search

jgilfelt / chuck

An in-app HTTP inspector for Android OkHttp clients
Apache License 2.0
4.68k stars 452 forks source link

Permission Denial #21

Closed vovkab closed 7 years ago

vovkab commented 7 years ago

We are using android authenticator and Chuck is failing because ChuckContentProvider is not available from different processes:

java.lang.SecurityException: Permission Denial: writing com.readystatesoftware.chuck.internal.data.ChuckContentProvider uri content://app.chuck.provider/transaction from pid=0, uid=1000 requires the provider be exported, or grantUriPermission()
    at android.content.ContentProvider.enforceWritePermissionInner(ContentProvider.java:682)
    at android.content.ContentProvider$Transport.enforceWritePermission(ContentProvider.java:497)
    at android.content.ContentProvider$Transport.insert(ContentProvider.java:259)
    at android.content.ContentResolver.insert(ContentResolver.java:1274)
    at com.readystatesoftware.chuck.ChuckInterceptor.create(ChuckInterceptor.java:220)
    at com.readystatesoftware.chuck.ChuckInterceptor.intercept(ChuckInterceptor.java:162)
    at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92)
    at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67)
    at okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:179)
    at okhttp3.RealCall.execute(RealCall.java:63)
    ...
    at retrofit.RestAdapter$RestHandler.invokeRequest(RestAdapter.java:326)
    at retrofit.RestAdapter$RestHandler.invoke(RestAdapter.java:240)
    at java.lang.reflect.Proxy.invoke(Proxy.java:813)
    at $Proxy36.autoLogin(Unknown Source)
    at android.accounts.AbstractAccountAuthenticator$Transport.getAuthToken(AbstractAccountAuthenticator.java:244)
    at android.accounts.IAccountAuthenticator$Stub.onTransact(IAccountAuthenticator.java:113)
    at android.os.Binder.execTransact(Binder.java:565)

If someone is experiencing the same problem the quick fix is to set android:exported="true" for ChuckContentProvider. So just add this to your AndroidManifest.xml:

<provider
    android:name="com.readystatesoftware.chuck.internal.data.ChuckContentProvider"
    android:authorities="${applicationId}.chuck.provider"
    android:exported="true"
    tools:replace="exported"
    />
szholdiyarov commented 7 years ago

Hi @vovkab ,

is it failing onAndroid 7.0?

jgilfelt commented 7 years ago

Dupe of #16

vovkab commented 7 years ago

@jgilfelt if it is one line fix, let's fix it? @szholdiyarov yes it is definitely failing on android 7.0, didn't tested on anything else.

jgilfelt commented 7 years ago

It isn't a one line fix. Exporting the content provider will expose its data to any process in any 3rd party app. I don't want that.