1 /*
2  * Copyright (C) 2006 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 package android.content;
18 
19 import static android.Manifest.permission.INTERACT_ACROSS_USERS;
20 import static android.app.AppOpsManager.MODE_ALLOWED;
21 import static android.app.AppOpsManager.MODE_DEFAULT;
22 import static android.app.AppOpsManager.MODE_ERRORED;
23 import static android.app.AppOpsManager.MODE_IGNORED;
24 import static android.content.pm.PackageManager.PERMISSION_GRANTED;
25 import static android.os.Trace.TRACE_TAG_DATABASE;
26 
27 import android.annotation.NonNull;
28 import android.annotation.Nullable;
29 import android.annotation.UnsupportedAppUsage;
30 import android.app.AppOpsManager;
31 import android.content.pm.PathPermission;
32 import android.content.pm.ProviderInfo;
33 import android.content.res.AssetFileDescriptor;
34 import android.content.res.Configuration;
35 import android.database.Cursor;
36 import android.database.MatrixCursor;
37 import android.database.SQLException;
38 import android.net.Uri;
39 import android.os.AsyncTask;
40 import android.os.Binder;
41 import android.os.Build;
42 import android.os.Bundle;
43 import android.os.CancellationSignal;
44 import android.os.IBinder;
45 import android.os.ICancellationSignal;
46 import android.os.ParcelFileDescriptor;
47 import android.os.Process;
48 import android.os.RemoteException;
49 import android.os.Trace;
50 import android.os.UserHandle;
51 import android.os.storage.StorageManager;
52 import android.text.TextUtils;
53 import android.util.Log;
54 
55 import com.android.internal.annotations.VisibleForTesting;
56 
57 import java.io.File;
58 import java.io.FileDescriptor;
59 import java.io.FileNotFoundException;
60 import java.io.IOException;
61 import java.io.PrintWriter;
62 import java.util.ArrayList;
63 import java.util.Arrays;
64 import java.util.Objects;
65 
66 /**
67  * Content providers are one of the primary building blocks of Android applications, providing
68  * content to applications. They encapsulate data and provide it to applications through the single
69  * {@link ContentResolver} interface. A content provider is only required if you need to share
70  * data between multiple applications. For example, the contacts data is used by multiple
71  * applications and must be stored in a content provider. If you don't need to share data amongst
72  * multiple applications you can use a database directly via
73  * {@link android.database.sqlite.SQLiteDatabase}.
74  *
75  * <p>When a request is made via
76  * a {@link ContentResolver} the system inspects the authority of the given URI and passes the
77  * request to the content provider registered with the authority. The content provider can interpret
78  * the rest of the URI however it wants. The {@link UriMatcher} class is helpful for parsing
79  * URIs.</p>
80  *
81  * <p>The primary methods that need to be implemented are:
82  * <ul>
83  *   <li>{@link #onCreate} which is called to initialize the provider</li>
84  *   <li>{@link #query} which returns data to the caller</li>
85  *   <li>{@link #insert} which inserts new data into the content provider</li>
86  *   <li>{@link #update} which updates existing data in the content provider</li>
87  *   <li>{@link #delete} which deletes data from the content provider</li>
88  *   <li>{@link #getType} which returns the MIME type of data in the content provider</li>
89  * </ul></p>
90  *
91  * <p class="caution">Data access methods (such as {@link #insert} and
92  * {@link #update}) may be called from many threads at once, and must be thread-safe.
93  * Other methods (such as {@link #onCreate}) are only called from the application
94  * main thread, and must avoid performing lengthy operations.  See the method
95  * descriptions for their expected thread behavior.</p>
96  *
97  * <p>Requests to {@link ContentResolver} are automatically forwarded to the appropriate
98  * ContentProvider instance, so subclasses don't have to worry about the details of
99  * cross-process calls.</p>
100  *
101  * <div class="special reference">
102  * <h3>Developer Guides</h3>
103  * <p>For more information about using content providers, read the
104  * <a href="{@docRoot}guide/topics/providers/content-providers.html">Content Providers</a>
105  * developer guide.</p>
106  * </div>
107  */
108 public abstract class ContentProvider implements ContentInterface, ComponentCallbacks2 {
109 
110     private static final String TAG = "ContentProvider";
111 
112     /*
113      * Note: if you add methods to ContentProvider, you must add similar methods to
114      *       MockContentProvider.
115      */
116 
117     @UnsupportedAppUsage
118     private Context mContext = null;
119     private int mMyUid;
120 
121     // Since most Providers have only one authority, we keep both a String and a String[] to improve
122     // performance.
123     @UnsupportedAppUsage
124     private String mAuthority;
125     @UnsupportedAppUsage
126     private String[] mAuthorities;
127     @UnsupportedAppUsage
128     private String mReadPermission;
129     @UnsupportedAppUsage
130     private String mWritePermission;
131     @UnsupportedAppUsage
132     private PathPermission[] mPathPermissions;
133     private boolean mExported;
134     private boolean mNoPerms;
135     private boolean mSingleUser;
136 
137     private ThreadLocal<String> mCallingPackage;
138 
139     private Transport mTransport = new Transport();
140 
141     /**
142      * Construct a ContentProvider instance.  Content providers must be
143      * <a href="{@docRoot}guide/topics/manifest/provider-element.html">declared
144      * in the manifest</a>, accessed with {@link ContentResolver}, and created
145      * automatically by the system, so applications usually do not create
146      * ContentProvider instances directly.
147      *
148      * <p>At construction time, the object is uninitialized, and most fields and
149      * methods are unavailable.  Subclasses should initialize themselves in
150      * {@link #onCreate}, not the constructor.
151      *
152      * <p>Content providers are created on the application main thread at
153      * application launch time.  The constructor must not perform lengthy
154      * operations, or application startup will be delayed.
155      */
ContentProvider()156     public ContentProvider() {
157     }
158 
159     /**
160      * Constructor just for mocking.
161      *
162      * @param context A Context object which should be some mock instance (like the
163      * instance of {@link android.test.mock.MockContext}).
164      * @param readPermission The read permision you want this instance should have in the
165      * test, which is available via {@link #getReadPermission()}.
166      * @param writePermission The write permission you want this instance should have
167      * in the test, which is available via {@link #getWritePermission()}.
168      * @param pathPermissions The PathPermissions you want this instance should have
169      * in the test, which is available via {@link #getPathPermissions()}.
170      * @hide
171      */
172     @UnsupportedAppUsage(maxTargetSdk = Build.VERSION_CODES.P, trackingBug = 115609023)
ContentProvider( Context context, String readPermission, String writePermission, PathPermission[] pathPermissions)173     public ContentProvider(
174             Context context,
175             String readPermission,
176             String writePermission,
177             PathPermission[] pathPermissions) {
178         mContext = context;
179         mReadPermission = readPermission;
180         mWritePermission = writePermission;
181         mPathPermissions = pathPermissions;
182     }
183 
184     /**
185      * Given an IContentProvider, try to coerce it back to the real
186      * ContentProvider object if it is running in the local process.  This can
187      * be used if you know you are running in the same process as a provider,
188      * and want to get direct access to its implementation details.  Most
189      * clients should not nor have a reason to use it.
190      *
191      * @param abstractInterface The ContentProvider interface that is to be
192      *              coerced.
193      * @return If the IContentProvider is non-{@code null} and local, returns its actual
194      * ContentProvider instance.  Otherwise returns {@code null}.
195      * @hide
196      */
197     @UnsupportedAppUsage
coerceToLocalContentProvider( IContentProvider abstractInterface)198     public static ContentProvider coerceToLocalContentProvider(
199             IContentProvider abstractInterface) {
200         if (abstractInterface instanceof Transport) {
201             return ((Transport)abstractInterface).getContentProvider();
202         }
203         return null;
204     }
205 
206     /**
207      * Binder object that deals with remoting.
208      *
209      * @hide
210      */
211     class Transport extends ContentProviderNative {
212         volatile AppOpsManager mAppOpsManager = null;
213         volatile int mReadOp = AppOpsManager.OP_NONE;
214         volatile int mWriteOp = AppOpsManager.OP_NONE;
215         volatile ContentInterface mInterface = ContentProvider.this;
216 
getContentProvider()217         ContentProvider getContentProvider() {
218             return ContentProvider.this;
219         }
220 
221         @Override
getProviderName()222         public String getProviderName() {
223             return getContentProvider().getClass().getName();
224         }
225 
226         @Override
query(String callingPkg, Uri uri, @Nullable String[] projection, @Nullable Bundle queryArgs, @Nullable ICancellationSignal cancellationSignal)227         public Cursor query(String callingPkg, Uri uri, @Nullable String[] projection,
228                 @Nullable Bundle queryArgs, @Nullable ICancellationSignal cancellationSignal) {
229             uri = validateIncomingUri(uri);
230             uri = maybeGetUriWithoutUserId(uri);
231             if (enforceReadPermission(callingPkg, uri, null) != AppOpsManager.MODE_ALLOWED) {
232                 // The caller has no access to the data, so return an empty cursor with
233                 // the columns in the requested order. The caller may ask for an invalid
234                 // column and we would not catch that but this is not a problem in practice.
235                 // We do not call ContentProvider#query with a modified where clause since
236                 // the implementation is not guaranteed to be backed by a SQL database, hence
237                 // it may not handle properly the tautology where clause we would have created.
238                 if (projection != null) {
239                     return new MatrixCursor(projection, 0);
240                 }
241 
242                 // Null projection means all columns but we have no idea which they are.
243                 // However, the caller may be expecting to access them my index. Hence,
244                 // we have to execute the query as if allowed to get a cursor with the
245                 // columns. We then use the column names to return an empty cursor.
246                 Cursor cursor;
247                 final String original = setCallingPackage(callingPkg);
248                 try {
249                     cursor = mInterface.query(
250                             uri, projection, queryArgs,
251                             CancellationSignal.fromTransport(cancellationSignal));
252                 } catch (RemoteException e) {
253                     throw e.rethrowAsRuntimeException();
254                 } finally {
255                     setCallingPackage(original);
256                 }
257                 if (cursor == null) {
258                     return null;
259                 }
260 
261                 // Return an empty cursor for all columns.
262                 return new MatrixCursor(cursor.getColumnNames(), 0);
263             }
264             Trace.traceBegin(TRACE_TAG_DATABASE, "query");
265             final String original = setCallingPackage(callingPkg);
266             try {
267                 return mInterface.query(
268                         uri, projection, queryArgs,
269                         CancellationSignal.fromTransport(cancellationSignal));
270             } catch (RemoteException e) {
271                 throw e.rethrowAsRuntimeException();
272             } finally {
273                 setCallingPackage(original);
274                 Trace.traceEnd(TRACE_TAG_DATABASE);
275             }
276         }
277 
278         @Override
getType(Uri uri)279         public String getType(Uri uri) {
280             // getCallingPackage() isn't available in getType(), as the javadoc states.
281             uri = validateIncomingUri(uri);
282             uri = maybeGetUriWithoutUserId(uri);
283             Trace.traceBegin(TRACE_TAG_DATABASE, "getType");
284             try {
285                 return mInterface.getType(uri);
286             } catch (RemoteException e) {
287                 throw e.rethrowAsRuntimeException();
288             } finally {
289                 Trace.traceEnd(TRACE_TAG_DATABASE);
290             }
291         }
292 
293         @Override
insert(String callingPkg, Uri uri, ContentValues initialValues)294         public Uri insert(String callingPkg, Uri uri, ContentValues initialValues) {
295             uri = validateIncomingUri(uri);
296             int userId = getUserIdFromUri(uri);
297             uri = maybeGetUriWithoutUserId(uri);
298             if (enforceWritePermission(callingPkg, uri, null) != AppOpsManager.MODE_ALLOWED) {
299                 final String original = setCallingPackage(callingPkg);
300                 try {
301                     return rejectInsert(uri, initialValues);
302                 } finally {
303                     setCallingPackage(original);
304                 }
305             }
306             Trace.traceBegin(TRACE_TAG_DATABASE, "insert");
307             final String original = setCallingPackage(callingPkg);
308             try {
309                 return maybeAddUserId(mInterface.insert(uri, initialValues), userId);
310             } catch (RemoteException e) {
311                 throw e.rethrowAsRuntimeException();
312             } finally {
313                 setCallingPackage(original);
314                 Trace.traceEnd(TRACE_TAG_DATABASE);
315             }
316         }
317 
318         @Override
bulkInsert(String callingPkg, Uri uri, ContentValues[] initialValues)319         public int bulkInsert(String callingPkg, Uri uri, ContentValues[] initialValues) {
320             uri = validateIncomingUri(uri);
321             uri = maybeGetUriWithoutUserId(uri);
322             if (enforceWritePermission(callingPkg, uri, null) != AppOpsManager.MODE_ALLOWED) {
323                 return 0;
324             }
325             Trace.traceBegin(TRACE_TAG_DATABASE, "bulkInsert");
326             final String original = setCallingPackage(callingPkg);
327             try {
328                 return mInterface.bulkInsert(uri, initialValues);
329             } catch (RemoteException e) {
330                 throw e.rethrowAsRuntimeException();
331             } finally {
332                 setCallingPackage(original);
333                 Trace.traceEnd(TRACE_TAG_DATABASE);
334             }
335         }
336 
337         @Override
applyBatch(String callingPkg, String authority, ArrayList<ContentProviderOperation> operations)338         public ContentProviderResult[] applyBatch(String callingPkg, String authority,
339                 ArrayList<ContentProviderOperation> operations)
340                 throws OperationApplicationException {
341             validateIncomingAuthority(authority);
342             int numOperations = operations.size();
343             final int[] userIds = new int[numOperations];
344             for (int i = 0; i < numOperations; i++) {
345                 ContentProviderOperation operation = operations.get(i);
346                 Uri uri = operation.getUri();
347                 userIds[i] = getUserIdFromUri(uri);
348                 uri = validateIncomingUri(uri);
349                 uri = maybeGetUriWithoutUserId(uri);
350                 // Rebuild operation if we changed the Uri above
351                 if (!Objects.equals(operation.getUri(), uri)) {
352                     operation = new ContentProviderOperation(operation, uri);
353                     operations.set(i, operation);
354                 }
355                 if (operation.isReadOperation()) {
356                     if (enforceReadPermission(callingPkg, uri, null)
357                             != AppOpsManager.MODE_ALLOWED) {
358                         throw new OperationApplicationException("App op not allowed", 0);
359                     }
360                 }
361                 if (operation.isWriteOperation()) {
362                     if (enforceWritePermission(callingPkg, uri, null)
363                             != AppOpsManager.MODE_ALLOWED) {
364                         throw new OperationApplicationException("App op not allowed", 0);
365                     }
366                 }
367             }
368             Trace.traceBegin(TRACE_TAG_DATABASE, "applyBatch");
369             final String original = setCallingPackage(callingPkg);
370             try {
371                 ContentProviderResult[] results = mInterface.applyBatch(authority,
372                         operations);
373                 if (results != null) {
374                     for (int i = 0; i < results.length ; i++) {
375                         if (userIds[i] != UserHandle.USER_CURRENT) {
376                             // Adding the userId to the uri.
