrentPhotoPath = "file:" + image.getAbsolutePath();
    return image;
}

Answer 6

Thanks, @CommonsWare for this advice.

My problem was with the calling package. For some reason, Binder.callingUid() and getPackageManager().getNameForUid(uid) was giving me package name of App2 instead of App1.

I tried calling it in App2's onCreate as well as onResume, but no joy.

I used the following to solve it :

getApplicationContext().grantUriPermission(getCallingPackage(), 
          contentUri, Intent.FLAG_GRANT_READ_URI_PERMISSION);

Turns out, activity has dedicated API for this. See here.

Answer 7

Android <= Lollipop (API 22)

There's a great article by Lorenzo Quiroli that solves this issue for older Android versions.

He discovered that you need to manually set the ClipData of the Intent and set the permissions for it, like so:

if ( Build.VERSION.SDK_INT <= Build.VERSION_CODES.LOLLIPOP ) {
    takePictureIntent.setClipData( ClipData.newRawUri( "", photoURI ) );
    takePictureIntent.addFlags( Intent.FLAG_GRANT_WRITE_URI_PERMISSION|Intent.FLAG_GRANT_READ_URI_PERMISSION );
}

I tested this on API 17 and it worked great. Couldn't find a solution anywhere that worked.

Answer 8

I solved the problem that way:

        Intent sIntent = new Intent("com.appname.ACTION_RETURN_FILE").setData(uri);
        List<ResolveInfo> resInfoList = activity.getPackageManager().queryIntentActivities(sIntent, PackageManager.MATCH_DEFAULT_ONLY);
        for (ResolveInfo resolveInfo : resInfoList) {
            activity.grantUriPermission(FILE_PROVIDER_ID, uri, Intent.FLAG_GRANT_WRITE_URI_PERMISSION | Intent.FLAG_GRANT_READ_URI_PERMISSION);
        }
        sIntent.addFlags(Intent.FLAG_GRANT_READ_URI_PERMISSION);
        activity.setResult(RESULT_OK, sIntent);

Answer 9

You need to set permission of specific package name, after that you can able to access it..

context.grantUriPermission("com.android.App1.app", fileUri, Intent.FLAG_GRANT_WRITE_URI_PERMISSION | Intent.FLAG_GRANT_READ_URI_PERMISSION);

Answer 10

Just add setData(contentUri); and based on requirement add addFlags(Intent.FLAG_GRANT_READ_URI_PERMISSION); or addFlags(Intent.FLAG_GRANT_WRITE_URI_PERMISSION);

This solves the java.lang.SecurityException: Permission Denial

Verified.

This is done as per https://developer.android.com/reference/android/support/v4/content/FileProvider.html#Permissions

Answer 11

Turns out the only way to solve this is to grant permissions to all of the packages that might need it, like this:

List<ResolveInfo> resInfoList = context.getPackageManager().queryIntentActivities(intent, PackageManager.MATCH_DEFAULT_ONLY);
for (ResolveInfo resolveInfo : resInfoList) {
    String packageName = resolveInfo.activityInfo.packageName;
    context.grantUriPermission(packageName, uri, Intent.FLAG_GRANT_WRITE_URI_PERMISSION | Intent.FLAG_GRANT_READ_URI_PERMISSION);
}

Answer 12

First, I would try switching away from grantUriPermission() and simply put the FLAG_GRANT_READ_URI_PERMISSION on the Intent itself via addFlags() or setFlag().

If for some reason that does not work, you could try moving your getCallingUid() logic into onCreate() instead of wherever you have it, and see if you can find out the actual "caller" there.