0

In my Android app, I need to expose some file from a FileProvider. Without encryption, it's quite easy: I simply add the FileProvider to manifest.xml.

<provider
   android:name="androidx.core.content.FileProvider"
   android:authorities="${applicationId}.provider"
   android:exported="false"
   android:grantUriPermissions="true">
   <meta-data
     android:name="android.support.FILE_PROVIDER_PATHS"
     android:resource="@xml/provider_paths" />
</provider>

I need to receive some files, encrypt them (storing its secrets in a database) and then expose them with a FileProvider. How can I do this?

Thanks

xcesco
  • 4,690
  • 4
  • 34
  • 65
  • 1
    An encrypted file is still a file, right? Or do you expect to have some specific automation so that you receive a decrypted file? – Maarten Bodewes Nov 25 '19 at 16:15
  • I need to store on local file sytem a crypted file but I wish to export decrypted file. – xcesco Nov 25 '19 at 16:23
  • I guess the trick is implicit in this part of the documentation: "If you want to override any of the default behavior of `FileProvider` methods, **extend the `FileProvider` class** and use the fully-qualified class name in the android:name attribute of the `` element. " But I haven't tried that so I cannot be sure. – Maarten Bodewes Nov 25 '19 at 23:46
  • Otherwise a `ContentProvider` probably makes more sense... – Maarten Bodewes Nov 27 '19 at 21:42
  • Is the question (and the target answer) how to write a FileProvider/ContentProvider that will provide an unencrypted file, starting from an encrypted file? I would be interested in that as well. – Kai Hatje Dec 07 '19 at 17:02
  • @KaiHatje yes, it is that I need. – xcesco Jan 08 '20 at 16:02

1 Answers1

2

You could roll your own FileProvider like in this question. Depending on the file type you want to serve and the app that should view it, you can pick a strategy, which is discussed a little in this question.

The Word app for example works well with using a piped ParcelFileDescriptor, for images you will probably need to create a temporary copy of the file and serve that.

Here is an example of how that might look for files like Word files and similar:

@Nullable
@Override
public ParcelFileDescriptor openFile(@NonNull Uri uri, @NonNull String mode) throws FileNotFoundException {
    ParcelFileDescriptor[] pipe = null;
    try {
        pipe = ParcelFileDescriptor.createReliablePipe();
    } catch (IOException e) {
        Log.d(TAG, "Error creating pipe", e);
    }
    if (mode.contains("r")) {
        FileInputStream fis = FileEncryptionWrapper.getEncryptedFileInputStream(getContext(), uri);
        new PipeFeederThread(fis, new ParcelFileDescriptor.AutoCloseOutputStream(pipe[1])).start();
        return pipe[0];
    } else if (mode.contains("w")) {
        FileOutputStream fos = FileEncryptionWrapper.getEncryptedFileOutputStream(getContext(), uri);
        new PipeFeederThread(new ParcelFileDescriptor.AutoCloseInputStream(pipe[0]), fos).start();
        return pipe[1];
    }
    return null;
}

It uses a PipeFeederThread to get the content from your Stream to the reading/writing side:

static class PipeFeederThread extends Thread {
    InputStream in;
    OutputStream out;

    PipeFeederThread(InputStream in, OutputStream out) {
        this.in = in;
        this.out = out;
    }

    @Override
    public void run() {
        byte[] buf = new byte[8192];
        int len;

        try {
            while ((len = in.read(buf)) > 0) {
                out.write(buf, 0, len);
            }
            in.close();
            out.flush();
            out.close();
        } catch (IOException e) {
            Log.e(TAG, "PipeFeederThread: Data transfer failed:", e);
        }
    }
}

The FileProvider also needs to be declared in the AndroidManifest.xml:

<provider
    android:name=".InternalFileProvider"
    android:authorities="com.android.prototypes.encryptedimagefileprovider.InternalFileProvider"
    android:exported="false"
    android:grantUriPermissions="true">
    <meta-data
        android:name="android.support.FILE_PROVIDER_PATHS"
        android:resource="@xml/file_paths" />
</provider>

And the file_paths.xml:

<?xml version="1.0" encoding="utf-8"?>
<paths>
   <files-path name="files" path="./" />
</paths>

I unfortunately haven't found a good "one size fits all" solution so far and am still searching. It seems that exporting different types of encrypted files to other apps is not yet solved in a clean and consistent way.

Kai Hatje
  • 431
  • 6
  • 17