377                             results[i] = new ContentProviderResult(results[i], userIds[i]);
378                         }
379                     }
380                 }
381                 return results;
382             } catch (RemoteException e) {
383                 throw e.rethrowAsRuntimeException();
384             } finally {
385                 setCallingPackage(original);
386                 Trace.traceEnd(TRACE_TAG_DATABASE);
387             }
388         }
389 
390         @Override
delete(String callingPkg, Uri uri, String selection, String[] selectionArgs)391         public int delete(String callingPkg, Uri uri, String selection, String[] selectionArgs) {
392             uri = validateIncomingUri(uri);
393             uri = maybeGetUriWithoutUserId(uri);
394             if (enforceWritePermission(callingPkg, uri, null) != AppOpsManager.MODE_ALLOWED) {
395                 return 0;
396             }
397             Trace.traceBegin(TRACE_TAG_DATABASE, "delete");
398             final String original = setCallingPackage(callingPkg);
399             try {
400                 return mInterface.delete(uri, selection, selectionArgs);
401             } catch (RemoteException e) {
402                 throw e.rethrowAsRuntimeException();
403             } finally {
404                 setCallingPackage(original);
405                 Trace.traceEnd(TRACE_TAG_DATABASE);
406             }
407         }
408 
409         @Override
update(String callingPkg, Uri uri, ContentValues values, String selection, String[] selectionArgs)410         public int update(String callingPkg, Uri uri, ContentValues values, String selection,
411                 String[] selectionArgs) {
412             uri = validateIncomingUri(uri);
413             uri = maybeGetUriWithoutUserId(uri);
414             if (enforceWritePermission(callingPkg, uri, null) != AppOpsManager.MODE_ALLOWED) {
415                 return 0;
416             }
417             Trace.traceBegin(TRACE_TAG_DATABASE, "update");
418             final String original = setCallingPackage(callingPkg);
419             try {
420                 return mInterface.update(uri, values, selection, selectionArgs);
421             } catch (RemoteException e) {
422                 throw e.rethrowAsRuntimeException();
423             } finally {
424                 setCallingPackage(original);
425                 Trace.traceEnd(TRACE_TAG_DATABASE);
426             }
427         }
428 
429         @Override
openFile( String callingPkg, Uri uri, String mode, ICancellationSignal cancellationSignal, IBinder callerToken)430         public ParcelFileDescriptor openFile(
431                 String callingPkg, Uri uri, String mode, ICancellationSignal cancellationSignal,
432                 IBinder callerToken) throws FileNotFoundException {
433             uri = validateIncomingUri(uri);
434             uri = maybeGetUriWithoutUserId(uri);
435             enforceFilePermission(callingPkg, uri, mode, callerToken);
436             Trace.traceBegin(TRACE_TAG_DATABASE, "openFile");
437             final String original = setCallingPackage(callingPkg);
438             try {
439                 return mInterface.openFile(
440                         uri, mode, CancellationSignal.fromTransport(cancellationSignal));
441             } catch (RemoteException e) {
442                 throw e.rethrowAsRuntimeException();
443             } finally {
444                 setCallingPackage(original);
445                 Trace.traceEnd(TRACE_TAG_DATABASE);
446             }
447         }
448 
449         @Override
openAssetFile( String callingPkg, Uri uri, String mode, ICancellationSignal cancellationSignal)450         public AssetFileDescriptor openAssetFile(
451                 String callingPkg, Uri uri, String mode, ICancellationSignal cancellationSignal)
452                 throws FileNotFoundException {
453             uri = validateIncomingUri(uri);
454             uri = maybeGetUriWithoutUserId(uri);
455             enforceFilePermission(callingPkg, uri, mode, null);
456             Trace.traceBegin(TRACE_TAG_DATABASE, "openAssetFile");
457             final String original = setCallingPackage(callingPkg);
458             try {
459                 return mInterface.openAssetFile(
460                         uri, mode, CancellationSignal.fromTransport(cancellationSignal));
461             } catch (RemoteException e) {
462                 throw e.rethrowAsRuntimeException();
463             } finally {
464                 setCallingPackage(original);
465                 Trace.traceEnd(TRACE_TAG_DATABASE);
466             }
467         }
468 
469         @Override
call(String callingPkg, String authority, String method, @Nullable String arg, @Nullable Bundle extras)470         public Bundle call(String callingPkg, String authority, String method, @Nullable String arg,
471                 @Nullable Bundle extras) {
472             validateIncomingAuthority(authority);
473             Bundle.setDefusable(extras, true);
474             Trace.traceBegin(TRACE_TAG_DATABASE, "call");
475             final String original = setCallingPackage(callingPkg);
476             try {
477                 return mInterface.call(authority, method, arg, extras);
478             } catch (RemoteException e) {
479                 throw e.rethrowAsRuntimeException();
480             } finally {
481                 setCallingPackage(original);
482                 Trace.traceEnd(TRACE_TAG_DATABASE);
483             }
484         }
485 
486         @Override
getStreamTypes(Uri uri, String mimeTypeFilter)487         public String[] getStreamTypes(Uri uri, String mimeTypeFilter) {
488             // getCallingPackage() isn't available in getType(), as the javadoc states.
489             uri = validateIncomingUri(uri);
490             uri = maybeGetUriWithoutUserId(uri);
491             Trace.traceBegin(TRACE_TAG_DATABASE, "getStreamTypes");
492             try {
493                 return mInterface.getStreamTypes(uri, mimeTypeFilter);
494             } catch (RemoteException e) {
495                 throw e.rethrowAsRuntimeException();
496             } finally {
497                 Trace.traceEnd(TRACE_TAG_DATABASE);
498             }
499         }
500 
501         @Override
openTypedAssetFile(String callingPkg, Uri uri, String mimeType, Bundle opts, ICancellationSignal cancellationSignal)502         public AssetFileDescriptor openTypedAssetFile(String callingPkg, Uri uri, String mimeType,
503                 Bundle opts, ICancellationSignal cancellationSignal) throws FileNotFoundException {
504             Bundle.setDefusable(opts, true);
505             uri = validateIncomingUri(uri);
506             uri = maybeGetUriWithoutUserId(uri);
507             enforceFilePermission(callingPkg, uri, "r", null);
508             Trace.traceBegin(TRACE_TAG_DATABASE, "openTypedAssetFile");
509             final String original = setCallingPackage(callingPkg);
510             try {
511                 return mInterface.openTypedAssetFile(
512                         uri, mimeType, opts, CancellationSignal.fromTransport(cancellationSignal));
513             } catch (RemoteException e) {
514                 throw e.rethrowAsRuntimeException();
515             } finally {
516                 setCallingPackage(original);
517                 Trace.traceEnd(TRACE_TAG_DATABASE);
518             }
519         }
520 
521         @Override
createCancellationSignal()522         public ICancellationSignal createCancellationSignal() {
523             return CancellationSignal.createTransport();
524         }
525 
526         @Override
canonicalize(String callingPkg, Uri uri)527         public Uri canonicalize(String callingPkg, Uri uri) {
528             uri = validateIncomingUri(uri);
529             int userId = getUserIdFromUri(uri);
530             uri = getUriWithoutUserId(uri);
531             if (enforceReadPermission(callingPkg, uri, null) != AppOpsManager.MODE_ALLOWED) {
532                 return null;
533             }
534             Trace.traceBegin(TRACE_TAG_DATABASE, "canonicalize");
535             final String original = setCallingPackage(callingPkg);
536             try {
537                 return maybeAddUserId(mInterface.canonicalize(uri), userId);
538             } catch (RemoteException e) {
539                 throw e.rethrowAsRuntimeException();
540             } finally {
541                 setCallingPackage(original);
542                 Trace.traceEnd(TRACE_TAG_DATABASE);
543             }
544         }
545 
546         @Override
uncanonicalize(String callingPkg, Uri uri)547         public Uri uncanonicalize(String callingPkg, Uri uri) {
548             uri = validateIncomingUri(uri);
549             int userId = getUserIdFromUri(uri);
550             uri = getUriWithoutUserId(uri);
551             if (enforceReadPermission(callingPkg, uri, null) != AppOpsManager.MODE_ALLOWED) {
552                 return null;
553             }
554             Trace.traceBegin(TRACE_TAG_DATABASE, "uncanonicalize");
555             final String original = setCallingPackage(callingPkg);
556             try {
557                 return maybeAddUserId(mInterface.uncanonicalize(uri), userId);
558             } catch (RemoteException e) {
559                 throw e.rethrowAsRuntimeException();
560             } finally {
561                 setCallingPackage(original);
562                 Trace.traceEnd(TRACE_TAG_DATABASE);
563             }
564         }
565 
566         @Override
refresh(String callingPkg, Uri uri, Bundle args, ICancellationSignal cancellationSignal)567         public boolean refresh(String callingPkg, Uri uri, Bundle args,
568                 ICancellationSignal cancellationSignal) throws RemoteException {
569             uri = validateIncomingUri(uri);
570             uri = getUriWithoutUserId(uri);
571             if (enforceReadPermission(callingPkg, uri, null) != AppOpsManager.MODE_ALLOWED) {
572                 return false;
573             }
574             Trace.traceBegin(TRACE_TAG_DATABASE, "refresh");
575             final String original = setCallingPackage(callingPkg);
576             try {
577                 return mInterface.refresh(uri, args,
578                         CancellationSignal.fromTransport(cancellationSignal));
579             } finally {
580                 setCallingPackage(original);
581                 Trace.traceEnd(TRACE_TAG_DATABASE);
582             }
583         }
584 
enforceFilePermission(String callingPkg, Uri uri, String mode, IBinder callerToken)585         private void enforceFilePermission(String callingPkg, Uri uri, String mode,
586                 IBinder callerToken) throws FileNotFoundException, SecurityException {
587             if (mode != null && mode.indexOf('w') != -1) {
588                 if (enforceWritePermission(callingPkg, uri, callerToken)
589                         != AppOpsManager.MODE_ALLOWED) {
590                     throw new FileNotFoundException("App op not allowed");
591                 }
592             } else {
593                 if (enforceReadPermission(callingPkg, uri, callerToken)
594                         != AppOpsManager.MODE_ALLOWED) {
595                     throw new FileNotFoundException("App op not allowed");
596                 }
597             }
598         }
599 
enforceReadPermission(String callingPkg, Uri uri, IBinder callerToken)600         private int enforceReadPermission(String callingPkg, Uri uri, IBinder callerToken)
601                 throws SecurityException {
602             final int mode = enforceReadPermissionInner(uri, callingPkg, callerToken);
603             if (mode != MODE_ALLOWED) {
604                 return mode;
605             }
606 
607             return noteProxyOp(callingPkg, mReadOp);
608         }
609 
enforceWritePermission(String callingPkg, Uri uri, IBinder callerToken)610         private int enforceWritePermission(String callingPkg, Uri uri, IBinder callerToken)
611                 throws SecurityException {
612             final int mode = enforceWritePermissionInner(uri, callingPkg, callerToken);
613             if (mode != MODE_ALLOWED) {
614                 return mode;
615             }
616 
617             return noteProxyOp(callingPkg, mWriteOp);
618         }
619 
noteProxyOp(String callingPkg, int op)620         private int noteProxyOp(String callingPkg, int op) {
621             if (op != AppOpsManager.OP_NONE) {
622                 int mode = mAppOpsManager.noteProxyOp(op, callingPkg);
623                 return mode == MODE_DEFAULT ? MODE_IGNORED : mode;
624             }
625 
626             return AppOpsManager.MODE_ALLOWED;
627         }
628     }
629 
checkUser(int pid, int uid, Context context)630     boolean checkUser(int pid, int uid, Context context) {
631         return UserHandle.getUserId(uid) == context.getUserId()
632                 || mSingleUser
633                 || context.checkPermission(INTERACT_ACROSS_USERS, pid, uid)
634                 == PERMISSION_GRANTED;
635     }
636 
637     /**
638      * Verify that calling app holds both the given permission and any app-op
639      * associated with that permission.
