java.lang.SecurityException: Permission Denial: op

2019-02-18 13:04发布

问题:

I start image picker intent using:

final Intent pickIntent = new Intent(Intent.ACTION_PICK, MediaStore.Images.Media.EXTERNAL_CONTENT_URI);
pickIntent.putExtra(Intent.EXTRA_ALLOW_MULTIPLE, true);
startActivityForResult(intent, PICK_IMAGE);

and in onActivityResult() I get uris of all picked images and start Jobs which run in background and upload those images (https://github.com/yigit/android-priority-jobqueue). But if I press back button and exit out of activity then any job that was not started, can't access picked image when it runs and throws an exception:

java.lang.SecurityException: Permission Denial: opening provider com.google.android.apps.photos.contentprovider.MediaContentProvider from ProcessRecord{...} (pid=2407, uid=10117) that is not exported from uid 10123

The reason its happening is because permission is revoked once activity is finished. According to doc https://developer.android.com/guide/topics/providers/content-provider-basics.html:

These are permissions for a specific content URI that last until the activity that receives them is finished.

My question is, is there a workaround to this? Like getting permission at application level or something?

What are alternates to solve this problem? One quick solutions seems to be making a copy of all picked images and then uploading them but that seems like last resort.

回答1:

NOTE: Trying to get filename from uri is WRONG. Don't do it! Content providers can also share an arbitrary data that is not present in any file or file name could be misleading. E.g. content://downloads/some_secret_data could be pointing to a file that is not in downloads folder.

So best thing to do is to read/copy the data from content provider immediately and then use that data to do whatever you want. In my case I was uploading it.


Previous Wrong Answer (don't do it!):

This is what I did which is working fine for me. If someone has a better solution please do share. I had android.permission.READ_EXTERNAL_STORAGE so when user picked images I used concrete file paths instead of uris returned in onActivityResult(). To retrieve file paths I used this handy class https://stackoverflow.com/a/20559175/826606 and voila!



回答2:

I solved this issue by the following code: When we get image from google photos app we need to require realPath for image

//get Path
@TargetApi(Build.VERSION_CODES.KITKAT)
public String getRealPathFromURI(final Uri uri) {
    final boolean isKitKat = Build.VERSION.SDK_INT >= Build.VERSION_CODES.KITKAT;

    // DocumentProvider
    if (isKitKat && DocumentsContract.isDocumentUri(context, uri)) {
        // ExternalStorageProvider
        if (isExternalStorageDocument(uri)) {
            final String docId = DocumentsContract.getDocumentId(uri);
            final String[] split = docId.split(":");
            final String type = split[0];

            if ("primary".equalsIgnoreCase(type)) {
                return Environment.getExternalStorageDirectory() + "/" + split[1];
            }
        }
        // DownloadsProvider
        else if (isDownloadsDocument(uri)) {
            final String id = DocumentsContract.getDocumentId(uri);
            final Uri contentUri = ContentUris.withAppendedId(
                    Uri.parse("content://downloads/public_downloads"), Long.valueOf(id));

            return getDataColumn(contentUri, null, null);
        }
        // MediaProvider
        else if (isMediaDocument(uri)) {
            final String docId = DocumentsContract.getDocumentId(uri);
            final String[] split = docId.split(":");
            final String type = split[0];

            Uri contentUri = null;
            if ("image".equals(type)) {
                contentUri = MediaStore.Images.Media.EXTERNAL_CONTENT_URI;
            } else if ("video".equals(type)) {
                contentUri = MediaStore.Video.Media.EXTERNAL_CONTENT_URI;
            } else if ("audio".equals(type)) {
                contentUri = MediaStore.Audio.Media.EXTERNAL_CONTENT_URI;
            }

            final String selection = "_id=?";
            final String[] selectionArgs = new String[]{
                    split[1]
            };

            return getDataColumn(contentUri, selection, selectionArgs);
        }
    }
    // MediaStore (and general)
    else if ("content".equalsIgnoreCase(uri.getScheme())) {
        // Return the remote address
        if (isGooglePhotosUri(uri))
            return uri.getLastPathSegment();

        return getDataColumn(uri, null, null);
    }
    // File
    else if ("file".equalsIgnoreCase(uri.getScheme())) {
        return uri.getPath();
    } else
        return getRealPathFromURIDB(uri);

    return null;
}

/**
 * Gets real path from uri.
 *
 * @param contentUri the content uri
 * @return the real path from uri
 */
private String getRealPathFromURIDB(Uri contentUri) {
    Cursor cursor = context.getContentResolver().query(contentUri, null, null, null, null);
    if (cursor == null) {
        return contentUri.getPath();
    } else {
        cursor.moveToFirst();
        int index = cursor.getColumnIndex(MediaStore.Images.ImageColumns.DATA);
        String realPath = cursor.getString(index);
        cursor.close();
        return realPath;
    }
}

