/* * Copyright (C) 2006 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package android.content; import static android.Manifest.permission.INTERACT_ACROSS_USERS; import static android.Manifest.permission.INTERACT_ACROSS_USERS_FULL; import static android.os.Process.SYSTEM_UID; import static android.os.Process.myUserHandle; import static android.os.Trace.TRACE_TAG_ACTIVITY_MANAGER; import static com.android.internal.util.FrameworkStatsLog.GET_TYPE_ACCESSED_WITHOUT_PERMISSION; import static com.android.internal.util.FrameworkStatsLog.GET_TYPE_ACCESSED_WITHOUT_PERMISSION__LOCATION__PROVIDER_CHECK_URI_PERMISSION; import static com.android.internal.util.FrameworkStatsLog.GET_TYPE_ACCESSED_WITHOUT_PERMISSION__LOCATION__PROVIDER_FRAMEWORK_PERMISSION; import android.Manifest; import android.annotation.NonNull; import android.annotation.Nullable; import android.annotation.SystemApi; import android.annotation.TestApi; import android.app.AppOpsManager; import android.compat.annotation.UnsupportedAppUsage; import android.content.pm.PackageManager; import android.content.pm.PathPermission; import android.content.pm.ProviderInfo; import android.content.res.AssetFileDescriptor; import android.content.res.Configuration; import android.database.Cursor; import android.database.MatrixCursor; import android.database.SQLException; import android.multiuser.Flags; import android.net.Uri; import android.os.AsyncTask; import android.os.Binder; import android.os.Build; import android.os.Bundle; import android.os.CancellationSignal; import android.os.ICancellationSignal; import android.os.ParcelFileDescriptor; import android.os.ParcelableException; import android.os.Process; import android.os.RemoteCallback; import android.os.RemoteException; import android.os.Trace; import android.os.UserHandle; import android.os.UserManager; import android.os.storage.StorageManager; import android.permission.PermissionCheckerManager; import android.provider.MediaStore; import android.text.TextUtils; import android.util.Log; import android.util.SparseBooleanArray; import com.android.internal.annotations.VisibleForTesting; import com.android.internal.util.FrameworkStatsLog; import java.io.File; import java.io.FileDescriptor; import java.io.FileNotFoundException; import java.io.IOException; import java.io.PrintWriter; import java.util.ArrayList; import java.util.Arrays; import java.util.Objects; /** * Content providers are one of the primary building blocks of Android applications, providing * content to applications. They encapsulate data and provide it to applications through the single * {@link ContentResolver} interface. A content provider is only required if you need to share * data between multiple applications. For example, the contacts data is used by multiple * applications and must be stored in a content provider. If you don't need to share data amongst * multiple applications you can use a database directly via * {@link android.database.sqlite.SQLiteDatabase}. * *

When a request is made via * a {@link ContentResolver} the system inspects the authority of the given URI and passes the * request to the content provider registered with the authority. The content provider can interpret * the rest of the URI however it wants. The {@link UriMatcher} class is helpful for parsing * URIs.

* *

The primary methods that need to be implemented are: *

{@link #onCreate} which is called to initialize the provider
{@link #query} which returns data to the caller
{@link #insert} which inserts new data into the content provider
{@link #update} which updates existing data in the content provider
{@link #delete} which deletes data from the content provider
{@link #getType} which returns the MIME type of data in the content provider

* *

Data access methods (such as {@link #insert} and * {@link #update}) may be called from many threads at once, and must be thread-safe. * Other methods (such as {@link #onCreate}) are only called from the application * main thread, and must avoid performing lengthy operations. See the method * descriptions for their expected thread behavior.

* *

Requests to {@link ContentResolver} are automatically forwarded to the appropriate * ContentProvider instance, so subclasses don't have to worry about the details of * cross-process calls.

* *

Developer Guides

For more information about using content providers, read the * Content Providers * developer guide.

*/ @android.ravenwood.annotation.RavenwoodKeepPartialClass public abstract class ContentProvider implements ContentInterface, ComponentCallbacks2 { private static final String TAG = "ContentProvider"; /* * Note: if you add methods to ContentProvider, you must add similar methods to * MockContentProvider. */ @UnsupportedAppUsage private Context mContext = null; private int mMyUid; // Since most Providers have only one authority, we keep both a String and a String[] to improve // performance. @UnsupportedAppUsage private String mAuthority; @UnsupportedAppUsage(maxTargetSdk = Build.VERSION_CODES.R, trackingBug = 170729553) private String[] mAuthorities; @UnsupportedAppUsage private String mReadPermission; @UnsupportedAppUsage private String mWritePermission; @UnsupportedAppUsage private PathPermission[] mPathPermissions; private boolean mExported; private boolean mNoPerms; private boolean mSingleUser; private boolean mSystemUserOnly; private SparseBooleanArray mUsersRedirectedToOwnerForMedia = new SparseBooleanArray(); private ThreadLocal mCallingAttributionSource; /** * @hide */ public static boolean isAuthorityRedirectedForCloneProfile(String authority) { // For now, only MediaProvider gets redirected. return MediaStore.AUTHORITY.equals(authority); } private Transport mTransport = new Transport(); /** * Construct a ContentProvider instance. Content providers must be * declared * in the manifest, accessed with {@link ContentResolver}, and created * automatically by the system, so applications usually do not create * ContentProvider instances directly. * *

At construction time, the object is uninitialized, and most fields and * methods are unavailable. Subclasses should initialize themselves in * {@link #onCreate}, not the constructor. * *