640      */
checkPermissionAndAppOp(String permission, String callingPkg, IBinder callerToken)641     private int checkPermissionAndAppOp(String permission, String callingPkg,
642             IBinder callerToken) {
643         if (getContext().checkPermission(permission, Binder.getCallingPid(), Binder.getCallingUid(),
644                 callerToken) != PERMISSION_GRANTED) {
645             return MODE_ERRORED;
646         }
647 
648         return mTransport.noteProxyOp(callingPkg, AppOpsManager.permissionToOpCode(permission));
649     }
650 
651     /** {@hide} */
enforceReadPermissionInner(Uri uri, String callingPkg, IBinder callerToken)652     protected int enforceReadPermissionInner(Uri uri, String callingPkg, IBinder callerToken)
653             throws SecurityException {
654         final Context context = getContext();
655         final int pid = Binder.getCallingPid();
656         final int uid = Binder.getCallingUid();
657         String missingPerm = null;
658         int strongestMode = MODE_ALLOWED;
659 
660         if (UserHandle.isSameApp(uid, mMyUid)) {
661             return MODE_ALLOWED;
662         }
663 
664         if (mExported && checkUser(pid, uid, context)) {
665             final String componentPerm = getReadPermission();
666             if (componentPerm != null) {
667                 final int mode = checkPermissionAndAppOp(componentPerm, callingPkg, callerToken);
668                 if (mode == MODE_ALLOWED) {
669                     return MODE_ALLOWED;
670                 } else {
671                     missingPerm = componentPerm;
672                     strongestMode = Math.max(strongestMode, mode);
673                 }
674             }
675 
676             // track if unprotected read is allowed; any denied
677             // <path-permission> below removes this ability
678             boolean allowDefaultRead = (componentPerm == null);
679 
680             final PathPermission[] pps = getPathPermissions();
681             if (pps != null) {
682                 final String path = uri.getPath();
683                 for (PathPermission pp : pps) {
684                     final String pathPerm = pp.getReadPermission();
685                     if (pathPerm != null && pp.match(path)) {
686                         final int mode = checkPermissionAndAppOp(pathPerm, callingPkg, callerToken);
687                         if (mode == MODE_ALLOWED) {
688                             return MODE_ALLOWED;
689                         } else {
690                             // any denied <path-permission> means we lose
691                             // default <provider> access.
692                             allowDefaultRead = false;
693                             missingPerm = pathPerm;
694                             strongestMode = Math.max(strongestMode, mode);
695                         }
696                     }
697                 }
698             }
699 
700             // if we passed <path-permission> checks above, and no default
701             // <provider> permission, then allow access.
702             if (allowDefaultRead) return MODE_ALLOWED;
703         }
704 
705         // last chance, check against any uri grants
706         final int callingUserId = UserHandle.getUserId(uid);
707         final Uri userUri = (mSingleUser && !UserHandle.isSameUser(mMyUid, uid))
708                 ? maybeAddUserId(uri, callingUserId) : uri;
709         if (context.checkUriPermission(userUri, pid, uid, Intent.FLAG_GRANT_READ_URI_PERMISSION,
710                 callerToken) == PERMISSION_GRANTED) {
711             return MODE_ALLOWED;
712         }
713 
714         // If the worst denial we found above was ignored, then pass that
715         // ignored through; otherwise we assume it should be a real error below.
716         if (strongestMode == MODE_IGNORED) {
717             return MODE_IGNORED;
718         }
719 
720         final String suffix;
721         if (android.Manifest.permission.MANAGE_DOCUMENTS.equals(mReadPermission)) {
722             suffix = " requires that you obtain access using ACTION_OPEN_DOCUMENT or related APIs";
723         } else if (mExported) {
724             suffix = " requires " + missingPerm + ", or grantUriPermission()";
725         } else {
726             suffix = " requires the provider be exported, or grantUriPermission()";
727         }
728         throw new SecurityException("Permission Denial: reading "
729                 + ContentProvider.this.getClass().getName() + " uri " + uri + " from pid=" + pid
730                 + ", uid=" + uid + suffix);
731     }
732 
733     /** {@hide} */
enforceWritePermissionInner(Uri uri, String callingPkg, IBinder callerToken)734     protected int enforceWritePermissionInner(Uri uri, String callingPkg, IBinder callerToken)
735             throws SecurityException {
736         final Context context = getContext();
737         final int pid = Binder.getCallingPid();
738         final int uid = Binder.getCallingUid();
739         String missingPerm = null;
740         int strongestMode = MODE_ALLOWED;
741 
742         if (UserHandle.isSameApp(uid, mMyUid)) {
743             return MODE_ALLOWED;
744         }
745 
746         if (mExported && checkUser(pid, uid, context)) {
747             final String componentPerm = getWritePermission();
748             if (componentPerm != null) {
749                 final int mode = checkPermissionAndAppOp(componentPerm, callingPkg, callerToken);
750                 if (mode == MODE_ALLOWED) {
751                     return MODE_ALLOWED;
752                 } else {
753                     missingPerm = componentPerm;
754                     strongestMode = Math.max(strongestMode, mode);
755                 }
756             }
757 
758             // track if unprotected write is allowed; any denied
759             // <path-permission> below removes this ability
760             boolean allowDefaultWrite = (componentPerm == null);
761 
762             final PathPermission[] pps = getPathPermissions();
763             if (pps != null) {
764                 final String path = uri.getPath();
765                 for (PathPermission pp : pps) {
766                     final String pathPerm = pp.getWritePermission();
767                     if (pathPerm != null && pp.match(path)) {
768                         final int mode = checkPermissionAndAppOp(pathPerm, callingPkg, callerToken);
769                         if (mode == MODE_ALLOWED) {
770                             return MODE_ALLOWED;
771                         } else {
772                             // any denied <path-permission> means we lose
773                             // default <provider> access.
774                             allowDefaultWrite = false;
775                             missingPerm = pathPerm;
776                             strongestMode = Math.max(strongestMode, mode);
777                         }
778                     }
779                 }
780             }
781 
782             // if we passed <path-permission> checks above, and no default
783             // <provider> permission, then allow access.
784             if (allowDefaultWrite) return MODE_ALLOWED;
785         }
786 
787         // last chance, check against any uri grants
788         if (context.checkUriPermission(uri, pid, uid, Intent.FLAG_GRANT_WRITE_URI_PERMISSION,
789                 callerToken) == PERMISSION_GRANTED) {
790             return MODE_ALLOWED;
791         }
792 
793         // If the worst denial we found above was ignored, then pass that
794         // ignored through; otherwise we assume it should be a real error below.
795         if (strongestMode == MODE_IGNORED) {
796             return MODE_IGNORED;
797         }
798 
799         final String failReason = mExported
800                 ? " requires " + missingPerm + ", or grantUriPermission()"
801                 : " requires the provider be exported, or grantUriPermission()";
802         throw new SecurityException("Permission Denial: writing "
803                 + ContentProvider.this.getClass().getName() + " uri " + uri + " from pid=" + pid
804                 + ", uid=" + uid + failReason);
805     }
806 
807     /**
808      * Retrieves the Context this provider is running in.  Only available once
809      * {@link #onCreate} has been called -- this will return {@code null} in the
810      * constructor.
811      */
getContext()812     public final @Nullable Context getContext() {
813         return mContext;
814     }
815 
816     /**
817      * Set the calling package, returning the current value (or {@code null})
818      * which can be used later to restore the previous state.
819      */
setCallingPackage(String callingPackage)820     private String setCallingPackage(String callingPackage) {
821         final String original = mCallingPackage.get();
822         mCallingPackage.set(callingPackage);
823         onCallingPackageChanged();
824         return original;
825     }
826 
827     /**
828      * Return the package name of the caller that initiated the request being
829      * processed on the current thread. The returned package will have been
830      * verified to belong to the calling UID. Returns {@code null} if not
831      * currently processing a request.
832      * <p>
833      * This will always return {@code null} when processing
834      * {@link #getType(Uri)} or {@link #getStreamTypes(Uri, String)} requests.
835      *
836      * @see Binder#getCallingUid()
837      * @see Context#grantUriPermission(String, Uri, int)
838      * @throws SecurityException if the calling package doesn't belong to the
839      *             calling UID.
840      */
getCallingPackage()841     public final @Nullable String getCallingPackage() {
842         final String pkg = mCallingPackage.get();
843         if (pkg != null) {
844             mTransport.mAppOpsManager.checkPackage(Binder.getCallingUid(), pkg);
845         }
846         return pkg;
847     }
848 
849     /** {@hide} */
getCallingPackageUnchecked()850     public final @Nullable String getCallingPackageUnchecked() {
851         return mCallingPackage.get();
852     }
853 
854     /** {@hide} */
onCallingPackageChanged()855     public void onCallingPackageChanged() {
856     }
857 
858     /**
859      * Opaque token representing the identity of an incoming IPC.
860      */
861     public final class CallingIdentity {
862         /** {@hide} */
863         public final long binderToken;
864         /** {@hide} */
865         public final String callingPackage;
866 
867         /** {@hide} */
CallingIdentity(long binderToken, String callingPackage)868         public CallingIdentity(long binderToken, String callingPackage) {
869             this.binderToken = binderToken;
870             this.callingPackage = callingPackage;
871         }
872     }
873 
874     /**
875      * Reset the identity of the incoming IPC on the current thread.
876      * <p>
877      * Internally this calls {@link Binder#clearCallingIdentity()} and also
878      * clears any value stored in {@link #getCallingPackage()}.
879      *
880      * @return Returns an opaque token that can be used to restore the original
881      *         calling identity by passing it to
882      *         {@link #restoreCallingIdentity}.
883      */
clearCallingIdentity()884     public final @NonNull CallingIdentity clearCallingIdentity() {
885         return new CallingIdentity(Binder.clearCallingIdentity(), setCallingPackage(null));
886     }
887 
888     /**
889      * Restore the identity of the incoming IPC on the current thread back to a
890      * previously identity that was returned by {@link #clearCallingIdentity}.
891      * <p>
892      * Internally this calls {@link Binder#restoreCallingIdentity(long)} and
893      * also restores any value stored in {@link #getCallingPackage()}.
894      */
restoreCallingIdentity(@onNull CallingIdentity identity)895     public final void restoreCallingIdentity(@NonNull CallingIdentity identity) {
896         Binder.restoreCallingIdentity(identity.binderToken);
897         mCallingPackage.set(identity.callingPackage);
898     }
899 
900     /**
901      * Change the authorities of the ContentProvider.
902      * This is normally set for you from its manifest information when the provider is first
903      * created.
904      * @hide
905      * @param authorities the semi-colon separated authorities of the ContentProvider.
906      */
setAuthorities(String authorities)907     protected final void setAuthorities(String authorities) {
908         if (authorities != null) {
909             if (authorities.indexOf(';') == -1) {
910                 mAuthority = authorities;
911                 mAuthorities = null;
912             } else {
913                 mAuthority = null;
914                 mAuthorities = authorities.split(";");
915             }
916         }
917     }
918 
919     /** @hide */
matchesOurAuthorities(String authority)920     protected final boolean matchesOurAuthorities(String authority) {
921         if (mAuthority != null) {
922             return mAuthority.equals(authority);
923         }
924         if (mAuthorities != null) {
925             int length = mAuthorities.length;
926             for (int i = 0; i < length; i++) {
927                 if (mAuthorities[i].equals(authority)) return true;
928             }
929         }
930         return false;
931     }
932 
933 
934     /**
935      * Change the permission required to read data from the content
936      * provider.  This is normally set for you from its manifest information
937      * when the provider is first created.
938      *
939      * @param permission Name of the permission required for read-only access.
940      */
setReadPermission(@ullable String permission)941     protected final void setReadPermission(@Nullable String permission) {
942         mReadPermission = permission;
943     }
944 
945     /**
946      * Return the name of the permission required for read-only access to
947      * this content provider.  This method can be called from multiple
948      * threads, as described in
949      * <a href="{@docRoot}guide/topics/fundamentals/processes-and-threads.html#Threads">Processes
950      * and Threads</a>.
