4.3.1.2 创建/使用公共内容供应器

公共内容供应器是应该由未指定的大量应用使用的内容供应器。 需要注意的是,由于它不指定客户端,它可能会受到恶意软件的攻击和篡改。 例如,可以通过select()获取保存的数据,可以通过update()更改数据,或者可以通过insert()/ delete()插入/删除假数据。

另外,在使用 Android OS 未提供的自定义公共内容供应器时,需要注意的是,恶意软件可能会接收到请求参数,伪装成自定义公共内容供应器,并且也可能发送攻击数据。 Android OS 提供的联系人和 MediaStore 也是公共内容提供商,但恶意软件不能伪装成它们。

实现公共内容供应器的样例代码展示在下面:

要点(创建内容供应器):

  1. 将导出的属性显式设置为true

  2. 仔细安全地处理收到的请求数据。

  3. 返回结果时,请勿包含敏感信息。

AndroidManifest.xml

  1. <?xml version="1.0" encoding="utf-8"?>
  2. <manifest xmlns:android="http://schemas.android.com/apk/res/android"
  3.     package="org.jssec.android.provider.publicprovider">
  5.     <application
  6.         android:icon="@drawable/ic_launcher"
  7.         android:label="@string/app_name" >
  9.         <!-- *** POINT 1 *** Explicitly set the exported attribute to true. -->
  10.         <provider
  11.         android:name=".PublicProvider"
  12.         android:authorities="org.jssec.android.provider.publicprovider"
  13.         android:exported="true" />
  14.     </application>
  15. </manifest>

