How to access another application with Sqlcipher database by passing the password in Content Provider?

Asked

Viewed 62 times

1

In the code below, I grant access to the database in app1, using Content Provider, which makes use of Sqlcipher:

App1

public class StudentsProvider extends ContentProvider {

private SQLiteDatabase db;

@Override
public boolean onCreate() {
    Context context = getContext();
    DatabaseHelper dbHelper = new DatabaseHelper(context);
    SQLiteDatabase.loadLibs(context);
    db = dbHelper.getWritableDatabase("password");
    return db != null;
}

In app2, I query the app1 database:

App2

static final String PROVIDER_NAME = "com.example.a436236692.myapplication.StudentsProvider";
static final String URL = "content://" + PROVIDER_NAME + "/students";
static final Uri CONTENT_URI = Uri.parse(URL);
private void carregaResultados() {
    ContentResolver cr = getContentResolver();
    Cursor c = cr.query(CONTENT_URI, null, null, null, null);
    if (c.moveToFirst()){
        //reading db...
    }
}

But I want to pass the password through Content Provider, from app2 to app1 and change that hardcode:

db = dbHelper.getWritableDatabase("password");

What’s the best way to do that?

Thank you!

1 answer

1

As far as I know that’s not possible.

What you should do is set permissions that applications that want to access the provider should have.

In the provider’s application Androidmanifest declare one or more elements <permission>:

...
<permission android:name="com.example.myapp.permission.DEADLY_ACTIVITY"
    android:label="@string/permlab_deadlyActivity"
    android:description="@string/permdesc_deadlyActivity"
    android:permissionGroup="android.permission-group.COST_MONEY"
    android:protectionLevel="dangerous" />
...

Applications that wish to use the provider must declare their respective <uses-permission>.

References:

  • I already imagined that not by content Preview, I tried to manipulate the URI passing the data through it, but it doesn’t work. Regarding permissions, everything is fine. The problem is that when accessing DB with Sqlcipher, only with the context of app2, app1 returns null. I read about using sharedpreferences and passing user and password, I just don’t know how safe this is. If you can shed some light on what I can implement, I would be very grateful. Thank you anyway. =)

  • I had also thought about URI but didn’t see how. I didn’t understand what you mean by "app1 returns null".

  • I meant that without password, the return of the answer of app1 is null. As table did not return the object, then the application "breaks", because of null Pointer.

  • Even using db = dbHelper.getWritableDatabase("password");?

  • This way it works! No password giving error...

  • So what’s the problem? If it’s having the password in the code, in my opinion, is no problem. However see Where to store API connection credentials on Android.

Show 1 more comment

Browser other questions tagged

You are not signed in. Login or sign up in order to post.