951      */
getReadPermission()952     public final @Nullable String getReadPermission() {
953         return mReadPermission;
954     }
955 
956     /**
957      * Change the permission required to read and write data in the content
958      * provider.  This is normally set for you from its manifest information
959      * when the provider is first created.
960      *
961      * @param permission Name of the permission required for read/write access.
962      */
setWritePermission(@ullable String permission)963     protected final void setWritePermission(@Nullable String permission) {
964         mWritePermission = permission;
965     }
966 
967     /**
968      * Return the name of the permission required for read/write access to
969      * this content provider.  This method can be called from multiple
970      * threads, as described in
971      * <a href="{@docRoot}guide/topics/fundamentals/processes-and-threads.html#Threads">Processes
972      * and Threads</a>.
973      */
getWritePermission()974     public final @Nullable String getWritePermission() {
975         return mWritePermission;
976     }
977 
978     /**
979      * Change the path-based permission required to read and/or write data in
980      * the content provider.  This is normally set for you from its manifest
981      * information when the provider is first created.
982      *
983      * @param permissions Array of path permission descriptions.
984      */
setPathPermissions(@ullable PathPermission[] permissions)985     protected final void setPathPermissions(@Nullable PathPermission[] permissions) {
986         mPathPermissions = permissions;
987     }
988 
989     /**
990      * Return the path-based permissions required for read and/or write access to
991      * this content provider.  This method can be called from multiple
992      * threads, as described in
993      * <a href="{@docRoot}guide/topics/fundamentals/processes-and-threads.html#Threads">Processes
994      * and Threads</a>.
995      */
getPathPermissions()996     public final @Nullable PathPermission[] getPathPermissions() {
997         return mPathPermissions;
998     }
999 
1000     /** @hide */
1001     @UnsupportedAppUsage
setAppOps(int readOp, int writeOp)1002     public final void setAppOps(int readOp, int writeOp) {
1003         if (!mNoPerms) {
1004             mTransport.mReadOp = readOp;
1005             mTransport.mWriteOp = writeOp;
1006         }
1007     }
1008 
1009     /** @hide */
getAppOpsManager()1010     public AppOpsManager getAppOpsManager() {
1011         return mTransport.mAppOpsManager;
1012     }
1013 
1014     /** @hide */
setTransportLoggingEnabled(boolean enabled)1015     public final void setTransportLoggingEnabled(boolean enabled) {
1016         if (enabled) {
1017             mTransport.mInterface = new LoggingContentInterface(getClass().getSimpleName(), this);
1018         } else {
1019             mTransport.mInterface = this;
1020         }
1021     }
1022 
1023     /**
1024      * Implement this to initialize your content provider on startup.
1025      * This method is called for all registered content providers on the
1026      * application main thread at application launch time.  It must not perform
1027      * lengthy operations, or application startup will be delayed.
1028      *
1029      * <p>You should defer nontrivial initialization (such as opening,
1030      * upgrading, and scanning databases) until the content provider is used
1031      * (via {@link #query}, {@link #insert}, etc).  Deferred initialization
1032      * keeps application startup fast, avoids unnecessary work if the provider
1033      * turns out not to be needed, and stops database errors (such as a full
1034      * disk) from halting application launch.
1035      *
1036      * <p>If you use SQLite, {@link android.database.sqlite.SQLiteOpenHelper}
1037      * is a helpful utility class that makes it easy to manage databases,
1038      * and will automatically defer opening until first use.  If you do use
1039      * SQLiteOpenHelper, make sure to avoid calling
1040      * {@link android.database.sqlite.SQLiteOpenHelper#getReadableDatabase} or
1041      * {@link android.database.sqlite.SQLiteOpenHelper#getWritableDatabase}
1042      * from this method.  (Instead, override
1043      * {@link android.database.sqlite.SQLiteOpenHelper#onOpen} to initialize the
1044      * database when it is first opened.)
1045      *
1046      * @return true if the provider was successfully loaded, false otherwise
1047      */
onCreate()1048     public abstract boolean onCreate();
1049 
1050     /**
1051      * {@inheritDoc}
1052      * This method is always called on the application main thread, and must
1053      * not perform lengthy operations.
1054      *
1055      * <p>The default content provider implementation does nothing.
1056      * Override this method to take appropriate action.
1057      * (Content providers do not usually care about things like screen
1058      * orientation, but may want to know about locale changes.)
1059      */
1060     @Override
onConfigurationChanged(Configuration newConfig)1061     public void onConfigurationChanged(Configuration newConfig) {
1062     }
1063 
1064     /**
1065      * {@inheritDoc}
1066      * This method is always called on the application main thread, and must
1067      * not perform lengthy operations.
1068      *
1069      * <p>The default content provider implementation does nothing.
1070      * Subclasses may override this method to take appropriate action.
1071      */
1072     @Override
onLowMemory()1073     public void onLowMemory() {
1074     }
1075 
1076     @Override
onTrimMemory(int level)1077     public void onTrimMemory(int level) {
1078     }
1079 
1080     /**
1081      * Implement this to handle query requests from clients.
1082      *
1083      * <p>Apps targeting {@link android.os.Build.VERSION_CODES#O} or higher should override
1084      * {@link #query(Uri, String[], Bundle, CancellationSignal)} and provide a stub
1085      * implementation of this method.
1086      *
1087      * <p>This method can be called from multiple threads, as described in
1088      * <a href="{@docRoot}guide/topics/fundamentals/processes-and-threads.html#Threads">Processes
1089      * and Threads</a>.
1090      * <p>
1091      * Example client call:<p>
1092      * <pre>// Request a specific record.
1093      * Cursor managedCursor = managedQuery(
1094                 ContentUris.withAppendedId(Contacts.People.CONTENT_URI, 2),
1095                 projection,    // Which columns to return.
1096                 null,          // WHERE clause.
1097                 null,          // WHERE clause value substitution
1098                 People.NAME + " ASC");   // Sort order.</pre>
1099      * Example implementation:<p>
1100      * <pre>// SQLiteQueryBuilder is a helper class that creates the
1101         // proper SQL syntax for us.
1102         SQLiteQueryBuilder qBuilder = new SQLiteQueryBuilder();
1103 
1104         // Set the table we're querying.
1105         qBuilder.setTables(DATABASE_TABLE_NAME);
1106 
1107         // If the query ends in a specific record number, we're
1108         // being asked for a specific record, so set the
1109         // WHERE clause in our query.
1110         if((URI_MATCHER.match(uri)) == SPECIFIC_MESSAGE){
1111             qBuilder.appendWhere("_id=" + uri.getPathLeafId());
1112         }
1113 
1114         // Make the query.
1115         Cursor c = qBuilder.query(mDb,
1116                 projection,
1117                 selection,
1118                 selectionArgs,
1119                 groupBy,
1120                 having,
1121                 sortOrder);
1122         c.setNotificationUri(getContext().getContentResolver(), uri);
1123         return c;</pre>
1124      *
1125      * @param uri The URI to query. This will be the full URI sent by the client;
1126      *      if the client is requesting a specific record, the URI will end in a record number
1127      *      that the implementation should parse and add to a WHERE or HAVING clause, specifying
1128      *      that _id value.
1129      * @param projection The list of columns to put into the cursor. If
1130      *      {@code null} all columns are included.
1131      * @param selection A selection criteria to apply when filtering rows.
1132      *      If {@code null} then all rows are included.
1133      * @param selectionArgs You may include ?s in selection, which will be replaced by
1134      *      the values from selectionArgs, in order that they appear in the selection.
1135      *      The values will be bound as Strings.
1136      * @param sortOrder How the rows in the cursor should be sorted.
1137      *      If {@code null} then the provider is free to define the sort order.
1138      * @return a Cursor or {@code null}.
1139      */
query(@onNull Uri uri, @Nullable String[] projection, @Nullable String selection, @Nullable String[] selectionArgs, @Nullable String sortOrder)1140     public abstract @Nullable Cursor query(@NonNull Uri uri, @Nullable String[] projection,
1141             @Nullable String selection, @Nullable String[] selectionArgs,
1142             @Nullable String sortOrder);
1143 
1144     /**
1145      * Implement this to handle query requests from clients with support for cancellation.
1146      *
1147      * <p>Apps targeting {@link android.os.Build.VERSION_CODES#O} or higher should override
1148      * {@link #query(Uri, String[], Bundle, CancellationSignal)} instead of this method.
1149      *
1150      * <p>This method can be called from multiple threads, as described in
1151      * <a href="{@docRoot}guide/topics/fundamentals/processes-and-threads.html#Threads">Processes
1152      * and Threads</a>.
1153      * <p>
1154      * Example client call:<p>
1155      * <pre>// Request a specific record.
1156      * Cursor managedCursor = managedQuery(
1157                 ContentUris.withAppendedId(Contacts.People.CONTENT_URI, 2),
1158                 projection,    // Which columns to return.
1159                 null,          // WHERE clause.
1160                 null,          // WHERE clause value substitution
1161                 People.NAME + " ASC");   // Sort order.</pre>
1162      * Example implementation:<p>
1163      * <pre>// SQLiteQueryBuilder is a helper class that creates the
1164         // proper SQL syntax for us.
1165         SQLiteQueryBuilder qBuilder = new SQLiteQueryBuilder();
1166 
1167         // Set the table we're querying.
1168         qBuilder.setTables(DATABASE_TABLE_NAME);
1169 
1170         // If the query ends in a specific record number, we're
1171         // being asked for a specific record, so set the
1172         // WHERE clause in our query.
1173         if((URI_MATCHER.match(uri)) == SPECIFIC_MESSAGE){
1174             qBuilder.appendWhere("_id=" + uri.getPathLeafId());
1175         }
1176 
1177         // Make the query.
1178         Cursor c = qBuilder.query(mDb,
1179                 projection,
1180                 selection,
1181                 selectionArgs,
1182                 groupBy,
1183                 having,
1184                 sortOrder);
1185         c.setNotificationUri(getContext().getContentResolver(), uri);
1186         return c;</pre>
1187      * <p>
1188      * If you implement this method then you must also implement the version of
1189      * {@link #query(Uri, String[], String, String[], String)} that does not take a cancellation
1190      * signal to ensure correct operation on older versions of the Android Framework in
1191      * which the cancellation signal overload was not available.
1192      *
1193      * @param uri The URI to query. This will be the full URI sent by the client;
1194      *      if the client is requesting a specific record, the URI will end in a record number
1195      *      that the implementation should parse and add to a WHERE or HAVING clause, specifying
1196      *      that _id value.
1197      * @param projection The list of columns to put into the cursor. If
1198      *      {@code null} all columns are included.
1199      * @param selection A selection criteria to apply when filtering rows.
1200      *      If {@code null} then all rows are included.
1201      * @param selectionArgs You may include ?s in selection, which will be replaced by
1202      *      the values from selectionArgs, in order that they appear in the selection.
1203      *      The values will be bound as Strings.
1204      * @param sortOrder How the rows in the cursor should be sorted.
1205      *      If {@code null} then the provider is free to define the sort order.
1206      * @param cancellationSignal A signal to cancel the operation in progress, or {@code null} if none.
1207      * If the operation is canceled, then {@link android.os.OperationCanceledException} will be thrown
1208      * when the query is executed.
1209      * @return a Cursor or {@code null}.
1210      */
query(@onNull Uri uri, @Nullable String[] projection, @Nullable String selection, @Nullable String[] selectionArgs, @Nullable String sortOrder, @Nullable CancellationSignal cancellationSignal)1211     public @Nullable Cursor query(@NonNull Uri uri, @Nullable String[] projection,
1212             @Nullable String selection, @Nullable String[] selectionArgs,
1213             @Nullable String sortOrder, @Nullable CancellationSignal cancellationSignal) {
1214         return query(uri, projection, selection, selectionArgs, sortOrder);
1215     }
1216 
1217     /**
1218      * Implement this to handle query requests where the arguments are packed into a {@link Bundle}.
1219      * Arguments may include traditional SQL style query arguments. When present these
1220      * should be handled  according to the contract established in
1221      * {@link #query(Uri, String[], String, String[], String, CancellationSignal)}.
1222      *
1223      * <p>Traditional SQL arguments can be found in the bundle using the following keys:
1224      * <li>{@link android.content.ContentResolver#QUERY_ARG_SQL_SELECTION}
1225      * <li>{@link android.content.ContentResolver#QUERY_ARG_SQL_SELECTION_ARGS}
1226      * <li>{@link android.content.ContentResolver#QUERY_ARG_SQL_SORT_ORDER}
1227      *
1228      * <p>This method can be called from multiple threads, as described in
1229      * <a href="{@docRoot}guide/topics/fundamentals/processes-and-threads.html#Threads">Processes
1230      * and Threads</a>.
1231      *
1232      * <p>
1233      * Example client call:<p>
1234      * <pre>// Request 20 records starting at row index 30.
1235        Bundle queryArgs = new Bundle();
1236        queryArgs.putInt(ContentResolver.QUERY_ARG_OFFSET, 30);
1237        queryArgs.putInt(ContentResolver.QUERY_ARG_LIMIT, 20);
1238 
1239        Cursor cursor = getContentResolver().query(
1240                 contentUri,    // Content Uri is specific to individual content providers.
