I have built a signed application (system application) with a shared user id android.uid.system. It contains a FileProvider, which I need for a package install intent.
When I try to install the application with the package install intent the following error occurs.
2020-01-16 23:44:48.506 5305-16771/com.google.android.packageinstaller W/InstallStaging: Error staging apk from content URI
java.lang.SecurityException: Permission Denial: opening provider com.example.example.CustomFileProvider from ProcessRecord{5bd7399 5305:com.google.android.packageinstaller/u0a13} (pid=5305, uid=10013) that is not exported from UID 1000
at android.os.Parcel.readException(Parcel.java:2004)
at android.os.Parcel.readException(Parcel.java:1950)
at android.app.IActivityManager$Stub$Proxy.getContentProvider(IActivityManager.java:4758)
at android.app.ActivityThread.acquireProvider(ActivityThread.java:5836)
at android.app.ContextImpl$ApplicationContentResolver.acquireUnstableProvider(ContextImpl.java:2526)
at android.content.ContentResolver.acquireUnstableProvider(ContentResolver.java:1780)
at android.content.ContentResolver.openTypedAssetFileDescriptor(ContentResolver.java:1394)
at android.content.ContentResolver.openAssetFileDescriptor(ContentResolver.java:1247)
at android.content.ContentResolver.openInputStream(ContentResolver.java:967)
at com.android.packageinstaller.InstallStaging$StagingAsyncTask.doInBackground(InstallStaging.java:167)
at com.android.packageinstaller.InstallStaging$StagingAsyncTask.doInBackground(InstallStaging.java:161)
at android.os.AsyncTask$2.call(AsyncTask.java:333)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:245)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1162)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:636)
at java.lang.Thread.run(Thread.java:764)
However, the package install works if I remove the shared user id (convert it to a user application instead of the system).
AndroidManifest:
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
xmlns:tools="http://schemas.android.com/tools"
package="com.example.example"
android:sharedUserId="android.uid.system">
...
<provider
android:name="com.example.example.CustomFileProvider"
android:authorities="${applicationId}.provider"
android:exported="false"
android:grantUriPermissions="true">
<meta-data
android:name="android.support.FILE_PROVIDER_PATHS"
android:resource="@xml/provider_paths" />
</provider>
Provider Paths:
<?xml version="1.0" encoding="utf-8"?>
<paths>
<external-path name="external_files" path="."/>
<files-path name="files" path="." />
</paths>
PackageInstall:
private static void OpenNewVersion(String location) {
Intent intent = new Intent("android.intent.action.VIEW");
intent.setDataAndType(getUriFromFile(location), "application/vnd.android.package-archive");
intent.addFlags(FLAG_GRANT_READ_URI_PERMISSION);
intent.setFlags(FLAG_ACTIVITY_NEW_TASK);
activity.startActivity(intent);
activity.finish();
}
private static Uri getUriFromFile(String location) {
return CustomFileProvider.getUriForFile(activity, activity.getApplicationContext().getPackageName() + ".provider", new File(location + fileName));
}
CustomFileProvider:
package com.example.example;
import android.support.v4.content.FileProvider;
public class CustomFileProvider extends FileProvider {}
I don't understand why I can't use a FileProvider as a system application. Is there a fix for this?
The FileProvider works if you change exported to true in the AndroidManifest.xml.
Like this:
<provider
android:name="com.example.example.CustomFileProvider"
android:authorities="${applicationId}.provider"
android:exported="true"
android:grantUriPermissions="true">
<meta-data
android:name="android.support.FILE_PROVIDER_PATHS"
android:resource="@xml/provider_paths" />
</provider>
However, this creates a huge security risk. If you change it to true, all other apps will be able to use your FileProvider without being given permission.
So I decided to create my own installer. This way I don't have to use the FileProvider.
Details: How to Update Android App Silently Without User Interaction
I used a ProgressDialog to show the user the installation progress.