How does Content Provider's application specify permissions that client apps need in order to access the provider's data?

Solace picture Solace · May 7, 2015 · Viewed 9.3k times · Source

BACKGROUND

I am reading this tutorial on Android Content Providers. I understand from this tutorial that,

In order for other applications to access a Content Provider's data, the provider application must specify the permissions which the client applications need to have to access the its provider's data.

Client applications specify the permissions they require in their manifest file using the <uses-permission> element, e.g.

<uses-permission android:name="android.permission.READ_USER_DICTIONARY" > <!-- In the client app's manifest -->

Then the APK manager asks the user's consent on these permissions (in the client app) when the user is installing the client application.

QUESTION

My question is that how does the provider (app) specify the permissions that other client apps must be granted in order for them to access the provider's data?

From the developer guide,

To find the exact name of the read access permission for the provider you're using, as well as the names for other access permissions used by the provider, look in the provider's documentation.

So is that the way to specify those permissions in the provider app - in the provider's documentation? If so, where is that documentation found? Where can I find that documentation for the SearchableDictionary provider (used as an example in the tutorial), and if I write a Content Provider in my app, where shall I provide that documentation?

Answer

Leo Lin picture Leo Lin · May 7, 2015

Define Permission in provider app's AndroidManifest.xml

<permission
    android:name="com.myapp.PERMISSION"/>

Define Provider in provider app's AndroidManifest.xml

<provider
        android:name=".MyProvider"
        android:authorities="com.myapp.MyProvider.AUTHORITY"
        android:enabled="true"
        android:exported="true"
        android:multiprocess="true"
        android:readPermission="com.myapp.PERMISSION" />

Client's AndroidManifest.xml should have uses-permission tag

<uses-permission android:name="com.myapp.PERMISSION"/>

Then client can access the provider

Cursor cursor = getContentResolver().query(
Uri.parse("content://com.myapp.MyProvider.AUTHORITY/xxx" ),null, null, null, null);