Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 4fe4d4c9 authored by Chris Palmer's avatar Chris Palmer
Browse files

Update the documentation for content provider security. 

Without this documentation fix, developers will not know that
apps on pre-Gingercomb devices will inadvertantly export their content
providers. With knowledge of the solid workaround, they can make their apps
secure.

Change-Id: I1f096aff19500cd3d3fd2955a9dec59d8e7c6a73
parent c8511af0

docs/html/guide/topics/manifest/provider-element.jd

+13 −4
Original line number Diff line number Diff line
@@ -96,10 +96,19 @@ If "{@code false}", the provider is available only to components of the 
same application or applications with the same user ID.  The default value

is "{@code true}".



<p>

You can export a content provider but still limit access to it with the

<code><a href="{@docRoot}guide/topics/manifest/provider-element.html#prmsn">permission</a></code> attribute.

</p></dd> 

<p>You can export a content provider but still limit access to it with the

<code><a

href="{@docRoot}guide/topics/manifest/provider-element.html#prmsn">permission</a></code>

attribute. Note that due to a bug in versions of Android prior to {@link

android.os.Build.VERSION_CODES#VERSION_GINGERBREAD} providers were exported

even if {@code android:exported} were set to {@code false}. Therefore, for

provider security on all devices, protect your provider with a

signature-level permission. For information on defining a permission, see

the <a

href="{@docRoot}guide/topics/manifest/permission-element.html">permission

element</a>.  For information on using the permission, see the <a

href="{@docRoot}guide/topics/manifest/uses-permission-element.html">uses-permission

element</a>.</p></dd>



<dt><a name="gprmsn"></a>{@code android:grantUriPermissions}</dt>

<dd>Whether or not those who ordinarily would not have permission to