I have 2 applications (different signing keys) which I want to have secure content provider between these 2 apps, I researched and the conclusion was using permission like below:
<permission android:name="com.example.myapplication.READ_PERMISSION" android:protectionLevel="signature|knownSigner" android:knownCerts="@raw/known_certs" tools:targetApi="s" />
The content provider works if I write it like
<permission android:name="com.example.myapplication.READ_PERMISSION" />
But if I use knownSigner then I get below error:
java.lang.SecurityException: Permission Denial: opening provider com.example.myapplication.CustomProvider from ProcessRecord{c4924bb 23886:package.name/u0a701} (pid=23886, uid=10701) requires com.example.myapplication.READ_PERMISSION or com.example.myapplication.READ_PERMISSION
And this is how known_certs.xml looks like
<?xml version="1.0" encoding="utf-8"?>
<certificates>
<certificate>
<alias>androiddebugkey</alias>
<sha1>SHA1 CODE</sha1>
</certificate>
</certificates>
Solution:
I could find the issue and fixed it:
known_certs.xml fileSHA-256 hashSHA-256 must not contains : between it's charactersSingle certificate:
<permission
android:name="com.example.myapplication.READ_PERMISSION"
android:protectionLevel="signature|knownSigner"
android:knownCerts="SHA256 HASH"
tools:targetApi="s"/>
Multi certificates
create a string array inside strings.xml like :
<string-array name="known_certs">
<item>HASHCODE1</item>
<item>HASHCODE2</item>
</string-array>
then the permission will be:
<permission
android:name="com.example.myapplication.READ_PERMISSION"
android:protectionLevel="signature|knownSigner"
android:knownCerts="@array/known_certs"
tools:targetApi="s"/>