search

VictorAlbertos / RxActivityResult

A reactive-tiny-badass-vindictive library to break with the OnActivityResult implementation as it breaks the observable chain.
Apache License 2.0
593 stars 72 forks source link

Permission Denial with ACTION_GET_CONTENT #41

Closed vekexasia closed 7 years ago

vekexasia commented 7 years ago

Hello,

I was in the process of using RxActivityResult to change the bad "code + onActivityResult override" pattern.

In particular, using Intent.ACTION_GET_CONTENT provides a SecurityException when trying to read the result.

Code is the following

    Intent pickerIntent = new Intent(Intent.ACTION_GET_CONTENT);
    pickerIntent.addCategory(Intent.CATEGORY_OPENABLE);
    pickerIntent.setType("image/*");
    RxActivityResult.on(this)
      .startIntent(Intent.createChooser(pickerIntent, null))
      .observeOn(AndroidSchedulers.mainThread())
      .subscribe(activityResult -> {
        Intent intent = activityResult.data();
        int resultCode = activityResult.resultCode();
        if (resultCode == Activity.RESULT_OK && intent != null) {
            if (intent.getDataString() != null) {
                  Timber.d("DataString: %s - %s",intent.getDataString(), intent.getData());
                  InputStream inputStream = getContext().getContentResolver().openInputStream(intent.getData());
                  FileOutputStream fos = new FileOutputStream(Utils.genCacheFile());
                  Utils.pipeIOOO(inputStream,fos); // <--- EXCEPTION
             }
         }
       });

The exception is the following: 

java.lang.SecurityException: Permission Denial: opening provider com.google.android.apps.photos.contentprovider.impl.MediaContentProvider from ProcessRecord{289c731 31097:com.andreabaccega.myprinter/u0a86} (pid=31097, uid=10086) that is not exported from uid 10065

It looks like that when using ACTION_GET_CONTENT the picker automatically allows permission to the requiring context to access the picked images. see http://stackoverflow.com/questions/38301605/reading-com-google-android-apps-photos-contentprovider-mediacontentprovider-requ and http://stackoverflow.com/questions/30572261/using-data-from-context-providers-or-requesting-google-photos-read-permission/30909105#30909105

I also tried using .targetUI() to get the context with no luck. (Expected also since both resultUI() and this are the same object).

vekexasia commented 7 years ago

As a further note, I suspect that the permission is granted to the "fake activity" you use and hence is not readable by the subscriber since context is different :(

VictorAlbertos commented 7 years ago

We are using RxActiivtyResult internally on RxPaparazzo

That should not be the problem 🤔

VictorAlbertos commented 7 years ago

Feel free to reopen it