Content providers are created on the application main thread at * application launch time. The constructor must not perform lengthy * operations, or application startup will be delayed. */ public ContentProvider() { } /** * Constructor just for mocking. * * @param context A Context object which should be some mock instance (like the * instance of {@link android.test.mock.MockContext}). * @param readPermission The read permission you want this instance should have in the * test, which is available via {@link #getReadPermission()}. * @param writePermission The write permission you want this instance should have * in the test, which is available via {@link #getWritePermission()}. * @param pathPermissions The PathPermissions you want this instance should have * in the test, which is available via {@link #getPathPermissions()}. * @hide */ @UnsupportedAppUsage(maxTargetSdk = Build.VERSION_CODES.P, trackingBug = 115609023) public ContentProvider( Context context, String readPermission, String writePermission, PathPermission[] pathPermissions) { mContext = context; mReadPermission = readPermission; mWritePermission = writePermission; mPathPermissions = pathPermissions; } /** * Given an IContentProvider, try to coerce it back to the real * ContentProvider object if it is running in the local process. This can * be used if you know you are running in the same process as a provider, * and want to get direct access to its implementation details. Most * clients should not nor have a reason to use it. * * @param abstractInterface The ContentProvider interface that is to be * coerced. * @return If the IContentProvider is non-{@code null} and local, returns its actual * ContentProvider instance. Otherwise returns {@code null}. * @hide */ @UnsupportedAppUsage public static ContentProvider coerceToLocalContentProvider( IContentProvider abstractInterface) { if (abstractInterface instanceof Transport) { return ((Transport)abstractInterface).getContentProvider(); } return null; } /** * Binder object that deals with remoting. * * @hide */ class Transport extends ContentProviderNative { volatile AppOpsManager mAppOpsManager = null; volatile int mReadOp = AppOpsManager.OP_NONE; volatile int mWriteOp = AppOpsManager.OP_NONE; volatile ContentInterface mInterface = ContentProvider.this; ContentProvider getContentProvider() { return ContentProvider.this; } @Override public String getProviderName() { return getContentProvider().getClass().getName(); } @Override public Cursor query(@NonNull AttributionSource attributionSource, Uri uri, @Nullable String[] projection, @Nullable Bundle queryArgs, @Nullable ICancellationSignal cancellationSignal) { uri = validateIncomingUri(uri); uri = maybeGetUriWithoutUserId(uri); if (enforceReadPermission(attributionSource, uri) != PermissionChecker.PERMISSION_GRANTED) { // The caller has no access to the data, so return an empty cursor with // the columns in the requested order. The caller may ask for an invalid // column and we would not catch that but this is not a problem in practice. // We do not call ContentProvider#query with a modified where clause since // the implementation is not guaranteed to be backed by a SQL database, hence // it may not handle properly the tautology where clause we would have created. if (projection != null) { return new MatrixCursor(projection, 0); } // Null projection means all columns but we have no idea which they are. // However, the caller may be expecting to access them my index. Hence, // we have to execute the query as if allowed to get a cursor with the // columns. We then use the column names to return an empty cursor. Cursor cursor; final AttributionSource original = setCallingAttributionSource( attributionSource); try { cursor = mInterface.query( uri, projection, queryArgs, CancellationSignal.fromTransport(cancellationSignal)); } catch (RemoteException e) { throw e.rethrowAsRuntimeException(); } finally { setCallingAttributionSource(original); } if (cursor == null) { return null; } // Return an empty cursor for all columns. return new MatrixCursor(cursor.getColumnNames(), 0); } traceBegin(TRACE_TAG_ACTIVITY_MANAGER, "query: ", uri.getAuthority()); final AttributionSource original = setCallingAttributionSource( attributionSource); try { return mInterface.query( uri, projection, queryArgs, CancellationSignal.fromTransport(cancellationSignal)); } catch (RemoteException e) { throw e.rethrowAsRuntimeException(); } finally { setCallingAttributionSource(original); Trace.traceEnd(TRACE_TAG_ACTIVITY_MANAGER); } } @Override public String getType(AttributionSource attributionSource, Uri uri) { uri = validateIncomingUri(uri); uri = maybeGetUriWithoutUserId(uri); traceBegin(TRACE_TAG_ACTIVITY_MANAGER, "getType: ", uri.getAuthority()); final AttributionSource original = setCallingAttributionSource( attributionSource); try { if (checkGetTypePermission(attributionSource, uri) == PermissionChecker.PERMISSION_GRANTED) { String type; if (checkPermission(Manifest.permission.GET_ANY_PROVIDER_TYPE, attributionSource) == PermissionChecker.PERMISSION_GRANTED) { /* For calling packages having the special permission for any type, the calling identity should be cleared before calling getType. */ final CallingIdentity origId = getContentProvider().clearCallingIdentity(); try { type = mInterface.getType(uri); } finally { getContentProvider().restoreCallingIdentity(origId); } } else { type = mInterface.getType(uri); } if (type != null) { logGetTypeData(Binder.getCallingUid(), uri, type, true); } return type; } else { final int callingUid = Binder.getCallingUid(); final CallingIdentity origId = getContentProvider().clearCallingIdentity(); try { final String type = getTypeAnonymous(uri); if (type != null) { logGetTypeData(callingUid, uri, type, false); } return type; } finally { getContentProvider().restoreCallingIdentity(origId); } } } catch (RemoteException e) { throw e.rethrowAsRuntimeException(); } finally { setCallingAttributionSource(original); Trace.traceEnd(TRACE_TAG_ACTIVITY_MANAGER); } } // Utility function to log the getTypeData calls private void logGetTypeData(int callingUid, Uri uri, String type, boolean permissionCheckPassed) { final int enumFrameworkPermission = GET_TYPE_ACCESSED_WITHOUT_PERMISSION__LOCATION__PROVIDER_FRAMEWORK_PERMISSION; final int enumCheckUriPermission = GET_TYPE_ACCESSED_WITHOUT_PERMISSION__LOCATION__PROVIDER_CHECK_URI_PERMISSION; if (permissionCheckPassed) { try { // Just for logging for mediaProvider cases final ProviderInfo cpi = mContext.getPackageManager() .resolveContentProvider(uri.getAuthority(), PackageManager.ComponentInfoFlags.of( PackageManager.GET_META_DATA)); final int callingUserId = UserHandle.getUserId(callingUid); final Uri userUri = (mSingleUser && !UserHandle.isSameUser(mMyUid, callingUid)) ? maybeAddUserId(uri, callingUserId) : uri; if (cpi.forceUriPermissions && mInterface.checkUriPermission(uri, callingUid, Intent.FLAG_GRANT_READ_URI_PERMISSION) != PermissionChecker.PERMISSION_GRANTED && getContext().checkUriPermission(userUri, Binder.getCallingPid(), callingUid, Intent.FLAG_GRANT_READ_URI_PERMISSION) != PackageManager.PERMISSION_GRANTED && !deniedAccessSystemUserOnlyProvider(callingUserId, mSystemUserOnly)) { FrameworkStatsLog.write(GET_TYPE_ACCESSED_WITHOUT_PERMISSION, enumCheckUriPermission, callingUid, uri.getAuthority(), type); } } catch (Exception e) { //does nothing } } else { FrameworkStatsLog.write(GET_TYPE_ACCESSED_WITHOUT_PERMISSION, enumFrameworkPermission, callingUid, uri.getAuthority(), type); } } @Override public void getTypeAsync(AttributionSource attributionSource, Uri uri, RemoteCallback callback) { final Bundle result = new Bundle(); try { result.putString(ContentResolver.REMOTE_CALLBACK_RESULT, getType(attributionSource, uri)); } catch (Exception e) { result.putParcelable(ContentResolver.REMOTE_CALLBACK_ERROR, new ParcelableException(e)); } callback.sendResult(result); } @Override public void getTypeAnonymousAsync(Uri uri, RemoteCallback callback) { // getCallingPackage() isn't available in getTypeAnonymous(), as the javadoc states. uri = validateIncomingUri(uri); uri = maybeGetUriWithoutUserId(uri); traceBegin(TRACE_TAG_ACTIVITY_MANAGER, "getTypeAnonymous: ", uri.getAuthority()); final Bundle result = new Bundle(); try { result.putString(ContentResolver.REMOTE_CALLBACK_RESULT, getTypeAnonymous(uri)); } catch (Exception e) { result.putParcelable(ContentResolver.REMOTE_CALLBACK_ERROR, new ParcelableException(e)); } finally { callback.sendResult(result); Trace.traceEnd(TRACE_TAG_ACTIVITY_MANAGER); } } @Override public Uri insert(@NonNull AttributionSource attributionSource, Uri uri, ContentValues initialValues, Bundle extras) { uri = validateIncomingUri(uri); int userId = getUserIdFromUri(uri); uri = maybeGetUriWithoutUserId(uri); if (enforceWritePermission(attributionSource, uri) != PermissionChecker.PERMISSION_GRANTED) { final AttributionSource original = setCallingAttributionSource( attributionSource); try { return rejectInsert(uri, initialValues); } finally { setCallingAttributionSource(original); } } traceBegin(TRACE_TAG_ACTIVITY_MANAGER, "insert: ", uri.getAuthority()); final AttributionSource original = setCallingAttributionSource( attributionSource); try { return maybeAddUserId(mInterface.insert(uri, initialValues, extras), userId); } catch (RemoteException e) { throw e.rethrowAsRuntimeException(); } finally { setCallingAttributionSource(original); Trace.traceEnd(TRACE_TAG_ACTIVITY_MANAGER); } } @Override public int bulkInsert(@NonNull AttributionSource attributionSource, Uri uri, ContentValues[] initialValues) { uri = validateIncomingUri(uri); uri = maybeGetUriWithoutUserId(uri); if (enforceWritePermission(attributionSource, uri) != PermissionChecker.PERMISSION_GRANTED) { return 0; } traceBegin(TRACE_TAG_ACTIVITY_MANAGER, "bulkInsert: ", uri.getAuthority()); final AttributionSource original = setCallingAttributionSource( attributionSource); try { return mInterface.bulkInsert(uri, initialValues); } catch (RemoteException e) { throw e.rethrowAsRuntimeException(); } finally { setCallingAttributionSource(original); Trace.traceEnd(TRACE_TAG_ACTIVITY_MANAGER); } } @Override public ContentProviderResult[] applyBatch(@NonNull AttributionSource attributionSource, String authority, ArrayList operations) throws OperationApplicationException { validateIncomingAuthority(authority); int numOperations = operations.size(); final int[] userIds = new int[numOperations]; for (int i = 0; i < numOperations; i++) { ContentProviderOperation operation = operations.get(i); Uri uri = operation.getUri(); userIds[i] = getUserIdFromUri(uri); uri = validateIncomingUri(uri); uri = maybeGetUriWithoutUserId(uri); // Rebuild operation if we changed the Uri above if (!Objects.equals(operation.getUri(), uri)) { operation = new ContentProviderOperation(operation, uri); operations.set(i, operation); } final AttributionSource accessAttributionSource = attributionSource; if (operation.isReadOperation()) { if (enforceReadPermission(accessAttributionSource, uri) != PermissionChecker.PERMISSION_GRANTED) { throw new OperationApplicationException("App op not allowed", 0); } } if (operation.isWriteOperation()) { if (enforceWritePermission(accessAttributionSource, uri) != PermissionChecker.PERMISSION_GRANTED) { throw new OperationApplicationException("App op not allowed", 0); } } } traceBegin(TRACE_TAG_ACTIVITY_MANAGER, "applyBatch: ", authority); final AttributionSource original = setCallingAttributionSource( attributionSource); try { ContentProviderResult[] results = mInterface.applyBatch(authority, operations); if (results != null) { for (int i = 0; i < results.length ; i++) { if (userIds[i] != UserHandle.USER_CURRENT) { // Adding the userId to the uri. results[i] = new ContentProviderResult(results[i], userIds[i]); } } } return results; } catch (RemoteException e) { throw e.rethrowAsRuntimeException(); } finally { setCallingAttributionSource(original); Trace.traceEnd(TRACE_TAG_ACTIVITY_MANAGER); } } @Override public int delete(@NonNull AttributionSource attributionSource, Uri uri, Bundle extras) { uri = validateIncomingUri(uri); uri = maybeGetUriWithoutUserId(uri); if (enforceWritePermission(attributionSource, uri) != PermissionChecker.PERMISSION_GRANTED) { return 0; } traceBegin(TRACE_TAG_ACTIVITY_MANAGER, "delete: ", uri.getAuthority()); final AttributionSource original = setCallingAttributionSource( attributionSource); try { return mInterface.delete(uri, extras); } catch (RemoteException e) { throw e.rethrowAsRuntimeException(); } finally { setCallingAttributionSource(original); Trace.traceEnd(TRACE_TAG_ACTIVITY_MANAGER); } } @Override public int update(@NonNull AttributionSource attributionSource, Uri uri, ContentValues values, Bundle extras) { uri = validateIncomingUri(uri); uri = maybeGetUriWithoutUserId(uri); if (enforceWritePermission(attributionSource, uri) != PermissionChecker.PERMISSION_GRANTED) { return 0; } traceBegin(TRACE_TAG_ACTIVITY_MANAGER, "update: ", uri.getAuthority()); final AttributionSource original = setCallingAttributionSource( attributionSource); try { return mInterface.update(uri, values, extras); } catch (RemoteException e) { throw e.rethrowAsRuntimeException(); } finally { setCallingAttributionSource(original); Trace.traceEnd(TRACE_TAG_ACTIVITY_MANAGER); } } @Override public ParcelFileDescriptor openFile(@NonNull AttributionSource attributionSource, Uri uri, String mode, ICancellationSignal cancellationSignal) throws FileNotFoundException { uri = validateIncomingUri(uri); uri = maybeGetUriWithoutUserId(uri); enforceFilePermission(attributionSource, uri, mode); traceBegin(TRACE_TAG_ACTIVITY_MANAGER, "openFile: ", uri.getAuthority()); final AttributionSource original = setCallingAttributionSource( attributionSource); try { return mInterface.openFile( uri, mode, CancellationSignal.fromTransport(cancellationSignal)); } catch (RemoteException e) { throw e.rethrowAsRuntimeException(); } finally { setCallingAttributionSource(original); Trace.traceEnd(TRACE_TAG_ACTIVITY_MANAGER); } } @Override public AssetFileDescriptor openAssetFile(@NonNull AttributionSource attributionSource, Uri uri, String mode, ICancellationSignal cancellationSignal) throws FileNotFoundException { uri = validateIncomingUri(uri); uri = maybeGetUriWithoutUserId(uri); enforceFilePermission(attributionSource, uri, mode); traceBegin(TRACE_TAG_ACTIVITY_MANAGER, "openAssetFile: ", uri.getAuthority()); final AttributionSource original = setCallingAttributionSource( attributionSource); try { return mInterface.openAssetFile( uri, mode, CancellationSignal.fromTransport(cancellationSignal)); } catch (RemoteException e) { throw e.rethrowAsRuntimeException(); } finally { setCallingAttributionSource(original); Trace.traceEnd(TRACE_TAG_ACTIVITY_MANAGER); } } @Override public Bundle call(@NonNull AttributionSource attributionSource, String authority, String method, @Nullable String arg, @Nullable Bundle extras) { validateIncomingAuthority(authority); Bundle.setDefusable(extras, true); traceBegin(TRACE_TAG_ACTIVITY_MANAGER, "call: ", authority); final AttributionSource original = setCallingAttributionSource( attributionSource); try { return mInterface.call(authority, method, arg, extras); } catch (RemoteException e) { throw e.rethrowAsRuntimeException(); } finally { setCallingAttributionSource(original); Trace.traceEnd(TRACE_TAG_ACTIVITY_MANAGER); } } @Override public String[] getStreamTypes(AttributionSource attributionSource, Uri uri, String mimeTypeFilter) { uri = validateIncomingUri(uri); uri = maybeGetUriWithoutUserId(uri); traceBegin(TRACE_TAG_ACTIVITY_MANAGER, "getStreamTypes: ", uri.getAuthority()); final AttributionSource original = setCallingAttributionSource( attributionSource); try { return mInterface.getStreamTypes(uri, mimeTypeFilter); } catch (RemoteException e) { throw e.rethrowAsRuntimeException(); } finally { setCallingAttributionSource(original); Trace.traceEnd(TRACE_TAG_ACTIVITY_MANAGER); } } @Override public AssetFileDescriptor openTypedAssetFile( @NonNull AttributionSource attributionSource, Uri uri, String mimeType, Bundle opts, ICancellationSignal cancellationSignal) throws FileNotFoundException { Bundle.setDefusable(opts, true); uri = validateIncomingUri(uri); uri = maybeGetUriWithoutUserId(uri); enforceFilePermission(attributionSource, uri, "r"); traceBegin(TRACE_TAG_ACTIVITY_MANAGER, "openTypedAssetFile: ", uri.getAuthority()); final AttributionSource original = setCallingAttributionSource( attributionSource); try { return mInterface.openTypedAssetFile( uri, mimeType, opts, CancellationSignal.fromTransport(cancellationSignal)); } catch (RemoteException e) { throw e.rethrowAsRuntimeException(); } finally { setCallingAttributionSource(original); Trace.traceEnd(TRACE_TAG_ACTIVITY_MANAGER); } } @Override public ICancellationSignal createCancellationSignal() { return CancellationSignal.createTransport(); } @Override public Uri canonicalize(@NonNull AttributionSource attributionSource, Uri uri) { uri = validateIncomingUri(uri); int userId = getUserIdFromUri(uri); uri = getUriWithoutUserId(uri); if (enforceReadPermission(attributionSource, uri) != PermissionChecker.PERMISSION_GRANTED) { return null; } traceBegin(TRACE_TAG_ACTIVITY_MANAGER, "canonicalize: ", uri.getAuthority()); final AttributionSource original = setCallingAttributionSource( attributionSource); try { return maybeAddUserId(mInterface.canonicalize(uri), userId); } catch (RemoteException e) { throw e.rethrowAsRuntimeException(); } finally { setCallingAttributionSource(original); Trace.traceEnd(TRACE_TAG_ACTIVITY_MANAGER); } } @Override public void canonicalizeAsync(@NonNull AttributionSource attributionSource, Uri uri, RemoteCallback callback) { final Bundle result = new Bundle(); try { result.putParcelable(ContentResolver.REMOTE_CALLBACK_RESULT, canonicalize(attributionSource, uri)); } catch (Exception e) { result.putParcelable(ContentResolver.REMOTE_CALLBACK_ERROR, new ParcelableException(e)); } callback.sendResult(result); } @Override public Uri uncanonicalize(@NonNull AttributionSource attributionSource, Uri uri) { uri = validateIncomingUri(uri); int userId = getUserIdFromUri(uri); uri = getUriWithoutUserId(uri); if (enforceReadPermission(attributionSource, uri) != PermissionChecker.PERMISSION_GRANTED) { return null; } traceBegin(TRACE_TAG_ACTIVITY_MANAGER, "uncanonicalize: ", uri.getAuthority()); final AttributionSource original = setCallingAttributionSource( attributionSource); try { return maybeAddUserId(mInterface.uncanonicalize(uri), userId); } catch (RemoteException e) { throw e.rethrowAsRuntimeException(); } finally { setCallingAttributionSource(original); Trace.traceEnd(TRACE_TAG_ACTIVITY_MANAGER); } } @Override public void uncanonicalizeAsync(@NonNull AttributionSource attributionSource, Uri uri, RemoteCallback callback) { final Bundle result = new Bundle(); try { result.putParcelable(ContentResolver.REMOTE_CALLBACK_RESULT, uncanonicalize(attributionSource, uri)); } catch (Exception e) { result.putParcelable(ContentResolver.REMOTE_CALLBACK_ERROR, new ParcelableException(e)); } callback.sendResult(result); } @Override public boolean refresh(@NonNull AttributionSource attributionSource, Uri uri, Bundle extras, ICancellationSignal cancellationSignal) throws RemoteException { uri = validateIncomingUri(uri); uri = getUriWithoutUserId(uri); if (enforceReadPermission(attributionSource, uri) != PermissionChecker.PERMISSION_GRANTED) { return false; } traceBegin(TRACE_TAG_ACTIVITY_MANAGER, "refresh: ", uri.getAuthority()); final AttributionSource original = setCallingAttributionSource( attributionSource); try { return mInterface.refresh(uri, extras, CancellationSignal.fromTransport(cancellationSignal)); } finally { setCallingAttributionSource(original); Trace.traceEnd(TRACE_TAG_ACTIVITY_MANAGER); } } @Override public int checkUriPermission(@NonNull AttributionSource attributionSource, Uri uri, int uid, int modeFlags) { uri = validateIncomingUri(uri); uri = maybeGetUriWithoutUserId(uri); traceBegin(TRACE_TAG_ACTIVITY_MANAGER, "checkUriPermission: ", uri.getAuthority()); final AttributionSource original = setCallingAttributionSource( attributionSource); try { return mInterface.checkUriPermission(uri, uid, modeFlags); } catch (RemoteException e) { throw e.rethrowAsRuntimeException(); } finally { setCallingAttributionSource(original); Trace.traceEnd(TRACE_TAG_ACTIVITY_MANAGER); } } @PermissionCheckerManager.PermissionResult private void enforceFilePermission(@NonNull AttributionSource attributionSource, Uri uri, String mode) throws FileNotFoundException, SecurityException { if (mode != null && mode.indexOf('w') != -1) { if (enforceWritePermission(attributionSource, uri) != PermissionChecker.PERMISSION_GRANTED) { throw new FileNotFoundException("App op not allowed"); } } else { if (enforceReadPermission(attributionSource, uri) != PermissionChecker.PERMISSION_GRANTED) { throw new FileNotFoundException("App op not allowed"); } } } @PermissionCheckerManager.PermissionResult private int enforceReadPermission(@NonNull AttributionSource attributionSource, Uri uri) throws SecurityException { final int result = enforceReadPermissionInner(uri, attributionSource); if (result != PermissionChecker.PERMISSION_GRANTED) { return result; } // Only check the read op if it differs from the one for the permission // we already checked above to avoid double attribution for every access. if (mTransport.mReadOp != AppOpsManager.OP_NONE && mTransport.mReadOp != AppOpsManager.permissionToOpCode(mReadPermission)) { return PermissionChecker.checkOpForDataDelivery(getContext(), AppOpsManager.opToPublicName(mTransport.mReadOp), attributionSource, /*message*/ null); } return PermissionChecker.PERMISSION_GRANTED; } @PermissionCheckerManager.PermissionResult private int enforceWritePermission(@NonNull AttributionSource attributionSource, Uri uri) throws SecurityException { final int result = enforceWritePermissionInner(uri, attributionSource); if (result != PermissionChecker.PERMISSION_GRANTED) { return result; } // Only check the write op if it differs from the one for the permission // we already checked above to avoid double attribution for every access. if (mTransport.mWriteOp != AppOpsManager.OP_NONE && mTransport.mWriteOp != AppOpsManager.permissionToOpCode(mWritePermission)) { return PermissionChecker.checkOpForDataDelivery(getContext(), AppOpsManager.opToPublicName(mTransport.mWriteOp), attributionSource, /*message*/ null); } return PermissionChecker.PERMISSION_GRANTED; } @PermissionCheckerManager.PermissionResult private int checkGetTypePermission(@NonNull AttributionSource attributionSource, Uri uri) { final int callingUid = Binder.getCallingUid(); if (UserHandle.getAppId(callingUid) == SYSTEM_UID || checkPermission(Manifest.permission.GET_ANY_PROVIDER_TYPE, attributionSource) == PermissionChecker.PERMISSION_GRANTED) { // Allowing System Uid and apps with permission to get any type, to access all types return PermissionChecker.PERMISSION_GRANTED; } try { return enforceReadPermission(attributionSource, uri); } catch (SecurityException e) { return PermissionChecker.PERMISSION_HARD_DENIED; } } } boolean checkUser(int pid, int uid, Context context) { final int callingUserId = UserHandle.getUserId(uid); if (deniedAccessSystemUserOnlyProvider(callingUserId, mSystemUserOnly)) { return false; } if (callingUserId == context.getUserId() || mSingleUser) { return true; } if (context.checkPermission(INTERACT_ACROSS_USERS, pid, uid) == PackageManager.PERMISSION_GRANTED || context.checkPermission(INTERACT_ACROSS_USERS_FULL, pid, uid) == PackageManager.PERMISSION_GRANTED) { return true; } // Provider user-id will be determined from User Space of the calling app. return isContentRedirectionAllowedForUser(callingUserId); } /** * Verify that content redirection is allowed or not. * We check: * 1. Type of Authority * 2. UserProperties allow content sharing * * @param incomingUserId - Provider's user-id to be passed should be based upon: * 1. If client is a cloned app running in user 10, it should be that (10) * 2. If client is accessing content by hinting user space of content, * like sysUi (residing in user 0) accessing 'content://11@media/external' * then it should be 11. */ private boolean isContentRedirectionAllowedForUser(int incomingUserId) { if (MediaStore.AUTHORITY.equals(mAuthority)) { int incomingUserIdIndex = mUsersRedirectedToOwnerForMedia.indexOfKey(incomingUserId); if (incomingUserIdIndex >= 0) { return mUsersRedirectedToOwnerForMedia.valueAt(incomingUserIdIndex); } // Haven't seen this user yet, look it up UserManager um = mContext.getSystemService(UserManager.class); if (um != null && um.getUserProperties(UserHandle.of(incomingUserId)) .isMediaSharedWithParent()) { UserHandle parent = um.getProfileParent(UserHandle.of(incomingUserId)); if (parent != null && parent.equals(myUserHandle())) { mUsersRedirectedToOwnerForMedia.put(incomingUserId, true); return true; } } mUsersRedirectedToOwnerForMedia.put(incomingUserId, false); return false; } return false; } /** * Verify that calling app holds both the given permission and any app-op * associated with that permission. */ @PermissionCheckerManager.PermissionResult private int checkPermission(String permission, @NonNull AttributionSource attributionSource) { if (Binder.getCallingPid() == Process.myPid()) { return PermissionChecker.PERMISSION_GRANTED; } return PermissionChecker.checkPermissionForDataDeliveryFromDataSource(getContext(), permission, -1, new AttributionSource(getContext().getAttributionSource(), attributionSource), /*message*/ null); } /** {@hide} */ @PermissionCheckerManager.PermissionResult protected int enforceReadPermissionInner(Uri uri, @NonNull AttributionSource attributionSource) throws SecurityException { final Context context = getContext(); final int pid = Binder.getCallingPid(); final int uid = Binder.getCallingUid(); String missingPerm = null; int strongestResult = PermissionChecker.PERMISSION_GRANTED; if (UserHandle.isSameApp(uid, mMyUid)) { return PermissionChecker.PERMISSION_GRANTED; } if (mExported && checkUser(pid, uid, context)) { final String componentPerm = getReadPermission(); if (componentPerm != null) { final int result = checkPermission(componentPerm, attributionSource); if (result == PermissionChecker.PERMISSION_GRANTED) { return PermissionChecker.PERMISSION_GRANTED; } else { missingPerm = componentPerm; strongestResult = Math.max(strongestResult, result); } } // track if unprotected read is allowed; any denied // below removes this ability boolean allowDefaultRead = (componentPerm == null); final PathPermission[] pps = getPathPermissions(); if (pps != null) { final String path = uri.getPath(); for (PathPermission pp : pps) { final String pathPerm = pp.getReadPermission(); if (pathPerm != null && pp.match(path)) { final int result = checkPermission(pathPerm, attributionSource); if (result == PermissionChecker.PERMISSION_GRANTED) { return PermissionChecker.PERMISSION_GRANTED; } else { // any denied means we lose // default access. allowDefaultRead = false; missingPerm = pathPerm; strongestResult = Math.max(strongestResult, result); } } } } // if we passed checks above, and no default // permission, then allow access. if (allowDefaultRead) return PermissionChecker.PERMISSION_GRANTED; } // last chance, check against any uri grants final int callingUserId = UserHandle.getUserId(uid); if (deniedAccessSystemUserOnlyProvider(callingUserId, mSystemUserOnly)) { return PermissionChecker.PERMISSION_HARD_DENIED; } final Uri userUri = (mSingleUser && !UserHandle.isSameUser(mMyUid, uid)) ? maybeAddUserId(uri, callingUserId) : uri; if (context.checkUriPermission(userUri, pid, uid, Intent.FLAG_GRANT_READ_URI_PERMISSION) == PackageManager.PERMISSION_GRANTED) { return PermissionChecker.PERMISSION_GRANTED; } // If the worst denial we found above was ignored, then pass that // ignored through; otherwise we assume it should be a real error below. if (strongestResult == PermissionChecker.PERMISSION_SOFT_DENIED) { return PermissionChecker.PERMISSION_SOFT_DENIED; } final String suffix; if (android.Manifest.permission.MANAGE_DOCUMENTS.equals(mReadPermission)) { suffix = " requires that you obtain access using ACTION_OPEN_DOCUMENT or related APIs"; } else if (mExported) { suffix = " requires " + missingPerm + ", or grantUriPermission()"; } else { suffix = " requires the provider be exported, or grantUriPermission()"; } throw new SecurityException("Permission Denial: reading " + ContentProvider.this.getClass().getName() + " uri " + uri + " from pid=" + pid + ", uid=" + uid + suffix); } /** {@hide} */ @PermissionCheckerManager.PermissionResult protected int enforceWritePermissionInner(Uri uri, @NonNull AttributionSource attributionSource) throws SecurityException { final Context context = getContext(); final int pid = Binder.getCallingPid(); final int uid = Binder.getCallingUid(); String missingPerm = null; int strongestResult = PermissionChecker.PERMISSION_GRANTED; if (UserHandle.isSameApp(uid, mMyUid)) { return PermissionChecker.PERMISSION_GRANTED; } if (mExported && checkUser(pid, uid, context)) { final String componentPerm = getWritePermission(); if (componentPerm != null) { final int mode = checkPermission(componentPerm, attributionSource); if (mode == PermissionChecker.PERMISSION_GRANTED) { return PermissionChecker.PERMISSION_GRANTED; } else { missingPerm = componentPerm; strongestResult = Math.max(strongestResult, mode); } } // track if unprotected write is allowed; any denied // below removes this ability boolean allowDefaultWrite = (componentPerm == null); final PathPermission[] pps = getPathPermissions(); if (pps != null) { final String path = uri.getPath(); for (PathPermission pp : pps) { final String pathPerm = pp.getWritePermission(); if (pathPerm != null && pp.match(path)) { final int mode = checkPermission(pathPerm, attributionSource); if (mode == PermissionChecker.PERMISSION_GRANTED) { return PermissionChecker.PERMISSION_GRANTED; } else { // any denied means we lose // default access. allowDefaultWrite = false; missingPerm = pathPerm; strongestResult = Math.max(strongestResult, mode); } } } } // if we passed checks above, and no default // permission, then allow access. if (allowDefaultWrite) return PermissionChecker.PERMISSION_GRANTED; } // last chance, check against any uri grants if (context.checkUriPermission(uri, pid, uid, Intent.FLAG_GRANT_WRITE_URI_PERMISSION) == PackageManager.PERMISSION_GRANTED) { return PermissionChecker.PERMISSION_GRANTED; } // If the worst denial we found above was ignored, then pass that // ignored through; otherwise we assume it should be a real error below. if (strongestResult == PermissionChecker.PERMISSION_SOFT_DENIED) { return PermissionChecker.PERMISSION_SOFT_DENIED; } final String failReason = mExported ? " requires " + missingPerm + ", or grantUriPermission()" : " requires the provider be exported, or grantUriPermission()"; throw new SecurityException("Permission Denial: writing " + ContentProvider.this.getClass().getName() + " uri " + uri + " from pid=" + pid + ", uid=" + uid + failReason); } /** * Retrieves the Context this provider is running in. Only available once * {@link #onCreate} has been called -- this will return {@code null} in the * constructor. */ public final @Nullable Context getContext() { return mContext; } /** * Retrieves a Non-Nullable Context this provider is running in, this is intended to be called * after {@link #onCreate}. When called before context was created, an IllegalStateException * will be thrown. *

