Application of ContentProvider in the development of "Menager passwords"
carriann last edited by
What, in your view, are data access security mechanisms to be used in the implementation of the content provider? Which isn't necessary, but maybe? A scenario is being considered where both applications with limited access (only reading some of the data) and a major management annex will be available.
Marcee last edited by
Since the TC was talking about the password manager, I would risk making two assumptions:
- The contents of the OBD are encrypted
- The key is generated at the time of the laser login into the program.
This is commonplace in the creation of a password manager (also the man who has written several such programmes).
Now we'll turn to
ContentProvider- they can or
exported- the difference between them is that
exportedavailable external programme - in this case
ContentProviderBehaves like a port in an outward program. Depending on the situation at the port, it may or may only be written or read (the complete list of operations is standard https://en.wikipedia.org/wiki/Create,_read,_update_and_delete operations).
I'll risk assuming again that once the TC is interested in a way of protecting
ContentProvider'Cause obviously he wants the provider to be.
exported=true- or you can make it.
exported=falseand forget the problem.
exported=trueThe provider is needed at the password manager if there's a need for some sort of venting to the OBD passwords bypassing the programme itself and getting the data from there (for example, just the number of records, the xash of encryption, or something's relatively harmless). Count on
ContentProvideras a way of protecting data is pointless. Any data on Android can be obtained directly - enough to have superuser's rights.
Now we're close. Almost everything is written at the Manifest level (except the service provider's own code naturally):
<manifest xmlns:android="http://schemas.android.com/apk/res/android" package="ru.mypackage" android:sharedUserId="ru.mypackage.shared.user.id" android:sharedUserLabel="@string/myapp">
<permission android:name="ru.mypackage.MyProvider" android:protectionLevel="signature" /> <uses-permission android:name="ru.mypackage.MyProvider" /> <application <!--blah-blah--> > <provider android:name="ru.mypackage.MyProvider" android:authorities="ru.mypackage" android:exported="true" android:readPermission="ru.mypackage.MyProvider" /> </application>
It's more and less clear than a paragraph c.
android:sharedUserId="ru.mypackage.shared.user.id"It's an alternative instead of making a garden out of town.
ContentProvider'In fact, this's a declaration that access to this annex is open to an identical annex.
sharedUserIdand the overlapping signature - the application in the private catalogue is default and is closed to the other annexes. So if you need access to access to data, you can sometimes get out of the data without a provider and you can bluntly open the data in this way.
Otherwise, your caste-based service provider is basically being created, protected by your signature. I mean, access to the provider will only have an app with a perishable.
ru.mypackage.MyProviderand having the same signature as your annex.
Next thing you know,
exportedThe provider is in fact a separate process that starts at the time of installation of the application or at the time of the system launch and lives without your application. Accordingly, it is permissible that there is an appeal to the provider, but the application itself has not yet been launched. And as we recall, it's a password manager, that is, the decoding key is generated when it enters the system. What do we have? We're dealing with the provider, and there's no data decoding key. Okay, if the provider doesn't need a key, what if he needs it? If you need a key, you need to start the application directly from the service provider.
In general, the provider should know whether the annex has been launched and if it has not been initiated or completed its work or is to launch it through.
Uff's like everything.
P.S. I'd think
ContentProviderYou don't need a password manager - so much hemore will be: