search

sqlcipher / android-database-sqlcipher

Android SQLite API based on SQLCipher
https://www.zetetic.net/sqlcipher/sqlcipher-for-android/
Other
2.73k stars 564 forks source link

Wrong database path when executing PRAGMA database_list #616

Closed cokeperez closed 1 year ago

cokeperez commented 1 year ago

SQLCipher for Android version: 4.5.2 / 4.5.3 Android API version: 23 and later.

Our code checks the list of attached databases to see if any of the app's databases need to be attached in order to use them.

When upgrading to 5.4.2 we found that the code was failing on Android 6 and later because the path returned by PRAGMA database_list with SQLCipher is not the same as the path returned by Android and with native SQLite.

We have changed our code to check only the database name instead of the full path, but we report it to you in case it is a problem for other people.

Android API <= 22 & SQLCipher (5.4.1) getApplicationInfo().dataDir: /data/data/my.package.name/databases/ PRAGMA database_list (SQLite): /data/data/my.package.name/databases/databaseName PRAGMA database_list (SQLCipher): /data/data/my.package.name/databases/databaseName

Android API >= 23 & SQLCipher (5.4.1) getApplicationInfo().dataDir: /data/user/0/my.package.name/databases/ PRAGMA database_list (SQLite): /data/user/0/my.package.name/databases/databaseName PRAGMA database_list (SQLCipher): /data/user/0/my.package.name/databases/databaseName

Android API >= 23 & SQLCipher (5.4.2/5.4.3) getApplicationInfo().dataDir: /data/user/0/my.package.name/databases/ PRAGMA database_list (SQLite): /data/user/0/my.package.name/databases/databaseName PRAGMA database_list (SQLCipher): /data/data/my.package.name/databases/databaseName

sjlombardo commented 1 year ago

Hello @cokeperez - Thank you for reporting this.

This issue is the result of a fairly recent change in SQLite upstream 3.39.0: "The unix os interface resolves all symbolic links in database filenames to create a canonical name for the database before the file is opened." This modification was made to avoid potential database corruption and security issues.

As a result, recent versions of SQLCipher and SQLite will open and use the actual resolved /data/data paths instead of the linked /data/user/0 paths on Android. This is leading to the difference being reported by PRAGMA database_list.

Since this change was introduced in SQLite we wouldn't change the behavior in SQLCipher. The Android Database behavior will likely "catch up" to both when the underlying SQLite version is upgraded as well.

It sounds like you have a good workaround in this case already, so I will close this ticket for now, but let us know if you have any other questions.

cokeperez commented 1 year ago

I understand @sjlombardo. Thank you for the explanation!