* Note A provider must be declared in the manifest and created automatically by the system, * and context is only available after {@link #onCreate} is called. */ @NonNull public final Context requireContext() { final Context ctx = getContext(); if (ctx == null) { throw new IllegalStateException("Cannot find context from the provider."); } return ctx; } /** * Set the calling package/feature, returning the current value (or {@code null}) * which can be used later to restore the previous state. */ private @Nullable AttributionSource setCallingAttributionSource( @Nullable AttributionSource attributionSource) { final AttributionSource original = mCallingAttributionSource.get(); mCallingAttributionSource.set(attributionSource); onCallingPackageChanged(); return original; } /** * Return the package name of the caller that initiated the request being * processed on the current thread. The returned package will have been * verified to belong to the calling UID. Returns {@code null} if not * currently processing a request. *

* This will always return {@code null} when processing * {@link #getTypeAnonymous(Uri)} requests * * For {@link #getType(Uri)} requests, this will be only available for cases, where * the caller can be identified. See {@link #getTypeAnonymous(Uri)} * * @see Binder#getCallingUid() * @see Context#grantUriPermission(String, Uri, int) * @throws SecurityException if the calling package doesn't belong to the * calling UID. */ public final @Nullable String getCallingPackage() { final AttributionSource callingAttributionSource = getCallingAttributionSource(); return (callingAttributionSource != null) ? callingAttributionSource.getPackageName() : null; } /** * Gets the attribution source of the calling app. If you want to attribute * the data access to the calling app you can create an attribution context * via {@link android.content.Context#createContext(ContextParams)} and passing * this identity to {@link ContextParams.Builder#setNextAttributionSource( * AttributionSource)}. * * @return The identity of the caller for permission purposes. * * @see ContextParams.Builder#setNextAttributionSource(AttributionSource) * @see AttributionSource */ public final @Nullable AttributionSource getCallingAttributionSource() { final AttributionSource attributionSource = mCallingAttributionSource.get(); if (attributionSource != null) { mTransport.mAppOpsManager.checkPackage(Binder.getCallingUid(), attributionSource.getPackageName()); } return attributionSource; } /** * Return the attribution tag of the caller that initiated the request being * processed on the current thread. Returns {@code null} if not currently processing * a request of the request is for the default attribution. *

* This typically happens when a {@link ContentProvider} makes a nested call * back into itself when already processing a call from a remote process. */ public void onCallingPackageChanged() { } /** * Opaque token representing the identity of an incoming IPC. */ public final class CallingIdentity { /** {@hide} */ public final long binderToken; /** {@hide} */ public final @Nullable AttributionSource callingAttributionSource; /** {@hide} */ public CallingIdentity(long binderToken, @Nullable AttributionSource attributionSource) { this.binderToken = binderToken; this.callingAttributionSource = attributionSource; } } /** * Reset the identity of the incoming IPC on the current thread. *

* Internally this calls {@link Binder#clearCallingIdentity()} and also * clears any value stored in {@link #getCallingPackage()}. * * @return Returns an opaque token that can be used to restore the original * calling identity by passing it to * {@link #restoreCallingIdentity}. */ @SuppressWarnings("ResultOfClearIdentityCallNotStoredInVariable") public final @NonNull CallingIdentity clearCallingIdentity() { return new CallingIdentity(Binder.clearCallingIdentity(), setCallingAttributionSource(null)); } /** * Restore the identity of the incoming IPC on the current thread back to a * previously identity that was returned by {@link #clearCallingIdentity}. *

* Internally this calls {@link Binder#restoreCallingIdentity(long)} and * also restores any value stored in {@link #getCallingPackage()}. */ public final void restoreCallingIdentity(@NonNull CallingIdentity identity) { Binder.restoreCallingIdentity(identity.binderToken); mCallingAttributionSource.set(identity.callingAttributionSource); } /** * Change the authorities of the ContentProvider. * This is normally set for you from its manifest information when the provider is first * created. * @hide * @param authorities the semi-colon separated authorities of the ContentProvider. */ protected final void setAuthorities(String authorities) { if (authorities != null) { if (authorities.indexOf(';') == -1) { mAuthority = authorities; mAuthorities = null; } else { mAuthority = null; mAuthorities = authorities.split(";"); } } } /** @hide */ protected final boolean matchesOurAuthorities(String authority) { if (mAuthority != null) { return mAuthority.equals(authority); } if (mAuthorities != null) { int length = mAuthorities.length; for (int i = 0; i < length; i++) { if (mAuthorities[i].equals(authority)) return true; } } return false; } /** * Change the permission required to read data from the content * provider. This is normally set for you from its manifest information * when the provider is first created. * * @param permission Name of the permission required for read-only access. */ protected final void setReadPermission(@Nullable String permission) { mReadPermission = permission; } /** * Return the name of the permission required for read-only access to * this content provider. This method can be called from multiple * threads, as described in * Processes * and Threads. */ public final @Nullable String getReadPermission() { return mReadPermission; } /** * Change the permission required to read and write data in the content * provider. This is normally set for you from its manifest information * when the provider is first created. * * @param permission Name of the permission required for read/write access. */ protected final void setWritePermission(@Nullable String permission) { mWritePermission = permission; } /** * Return the name of the permission required for read/write access to * this content provider. This method can be called from multiple * threads, as described in * Processes * and Threads. */ public final @Nullable String getWritePermission() { return mWritePermission; } /** * Change the path-based permission required to read and/or write data in * the content provider. This is normally set for you from its manifest * information when the provider is first created. * * @param permissions Array of path permission descriptions. */ protected final void setPathPermissions(@Nullable PathPermission[] permissions) { mPathPermissions = permissions; } /** * Return the path-based permissions required for read and/or write access to * this content provider. This method can be called from multiple * threads, as described in * Processes * and Threads. */ public final @Nullable PathPermission[] getPathPermissions() { return mPathPermissions; } /** @hide */ @UnsupportedAppUsage public final void setAppOps(int readOp, int writeOp) { if (!mNoPerms) { mTransport.mReadOp = readOp; mTransport.mWriteOp = writeOp; } } /** @hide */ public AppOpsManager getAppOpsManager() { return mTransport.mAppOpsManager; } /** @hide */ public final void setTransportLoggingEnabled(boolean enabled) { if (mTransport == null) { return; } if (enabled) { mTransport.mInterface = new LoggingContentInterface(getClass().getSimpleName(), this); } else { mTransport.mInterface = this; } } /** * Implement this to initialize your content provider on startup. * This method is called for all registered content providers on the * application main thread at application launch time. It must not perform * lengthy operations, or application startup will be delayed. * *

You should defer nontrivial initialization (such as opening, * upgrading, and scanning databases) until the content provider is used * (via {@link #query}, {@link #insert}, etc). Deferred initialization * keeps application startup fast, avoids unnecessary work if the provider * turns out not to be needed, and stops database errors (such as a full * disk) from halting application launch. * *

If you use SQLite, {@link android.database.sqlite.SQLiteOpenHelper} * is a helpful utility class that makes it easy to manage databases, * and will automatically defer opening until first use. If you do use * SQLiteOpenHelper, make sure to avoid calling * {@link android.database.sqlite.SQLiteOpenHelper#getReadableDatabase} or * {@link android.database.sqlite.SQLiteOpenHelper#getWritableDatabase} * from this method. (Instead, override * {@link android.database.sqlite.SQLiteOpenHelper#onOpen} to initialize the * database when it is first opened.) * * @return true if the provider was successfully loaded, false otherwise */ public abstract boolean onCreate(); /** * {@inheritDoc} * This method is always called on the application main thread, and must * not perform lengthy operations. * *

The default content provider implementation does nothing. * Override this method to take appropriate action. * (Content providers do not usually care about things like screen * orientation, but may want to know about locale changes.) */ @Override public void onConfigurationChanged(Configuration newConfig) { } /** * {@inheritDoc} * This method is always called on the application main thread, and must * not perform lengthy operations. * *

The default content provider implementation does nothing. * Subclasses may override this method to take appropriate action. */ @Override public void onLowMemory() { } @Override public void onTrimMemory(int level) { } /** * Implement this to handle query requests from clients. * *

Apps targeting {@link android.os.Build.VERSION_CODES#O} or higher should override * {@link #query(Uri, String[], Bundle, CancellationSignal)} and provide a stub * implementation of this method. * *

This method can be called from multiple threads, as described in * Processes * and Threads. *

* Example client call:

// Request a specific record.
     * Cursor managedCursor = managedQuery(
                ContentUris.withAppendedId(Contacts.People.CONTENT_URI, 2),
                projection,    // Which columns to return.
                null,          // WHERE clause.
                null,          // WHERE clause value substitution
                People.NAME + " ASC");   // Sort order.

* Example implementation:

// SQLiteQueryBuilder is a helper class that creates the
        // proper SQL syntax for us.
        SQLiteQueryBuilder qBuilder = new SQLiteQueryBuilder();

        // Guard against SQL injection attacks
        qBuilder.setStrict(true);
        qBuilder.setProjectionMap(MAP_OF_QUERYABLE_COLUMNS);
        qBuilder.setStrictColumns(true);
        qBuilder.setStrictGrammar(true);

        // Set the table we're querying.
        qBuilder.setTables(DATABASE_TABLE_NAME);

        // If the query ends in a specific record number, we're
        // being asked for a specific record, so set the
        // WHERE clause in our query.
        if((URI_MATCHER.match(uri)) == SPECIFIC_MESSAGE){
            qBuilder.appendWhere("_id=" + uri.getPathLeafId());
        }

        // Make the query.
        Cursor c = qBuilder.query(mDb,
                projection,
                selection,
                selectionArgs,
                groupBy,
                having,
                sortOrder);
        c.setNotificationUri(getContext().getContentResolver(), uri);
        return c;

* * @param uri The URI to query. This will be the full URI sent by the client; * if the client is requesting a specific record, the URI will end in a record number * that the implementation should parse and add to a WHERE or HAVING clause, specifying * that _id value. * @param projection The list of columns to put into the cursor. If * {@code null} all columns are included. * @param selection A selection criteria to apply when filtering rows. * If {@code null} then all rows are included. * @param selectionArgs You may include ?s in selection, which will be replaced by * the values from selectionArgs, in order that they appear in the selection. * The values will be bound as Strings. * @param sortOrder How the rows in the cursor should be sorted. * If {@code null} then the provider is free to define the sort order. * @return a Cursor or {@code null}. */ public abstract @Nullable Cursor query(@NonNull Uri uri, @Nullable String[] projection, @Nullable String selection, @Nullable String[] selectionArgs, @Nullable String sortOrder); /** * Implement this to handle query requests from clients with support for cancellation. * *

Apps targeting {@link android.os.Build.VERSION_CODES#O} or higher should override * {@link #query(Uri, String[], Bundle, CancellationSignal)} instead of this method. * *

This method can be called from multiple threads, as described in * Processes * and Threads. *

* Example client call:

// Request a specific record.
     * Cursor managedCursor = managedQuery(
                ContentUris.withAppendedId(Contacts.People.CONTENT_URI, 2),
                projection,    // Which columns to return.
                null,          // WHERE clause.
                null,          // WHERE clause value substitution
                People.NAME + " ASC");   // Sort order.

* Example implementation:

// SQLiteQueryBuilder is a helper class that creates the
        // proper SQL syntax for us.
        SQLiteQueryBuilder qBuilder = new SQLiteQueryBuilder();

        // Guard against SQL injection attacks
        qBuilder.setStrict(true);
        qBuilder.setProjectionMap(MAP_OF_QUERYABLE_COLUMNS);
        qBuilder.setStrictColumns(true);
        qBuilder.setStrictGrammar(true);

        // Set the table we're querying.
        qBuilder.setTables(DATABASE_TABLE_NAME);

        // If the query ends in a specific record number, we're
        // being asked for a specific record, so set the
        // WHERE clause in our query.
        if((URI_MATCHER.match(uri)) == SPECIFIC_MESSAGE){
            qBuilder.appendWhere("_id=" + uri.getPathLeafId());
        }

        // Make the query.
        Cursor c = qBuilder.query(mDb,
                projection,
                selection,
                selectionArgs,
                groupBy,
                having,
                sortOrder);
        c.setNotificationUri(getContext().getContentResolver(), uri);
        return c;

* If you implement this method then you must also implement the version of * {@link #query(Uri, String[], String, String[], String)} that does not take a cancellation * signal to ensure correct operation on older versions of the Android Framework in * which the cancellation signal overload was not available. * * @param uri The URI to query. This will be the full URI sent by the client; * if the client is requesting a specific record, the URI will end in a record number * that the implementation should parse and add to a WHERE or HAVING clause, specifying * that _id value. * @param projection The list of columns to put into the cursor. If * {@code null} all columns are included. * @param selection A selection criteria to apply when filtering rows. * If {@code null} then all rows are included. * @param selectionArgs You may include ?s in selection, which will be replaced by * the values from selectionArgs, in order that they appear in the selection. * The values will be bound as Strings. * @param sortOrder How the rows in the cursor should be sorted. * If {@code null} then the provider is free to define the sort order. * @param cancellationSignal A signal to cancel the operation in progress, or {@code null} if none. * If the operation is canceled, then {@link android.os.OperationCanceledException} will be thrown * when the query is executed. * @return a Cursor or {@code null}. */ public @Nullable Cursor query(@NonNull Uri uri, @Nullable String[] projection, @Nullable String selection, @Nullable String[] selectionArgs, @Nullable String sortOrder, @Nullable CancellationSignal cancellationSignal) { return query(uri, projection, selection, selectionArgs, sortOrder); } /** * Implement this to handle query requests where the arguments are packed into a {@link Bundle}. * Arguments may include traditional SQL style query arguments. When present these * should be handled according to the contract established in * {@link #query(Uri, String[], String, String[], String, CancellationSignal)}. * *

Traditional SQL arguments can be found in the bundle using the following keys: *

{@link android.content.ContentResolver#QUERY_ARG_SQL_SELECTION} *

{@link android.content.ContentResolver#QUERY_ARG_SQL_SELECTION_ARGS} *

{@link android.content.ContentResolver#QUERY_ARG_SQL_SORT_ORDER} * *

This method can be called from multiple threads, as described in * Processes * and Threads. * *

* Example client call:

// Request 20 records starting at row index 30.
       Bundle queryArgs = new Bundle();
       queryArgs.putInt(ContentResolver.QUERY_ARG_OFFSET, 30);
       queryArgs.putInt(ContentResolver.QUERY_ARG_LIMIT, 20);

       Cursor cursor = getContentResolver().query(
                contentUri,    // Content Uri is specific to individual content providers.
                projection,    // String[] describing which columns to return.
                queryArgs,     // Query arguments.
                null);         // Cancellation signal.

* * Example implementation:


        int recordsetSize = 0x1000;  // Actual value is implementation specific.
        queryArgs = queryArgs != null ? queryArgs : Bundle.EMPTY;  // ensure queryArgs is non-null

        int offset = queryArgs.getInt(ContentResolver.QUERY_ARG_OFFSET, 0);
        int limit = queryArgs.getInt(ContentResolver.QUERY_ARG_LIMIT, Integer.MIN_VALUE);

        MatrixCursor c = new MatrixCursor(PROJECTION, limit);

        // Calculate the number of items to include in the cursor.
        int numItems = MathUtils.constrain(recordsetSize - offset, 0, limit);

        // Build the paged result set....
        for (int i = offset; i < offset + numItems; i++) {
            // populate row from your data.
        }

        Bundle extras = new Bundle();
        c.setExtras(extras);

        // Any QUERY_ARG_* key may be included if honored.
        // In an actual implementation, include only keys that are both present in queryArgs
        // and reflected in the Cursor output. For example, if QUERY_ARG_OFFSET were included
        // in queryArgs, but was ignored because it contained an invalid value (like –273),
        // then QUERY_ARG_OFFSET should be omitted.
        extras.putStringArray(ContentResolver.EXTRA_HONORED_ARGS, new String[] {
            ContentResolver.QUERY_ARG_OFFSET,
            ContentResolver.QUERY_ARG_LIMIT
        });

        extras.putInt(ContentResolver.EXTRA_TOTAL_COUNT, recordsetSize);

        cursor.setNotificationUri(getContext().getContentResolver(), uri);

        return cursor;

* See {@link #query(Uri, String[], String, String[], String, CancellationSignal)} * for implementation details. * * @param uri The URI to query. This will be the full URI sent by the client. * @param projection The list of columns to put into the cursor. * If {@code null} provide a default set of columns. * @param queryArgs A Bundle containing additional information necessary for * the operation. Arguments may include SQL style arguments, such * as {@link ContentResolver#QUERY_ARG_SQL_LIMIT}, but note that * the documentation for each individual provider will indicate * which arguments they support. * @param cancellationSignal A signal to cancel the operation in progress, * or {@code null}. * @return a Cursor or {@code null}. */ @Override public @Nullable Cursor query(@NonNull Uri uri, @Nullable String[] projection, @Nullable Bundle queryArgs, @Nullable CancellationSignal cancellationSignal) { queryArgs = queryArgs != null ? queryArgs : Bundle.EMPTY; // if client doesn't supply an SQL sort order argument, attempt to build one from // QUERY_ARG_SORT* arguments. String sortClause = queryArgs.getString(ContentResolver.QUERY_ARG_SQL_SORT_ORDER); if (sortClause == null && queryArgs.containsKey(ContentResolver.QUERY_ARG_SORT_COLUMNS)) { sortClause = ContentResolver.createSqlSortClause(queryArgs); } return query( uri, projection, queryArgs.getString(ContentResolver.QUERY_ARG_SQL_SELECTION), queryArgs.getStringArray(ContentResolver.QUERY_ARG_SQL_SELECTION_ARGS), sortClause, cancellationSignal); } /** * Implement this to handle requests for the MIME type of the data at the * given URI. The returned MIME type should start with * vnd.android.cursor.item for a single record, * or vnd.android.cursor.dir/ for multiple items. * This method can be called from multiple threads, as described in * Processes * and Threads. * *

Note that by default there are no permissions needed for an application to * access this information; if your content provider requires read and/or * write permissions, or is not exported, all applications can still call * this method regardless of their access permissions.

