Extract providers with the grantUriPermissions
mzfr opened this issue · comments
Mehtab Zafar commented
Some providers can have grantUriPermissions
set to true
even though they are not exported. But then those providers can be used along with some (potentially vulnerable) activity.
<provider android:name="com.ryot.arsdk.util.ARSDKFileProvider" android:exported="false" android:authorities="com.my.android.app.provider" android:grantUriPermissions="true">
<meta-data android:name="android.support.FILE_PROVIDER_PATHS" android:resource="@xml/file_provider_paths"/>
</provider>
Here we need three things:
- The name of the provider
- The authorities(this is the one we have to call the provider with)
android:resource
- since this will be the path of the XML file
Another improvement to this
- Parse the XML file provided in
android:resource
and just takeout thename
and thepath
of thefile-path
.