android:permission is used to set a single permission for both reading and writing data from a content provider. In regard to the
Principle of Least Privilege, client applications that consume the content provider should only have the necessary privileges to complete their tasks.
As android:permission grants both read and write access, it prevents client applications from applying this principle. In practice, it
means client applications that require read-only access will have to ask for more privileges than what they need: the content provider will always
grant read and write together.
Ask Yourself Whether
- Some client applications consuming the content provider may only require read permission.
There is a risk if you answered yes to this question.
Recommended Secure Coding Practices
- Avoid using
android:permission attribute alone. Instead android:readPermission and
android:writePermission attributes to define separate read and write permissions.
- Avoid using the same permission for
android:readPermission and android:writePermission attributes.
Sensitive Code Example
<provider
android:authorities="com.example.app.Provider"
android:name="com.example.app.Provider"
android:permission="com.example.app.PERMISSION" <!-- Sensitive -->
android:exported="true"/>
<provider
android:authorities="com.example.app.Provider"
android:name="com.example.app.Provider"
android:readPermission="com.example.app.PERMISSION" <!-- Sensitive -->
android:writePermission="com.example.app.PERMISSION" <!-- Sensitive -->
android:exported="true"/>
Compliant Solution
<provider
android:authorities="com.example.app.MyProvider"
android:name="com.example.app.MyProvider"
android:readPermission="com.example.app.READ_PERMISSION"
android:writePermission="com.example.app.WRITE_PERMISSION"
android:exported="true"/>
See