1241                 projection,    // String[] describing which columns to return.
1242                 queryArgs,     // Query arguments.
1243                 null);         // Cancellation signal.</pre>
1244      *
1245      * Example implementation:<p>
1246      * <pre>
1247 
1248         int recordsetSize = 0x1000;  // Actual value is implementation specific.
1249         queryArgs = queryArgs != null ? queryArgs : Bundle.EMPTY;  // ensure queryArgs is non-null
1250 
1251         int offset = queryArgs.getInt(ContentResolver.QUERY_ARG_OFFSET, 0);
1252         int limit = queryArgs.getInt(ContentResolver.QUERY_ARG_LIMIT, Integer.MIN_VALUE);
1253 
1254         MatrixCursor c = new MatrixCursor(PROJECTION, limit);
1255 
1256         // Calculate the number of items to include in the cursor.
1257         int numItems = MathUtils.constrain(recordsetSize - offset, 0, limit);
1258 
1259         // Build the paged result set....
1260         for (int i = offset; i < offset + numItems; i++) {
1261             // populate row from your data.
1262         }
1263 
1264         Bundle extras = new Bundle();
1265         c.setExtras(extras);
1266 
1267         // Any QUERY_ARG_* key may be included if honored.
1268         // In an actual implementation, include only keys that are both present in queryArgs
1269         // and reflected in the Cursor output. For example, if QUERY_ARG_OFFSET were included
1270         // in queryArgs, but was ignored because it contained an invalid value (like –273),
1271         // then QUERY_ARG_OFFSET should be omitted.
1272         extras.putStringArray(ContentResolver.EXTRA_HONORED_ARGS, new String[] {
1273             ContentResolver.QUERY_ARG_OFFSET,
1274             ContentResolver.QUERY_ARG_LIMIT
1275         });
1276 
1277         extras.putInt(ContentResolver.EXTRA_TOTAL_COUNT, recordsetSize);
1278 
1279         cursor.setNotificationUri(getContext().getContentResolver(), uri);
1280 
1281         return cursor;</pre>
1282      * <p>
1283      * See {@link #query(Uri, String[], String, String[], String, CancellationSignal)}
1284      * for implementation details.
1285      *
1286      * @param uri The URI to query. This will be the full URI sent by the client.
1287      * @param projection The list of columns to put into the cursor.
1288      *            If {@code null} provide a default set of columns.
1289      * @param queryArgs A Bundle containing all additional information necessary for the query.
1290      *            Values in the Bundle may include SQL style arguments.
1291      * @param cancellationSignal A signal to cancel the operation in progress,
1292      *            or {@code null}.
1293      * @return a Cursor or {@code null}.
1294      */
1295     @Override
query(@onNull Uri uri, @Nullable String[] projection, @Nullable Bundle queryArgs, @Nullable CancellationSignal cancellationSignal)1296     public @Nullable Cursor query(@NonNull Uri uri, @Nullable String[] projection,
1297             @Nullable Bundle queryArgs, @Nullable CancellationSignal cancellationSignal) {
1298         queryArgs = queryArgs != null ? queryArgs : Bundle.EMPTY;
1299 
1300         // if client doesn't supply an SQL sort order argument, attempt to build one from
1301         // QUERY_ARG_SORT* arguments.
1302         String sortClause = queryArgs.getString(ContentResolver.QUERY_ARG_SQL_SORT_ORDER);
1303         if (sortClause == null && queryArgs.containsKey(ContentResolver.QUERY_ARG_SORT_COLUMNS)) {
1304             sortClause = ContentResolver.createSqlSortClause(queryArgs);
1305         }
1306 
1307         return query(
1308                 uri,
1309                 projection,
1310                 queryArgs.getString(ContentResolver.QUERY_ARG_SQL_SELECTION),
1311                 queryArgs.getStringArray(ContentResolver.QUERY_ARG_SQL_SELECTION_ARGS),
1312                 sortClause,
1313                 cancellationSignal);
1314     }
1315 
1316     /**
1317      * Implement this to handle requests for the MIME type of the data at the
1318      * given URI.  The returned MIME type should start with
1319      * <code>vnd.android.cursor.item</code> for a single record,
1320      * or <code>vnd.android.cursor.dir/</code> for multiple items.
1321      * This method can be called from multiple threads, as described in
1322      * <a href="{@docRoot}guide/topics/fundamentals/processes-and-threads.html#Threads">Processes
1323      * and Threads</a>.
1324      *
1325      * <p>Note that there are no permissions needed for an application to
1326      * access this information; if your content provider requires read and/or
1327      * write permissions, or is not exported, all applications can still call
1328      * this method regardless of their access permissions.  This allows them
1329      * to retrieve the MIME type for a URI when dispatching intents.
1330      *
1331      * @param uri the URI to query.
1332      * @return a MIME type string, or {@code null} if there is no type.
1333      */
1334     @Override
getType(@onNull Uri uri)1335     public abstract @Nullable String getType(@NonNull Uri uri);
1336 
1337     /**
1338      * Implement this to support canonicalization of URIs that refer to your
1339      * content provider.  A canonical URI is one that can be transported across
1340      * devices, backup/restore, and other contexts, and still be able to refer
1341      * to the same data item.  Typically this is implemented by adding query
1342      * params to the URI allowing the content provider to verify that an incoming
1343      * canonical URI references the same data as it was originally intended for and,
1344      * if it doesn't, to find that data (if it exists) in the current environment.
1345      *
1346      * <p>For example, if the content provider holds people and a normal URI in it
1347      * is created with a row index into that people database, the cananical representation
1348      * may have an additional query param at the end which specifies the name of the
1349      * person it is intended for.  Later calls into the provider with that URI will look
1350      * up the row of that URI's base index and, if it doesn't match or its entry's
1351      * name doesn't match the name in the query param, perform a query on its database
1352      * to find the correct row to operate on.</p>
1353      *
1354      * <p>If you implement support for canonical URIs, <b>all</b> incoming calls with
1355      * URIs (including this one) must perform this verification and recovery of any
1356      * canonical URIs they receive.  In addition, you must also implement
1357      * {@link #uncanonicalize} to strip the canonicalization of any of these URIs.</p>
1358      *
1359      * <p>The default implementation of this method returns null, indicating that
1360      * canonical URIs are not supported.</p>
1361      *
1362      * @param url The Uri to canonicalize.
1363      *
1364      * @return Return the canonical representation of <var>url</var>, or null if
1365      * canonicalization of that Uri is not supported.
1366      */
1367     @Override
canonicalize(@onNull Uri url)1368     public @Nullable Uri canonicalize(@NonNull Uri url) {
1369         return null;
1370     }
1371 
1372     /**
1373      * Remove canonicalization from canonical URIs previously returned by
1374      * {@link #canonicalize}.  For example, if your implementation is to add
1375      * a query param to canonicalize a URI, this method can simply trip any
1376      * query params on the URI.  The default implementation always returns the
1377      * same <var>url</var> that was passed in.
1378      *
1379      * @param url The Uri to remove any canonicalization from.
1380      *
1381      * @return Return the non-canonical representation of <var>url</var>, return
1382      * the <var>url</var> as-is if there is nothing to do, or return null if
1383      * the data identified by the canonical representation can not be found in
1384      * the current environment.
1385      */
1386     @Override
uncanonicalize(@onNull Uri url)1387     public @Nullable Uri uncanonicalize(@NonNull Uri url) {
1388         return url;
1389     }
1390 
1391     /**
1392      * Implement this to support refresh of content identified by {@code uri}. By default, this
1393      * method returns false; providers who wish to implement this should return true to signal the
1394      * client that the provider has tried refreshing with its own implementation.
1395      * <p>
1396      * This allows clients to request an explicit refresh of content identified by {@code uri}.
1397      * <p>
1398      * Client code should only invoke this method when there is a strong indication (such as a user
1399      * initiated pull to refresh gesture) that the content is stale.
1400      * <p>
1401      * Remember to send {@link ContentResolver#notifyChange(Uri, android.database.ContentObserver)}
1402      * notifications when content changes.
1403      *
1404      * @param uri The Uri identifying the data to refresh.
1405      * @param args Additional options from the client. The definitions of these are specific to the
1406      *            content provider being called.
1407      * @param cancellationSignal A signal to cancel the operation in progress, or {@code null} if
1408      *            none. For example, if you called refresh on a particular uri, you should call
1409      *            {@link CancellationSignal#throwIfCanceled()} to check whether the client has
1410      *            canceled the refresh request.
1411      * @return true if the provider actually tried refreshing.
1412      */
1413     @Override
refresh(Uri uri, @Nullable Bundle args, @Nullable CancellationSignal cancellationSignal)1414     public boolean refresh(Uri uri, @Nullable Bundle args,
1415             @Nullable CancellationSignal cancellationSignal) {
1416         return false;
1417     }
1418 
1419     /**
1420      * @hide
1421      * Implementation when a caller has performed an insert on the content
1422      * provider, but that call has been rejected for the operation given
1423      * to {@link #setAppOps(int, int)}.  The default implementation simply
1424      * returns a dummy URI that is the base URI with a 0 path element
1425      * appended.
1426      */
rejectInsert(Uri uri, ContentValues values)1427     public Uri rejectInsert(Uri uri, ContentValues values) {
1428         // If not allowed, we need to return some reasonable URI.  Maybe the
1429         // content provider should be responsible for this, but for now we
1430         // will just return the base URI with a dummy '0' tagged on to it.
1431         // You shouldn't be able to read if you can't write, anyway, so it
1432         // shouldn't matter much what is returned.
1433         return uri.buildUpon().appendPath("0").build();
1434     }
1435 
1436     /**
1437      * Implement this to handle requests to insert a new row.
1438      * As a courtesy, call {@link ContentResolver#notifyChange(android.net.Uri ,android.database.ContentObserver) notifyChange()}
1439      * after inserting.
1440      * This method can be called from multiple threads, as described in
1441      * <a href="{@docRoot}guide/topics/fundamentals/processes-and-threads.html#Threads">Processes
1442      * and Threads</a>.
1443      * @param uri The content:// URI of the insertion request. This must not be {@code null}.
1444      * @param values A set of column_name/value pairs to add to the database.
1445      *     This must not be {@code null}.
1446      * @return The URI for the newly inserted item.
1447      */
1448     @Override
insert(@onNull Uri uri, @Nullable ContentValues values)1449     public abstract @Nullable Uri insert(@NonNull Uri uri, @Nullable ContentValues values);
1450 
1451     /**
1452      * Override this to handle requests to insert a set of new rows, or the
1453      * default implementation will iterate over the values and call
1454      * {@link #insert} on each of them.
1455      * As a courtesy, call {@link ContentResolver#notifyChange(android.net.Uri ,android.database.ContentObserver) notifyChange()}
1456      * after inserting.
1457      * This method can be called from multiple threads, as described in
1458      * <a href="{@docRoot}guide/topics/fundamentals/processes-and-threads.html#Threads">Processes
1459      * and Threads</a>.
1460      *
1461      * @param uri The content:// URI of the insertion request.
1462      * @param values An array of sets of column_name/value pairs to add to the database.
1463      *    This must not be {@code null}.
1464      * @return The number of values that were inserted.
1465      */
1466     @Override
bulkInsert(@onNull Uri uri, @NonNull ContentValues[] values)1467     public int bulkInsert(@NonNull Uri uri, @NonNull ContentValues[] values) {
1468         int numValues = values.length;
1469         for (int i = 0; i < numValues; i++) {
1470             insert(uri, values[i]);
1471         }
1472         return numValues;
1473     }
1474 
1475     /**
1476      * Implement this to handle requests to delete one or more rows.
1477      * The implementation should apply the selection clause when performing
1478      * deletion, allowing the operation to affect multiple rows in a directory.
1479      * As a courtesy, call {@link ContentResolver#notifyChange(android.net.Uri ,android.database.ContentObserver) notifyChange()}
1480      * after deleting.
1481      * This method can be called from multiple threads, as described in
1482      * <a href="{@docRoot}guide/topics/fundamentals/processes-and-threads.html#Threads">Processes
1483      * and Threads</a>.
1484      *
1485      * <p>The implementation is responsible for parsing out a row ID at the end
1486      * of the URI, if a specific row is being deleted. That is, the client would
1487      * pass in <code>content://contacts/people/22</code> and the implementation is
1488      * responsible for parsing the record number (22) when creating a SQL statement.
1489      *
1490      * @param uri The full URI to query, including a row ID (if a specific record is requested).
1491      * @param selection An optional restriction to apply to rows when deleting.
1492      * @return The number of rows affected.
1493      * @throws SQLException
1494      */
1495     @Override
delete(@onNull Uri uri, @Nullable String selection, @Nullable String[] selectionArgs)1496     public abstract int delete(@NonNull Uri uri, @Nullable String selection,
1497             @Nullable String[] selectionArgs);
1498 
1499     /**
1500      * Implement this to handle requests to update one or more rows.
1501      * The implementation should update all rows matching the selection
1502      * to set the columns according to the provided values map.
1503      * As a courtesy, call {@link ContentResolver#notifyChange(android.net.Uri ,android.database.ContentObserver) notifyChange()}
1504      * after updating.