PublicProvider.java

  1. package org.jssec.android.provider.publicprovider;
  3. import android.content.ContentProvider;
  4. import android.content.ContentUris;
  5. import android.content.ContentValues;
  6. import android.content.UriMatcher;
  7. import android.database.Cursor;
  8. import android.database.MatrixCursor;
  9. import android.net.Uri;
  11. public class PublicProvider extends ContentProvider {
  13.     public static final String AUTHORITY = "org.jssec.android.provider.publicprovider";
  14.     public static final String CONTENT_TYPE = "vnd.android.cursor.dir/vnd.org.jssec.contenttype";
  15.     public static final String CONTENT_ITEM_TYPE = "vnd.android.cursor.item/vnd.org.jssec.contenttype";
  16.     // Expose the interface that the Content Provider provides.
  18.     public interface Download {
  19.         public static final String PATH = "downloads";
  20.         public static final Uri CONTENT_URI = Uri.parse("content://" + AUTHORITY + "/" + PATH);
  21.     }
  23.     public interface Address {
  24.         public static final String PATH = "addresses";
  25.         public static final Uri CONTENT_URI = Uri.parse("content://" + AUTHORITY + "/" + PATH);
  26.     }
  28.     // UriMatcher
  29.     private static final int DOWNLOADS_CODE = 1;
  30.     private static final int DOWNLOADS_ID_CODE = 2;
  31.     private static final int ADDRESSES_CODE = 3;
  32.     private static final int ADDRESSES_ID_CODE = 4;
  33.     private static UriMatcher sUriMatcher;
  35.     static {
  36.         sUriMatcher = new UriMatcher(UriMatcher.NO_MATCH);
  37.         sUriMatcher.addURI(AUTHORITY, Download.PATH, DOWNLOADS_CODE);
  38.         sUriMatcher.addURI(AUTHORITY, Download.PATH + "/#", DOWNLOADS_ID_CODE);
  39.         sUriMatcher.addURI(AUTHORITY, Address.PATH, ADDRESSES_CODE);
  40.         sUriMatcher.addURI(AUTHORITY, Address.PATH + "/#", ADDRESSES_ID_CODE);
  41.     }
  43.     // Since this is a sample program,
  44.     // query method returns the following fixed result always without using database.
  45.     private static MatrixCursor sAddressCursor = new MatrixCursor(new String[] { "_id", "city" });
  47.     static {
  48.         sAddressCursor.addRow(new String[] { "1", "New York" });
  49.         sAddressCursor.addRow(new String[] { "2", "London" });
  50.         sAddressCursor.addRow(new String[] { "3", "Paris" });
  51.     }
  53.     private static MatrixCursor sDownloadCursor = new MatrixCursor(new String[] { "_id", "path" });
  55.     static {
  56.         sDownloadCursor.addRow(new String[] { "1", "/sdcard/downloads/sample.jpg" });
  57.         sDownloadCursor.addRow(new String[] { "2", "/sdcard/downloads/sample.txt" });
  58.     }
  60.     @Override
  61.     public boolean onCreate() {
  62.         return true;
  63.     }
  65.     @Override
  66.     public String getType(Uri uri) {
  67.         switch (sUriMatcher.match(uri)) {
  68.             case DOWNLOADS_CODE:
  69.             case ADDRESSES_CODE:
  70.                 return CONTENT_TYPE;
  71.             case DOWNLOADS_ID_CODE:
  72.             case ADDRESSES_ID_CODE:
  73.                 return CONTENT_ITEM_TYPE;
  74.             default:
  75.                 throw new IllegalArgumentException("Invalid URI:" + uri);
  76.         }
  77.     }
  79.     @Override
  80.     public Cursor query(Uri uri, String[] projection, String selection,
  81.     String[] selectionArgs, String sortOrder) {
  82.         // *** POINT 2 *** Handle the received request data carefully and securely.
  83.         // Here, whether uri is within expectations or not, is verified by UriMatcher#match() and switch case.
  84.         // Checking for other parameters are omitted here, due to sample.
  85.         // Refer to "3.2 Handle Input Data Carefully and Securely."
  86.         // *** POINT 3 *** When returning a result, do not include sensitive information.
  87.         // It depends on application whether the query result has sensitive meaning or not.
  88.         // If no problem when the information is taken by malware, it can be returned as result.
  89.         switch (sUriMatcher.match(uri)) {
  90.             case DOWNLOADS_CODE:
  91.             case DOWNLOADS_ID_CODE:
  92.                 return sDownloadCursor;
  93.             case ADDRESSES_CODE:
  94.             case ADDRESSES_ID_CODE:
  95.                 return sAddressCursor;
  96.             default:
  97.                 throw new IllegalArgumentException("Invalid URI:" + uri);
  98.         }
  99.     }
  101.     @Override
  102.     public Uri insert(Uri uri, ContentValues values) {
  103.         // *** POINT 2 *** Handle the received request data carefully and securely.
  104.         // Here, whether uri is within expectations or not, is verified by UriMatcher#match() and switch case.
  105.         // Checking for other parameters are omitted here, due to sample.
  106.         // Refer to "3.2 Handle Input Data Carefully and Securely."
  107.         // *** POINT 3 *** When returning a result, do not include sensitive information.
  108.         // It depends on application whether the issued ID has sensitive meaning or not.
  109.         // If no problem when the information is taken by malware, it can be returned as result.
  110.         switch (sUriMatcher.match(uri)) {
  111.             case DOWNLOADS_CODE:
  112.                 return ContentUris.withAppendedId(Download.CONTENT_URI, 3);
  113.             case ADDRESSES_CODE:
  114.                 return ContentUris.withAppendedId(Address.CONTENT_URI, 4);
  115.             default:
  116.                 throw new IllegalArgumentException("Invalid URI:" + uri);
  117.         }
  118.     }
  120.     @Override
  121.     public int update(Uri uri, ContentValues values, String selection,
  122.         String[] selectionArgs) {
  123.         // *** POINT 2 *** Handle the received request data carefully and securely.
  124.         // Here, whether uri is within expectations or not, is verified by UriMatcher#match() and switch case.
  125.         // Checking for other parameters are omitted here, due to sample.
  126.         // Refer to "3.2 Handle Input Data Carefully and Securely."
  127.         // *** POINT 3 *** When returning a result, do not include sensitive information.
  128.         // It depends on application whether the number of updated records has sensitive meaning or not.
  129.         // If no problem when the information is taken by malware, it can be returned as result.
  130.         switch (sUriMatcher.match(uri)) {
  131.             case DOWNLOADS_CODE:
  132.                 return 5; // Return number of updated records
  133.             case DOWNLOADS_ID_CODE:
  134.                 return 1;
  135.             case ADDRESSES_CODE:
  136.                 return 15;
  137.             case ADDRESSES_ID_CODE:
  138.                 return 1;
  139.             default:
  140.                 throw new IllegalArgumentException("Invalid URI:" + uri);
  141.         }
  142.     }
  144.     @Override
  145.     public int delete(Uri uri, String selection, String[] selectionArgs) {
  146.         // *** POINT 2 *** Handle the received request data carefully and securely.
  147.         // Here, whether uri is within expectations or not, is verified by UriMatcher#match() and switch case.
  148.         // Checking for other parameters are omitted here, due to sample.
  149.         // Refer to "3.2 Handle Input Data Carefully and Securely."
  150.         // *** POINT 3 *** When returning a result, do not include sensitive information.
  151.         // It depends on application whether the number of deleted records has sensitive meaning or not.
  152.         // If no problem when the information is taken by malware, it can be returned as result.
  153.         switch (sUriMatcher.match(uri)) {
  154.             case DOWNLOADS_CODE:
  155.                 return 10; // Return number of deleted records
  156.             case DOWNLOADS_ID_CODE:
  157.                 return 1;
  158.             case ADDRESSES_CODE:
  159.                 return 20;
  160.             case ADDRESSES_ID_CODE:
  161.                 return 1;
  162.             default:
  163.                 throw new IllegalArgumentException("Invalid URI:" + uri);
  164.         }
  165.     }
  166. }

下面是使用公共内容供应器的活动示例。

要点(使用内容供应器):