* *

If your mime type reveals details that should be protected, * then you should protect this method by implementing {@link #getTypeAnonymous}. * Implementing {@link #getTypeAnonymous} ensures your {@link #getType} can be * only accessed by caller's having associated readPermission for the URI.

* * @param uri the URI to query. * @return a MIME type string, or {@code null} if there is no type. */ @Override public abstract @Nullable String getType(@NonNull Uri uri); /** * Implement this to handle requests for MIME type of URIs, that does not need to * reveal any internal information which should be protected by any permission. * *

If your mime type reveals details that should be protected, then you should protect those * by implementing those in {@link #getType}, and in this function, only return types of * URIs which can be obtained by anyone without any access. * * Implementing ths function will make sure {@link #getType} is protected by readPermission. * This function by default works as the {@link #getType}

* * @param uri the URI to query. * @return a MIME type string, or {@code null} if type needs to be protected. */ public @Nullable String getTypeAnonymous(@NonNull Uri uri) { return getType(uri); } /** * Implement this to support canonicalization of URIs that refer to your * content provider. A canonical URI is one that can be transported across * devices, backup/restore, and other contexts, and still be able to refer * to the same data item. Typically this is implemented by adding query * params to the URI allowing the content provider to verify that an incoming * canonical URI references the same data as it was originally intended for and, * if it doesn't, to find that data (if it exists) in the current environment. * *

For example, if the content provider holds people and a normal URI in it * is created with a row index into that people database, the cananical representation * may have an additional query param at the end which specifies the name of the * person it is intended for. Later calls into the provider with that URI will look * up the row of that URI's base index and, if it doesn't match or its entry's * name doesn't match the name in the query param, perform a query on its database * to find the correct row to operate on.

* *

If you implement support for canonical URIs, all incoming calls with * URIs (including this one) must perform this verification and recovery of any * canonical URIs they receive. In addition, you must also implement * {@link #uncanonicalize} to strip the canonicalization of any of these URIs.

* *

The default implementation of this method returns null, indicating that * canonical URIs are not supported.

* * @param url The Uri to canonicalize. * * @return Return the canonical representation of url, or null if * canonicalization of that Uri is not supported. */ @Override public @Nullable Uri canonicalize(@NonNull Uri url) { return null; } /** * Remove canonicalization from canonical URIs previously returned by * {@link #canonicalize}. For example, if your implementation is to add * a query param to canonicalize a URI, this method can simply trip any * query params on the URI. The default implementation always returns the * same url that was passed in. * * @param url The Uri to remove any canonicalization from. * * @return Return the non-canonical representation of url, return * the url as-is if there is nothing to do, or return null if * the data identified by the canonical representation can not be found in * the current environment. */ @Override public @Nullable Uri uncanonicalize(@NonNull Uri url) { return url; } /** * Implement this to support refresh of content identified by {@code uri}. * By default, this method returns false; providers who wish to implement * this should return true to signal the client that the provider has tried * refreshing with its own implementation. *

* This allows clients to request an explicit refresh of content identified * by {@code uri}. *

* Client code should only invoke this method when there is a strong * indication (such as a user initiated pull to refresh gesture) that the * content is stale. *

* Remember to send * {@link ContentResolver#notifyChange(Uri, android.database.ContentObserver)} * notifications when content changes. * * @param uri The Uri identifying the data to refresh. * @param extras Additional options from the client. The definitions of * these are specific to the content provider being called. * @param cancellationSignal A signal to cancel the operation in progress, * or {@code null} if none. For example, if you called refresh on * a particular uri, you should call * {@link CancellationSignal#throwIfCanceled()} to check whether * the client has canceled the refresh request. * @return true if the provider actually tried refreshing. */ @Override public boolean refresh(Uri uri, @Nullable Bundle extras, @Nullable CancellationSignal cancellationSignal) { return false; } /** * Perform a detailed internal check on a {@link Uri} to determine if a UID * is able to access it with specific mode flags. *

* This method is typically used when the provider implements more dynamic * access controls that cannot be expressed with {@code } * style static rules. *

* Because validation of these dynamic access controls has significant * system health impact, this feature is only available to providers that * are built into the system. * * @param uri the {@link Uri} to perform an access check on. * @param uid the UID to check the permission for. * @param modeFlags the access flags to use for the access check, such as * {@link Intent#FLAG_GRANT_READ_URI_PERMISSION}. * @return {@link PackageManager#PERMISSION_GRANTED} if access is allowed, * otherwise {@link PackageManager#PERMISSION_DENIED}. * @hide */ @Override @SystemApi public int checkUriPermission(@NonNull Uri uri, int uid, @Intent.AccessUriMode int modeFlags) { return PackageManager.PERMISSION_DENIED; } /** * @hide * Implementation when a caller has performed an insert on the content * provider, but that call has been rejected for the operation given * to {@link #setAppOps(int, int)}. The default implementation simply * returns a URI that is the base URI with a 0 path element appended. */ public Uri rejectInsert(Uri uri, ContentValues values) { // If not allowed, we need to return some reasonable URI. Maybe the // content provider should be responsible for this, but for now we // will just return the base URI with a '0' tagged on to it. // You shouldn't be able to read if you can't write, anyway, so it // shouldn't matter much what is returned. return uri.buildUpon().appendPath("0").build(); } /** * Implement this to handle requests to insert a new row. As a courtesy, * call * {@link ContentResolver#notifyChange(android.net.Uri ,android.database.ContentObserver) * notifyChange()} after inserting. This method can be called from multiple * threads, as described in Processes * and Threads. * * @param uri The content:// URI of the insertion request. * @param values A set of column_name/value pairs to add to the database. * @return The URI for the newly inserted item. */ public abstract @Nullable Uri insert(@NonNull Uri uri, @Nullable ContentValues values); /** * Implement this to handle requests to insert a new row. As a courtesy, * call * {@link ContentResolver#notifyChange(android.net.Uri ,android.database.ContentObserver) * notifyChange()} after inserting. This method can be called from multiple * threads, as described in Processes * and Threads. * * @param uri The content:// URI of the insertion request. * @param values A set of column_name/value pairs to add to the database. * @param extras A Bundle containing additional information necessary for * the operation. Arguments may include SQL style arguments, such * as {@link ContentResolver#QUERY_ARG_SQL_LIMIT}, but note that * the documentation for each individual provider will indicate * which arguments they support. * @return The URI for the newly inserted item. * @throws IllegalArgumentException if the provider doesn't support one of * the requested Bundle arguments. */ @Override public @Nullable Uri insert(@NonNull Uri uri, @Nullable ContentValues values, @Nullable Bundle extras) { return insert(uri, values); } /** * Override this to handle requests to insert a set of new rows, or the * default implementation will iterate over the values and call * {@link #insert} on each of them. * As a courtesy, call {@link ContentResolver#notifyChange(android.net.Uri ,android.database.ContentObserver) notifyChange()} * after inserting. * This method can be called from multiple threads, as described in * Processes * and Threads. * * @param uri The content:// URI of the insertion request. * @param values An array of sets of column_name/value pairs to add to the database. * This must not be {@code null}. * @return The number of values that were inserted. */ @Override public int bulkInsert(@NonNull Uri uri, @NonNull ContentValues[] values) { int numValues = values.length; for (int i = 0; i < numValues; i++) { insert(uri, values[i]); } return numValues; } /** * Implement this to handle requests to delete one or more rows. The * implementation should apply the selection clause when performing * deletion, allowing the operation to affect multiple rows in a directory. * As a courtesy, call * {@link ContentResolver#notifyChange(android.net.Uri ,android.database.ContentObserver) * notifyChange()} after deleting. This method can be called from multiple * threads, as described in Processes * and Threads. *

* The implementation is responsible for parsing out a row ID at the end of * the URI, if a specific row is being deleted. That is, the client would * pass in content://contacts/people/22 and the implementation * is responsible for parsing the record number (22) when creating a SQL * statement. * * @param uri The full URI to query, including a row ID (if a specific * record is requested). * @param extras A Bundle containing additional information necessary for * the operation. Arguments may include SQL style arguments, such * as {@link ContentResolver#QUERY_ARG_SQL_LIMIT}, but note that * the documentation for each individual provider will indicate * which arguments they support. * @throws IllegalArgumentException if the provider doesn't support one of * the requested Bundle arguments. * @throws SQLException */ @Override public int delete(@NonNull Uri uri, @Nullable Bundle extras) { extras = (extras != null) ? extras : Bundle.EMPTY; return delete(uri, extras.getString(ContentResolver.QUERY_ARG_SQL_SELECTION), extras.getStringArray(ContentResolver.QUERY_ARG_SQL_SELECTION_ARGS)); } /** * Implement this to handle requests to update one or more rows. The * implementation should update all rows matching the selection to set the * columns according to the provided values map. As a courtesy, call * {@link ContentResolver#notifyChange(android.net.Uri ,android.database.ContentObserver) * notifyChange()} after updating. This method can be called from multiple * threads, as described in Processes * and Threads. * * @param uri The URI to query. This can potentially have a record ID if * this is an update request for a specific record. * @param values A set of column_name/value pairs to update in the database. * @param selection An optional filter to match rows to update. * @return the number of rows affected. */ public abstract int update(@NonNull Uri uri, @Nullable ContentValues values, @Nullable String selection, @Nullable String[] selectionArgs); /** * Implement this to handle requests to update one or more rows. The * implementation should update all rows matching the selection to set the * columns according to the provided values map. As a courtesy, call * {@link ContentResolver#notifyChange(android.net.Uri ,android.database.ContentObserver) * notifyChange()} after updating. This method can be called from multiple * threads, as described in Processes * and Threads. * * @param uri The URI to query. This can potentially have a record ID if * this is an update request for a specific record. * @param values A set of column_name/value pairs to update in the database. * @param extras A Bundle containing additional information necessary for * the operation. Arguments may include SQL style arguments, such * as {@link ContentResolver#QUERY_ARG_SQL_LIMIT}, but note that * the documentation for each individual provider will indicate * which arguments they support. * @return the number of rows affected. * @throws IllegalArgumentException if the provider doesn't support one of * the requested Bundle arguments. */ @Override public int update(@NonNull Uri uri, @Nullable ContentValues values, @Nullable Bundle extras) { extras = (extras != null) ? extras : Bundle.EMPTY; return update(uri, values, extras.getString(ContentResolver.QUERY_ARG_SQL_SELECTION), extras.getStringArray(ContentResolver.QUERY_ARG_SQL_SELECTION_ARGS)); } /** * Override this to handle requests to open a file blob. * The default implementation always throws {@link FileNotFoundException}. * This method can be called from multiple threads, as described in * Processes * and Threads. * *

This method returns a ParcelFileDescriptor, which is returned directly * to the caller. This way large data (such as images and documents) can be * returned without copying the content. * *

The returned ParcelFileDescriptor is owned by the caller, so it is * their responsibility to close it when done. That is, the implementation * of this method should create a new ParcelFileDescriptor for each call. *

* If opened with the exclusive "r" or "w" modes, the returned * ParcelFileDescriptor can be a pipe or socket pair to enable streaming * of data. Opening with the "rw" or "rwt" modes implies a file on disk that * supports seeking. *

* If you need to detect when the returned ParcelFileDescriptor has been * closed, or if the remote process has crashed or encountered some other * error, you can use {@link ParcelFileDescriptor#open(File, int, * android.os.Handler, android.os.ParcelFileDescriptor.OnCloseListener)}, * {@link ParcelFileDescriptor#createReliablePipe()}, or * {@link ParcelFileDescriptor#createReliableSocketPair()}. *

* If you need to return a large file that isn't backed by a real file on * disk, such as a file on a network share or cloud storage service, * consider using * {@link StorageManager#openProxyFileDescriptor(int, android.os.ProxyFileDescriptorCallback, android.os.Handler)} * which will let you to stream the content on-demand. * *

For use in Intents, you will want to implement {@link #getType} * to return the appropriate MIME type for the data returned here with * the same URI. This will allow intent resolution to automatically determine the data MIME * type and select the appropriate matching targets as part of its operation.