/**
 * Gets data column.
 *
 * @param uri           the uri
 * @param selection     the selection
 * @param selectionArgs the selection args
 * @return the data column
 */
public String getDataColumn(Uri uri, String selection,
                                   String[] selectionArgs) {
    Cursor cursor = null;
    final String column = "_data";
    final String[] projection = {
            column
    };

    try {
        cursor = context.getContentResolver().query(uri, projection, selection, selectionArgs,
                null);
        if (cursor != null && cursor.moveToFirst()) {
            final int index = cursor.getColumnIndexOrThrow(column);
            return cursor.getString(index);
        }
    } finally {
        if (cursor != null)
            cursor.close();
    }
    return null;
}

/**
 * Is external storage document boolean.
 *
 * @param uri The Uri to check.
 * @return Whether the Uri authority is ExternalStorageProvider.
 */
public boolean isExternalStorageDocument(Uri uri) {
    return "com.android.externalstorage.documents".equals(uri.getAuthority());
}

/**
 * Is downloads document boolean.
 *
 * @param uri The Uri to check.
 * @return Whether the Uri authority is DownloadsProvider.
 */
public boolean isDownloadsDocument(Uri uri) {
    return "com.android.providers.downloads.documents".equals(uri.getAuthority());
}

/**
 * Is media document boolean.
 *
 * @param uri The Uri to check.
 * @return Whether the Uri authority is MediaProvider.
 */
public boolean isMediaDocument(Uri uri) {
    return "com.android.providers.media.documents".equals(uri.getAuthority());
}

/**
 * Is google photos uri boolean.
 *
 * @param uri The Uri to check.
 * @return Whether the Uri authority is Google Photos.
 */
public boolean isGooglePhotosUri(Uri uri) {
    return "com.google.android.apps.photos.content".equals(uri.getAuthority());
}

Now in the onActivityResult method:

   @Override
   public void onActivityResult(int requestCode, int resultCode, Intent data) {
    super.onActivityResult(requestCode, resultCode, data);
    if (resultCode == Activity.RESULT_OK) {
        if (requestCode == ChoosePhoto.CHOOSE_PHOTO_INTENT) {
            if (data != null && data.getData() != null) {
                handleGalleryResult(data);
            } else {
                handleCameraResult(choosePhoto.getCameraUri());
            }
        } else if (requestCode == ChoosePhoto.SELECTED_IMG_CROP) {
            mImgProfile.setImageURI(choosePhoto.getCropImageUrl());
        }
    }
}

Now in the handleGalleryResult method:

public void handleGalleryResult(Intent data) {
    try {
        cropPictureUrl = Uri.fromFile(createImageTempFile(Environment.getExternalStoragePublicDirectory(Environment.DIRECTORY_PICTURES)));
        String realPathFromURI = FileUtil.getRealPathFromURI(data.getData());
        File file = new File(realPathFromURI);
        if(file.exists()) {
            if(currentAndroidDeviceVersion>23){
                cropImage(FileProvider.getUriForFile(mContext, mContext.getApplicationContext().getPackageName() + ".provider", file), cropPictureUrl);
            }else{
                cropImage(Uri.fromFile(file), cropPictureUrl);
            }

        } else
            cropImage(data.getData(), cropPictureUrl);
    } catch (IOException e) {
        e.printStackTrace();
    }
}

createImageTempFile :

@SuppressLint("SimpleDateFormat")
public File createImageTempFile(File filePathDir) throws IOException {
    String timeStamp = new SimpleDateFormat("yyyyMMdd_HHmmss").format(new Date());

    String imageFileName = "JPEG_" + timeStamp + "_";
    return File.createTempFile(
            imageFileName,  /* prefix */
            ".jpg",         /* suffix */
            filePathDir      /* directory */
    );
}


回答3:

There is a better solution to this problem than the accepted answer about read/copy.

Basically you have to use a different intent and ask for a permanent Uri permission, that persists after you reboot.

The solution is here: Permission for an image from Gallery is lost after re-launch