Reputation: 4154
Android provider path for camera and security
I followed this article to take picture in my application, however in the article the author gives the path . for the FileProvider.
<?xml version="1.0" encoding="utf-8"?>
<paths xmlns:android="http://schemas.android.com/apk/res/android">
<external-path name="external_files" path="."/>
</paths>
To what corresponds exactly . and can it be a security issue?
Upvotes: 0
Views: 190
Answers (1)
Reputation: 1007099
To what corresponds exactly
.
It refers to the directory identified by your element. In the case of <external-path>, that is Environment.getExternalStorageDirectory().
If, instead of ., you had foo, that would point to a foo/ subdirectory under the directory identified by your element.
can it be a security issue?
Only if you do something really strange in your Java code.
A FileProvider cannot be exported. The only things that can access content served by that provider are:
- Your app
- Any apps to which you grant permission from the Java code in your app
Typically, you grant permission via FLAG_GRANT_READ_URI_PERMISSION and/or FLAG_GRANT_WRITE_URI_PERMISSION on an Intent. This grants read or write access to the one app that processes the Intent for the Uri that is inside that Intent. This is a very limited permission grant, and it is necessary for you to successfully use the FileProvider.
If you find yourself granting permissions in other ways, to more apps and for more content, then perhaps there is a security issue. But, again, it is tied to your Java code, not so much the FileProvider metadata.
Upvotes: 1
Related Questions
- Android camera intent
- open camera using intent
- Using intent to use Camera in Android
- Photo intent, don't understand the path
- Intent does not set the camera parameters
- Restricting Android camera
- Android - take picture - pass uri to camera app
- Android camera intents
- Android device specific camera path in android
- Camera intent android