* *

For better interoperability with other applications, it is recommended * that for any URIs that can be opened, you also support queries on them * containing at least the columns specified by {@link android.provider.OpenableColumns}. * You may also want to support other common columns if you have additional meta-data * to supply, such as {@link android.provider.MediaStore.MediaColumns#DATE_ADDED} * in {@link android.provider.MediaStore.MediaColumns}.

This method returns a ParcelFileDescriptor, which is returned directly * to the caller. This way large data (such as images and documents) can be * returned without copying the content. * *

* *

If you implement this, your clients must be able to deal with such * file slices, either directly with * {@link ContentResolver#openAssetFileDescriptor}, or by using the higher-level * {@link ContentResolver#openInputStream ContentResolver.openInputStream} * or {@link ContentResolver#openOutputStream ContentResolver.openOutputStream} * methods. *

* The returned AssetFileDescriptor can be a pipe or socket pair to enable * streaming of data. * *

If you are implementing this to return a full file, you * should create the AssetFileDescriptor with * {@link AssetFileDescriptor#UNKNOWN_LENGTH} to be compatible with * applications that cannot handle sub-sections of files.

* *

* The returned AssetFileDescriptor can be a pipe or socket pair to enable * streaming of data. * *

* *

* * @param uri The URI whose file is to be opened. * @param mode The string representation of the file mode. Can be "r", "w", "wt", "wa", "rw" * or "rwt". Please note the exact implementation of these may differ for each * Provider implementation - for example, "w" may or may not truncate. * @param signal A signal to cancel the operation in progress, or * {@code null} if none. For example, if you are downloading a * file from the network to service a "rw" mode request, you * should periodically call * {@link CancellationSignal#throwIfCanceled()} to check whether * the client has canceled the request and abort the download. * * @return Returns a new AssetFileDescriptor which you can use to access * the file. * * @throws FileNotFoundException Throws FileNotFoundException if there is * no file associated with the given URI or the mode is invalid. * @throws SecurityException Throws SecurityException if the caller does * not have permission to access the file. * * @see #openFile(Uri, String) * @see #openFileHelper(Uri, String) * @see #getType(android.net.Uri) */ @Override public @Nullable AssetFileDescriptor openAssetFile(@NonNull Uri uri, @NonNull String mode, @Nullable CancellationSignal signal) throws FileNotFoundException { return openAssetFile(uri, mode); } /** * Convenience for subclasses that wish to implement {@link #openFile} * by looking up a column named "_data" at the given URI. * * @param uri The URI to be opened. * @param mode The string representation of the file mode. Can be "r", "w", "wt", "wa", "rw" * or "rwt". Please note the exact implementation of these may differ for each * Provider implementation - for example, "w" may or may not truncate. * * @return Returns a new ParcelFileDescriptor that can be used by the * client to access the file. */ protected final @NonNull ParcelFileDescriptor openFileHelper(@NonNull Uri uri, @NonNull String mode) throws FileNotFoundException { Cursor c = query(uri, new String[]{"_data"}, null, null, null); int count = (c != null) ? c.getCount() : 0; if (count != 1) { // If there is not exactly one result, throw an appropriate // exception. if (c != null) { c.close(); } if (count == 0) { throw new FileNotFoundException("No entry for " + uri); } throw new FileNotFoundException("Multiple items at " + uri); } c.moveToFirst(); int i = c.getColumnIndex("_data"); String path = (i >= 0 ? c.getString(i) : null); c.close(); if (path == null) { throw new FileNotFoundException("Column _data not found."); } int modeBits = ParcelFileDescriptor.parseMode(mode); return ParcelFileDescriptor.open(new File(path), modeBits); } /** * Called by a client to determine the types of data streams that this * content provider supports for the given URI. The default implementation * returns {@code null}, meaning no types. If your content provider stores data * of a particular type, return that MIME type if it matches the given * mimeTypeFilter. If it can perform type conversions, return an array * of all supported MIME types that match mimeTypeFilter. * * @param uri The data in the content provider being queried. * @param mimeTypeFilter The type of data the client desires. May be * a pattern, such as */* to retrieve all possible data types. * @return Returns {@code null} if there are no possible data streams for the * given mimeTypeFilter. Otherwise returns an array of all available * concrete MIME types. * * @see #getType(Uri) * @see #openTypedAssetFile(Uri, String, Bundle) * @see ClipDescription#compareMimeTypes(String, String) */ @Override public @Nullable String[] getStreamTypes(@NonNull Uri uri, @NonNull String mimeTypeFilter) { return null; } /** * Called by a client to open a read-only stream containing data of a * particular MIME type. This is like {@link #openAssetFile(Uri, String)}, * except the file can only be read-only and the content provider may * perform data conversions to generate data of the desired type. * *

The default implementation compares the given mimeType against the * result of {@link #getType(Uri)} and, if they match, simply calls * {@link #openAssetFile(Uri, String)}. * *

See {@link ClipData} for examples of the use and implementation * of this method. *

* The returned AssetFileDescriptor can be a pipe or socket pair to enable * streaming of data. * *

The default implementation compares the given mimeType against the * result of {@link #getType(Uri)} and, if they match, simply calls * {@link #openAssetFile(Uri, String)}. * *

See {@link ClipData} for examples of the use and implementation * of this method. *

* The returned AssetFileDescriptor can be a pipe or socket pair to enable * streaming of data. * *

* * @param uri The data in the content provider being queried. * @param mimeTypeFilter The type of data the client desires. May be * a pattern, such as */*, if the caller does not have specific type * requirements; in this case the content provider will pick its best * type matching the pattern. * @param opts Additional options from the client. The definitions of * these are specific to the content provider being called. * @param signal A signal to cancel the operation in progress, or * {@code null} if none. For example, if you are downloading a * file from the network to service a "rw" mode request, you * should periodically call * {@link CancellationSignal#throwIfCanceled()} to check whether * the client has canceled the request and abort the download. * * @return Returns a new AssetFileDescriptor from which the client can * read data of the desired type. * * @throws FileNotFoundException Throws FileNotFoundException if there is * no file associated with the given URI or the mode is invalid. * @throws SecurityException Throws SecurityException if the caller does * not have permission to access the data. * @throws IllegalArgumentException Throws IllegalArgumentException if the * content provider does not support the requested MIME type. * * @see #getStreamTypes(Uri, String) * @see #openAssetFile(Uri, String) * @see ClipDescription#compareMimeTypes(String, String) */ @Override public @Nullable AssetFileDescriptor openTypedAssetFile(@NonNull Uri uri, @NonNull String mimeTypeFilter, @Nullable Bundle opts, @Nullable CancellationSignal signal) throws FileNotFoundException { return openTypedAssetFile(uri, mimeTypeFilter, opts); } /** * Interface to write a stream of data to a pipe. Use with * {@link ContentProvider#openPipeHelper}. */ public interface PipeDataWriter { /** * Called from a background thread to stream data out to a pipe. * Note that the pipe is blocking, so this thread can block on * writes for an arbitrary amount of time if the client is slow * at reading. * * @param output The pipe where data should be written. This will be * closed for you upon returning from this function. * @param uri The URI whose data is to be written. * @param mimeType The desired type of data to be written. * @param opts Options supplied by caller. * @param args Your own custom arguments. */ public void writeDataToPipe(@NonNull ParcelFileDescriptor output, @NonNull Uri uri, @NonNull String mimeType, @Nullable Bundle opts, @Nullable T args); } /** * A helper function for implementing {@link #openTypedAssetFile}, for * creating a data pipe and background thread allowing you to stream * generated data back to the client. This function returns a new * ParcelFileDescriptor that should be returned to the caller (the caller * is responsible for closing it). * * @param uri The URI whose data is to be written. * @param mimeType The desired type of data to be written. * @param opts Options supplied by caller. * @param args Your own custom arguments. * @param func Interface implementing the function that will actually * stream the data. * @return Returns a new ParcelFileDescriptor holding the read side of * the pipe. This should be returned to the caller for reading; the caller * is responsible for closing it when done. */ public @NonNull ParcelFileDescriptor openPipeHelper(final @NonNull Uri uri, final @NonNull String mimeType, final @Nullable Bundle opts, final @Nullable T args, final @NonNull PipeDataWriter func) throws FileNotFoundException { try { final ParcelFileDescriptor[] fds = ParcelFileDescriptor.createPipe(); AsyncTask task = new AsyncTask() { @Override protected Object doInBackground(Object... params) { func.writeDataToPipe(fds[1], uri, mimeType, opts, args); try { fds[1].close(); } catch (IOException e) { Log.w(TAG, "Failure closing pipe", e); } return null; } }; task.executeOnExecutor(AsyncTask.THREAD_POOL_EXECUTOR, (Object[])null); return fds[0]; } catch (IOException e) { throw new FileNotFoundException("failure making pipe"); } } /** * Returns true if this instance is a temporary content provider. * @return true if this instance is a temporary content provider */ protected boolean isTemporary() { return false; } /** * Returns the Binder object for this provider. * * @return the Binder object for this provider * @hide */ @UnsupportedAppUsage public IContentProvider getIContentProvider() { return mTransport; } /** * Like {@link #attachInfo(Context, android.content.pm.ProviderInfo)}, but for use * when directly instantiating the provider for testing. * @hide */ @UnsupportedAppUsage(maxTargetSdk = Build.VERSION_CODES.R, trackingBug = 170729553) public void attachInfoForTesting(Context context, ProviderInfo info) { attachInfo(context, info, true); } /** * After being instantiated, this is called to tell the content provider * about itself. * * @param context The context this provider is running in * @param info Registered information about this content provider */ public void attachInfo(Context context, ProviderInfo info) { attachInfo(context, info, false); } private void attachInfo(Context context, ProviderInfo info, boolean testing) { mNoPerms = testing; mCallingAttributionSource = new ThreadLocal<>(); /* * Only allow it to be set once, so after the content service gives * this to us clients can't change it. */ if (mContext == null) { mContext = context; if (context != null && mTransport != null) { mTransport.mAppOpsManager = (AppOpsManager) context.getSystemService( Context.APP_OPS_SERVICE); } mMyUid = Process.myUid(); if (info != null) { setReadPermission(info.readPermission); setWritePermission(info.writePermission); setPathPermissions(info.pathPermissions); mExported = info.exported; mSingleUser = (info.flags & ProviderInfo.FLAG_SINGLE_USER) != 0; mSystemUserOnly = (info.flags & ProviderInfo.FLAG_SYSTEM_USER_ONLY) != 0; setAuthorities(info.authority); } if (Build.IS_DEBUGGABLE) { setTransportLoggingEnabled(Log.isLoggable(getClass().getSimpleName(), Log.VERBOSE)); } ContentProvider.this.onCreate(); } } /** * Override this to handle requests to perform a batch of operations, or the * default implementation will iterate over the operations and call * {@link ContentProviderOperation#apply} on each of them. * If all calls to {@link ContentProviderOperation#apply} succeed * then a {@link ContentProviderResult} array with as many * elements as there were operations will be returned. If any of the calls * fail, it is up to the implementation how many of the others take effect. * This method can be called from multiple threads, as described in * Processes * and Threads. * * @param operations the operations to apply * @return the results of the applications * @throws OperationApplicationException thrown if any operation fails. * @see ContentProviderOperation#apply */ @Override public @NonNull ContentProviderResult[] applyBatch(@NonNull String authority, @NonNull ArrayList operations) throws OperationApplicationException { return applyBatch(operations); } public @NonNull ContentProviderResult[] applyBatch( @NonNull ArrayList operations) throws OperationApplicationException { final int numOperations = operations.size(); final ContentProviderResult[] results = new ContentProviderResult[numOperations]; for (int i = 0; i < numOperations; i++) { results[i] = operations.get(i).apply(this, results, i); } return results; } /** * Call a provider-defined method. This can be used to implement * interfaces that are cheaper and/or unnatural for a table-like * model. * *

