A replacement for Android's
that protects against the Surreptitious Sharing attack.
Read all about it in the corresponding blog post.
Replace all occurrences of
where URIs provided by other apps are opened with
SafeContentResolver will refuse to open
file:// URIs pointing to files belonging to your app and
belonging to content providers of your app.
If you wish to allow access to certain content providers, add the following
<meta-data> element to the appropriate
<provider> entries in your manifest:
<provider … > <meta-data android:name="de.cketti.safecontentresolver.ALLOW_INTERNAL_ACCESS" android:value="true" /> </provider>
The library comes in two flavors
safe-content-resolver-v21. The former includes
native code to be able to invoke the
fstat system call that is used to retrieve the owner of a file. Starting with
Lollipop (API 21) the framework includes the class
to access this functionality. So
safe-content-resolver-v21 is free of native code and thus much smaller.
To retrieve an instance of
SafeContentResolver safeContentResolver = SafeContentResolverCompat.newInstance(context);
minSdkVersion is 21 or higher you only need to include
safe-content-resolver-v21 and use the following code:
SafeContentResolver safeContentResolver = SafeContentResolver.newInstance(context);
Include the library
Or, if you're using
minSdkVersion 21 or higher:
safe-content-resolver-v14 contains native code for the following ABIs:
If you don't want to include all of them in your APK you might want to look into ABIs Splits.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.