1505      * This method can be called from multiple threads, as described in
1506      * <a href="{@docRoot}guide/topics/fundamentals/processes-and-threads.html#Threads">Processes
1507      * and Threads</a>.
1508      *
1509      * @param uri The URI to query. This can potentially have a record ID if this
1510      * is an update request for a specific record.
1511      * @param values A set of column_name/value pairs to update in the database.
1512      *     This must not be {@code null}.
1513      * @param selection An optional filter to match rows to update.
1514      * @return the number of rows affected.
1515      */
1516     @Override
update(@onNull Uri uri, @Nullable ContentValues values, @Nullable String selection, @Nullable String[] selectionArgs)1517     public abstract int update(@NonNull Uri uri, @Nullable ContentValues values,
1518             @Nullable String selection, @Nullable String[] selectionArgs);
1519 
1520     /**
1521      * Override this to handle requests to open a file blob.
1522      * The default implementation always throws {@link FileNotFoundException}.
1523      * This method can be called from multiple threads, as described in
1524      * <a href="{@docRoot}guide/topics/fundamentals/processes-and-threads.html#Threads">Processes
1525      * and Threads</a>.
1526      *
1527      * <p>This method returns a ParcelFileDescriptor, which is returned directly
1528      * to the caller.  This way large data (such as images and documents) can be
1529      * returned without copying the content.
1530      *
1531      * <p>The returned ParcelFileDescriptor is owned by the caller, so it is
1532      * their responsibility to close it when done.  That is, the implementation
1533      * of this method should create a new ParcelFileDescriptor for each call.
1534      * <p>
1535      * If opened with the exclusive "r" or "w" modes, the returned
1536      * ParcelFileDescriptor can be a pipe or socket pair to enable streaming
1537      * of data. Opening with the "rw" or "rwt" modes implies a file on disk that
1538      * supports seeking.
1539      * <p>
1540      * If you need to detect when the returned ParcelFileDescriptor has been
1541      * closed, or if the remote process has crashed or encountered some other
1542      * error, you can use {@link ParcelFileDescriptor#open(File, int,
1543      * android.os.Handler, android.os.ParcelFileDescriptor.OnCloseListener)},
1544      * {@link ParcelFileDescriptor#createReliablePipe()}, or
1545      * {@link ParcelFileDescriptor#createReliableSocketPair()}.
1546      * <p>
1547      * If you need to return a large file that isn't backed by a real file on
1548      * disk, such as a file on a network share or cloud storage service,
1549      * consider using
1550      * {@link StorageManager#openProxyFileDescriptor(int, android.os.ProxyFileDescriptorCallback, android.os.Handler)}
1551      * which will let you to stream the content on-demand.
1552      *
1553      * <p class="note">For use in Intents, you will want to implement {@link #getType}
1554      * to return the appropriate MIME type for the data returned here with
1555      * the same URI.  This will allow intent resolution to automatically determine the data MIME
1556      * type and select the appropriate matching targets as part of its operation.</p>
1557      *
1558      * <p class="note">For better interoperability with other applications, it is recommended
1559      * that for any URIs that can be opened, you also support queries on them
1560      * containing at least the columns specified by {@link android.provider.OpenableColumns}.
1561      * You may also want to support other common columns if you have additional meta-data
1562      * to supply, such as {@link android.provider.MediaStore.MediaColumns#DATE_ADDED}
1563      * in {@link android.provider.MediaStore.MediaColumns}.</p>
1564      *
1565      * @param uri The URI whose file is to be opened.
1566      * @param mode Access mode for the file.  May be "r" for read-only access,
1567      * "rw" for read and write access, or "rwt" for read and write access
1568      * that truncates any existing file.
1569      *
1570      * @return Returns a new ParcelFileDescriptor which you can use to access
1571      * the file.
1572      *
1573      * @throws FileNotFoundException Throws FileNotFoundException if there is
1574      * no file associated with the given URI or the mode is invalid.
1575      * @throws SecurityException Throws SecurityException if the caller does
1576      * not have permission to access the file.
1577      *
1578      * @see #openAssetFile(Uri, String)
1579      * @see #openFileHelper(Uri, String)
1580      * @see #getType(android.net.Uri)
1581      * @see ParcelFileDescriptor#parseMode(String)
1582      */
openFile(@onNull Uri uri, @NonNull String mode)1583     public @Nullable ParcelFileDescriptor openFile(@NonNull Uri uri, @NonNull String mode)
1584             throws FileNotFoundException {
1585         throw new FileNotFoundException("No files supported by provider at "
1586                 + uri);
1587     }
1588 
1589     /**
1590      * Override this to handle requests to open a file blob.
1591      * The default implementation always throws {@link FileNotFoundException}.
1592      * This method can be called from multiple threads, as described in
1593      * <a href="{@docRoot}guide/topics/fundamentals/processes-and-threads.html#Threads">Processes
1594      * and Threads</a>.
1595      *
1596      * <p>This method returns a ParcelFileDescriptor, which is returned directly
1597      * to the caller.  This way large data (such as images and documents) can be
1598      * returned without copying the content.
1599      *
1600      * <p>The returned ParcelFileDescriptor is owned by the caller, so it is
1601      * their responsibility to close it when done.  That is, the implementation
1602      * of this method should create a new ParcelFileDescriptor for each call.
1603      * <p>
1604      * If opened with the exclusive "r" or "w" modes, the returned
1605      * ParcelFileDescriptor can be a pipe or socket pair to enable streaming
1606      * of data. Opening with the "rw" or "rwt" modes implies a file on disk that
1607      * supports seeking.
1608      * <p>
1609      * If you need to detect when the returned ParcelFileDescriptor has been
1610      * closed, or if the remote process has crashed or encountered some other
1611      * error, you can use {@link ParcelFileDescriptor#open(File, int,
1612      * android.os.Handler, android.os.ParcelFileDescriptor.OnCloseListener)},
1613      * {@link ParcelFileDescriptor#createReliablePipe()}, or
1614      * {@link ParcelFileDescriptor#createReliableSocketPair()}.
1615      *
1616      * <p class="note">For use in Intents, you will want to implement {@link #getType}
1617      * to return the appropriate MIME type for the data returned here with
1618      * the same URI.  This will allow intent resolution to automatically determine the data MIME
1619      * type and select the appropriate matching targets as part of its operation.</p>
1620      *
1621      * <p class="note">For better interoperability with other applications, it is recommended
1622      * that for any URIs that can be opened, you also support queries on them
1623      * containing at least the columns specified by {@link android.provider.OpenableColumns}.
1624      * You may also want to support other common columns if you have additional meta-data
1625      * to supply, such as {@link android.provider.MediaStore.MediaColumns#DATE_ADDED}
1626      * in {@link android.provider.MediaStore.MediaColumns}.</p>
1627      *
1628      * @param uri The URI whose file is to be opened.
1629      * @param mode Access mode for the file. May be "r" for read-only access,
1630      *            "w" for write-only access, "rw" for read and write access, or
1631      *            "rwt" for read and write access that truncates any existing
1632      *            file.
1633      * @param signal A signal to cancel the operation in progress, or
1634      *            {@code null} if none. For example, if you are downloading a
1635      *            file from the network to service a "rw" mode request, you
1636      *            should periodically call
1637      *            {@link CancellationSignal#throwIfCanceled()} to check whether
1638      *            the client has canceled the request and abort the download.
1639      *
1640      * @return Returns a new ParcelFileDescriptor which you can use to access
1641      * the file.
1642      *
1643      * @throws FileNotFoundException Throws FileNotFoundException if there is
1644      * no file associated with the given URI or the mode is invalid.
1645      * @throws SecurityException Throws SecurityException if the caller does
1646      * not have permission to access the file.
1647      *
1648      * @see #openAssetFile(Uri, String)
1649      * @see #openFileHelper(Uri, String)
1650      * @see #getType(android.net.Uri)
1651      * @see ParcelFileDescriptor#parseMode(String)
1652      */
1653     @Override
openFile(@onNull Uri uri, @NonNull String mode, @Nullable CancellationSignal signal)1654     public @Nullable ParcelFileDescriptor openFile(@NonNull Uri uri, @NonNull String mode,
1655             @Nullable CancellationSignal signal) throws FileNotFoundException {
1656         return openFile(uri, mode);
1657     }
1658 
1659     /**
1660      * This is like {@link #openFile}, but can be implemented by providers
1661      * that need to be able to return sub-sections of files, often assets
1662      * inside of their .apk.
1663      * This method can be called from multiple threads, as described in
1664      * <a href="{@docRoot}guide/topics/fundamentals/processes-and-threads.html#Threads">Processes
1665      * and Threads</a>.
1666      *
1667      * <p>If you implement this, your clients must be able to deal with such
1668      * file slices, either directly with
1669      * {@link ContentResolver#openAssetFileDescriptor}, or by using the higher-level
1670      * {@link ContentResolver#openInputStream ContentResolver.openInputStream}
1671      * or {@link ContentResolver#openOutputStream ContentResolver.openOutputStream}
1672      * methods.
1673      * <p>
1674      * The returned AssetFileDescriptor can be a pipe or socket pair to enable
1675      * streaming of data.
1676      *
1677      * <p class="note">If you are implementing this to return a full file, you
1678      * should create the AssetFileDescriptor with
1679      * {@link AssetFileDescriptor#UNKNOWN_LENGTH} to be compatible with
1680      * applications that cannot handle sub-sections of files.</p>
1681      *
1682      * <p class="note">For use in Intents, you will want to implement {@link #getType}
1683      * to return the appropriate MIME type for the data returned here with
1684      * the same URI.  This will allow intent resolution to automatically determine the data MIME
1685      * type and select the appropriate matching targets as part of its operation.</p>
1686      *
1687      * <p class="note">For better interoperability with other applications, it is recommended
1688      * that for any URIs that can be opened, you also support queries on them
1689      * containing at least the columns specified by {@link android.provider.OpenableColumns}.</p>
1690      *
1691      * @param uri The URI whose file is to be opened.
1692      * @param mode Access mode for the file.  May be "r" for read-only access,
1693      * "w" for write-only access (erasing whatever data is currently in
1694      * the file), "wa" for write-only access to append to any existing data,
1695      * "rw" for read and write access on any existing data, and "rwt" for read
1696      * and write access that truncates any existing file.
1697      *
1698      * @return Returns a new AssetFileDescriptor which you can use to access
1699      * the file.
1700      *
1701      * @throws FileNotFoundException Throws FileNotFoundException if there is
1702      * no file associated with the given URI or the mode is invalid.
1703      * @throws SecurityException Throws SecurityException if the caller does
1704      * not have permission to access the file.
1705      *
1706      * @see #openFile(Uri, String)
1707      * @see #openFileHelper(Uri, String)
1708      * @see #getType(android.net.Uri)
1709      */
openAssetFile(@onNull Uri uri, @NonNull String mode)1710     public @Nullable AssetFileDescriptor openAssetFile(@NonNull Uri uri, @NonNull String mode)
1711             throws FileNotFoundException {
1712         ParcelFileDescriptor fd = openFile(uri, mode);
1713         return fd != null ? new AssetFileDescriptor(fd, 0, -1) : null;
1714     }
1715 
1716     /**
1717      * This is like {@link #openFile}, but can be implemented by providers
1718      * that need to be able to return sub-sections of files, often assets
1719      * inside of their .apk.
1720      * This method can be called from multiple threads, as described in
1721      * <a href="{@docRoot}guide/topics/fundamentals/processes-and-threads.html#Threads">Processes
1722      * and Threads</a>.
1723      *
1724      * <p>If you implement this, your clients must be able to deal with such
1725      * file slices, either directly with
1726      * {@link ContentResolver#openAssetFileDescriptor}, or by using the higher-level
1727      * {@link ContentResolver#openInputStream ContentResolver.openInputStream}
1728      * or {@link ContentResolver#openOutputStream ContentResolver.openOutputStream}
1729      * methods.
1730      * <p>
1731      * The returned AssetFileDescriptor can be a pipe or socket pair to enable
1732      * streaming of data.
1733      *
1734      * <p class="note">If you are implementing this to return a full file, you
1735      * should create the AssetFileDescriptor with
1736      * {@link AssetFileDescriptor#UNKNOWN_LENGTH} to be compatible with
1737      * applications that cannot handle sub-sections of files.</p>
1738      *
1739      * <p class="note">For use in Intents, you will want to implement {@link #getType}
1740      * to return the appropriate MIME type for the data returned here with
1741      * the same URI.  This will allow intent resolution to automatically determine the data MIME
1742      * type and select the appropriate matching targets as part of its operation.</p>
1743      *
1744      * <p class="note">For better interoperability with other applications, it is recommended
1745      * that for any URIs that can be opened, you also support queries on them
1746      * containing at least the columns specified by {@link android.provider.OpenableColumns}.</p>
1747      *
1748      * @param uri The URI whose file is to be opened.
1749      * @param mode Access mode for the file.  May be "r" for read-only access,
1750      * "w" for write-only access (erasing whatever data is currently in
1751      * the file), "wa" for write-only access to append to any existing data,
1752      * "rw" for read and write access on any existing data, and "rwt" for read
1753      * and write access that truncates any existing file.