  1. 不要发送敏感信息

  2. 收到结果时,小心和安全地处理结果数据

PublicUserActivity.java

  1. package org.jssec.android.provider.publicuser;
  3. import android.app.Activity;
  4. import android.content.ContentValues;
  5. import android.content.pm.ProviderInfo;
  6. import android.database.Cursor;
  7. import android.net.Uri;
  8. import android.os.Bundle;
  9. import android.view.View;
  10. import android.widget.TextView;
  12. public class PublicUserActivity extends Activity {
  14.     // Target Content Provider Information
  15.     private static final String AUTHORITY = "org.jssec.android.provider.publicprovider";
  17.     private interface Address {
  18.         public static final String PATH = "addresses";
  19.         public static final Uri CONTENT_URI = Uri.parse("content://" + AUTHORITY + "/" + PATH);
  20.     }
  22.     public void onQueryClick(View view) {
  23.         logLine("[Query]");
  24.         if (!providerExists(Address.CONTENT_URI)) {
  25.             logLine(" Content Provider doesn't exist.");
  26.             return;
  27.         }
  28.         Cursor cursor = null;
  29.         try {
  30.             // *** POINT 4 *** Do not send sensitive information.
  31.             // since the target Content Provider may be malware.
  32.             // If no problem when the information is taken by malware, it can be included in the request.
  33.             cursor = getContentResolver().query(Address.CONTENT_URI, null, null, null, null);
  34.             // *** POINT 5 *** When receiving a result, handle the result data carefully and securely.
  35.             // Omitted, since this is a sample. Please refer to "3.2 Handling Input Data Carefully and Securely."
  36.             if (cursor == null) {
  37.                 logLine(" null cursor");
  38.             } else {
  39.                 boolean moved = cursor.moveToFirst();
  40.                 while (moved) {
  41.                     logLine(String.format(" %d, %s", cursor.getInt(0), cursor.getString(1)));
  42.                     moved = cursor.moveToNext();
  43.                 }
  44.             }
  45.         }
  46.         finally {
  47.             if (cursor != null) cursor.close();
  48.         }
  49.     }
  51.     public void onInsertClick(View view) {
  52.     logLine("[Insert]");
  53.         if (!providerExists(Address.CONTENT_URI)) {
  54.             logLine(" Content Provider doesn't exist.");
  55.             return;
  56.         }
  57.         // *** POINT 4 *** Do not send sensitive information.
  58.         // since the target Content Provider may be malware.
  59.         // If no problem when the information is taken by malware, it can be included in the request.
  60.         ContentValues values = new ContentValues();
  61.         values.put("city", "Tokyo");
  62.         Uri uri = getContentResolver().insert(Address.CONTENT_URI, values);
  63.         // *** POINT 5 *** When receiving a result, handle the result data carefully and securely.
  64.         // Omitted, since this is a sample. Please refer to "3.2 Handling Input Data Carefully and Securely."
  65.         logLine(" uri:" + uri);
  66.     }
  68.     public void onUpdateClick(View view) {
  69.     logLine("[Update]");
  70.         if (!providerExists(Address.CONTENT_URI)) {
  71.             logLine(" Content Provider doesn't exist.");
  72.             return;
  73.         }
  74.         // *** POINT 4 *** Do not send sensitive information.
  75.         // since the target Content Provider may be malware.
  76.         // If no problem when the information is taken by malware, it can be included in the request.
  77.         ContentValues values = new ContentValues();
  78.         values.put("city", "Tokyo");
  79.         String where = "_id = ?";
  80.         String[] args = { "4" };
  81.         int count = getContentResolver().update(Address.CONTENT_URI, values, where, args);
  82.         // *** POINT 5 *** When receiving a result, handle the result data carefully and securely.
  83.         // Omitted, since this is a sample. Please refer to "3.2 Handling Input Data Carefully and Securely."
  84.         logLine(String.format(" %s records updated", count));
  85.     }
  87.     public void onDeleteClick(View view) {
  88.     logLine("[Delete]");
  89.         if (!providerExists(Address.CONTENT_URI)) {
  90.             logLine(" Content Provider doesn't exist.");
  91.             return;
  92.         }
  93.         // *** POINT 4 *** Do not send sensitive information.
  94.         // since the target Content Provider may be malware.
  95.         // If no problem when the information is taken by malware, it can be included in the request.
  96.         int count = getContentResolver().delete(Address.CONTENT_URI, null, null);
  97.         // *** POINT 5 *** When receiving a result, handle the result data carefully and securely.
  98.         // Omitted, since this is a sample. Please refer to "3.2 Handling Input Data Carefully and Securely."
  99.         logLine(String.format(" %s records deleted", count));
  100.     }
  102.     private boolean providerExists(Uri uri) {
  103.         ProviderInfo pi = getPackageManager().resolveContentProvider(uri.getAuthority(), 0);
  104.         return (pi != null);
  105.     }
  107.     private TextView mLogView;
  109.     @Override
  110.     public void onCreate(Bundle savedInstanceState) {
  111.         super.onCreate(savedInstanceState);
  112.         setContentView(R.layout.main);
  113.         mLogView = (TextView)findViewById(R.id.logview);
  114.     }
  116.     private void logLine(String line) {
  117.         mLogView.append(line);
  118.         mLogView.append("¥n");
  119.     }
  120. }