WARNING: The framework does no permission checking * on this entry into the content provider besides the basic ability for the application * to get access to the provider at all. For example, it has no idea whether the call * being executed may read or write data in the provider, so can't enforce those * individual permissions. Any implementation of this method must * do its own permission checks on incoming calls to make sure they are allowed.

* * @param method method name to call. Opaque to framework, but should not be {@code null}. * @param arg provider-defined String argument. May be {@code null}. * @param extras provider-defined Bundle argument. May be {@code null}. * @return provider-defined return value. May be {@code null}, which is also * the default for providers which don't implement any call methods. */ @Override public @Nullable Bundle call(@NonNull String authority, @NonNull String method, @Nullable String arg, @Nullable Bundle extras) { return call(method, arg, extras); } public @Nullable Bundle call(@NonNull String method, @Nullable String arg, @Nullable Bundle extras) { return null; } /** * Implement this to shut down the ContentProvider instance. You can then * invoke this method in unit tests. * *

* Android normally handles ContentProvider startup and shutdown * automatically. You do not need to start up or shut down a * ContentProvider. When you invoke a test method on a ContentProvider, * however, a ContentProvider instance is started and keeps running after * the test finishes, even if a succeeding test instantiates another * ContentProvider. A conflict develops because the two instances are * usually running against the same underlying data source (for example, an * sqlite database). *

* Implementing shutDown() avoids this conflict by providing a way to * terminate the ContentProvider. This method can also prevent memory leaks * from multiple instantiations of the ContentProvider, and it can ensure * unit test isolation by allowing you to completely clean up the test * fixture before moving on to the next test. *

*/ public void shutdown() { Log.w(TAG, "implement ContentProvider shutdown() to make sure all database " + "connections are gracefully shutdown"); } /** * Print the Provider's state into the given stream. This gets invoked if * you run "adb shell dumpsys activity provider <provider_component_name>". * * @param fd The raw file descriptor that the dump is being sent to. * @param writer The PrintWriter to which you should dump your state. This will be * closed for you after you return. * @param args additional arguments to the dump request. */ public void dump(FileDescriptor fd, PrintWriter writer, String[] args) { writer.println("nothing to dump"); } private void validateIncomingAuthority(String authority) throws SecurityException { if (!matchesOurAuthorities(getAuthorityWithoutUserId(authority))) { String message = "The authority " + authority + " does not match the one of the " + "contentProvider: "; if (mAuthority != null) { message += mAuthority; } else { message += Arrays.toString(mAuthorities); } throw new SecurityException(message); } } /** @hide */ @VisibleForTesting public Uri validateIncomingUri(Uri uri) throws SecurityException { String auth = uri.getAuthority(); if (!mSingleUser) { int userId = getUserIdFromAuthority(auth, UserHandle.USER_CURRENT); if (deniedAccessSystemUserOnlyProvider(mContext.getUserId(), mSystemUserOnly)) { throw new SecurityException("Trying to query a SYSTEM user only content" + " provider from user:" + mContext.getUserId()); } if (userId != UserHandle.USER_CURRENT && userId != mContext.getUserId() // Since userId specified in content uri, the provider userId would be // determined from it. && !isContentRedirectionAllowedForUser(userId)) { throw new SecurityException("trying to query a ContentProvider in user " + mContext.getUserId() + " with a uri belonging to user " + userId); } } validateIncomingAuthority(auth); // Normalize the path by removing any empty path segments, which can be // a source of security issues. final String encodedPath = uri.getEncodedPath(); if (encodedPath != null && encodedPath.indexOf("//") != -1) { final Uri normalized = uri.buildUpon() .encodedPath(encodedPath.replaceAll("//+", "/")).build(); Log.w(TAG, "Normalized " + uri + " to " + normalized + " to avoid possible security issues"); return normalized; } else { return uri; } } /** @hide */ @android.ravenwood.annotation.RavenwoodKeep private Uri maybeGetUriWithoutUserId(Uri uri) { if (mSingleUser) { return uri; } return getUriWithoutUserId(uri); } /** @hide */ @android.ravenwood.annotation.RavenwoodKeep public static int getUserIdFromAuthority(String auth, int defaultUserId) { if (auth == null) return defaultUserId; int end = auth.lastIndexOf('@'); if (end == -1) return defaultUserId; String userIdString = auth.substring(0, end); try { return Integer.parseInt(userIdString); } catch (NumberFormatException e) { Log.w(TAG, "Error parsing userId.", e); return UserHandle.USER_NULL; } } /** @hide */ @android.ravenwood.annotation.RavenwoodKeep public static int getUserIdFromAuthority(String auth) { return getUserIdFromAuthority(auth, UserHandle.USER_CURRENT); } /** @hide */ @android.ravenwood.annotation.RavenwoodKeep public static int getUserIdFromUri(Uri uri, int defaultUserId) { if (uri == null) return defaultUserId; return getUserIdFromAuthority(uri.getAuthority(), defaultUserId); } /** @hide */ @android.ravenwood.annotation.RavenwoodKeep public static int getUserIdFromUri(Uri uri) { return getUserIdFromUri(uri, UserHandle.USER_CURRENT); } /** * Returns the user associated with the given URI. * * @hide */ @TestApi @android.ravenwood.annotation.RavenwoodKeep public @NonNull static UserHandle getUserHandleFromUri(@NonNull Uri uri) { return UserHandle.of(getUserIdFromUri(uri, Process.myUserHandle().getIdentifier())); } /** * Removes userId part from authority string. Expects format: * userId@some.authority * If there is no userId in the authority, it symply returns the argument * @hide */ @android.ravenwood.annotation.RavenwoodKeep public static String getAuthorityWithoutUserId(String auth) { if (auth == null) return null; int end = auth.lastIndexOf('@'); return auth.substring(end+1); } /** @hide */ @android.ravenwood.annotation.RavenwoodKeep public static Uri getUriWithoutUserId(Uri uri) { if (uri == null) return null; Uri.Builder builder = uri.buildUpon(); builder.authority(getAuthorityWithoutUserId(uri.getAuthority())); return builder.build(); } /** @hide */ @android.ravenwood.annotation.RavenwoodKeep public static boolean uriHasUserId(Uri uri) { if (uri == null) return false; return !TextUtils.isEmpty(uri.getUserInfo()); } /** * Returns the given content URI explicitly associated with the given {@link UserHandle}. * * @param contentUri The content URI to be associated with a user handle. * @param userHandle The user handle with which to associate the URI. * * @throws IllegalArgumentException if *

the given URI is not content URI (a content URI has {@link Uri#getScheme} equal to * {@link ContentResolver.SCHEME_CONTENT}) or
the given URI is already explicitly associated with a {@link UserHandle}, which is * different than the given one.

* * @hide */ @NonNull @SystemApi(client = SystemApi.Client.MODULE_LIBRARIES) @android.ravenwood.annotation.RavenwoodKeep public static Uri createContentUriForUser( @NonNull Uri contentUri, @NonNull UserHandle userHandle) { if (!ContentResolver.SCHEME_CONTENT.equals(contentUri.getScheme())) { throw new IllegalArgumentException(String.format( "Given URI [%s] is not a content URI: ", contentUri)); } int userId = userHandle.getIdentifier(); if (uriHasUserId(contentUri)) { if (String.valueOf(userId).equals(contentUri.getUserInfo())) { return contentUri; } throw new IllegalArgumentException(String.format( "Given URI [%s] already has a user ID, different from given user handle [%s]", contentUri, userId)); } Uri.Builder builder = contentUri.buildUpon(); builder.encodedAuthority( "" + userHandle.getIdentifier() + "@" + contentUri.getEncodedAuthority()); return builder.build(); } /** @hide */ @UnsupportedAppUsage @android.ravenwood.annotation.RavenwoodKeep public static Uri maybeAddUserId(Uri uri, int userId) { if (uri == null) return null; if (userId != UserHandle.USER_CURRENT && ContentResolver.SCHEME_CONTENT.equals(uri.getScheme())) { if (!uriHasUserId(uri)) { //We don't add the user Id if there's already one Uri.Builder builder = uri.buildUpon(); builder.encodedAuthority("" + userId + "@" + uri.getEncodedAuthority()); return builder.build(); } } return uri; } private static void traceBegin(long traceTag, String methodName, String subInfo) { if (Trace.isTagEnabled(traceTag)) { Trace.traceBegin(traceTag, methodName + subInfo); } } /** * Return true if access to content provider is denied because it's a SYSTEM user only * provider and the calling user is not the SYSTEM user. * * @param callingUserId UserId of the caller accessing the content provider. * @param systemUserOnly true when the content provider is only available for the SYSTEM user. */ private static boolean deniedAccessSystemUserOnlyProvider(int callingUserId, boolean systemUserOnly) { return Flags.enableSystemUserOnlyForServicesAndProviders() && (callingUserId != UserHandle.USER_SYSTEM && systemUserOnly); } }