1754      * @param signal A signal to cancel the operation in progress, or
1755      *            {@code null} if none. For example, if you are downloading a
1756      *            file from the network to service a "rw" mode request, you
1757      *            should periodically call
1758      *            {@link CancellationSignal#throwIfCanceled()} to check whether
1759      *            the client has canceled the request and abort the download.
1760      *
1761      * @return Returns a new AssetFileDescriptor which you can use to access
1762      * the file.
1763      *
1764      * @throws FileNotFoundException Throws FileNotFoundException if there is
1765      * no file associated with the given URI or the mode is invalid.
1766      * @throws SecurityException Throws SecurityException if the caller does
1767      * not have permission to access the file.
1768      *
1769      * @see #openFile(Uri, String)
1770      * @see #openFileHelper(Uri, String)
1771      * @see #getType(android.net.Uri)
1772      */
1773     @Override
openAssetFile(@onNull Uri uri, @NonNull String mode, @Nullable CancellationSignal signal)1774     public @Nullable AssetFileDescriptor openAssetFile(@NonNull Uri uri, @NonNull String mode,
1775             @Nullable CancellationSignal signal) throws FileNotFoundException {
1776         return openAssetFile(uri, mode);
1777     }
1778 
1779     /**
1780      * Convenience for subclasses that wish to implement {@link #openFile}
1781      * by looking up a column named "_data" at the given URI.
1782      *
1783      * @param uri The URI to be opened.
1784      * @param mode The file mode.  May be "r" for read-only access,
1785      * "w" for write-only access (erasing whatever data is currently in
1786      * the file), "wa" for write-only access to append to any existing data,
1787      * "rw" for read and write access on any existing data, and "rwt" for read
1788      * and write access that truncates any existing file.
1789      *
1790      * @return Returns a new ParcelFileDescriptor that can be used by the
1791      * client to access the file.
1792      */
openFileHelper(@onNull Uri uri, @NonNull String mode)1793     protected final @NonNull ParcelFileDescriptor openFileHelper(@NonNull Uri uri,
1794             @NonNull String mode) throws FileNotFoundException {
1795         Cursor c = query(uri, new String[]{"_data"}, null, null, null);
1796         int count = (c != null) ? c.getCount() : 0;
1797         if (count != 1) {
1798             // If there is not exactly one result, throw an appropriate
1799             // exception.
1800             if (c != null) {
1801                 c.close();
1802             }
1803             if (count == 0) {
1804                 throw new FileNotFoundException("No entry for " + uri);
1805             }
1806             throw new FileNotFoundException("Multiple items at " + uri);
1807         }
1808 
1809         c.moveToFirst();
1810         int i = c.getColumnIndex("_data");
1811         String path = (i >= 0 ? c.getString(i) : null);
1812         c.close();
1813         if (path == null) {
1814             throw new FileNotFoundException("Column _data not found.");
1815         }
1816 
1817         int modeBits = ParcelFileDescriptor.parseMode(mode);
1818         return ParcelFileDescriptor.open(new File(path), modeBits);
1819     }
1820 
1821     /**
1822      * Called by a client to determine the types of data streams that this
1823      * content provider supports for the given URI.  The default implementation
1824      * returns {@code null}, meaning no types.  If your content provider stores data
1825      * of a particular type, return that MIME type if it matches the given
1826      * mimeTypeFilter.  If it can perform type conversions, return an array
1827      * of all supported MIME types that match mimeTypeFilter.
1828      *
1829      * @param uri The data in the content provider being queried.
1830      * @param mimeTypeFilter The type of data the client desires.  May be
1831      * a pattern, such as *&#47;* to retrieve all possible data types.
1832      * @return Returns {@code null} if there are no possible data streams for the
1833      * given mimeTypeFilter.  Otherwise returns an array of all available
1834      * concrete MIME types.
1835      *
1836      * @see #getType(Uri)
1837      * @see #openTypedAssetFile(Uri, String, Bundle)
1838      * @see ClipDescription#compareMimeTypes(String, String)
1839      */
1840     @Override
getStreamTypes(@onNull Uri uri, @NonNull String mimeTypeFilter)1841     public @Nullable String[] getStreamTypes(@NonNull Uri uri, @NonNull String mimeTypeFilter) {
1842         return null;
1843     }
1844 
1845     /**
1846      * Called by a client to open a read-only stream containing data of a
1847      * particular MIME type.  This is like {@link #openAssetFile(Uri, String)},
1848      * except the file can only be read-only and the content provider may
1849      * perform data conversions to generate data of the desired type.
1850      *
1851      * <p>The default implementation compares the given mimeType against the
1852      * result of {@link #getType(Uri)} and, if they match, simply calls
1853      * {@link #openAssetFile(Uri, String)}.
1854      *
1855      * <p>See {@link ClipData} for examples of the use and implementation
1856      * of this method.
1857      * <p>
1858      * The returned AssetFileDescriptor can be a pipe or socket pair to enable
1859      * streaming of data.
1860      *
1861      * <p class="note">For better interoperability with other applications, it is recommended
1862      * that for any URIs that can be opened, you also support queries on them
1863      * containing at least the columns specified by {@link android.provider.OpenableColumns}.
1864      * You may also want to support other common columns if you have additional meta-data
1865      * to supply, such as {@link android.provider.MediaStore.MediaColumns#DATE_ADDED}
1866      * in {@link android.provider.MediaStore.MediaColumns}.</p>
1867      *
1868      * @param uri The data in the content provider being queried.
1869      * @param mimeTypeFilter The type of data the client desires.  May be
1870      * a pattern, such as *&#47;*, if the caller does not have specific type
1871      * requirements; in this case the content provider will pick its best
1872      * type matching the pattern.
1873      * @param opts Additional options from the client.  The definitions of
1874      * these are specific to the content provider being called.
1875      *
1876      * @return Returns a new AssetFileDescriptor from which the client can
1877      * read data of the desired type.
1878      *
1879      * @throws FileNotFoundException Throws FileNotFoundException if there is
1880      * no file associated with the given URI or the mode is invalid.
1881      * @throws SecurityException Throws SecurityException if the caller does
1882      * not have permission to access the data.
1883      * @throws IllegalArgumentException Throws IllegalArgumentException if the
1884      * content provider does not support the requested MIME type.
1885      *
1886      * @see #getStreamTypes(Uri, String)
1887      * @see #openAssetFile(Uri, String)
1888      * @see ClipDescription#compareMimeTypes(String, String)
1889      */
openTypedAssetFile(@onNull Uri uri, @NonNull String mimeTypeFilter, @Nullable Bundle opts)1890     public @Nullable AssetFileDescriptor openTypedAssetFile(@NonNull Uri uri,
1891             @NonNull String mimeTypeFilter, @Nullable Bundle opts) throws FileNotFoundException {
1892         if ("*/*".equals(mimeTypeFilter)) {
1893             // If they can take anything, the untyped open call is good enough.
1894             return openAssetFile(uri, "r");
1895         }
1896         String baseType = getType(uri);
1897         if (baseType != null && ClipDescription.compareMimeTypes(baseType, mimeTypeFilter)) {
1898             // Use old untyped open call if this provider has a type for this
1899             // URI and it matches the request.
1900             return openAssetFile(uri, "r");
1901         }
1902         throw new FileNotFoundException("Can't open " + uri + " as type " + mimeTypeFilter);
1903     }
1904 
1905 
1906     /**
1907      * Called by a client to open a read-only stream containing data of a
1908      * particular MIME type.  This is like {@link #openAssetFile(Uri, String)},
1909      * except the file can only be read-only and the content provider may
1910      * perform data conversions to generate data of the desired type.
1911      *
1912      * <p>The default implementation compares the given mimeType against the
1913      * result of {@link #getType(Uri)} and, if they match, simply calls
1914      * {@link #openAssetFile(Uri, String)}.
1915      *
1916      * <p>See {@link ClipData} for examples of the use and implementation
1917      * of this method.
1918      * <p>
1919      * The returned AssetFileDescriptor can be a pipe or socket pair to enable
1920      * streaming of data.
1921      *
1922      * <p class="note">For better interoperability with other applications, it is recommended
1923      * that for any URIs that can be opened, you also support queries on them
1924      * containing at least the columns specified by {@link android.provider.OpenableColumns}.
1925      * You may also want to support other common columns if you have additional meta-data
1926      * to supply, such as {@link android.provider.MediaStore.MediaColumns#DATE_ADDED}
1927      * in {@link android.provider.MediaStore.MediaColumns}.</p>
1928      *
1929      * @param uri The data in the content provider being queried.
1930      * @param mimeTypeFilter The type of data the client desires.  May be
1931      * a pattern, such as *&#47;*, if the caller does not have specific type
1932      * requirements; in this case the content provider will pick its best
1933      * type matching the pattern.
1934      * @param opts Additional options from the client.  The definitions of
1935      * these are specific to the content provider being called.
1936      * @param signal A signal to cancel the operation in progress, or
1937      *            {@code null} if none. For example, if you are downloading a
1938      *            file from the network to service a "rw" mode request, you
1939      *            should periodically call
1940      *            {@link CancellationSignal#throwIfCanceled()} to check whether
1941      *            the client has canceled the request and abort the download.
1942      *
1943      * @return Returns a new AssetFileDescriptor from which the client can
1944      * read data of the desired type.
1945      *
1946      * @throws FileNotFoundException Throws FileNotFoundException if there is
1947      * no file associated with the given URI or the mode is invalid.
1948      * @throws SecurityException Throws SecurityException if the caller does
1949      * not have permission to access the data.
1950      * @throws IllegalArgumentException Throws IllegalArgumentException if the
1951      * content provider does not support the requested MIME type.
1952      *
1953      * @see #getStreamTypes(Uri, String)
1954      * @see #openAssetFile(Uri, String)
1955      * @see ClipDescription#compareMimeTypes(String, String)
1956      */
1957     @Override
openTypedAssetFile(@onNull Uri uri, @NonNull String mimeTypeFilter, @Nullable Bundle opts, @Nullable CancellationSignal signal)1958     public @Nullable AssetFileDescriptor openTypedAssetFile(@NonNull Uri uri,
1959             @NonNull String mimeTypeFilter, @Nullable Bundle opts,
1960             @Nullable CancellationSignal signal) throws FileNotFoundException {
1961         return openTypedAssetFile(uri, mimeTypeFilter, opts);
1962     }
1963 
1964     /**
1965      * Interface to write a stream of data to a pipe.  Use with
1966      * {@link ContentProvider#openPipeHelper}.
1967      */
1968     public interface PipeDataWriter<T> {
1969         /**
1970          * Called from a background thread to stream data out to a pipe.
1971          * Note that the pipe is blocking, so this thread can block on
1972          * writes for an arbitrary amount of time if the client is slow
1973          * at reading.
1974          *
1975          * @param output The pipe where data should be written.  This will be
1976          * closed for you upon returning from this function.
1977          * @param uri The URI whose data is to be written.
1978          * @param mimeType The desired type of data to be written.
1979          * @param opts Options supplied by caller.
1980          * @param args Your own custom arguments.
1981          */
writeDataToPipe(@onNull ParcelFileDescriptor output, @NonNull Uri uri, @NonNull String mimeType, @Nullable Bundle opts, @Nullable T args)1982         public void writeDataToPipe(@NonNull ParcelFileDescriptor output, @NonNull Uri uri,
1983                 @NonNull String mimeType, @Nullable Bundle opts, @Nullable T args);
1984     }
1985 
1986     /**
1987      * A helper function for implementing {@link #openTypedAssetFile}, for
1988      * creating a data pipe and background thread allowing you to stream
1989      * generated data back to the client.  This function returns a new
1990      * ParcelFileDescriptor that should be returned to the caller (the caller
1991      * is responsible for closing it).
1992      *
1993      * @param uri The URI whose data is to be written.
1994      * @param mimeType The desired type of data to be written.
1995      * @param opts Options supplied by caller.
1996      * @param args Your own custom arguments.
1997      * @param func Interface implementing the function that will actually
1998      * stream the data.
1999      * @return Returns a new ParcelFileDescriptor holding the read side of
2000      * the pipe.  This should be returned to the caller for reading; the caller
2001      * is responsible for closing it when done.
2002      */
openPipeHelper(final @NonNull Uri uri, final @NonNull String mimeType, final @Nullable Bundle opts, final @Nullable T args, final @NonNull PipeDataWriter<T> func)2003     public @NonNull <T> ParcelFileDescriptor openPipeHelper(final @NonNull Uri uri,
2004             final @NonNull String mimeType, final @Nullable Bundle opts, final @Nullable T args,
2005             final @NonNull PipeDataWriter<T> func) throws FileNotFoundException {
2006         try {
2007             final ParcelFileDescriptor[] fds = ParcelFileDescriptor.createPipe();
2008 
2009             AsyncTask<Object, Object, Object> task = new AsyncTask<Object, Object, Object>() {
2010                 @Override
2011                 protected Object doInBackground(Object... params) {
2012                     func.writeDataToPipe(fds[1], uri, mimeType, opts, args);
2013                     try {
2014                         fds[1].close();
2015                     } catch (IOException e) {
2016                         Log.w(TAG, "Failure closing pipe", e);
2017                     }
2018                     return null;
2019                 }
2020             };
2021             task.executeOnExecutor(AsyncTask.THREAD_POOL_EXECUTOR, (Object[])null);
2022 
2023             return fds[0];
2024         } catch (IOException e) {
2025             throw new FileNotFoundException("failure making pipe");
2026         }
2027     }
2028 
2029     /**
2030      * Returns true if this instance is a temporary content provider.
2031      * @return true if this instance is a temporary content provider
2032      */
isTemporary()2033     protected boolean isTemporary() {
2034         return false;
2035     }
2036 
2037     /**
2038      * Returns the Binder object for this provider.
2039      *
2040      * @return the Binder object for this provider
2041      * @hide
2042      */
2043     @UnsupportedAppUsage
getIContentProvider()2044     public IContentProvider getIContentProvider() {
2045         return mTransport;
2046     }
2047 
2048     /**
2049      * Like {@link #attachInfo(Context, android.content.pm.ProviderInfo)}, but for use
2050      * when directly instantiating the provider for testing.
2051      * @hide
2052      */
2053     @UnsupportedAppUsage
attachInfoForTesting(Context context, ProviderInfo info)2054     public void attachInfoForTesting(Context context, ProviderInfo info) {
2055         attachInfo(context, info, true);
2056     }
2057 
2058     /**
2059      * After being instantiated, this is called to tell the content provider
2060      * about itself.
2061      *
2062      * @param context The context this provider is running in
2063      * @param info Registered information about this content provider
2064      */
attachInfo(Context context, ProviderInfo info)2065     public void attachInfo(Context context, ProviderInfo info) {
2066         attachInfo(context, info, false);
2067     }
2068 
attachInfo(Context context, ProviderInfo info, boolean testing)2069     private void attachInfo(Context context, ProviderInfo info, boolean testing) {
2070         mNoPerms = testing;
2071         mCallingPackage = new ThreadLocal<>();
2072 
2073         /*
2074          * Only allow it to be set once, so after the content service gives
2075          * this to us clients can't change it.
2076          */
2077         if (mContext == null) {
2078             mContext = context;
2079             if (context != null && mTransport != null) {
2080                 mTransport.mAppOpsManager = (AppOpsManager) context.getSystemService(
2081                         Context.APP_OPS_SERVICE);
2082             }
2083             mMyUid = Process.myUid();
2084             if (info != null) {
2085                 setReadPermission(info.readPermission);
2086                 setWritePermission(info.writePermission);
2087                 setPathPermissions(info.pathPermissions);
2088                 mExported = info.exported;
2089                 mSingleUser = (info.flags & ProviderInfo.FLAG_SINGLE_USER) != 0;
2090                 setAuthorities(info.authority);
2091             }
2092             ContentProvider.this.onCreate();
2093         }
2094     }
2095 
2096     /**
2097      * Override this to handle requests to perform a batch of operations, or the
2098      * default implementation will iterate over the operations and call
2099      * {@link ContentProviderOperation#apply} on each of them.
2100      * If all calls to {@link ContentProviderOperation#apply} succeed
2101      * then a {@link ContentProviderResult} array with as many
2102      * elements as there were operations will be returned.  If any of the calls
2103      * fail, it is up to the implementation how many of the others take effect.
2104      * This method can be called from multiple threads, as described in
2105      * <a href="{@docRoot}guide/topics/fundamentals/processes-and-threads.html#Threads">Processes
2106      * and Threads</a>.
2107      *
2108      * @param operations the operations to apply
2109      * @return the results of the applications
2110      * @throws OperationApplicationException thrown if any operation fails.
2111      * @see ContentProviderOperation#apply
2112      */
2113     @Override
applyBatch(@onNull String authority, @NonNull ArrayList<ContentProviderOperation> operations)2114     public @NonNull ContentProviderResult[] applyBatch(@NonNull String authority,
2115             @NonNull ArrayList<ContentProviderOperation> operations)
2116                     throws OperationApplicationException {
2117         return applyBatch(operations);
2118     }
2119 
applyBatch( @onNull ArrayList<ContentProviderOperation> operations)2120     public @NonNull ContentProviderResult[] applyBatch(
2121             @NonNull ArrayList<ContentProviderOperation> operations)
2122                     throws OperationApplicationException {
2123         final int numOperations = operations.size();
2124         final ContentProviderResult[] results = new ContentProviderResult[numOperations];
2125         for (int i = 0; i < numOperations; i++) {
2126             results[i] = operations.get(i).apply(this, results, i);
2127         }
2128         return results;
2129     }
2130 
2131     /**
2132      * Call a provider-defined method.  This can be used to implement
2133      * interfaces that are cheaper and/or unnatural for a table-like
2134      * model.
2135      *
2136      * <p class="note"><strong>WARNING:</strong> The framework does no permission checking
2137      * on this entry into the content provider besides the basic ability for the application
2138      * to get access to the provider at all.  For example, it has no idea whether the call
2139      * being executed may read or write data in the provider, so can't enforce those
2140      * individual permissions.  Any implementation of this method <strong>must</strong>
2141      * do its own permission checks on incoming calls to make sure they are allowed.</p>
2142      *
2143      * @param method method name to call.  Opaque to framework, but should not be {@code null}.
2144      * @param arg provider-defined String argument.  May be {@code null}.
2145      * @param extras provider-defined Bundle argument.  May be {@code null}.
2146      * @return provider-defined return value.  May be {@code null}, which is also
2147      *   the default for providers which don't implement any call methods.
2148      */
2149     @Override
call(@onNull String authority, @NonNull String method, @Nullable String arg, @Nullable Bundle extras)2150     public @Nullable Bundle call(@NonNull String authority, @NonNull String method,
2151             @Nullable String arg, @Nullable Bundle extras) {
2152         return call(method, arg, extras);
2153     }
2154 
call(@onNull String method, @Nullable String arg, @Nullable Bundle extras)2155     public @Nullable Bundle call(@NonNull String method, @Nullable String arg,
2156             @Nullable Bundle extras) {
2157         return null;
2158     }
2159 
2160     /**
2161      * Implement this to shut down the ContentProvider instance. You can then
2162      * invoke this method in unit tests.
2163      *
2164      * <p>
2165      * Android normally handles ContentProvider startup and shutdown
2166      * automatically. You do not need to start up or shut down a
2167      * ContentProvider. When you invoke a test method on a ContentProvider,
2168      * however, a ContentProvider instance is started and keeps running after
2169      * the test finishes, even if a succeeding test instantiates another
2170      * ContentProvider. A conflict develops because the two instances are
2171      * usually running against the same underlying data source (for example, an
2172      * sqlite database).
2173      * </p>
2174      * <p>
2175      * Implementing shutDown() avoids this conflict by providing a way to
2176      * terminate the ContentProvider. This method can also prevent memory leaks
2177      * from multiple instantiations of the ContentProvider, and it can ensure
2178      * unit test isolation by allowing you to completely clean up the test
2179      * fixture before moving on to the next test.
2180      * </p>
2181      */
shutdown()2182     public void shutdown() {
2183         Log.w(TAG, "implement ContentProvider shutdown() to make sure all database " +
2184                 "connections are gracefully shutdown");
2185     }
2186 
2187     /**
2188      * Print the Provider's state into the given stream.  This gets invoked if
2189      * you run "adb shell dumpsys activity provider &lt;provider_component_name&gt;".
2190      *
2191      * @param fd The raw file descriptor that the dump is being sent to.
2192      * @param writer The PrintWriter to which you should dump your state.  This will be
2193      * closed for you after you return.
2194      * @param args additional arguments to the dump request.
2195      */
dump(FileDescriptor fd, PrintWriter writer, String[] args)2196     public void dump(FileDescriptor fd, PrintWriter writer, String[] args) {
2197         writer.println("nothing to dump");
2198     }
2199 
validateIncomingAuthority(String authority)2200     private void validateIncomingAuthority(String authority) throws SecurityException {
2201         if (!matchesOurAuthorities(getAuthorityWithoutUserId(authority))) {
2202             String message = "The authority " + authority + " does not match the one of the "
2203                     + "contentProvider: ";
2204             if (mAuthority != null) {
2205                 message += mAuthority;
2206             } else {
2207                 message += Arrays.toString(mAuthorities);
2208             }
2209             throw new SecurityException(message);
2210         }
2211     }
2212 
2213     /** @hide */
2214     @VisibleForTesting
validateIncomingUri(Uri uri)2215     public Uri validateIncomingUri(Uri uri) throws SecurityException {
2216         String auth = uri.getAuthority();
2217         if (!mSingleUser) {
2218             int userId = getUserIdFromAuthority(auth, UserHandle.USER_CURRENT);
2219             if (userId != UserHandle.USER_CURRENT && userId != mContext.getUserId()) {
2220                 throw new SecurityException("trying to query a ContentProvider in user "
2221                         + mContext.getUserId() + " with a uri belonging to user " + userId);
2222             }
2223         }
2224         validateIncomingAuthority(auth);
2225 
2226         // Normalize the path by removing any empty path segments, which can be
2227         // a source of security issues.
2228         final String encodedPath = uri.getEncodedPath();
2229         if (encodedPath != null && encodedPath.indexOf("//") != -1) {
2230             final Uri normalized = uri.buildUpon()
2231                     .encodedPath(encodedPath.replaceAll("//+", "/")).build();
2232             Log.w(TAG, "Normalized " + uri + " to " + normalized
2233                     + " to avoid possible security issues");
2234             return normalized;
2235         } else {
2236             return uri;
2237         }
2238     }
2239 
2240     /** @hide */
maybeGetUriWithoutUserId(Uri uri)2241     private Uri maybeGetUriWithoutUserId(Uri uri) {
2242         if (mSingleUser) {
2243             return uri;
2244         }
2245         return getUriWithoutUserId(uri);
2246     }
2247 
2248     /** @hide */
getUserIdFromAuthority(String auth, int defaultUserId)2249     public static int getUserIdFromAuthority(String auth, int defaultUserId) {
2250         if (auth == null) return defaultUserId;
2251         int end = auth.lastIndexOf('@');
2252         if (end == -1) return defaultUserId;
2253         String userIdString = auth.substring(0, end);
2254         try {
2255             return Integer.parseInt(userIdString);
2256         } catch (NumberFormatException e) {
2257             Log.w(TAG, "Error parsing userId.", e);
2258             return UserHandle.USER_NULL;
2259         }
2260     }
2261 
2262     /** @hide */
getUserIdFromAuthority(String auth)2263     public static int getUserIdFromAuthority(String auth) {
2264         return getUserIdFromAuthority(auth, UserHandle.USER_CURRENT);
2265     }
2266 
2267     /** @hide */
getUserIdFromUri(Uri uri, int defaultUserId)2268     public static int getUserIdFromUri(Uri uri, int defaultUserId) {
2269         if (uri == null) return defaultUserId;
2270         return getUserIdFromAuthority(uri.getAuthority(), defaultUserId);
2271     }
2272 
2273     /** @hide */
getUserIdFromUri(Uri uri)2274     public static int getUserIdFromUri(Uri uri) {
2275         return getUserIdFromUri(uri, UserHandle.USER_CURRENT);
2276     }
2277 
2278     /**
2279      * Removes userId part from authority string. Expects format:
2280      * userId@some.authority
2281      * If there is no userId in the authority, it symply returns the argument
2282      * @hide
2283      */
getAuthorityWithoutUserId(String auth)2284     public static String getAuthorityWithoutUserId(String auth) {
2285         if (auth == null) return null;
2286         int end = auth.lastIndexOf('@');
2287         return auth.substring(end+1);
2288     }
2289 
2290     /** @hide */
getUriWithoutUserId(Uri uri)2291     public static Uri getUriWithoutUserId(Uri uri) {
2292         if (uri == null) return null;
2293         Uri.Builder builder = uri.buildUpon();
2294         builder.authority(getAuthorityWithoutUserId(uri.getAuthority()));
2295         return builder.build();
2296     }
2297 
2298     /** @hide */
uriHasUserId(Uri uri)2299     public static boolean uriHasUserId(Uri uri) {
2300         if (uri == null) return false;
2301         return !TextUtils.isEmpty(uri.getUserInfo());
2302     }
2303 
2304     /** @hide */
2305     @UnsupportedAppUsage
maybeAddUserId(Uri uri, int userId)2306     public static Uri maybeAddUserId(Uri uri, int userId) {
2307         if (uri == null) return null;
2308         if (userId != UserHandle.USER_CURRENT
2309                 && ContentResolver.SCHEME_CONTENT.equals(uri.getScheme())) {
2310             if (!uriHasUserId(uri)) {
2311                 //We don't add the user Id if there's already one
2312                 Uri.Builder builder = uri.buildUpon();
2313                 builder.encodedAuthority("" + userId + "@" + uri.getEncodedAuthority());
2314                 return builder.build();
2315             }
2316         }
2317         return uri;
2318     }
2319 }
2320