In my Android app, I need to expose some file from a FileProvider. Without encryption, it's quite easy: I simply add the FileProvider to manifest.xml.
<provider
android:name="androidx.core.content.FileProvider"
android:authorities="${applicationId}.provider"
android:exported="false"
android:grantUriPermissions="true">
<meta-data
android:name="android.support.FILE_PROVIDER_PATHS"
android:resource="@xml/provider_paths" />
</provider>
I need to receive some files, encrypt them (storing its secrets in a database) and then expose them with a FileProvider. How can I do this?
Thanks
You could roll your own FileProvider like in this question. Depending on the file type you want to serve and the app that should view it, you can pick a strategy, which is discussed a little in this question.
The Word app for example works well with using a piped ParcelFileDescriptor, for images you will probably need to create a temporary copy of the file and serve that.
Here is an example of how that might look for files like Word files and similar:
@Nullable
@Override
public ParcelFileDescriptor openFile(@NonNull Uri uri, @NonNull String mode) throws FileNotFoundException {
ParcelFileDescriptor[] pipe = null;
try {
pipe = ParcelFileDescriptor.createReliablePipe();
} catch (IOException e) {
Log.d(TAG, "Error creating pipe", e);
}
if (mode.contains("r")) {
FileInputStream fis = FileEncryptionWrapper.getEncryptedFileInputStream(getContext(), uri);
new PipeFeederThread(fis, new ParcelFileDescriptor.AutoCloseOutputStream(pipe[1])).start();
return pipe[0];
} else if (mode.contains("w")) {
FileOutputStream fos = FileEncryptionWrapper.getEncryptedFileOutputStream(getContext(), uri);
new PipeFeederThread(new ParcelFileDescriptor.AutoCloseInputStream(pipe[0]), fos).start();
return pipe[1];
}
return null;
}
It uses a PipeFeederThread to get the content from your Stream to the reading/writing side:
static class PipeFeederThread extends Thread {
InputStream in;
OutputStream out;
PipeFeederThread(InputStream in, OutputStream out) {
this.in = in;
this.out = out;
}
@Override
public void run() {
byte[] buf = new byte[8192];
int len;
try {
while ((len = in.read(buf)) > 0) {
out.write(buf, 0, len);
}
in.close();
out.flush();
out.close();
} catch (IOException e) {
Log.e(TAG, "PipeFeederThread: Data transfer failed:", e);
}
}
}
The FileProvider also needs to be declared in the AndroidManifest.xml:
<provider
android:name=".InternalFileProvider"
android:authorities="com.android.prototypes.encryptedimagefileprovider.InternalFileProvider"
android:exported="false"
android:grantUriPermissions="true">
<meta-data
android:name="android.support.FILE_PROVIDER_PATHS"
android:resource="@xml/file_paths" />
</provider>
And the file_paths.xml:
<?xml version="1.0" encoding="utf-8"?>
<paths>
<files-path name="files" path="./" />
</paths>
I unfortunately haven't found a good "one size fits all" solution so far and am still searching. It seems that exporting different types of encrypted files to other apps is not yet solved in a clean and consistent way.