How to access another application with Sqlcipher database by passing the password in Content Provider?

Question

How to access another application with Sqlcipher database by passing the password in Content Provider?

Asked 7 years, 1 month ago

Viewed 62 times

1

In the code below, I grant access to the database in app1, using Content Provider, which makes use of Sqlcipher:

App1

public class StudentsProvider extends ContentProvider {

private SQLiteDatabase db;

@Override
public boolean onCreate() {
    Context context = getContext();
    DatabaseHelper dbHelper = new DatabaseHelper(context);
    SQLiteDatabase.loadLibs(context);
    db = dbHelper.getWritableDatabase("password");
    return db != null;
}

In app2, I query the app1 database:

App2

static final String PROVIDER_NAME = "com.example.a436236692.myapplication.StudentsProvider";
static final String URL = "content://" + PROVIDER_NAME + "/students";
static final Uri CONTENT_URI = Uri.parse(URL);
private void carregaResultados() {
    ContentResolver cr = getContentResolver();
    Cursor c = cr.query(CONTENT_URI, null, null, null, null);
    if (c.moveToFirst()){
        //reading db...
    }
}

But I want to pass the password through Content Provider, from app2 to app1 and change that hardcode:

db = dbHelper.getWritableDatabase("password");

What’s the best way to do that?

Thank you!

1 answer

Browser other questions tagged android android-content-provider

You are not signed in. Login or sign up in order to post.

by ramaral • **44,197** points · Answer 1 · 2017-08-08T13:06:40+00:00

1

As far as I know that’s not possible.

What you should do is set permissions that applications that want to access the provider should have.

In the provider’s application Androidmanifest declare one or more elements <permission>:

...
<permission android:name="com.example.myapp.permission.DEADLY_ACTIVITY"
    android:label="@string/permlab_deadlyActivity"
    android:description="@string/permdesc_deadlyActivity"
    android:permissionGroup="android.permission-group.COST_MONEY"
    android:protectionLevel="dangerous" />
...

Applications that wish to use the provider must declare their respective <uses-permission>.

References:

I already imagined that not by content Preview, I tried to manipulate the URI passing the data through it, but it doesn’t work. Regarding permissions, everything is fine. The problem is that when accessing DB with Sqlcipher, only with the context of app2, app1 returns null. I read about using sharedpreferences and passing user and password, I just don’t know how safe this is. If you can shed some light on what I can implement, I would be very grateful. Thank you anyway. =)

– Rodrigo Paixão

2017/08/08 at 13:28
I had also thought about URI but didn’t see how. I didn’t understand what you mean by "app1 returns null".

– ramaral

2017/08/08 at 14:10
I meant that without password, the return of the answer of app1 is null. As table did not return the object, then the application "breaks", because of null Pointer.

– Rodrigo Paixão

2017/08/08 at 14:23
Even using db = dbHelper.getWritableDatabase("password");?

– ramaral

2017/08/08 at 14:26
This way it works! No password giving error...

– Rodrigo Paixão

2017/08/08 at 14:46
So what’s the problem? If it’s having the password in the code, in my opinion, is no problem. However see Where to store API connection credentials on Android.

– ramaral

2017/08/08 at 15:15

Show 1 more comment