笔记如下
什么是ContentProvider?
A content provider manages access to a central repository of data. A provider is part of an Android application, which often provides its own UI for working with the data. However, content providers are primarily intended to be used by other applications, which access the provider using a provider client object. Together, providers and provider clients offer a consistent, standard interface to data that also handles inter-process communication and secure data access.
就是一个应用中开放一个标准的接口,可以让别的应用来访问本应用的数据,相当于开后门
内容提供者的实现步骤
1.首先在配置文件中注册一个provider
<provider
android:authorities="com.chen.db"
android:exported="true"
android:name="com.chen.bank.BankBackDoor"/>
com.chen.db相当于后门,外部应用只要调用如下在吗,就可以访问
ContentResolver resolver = getContentResolver();
Uri uri = Uri.parse("content://com.chen.db");
ContentValues values = new ContentValues();
resolver.insert(uri,values);
下面是ContextProvider的实现类
public class BankBackDoor extends ContentProvider {
@Override
public boolean onCreate() {
return false;
}
@Nullable
@Override
public Cursor query(@NonNull Uri uri, @Nullable String[] projection, @Nullable String selection, @Nullable String[] selectionArgs, @Nullable String sortOrder) {
return null;
}
/*
保安:在开后门的时候,检查应用是否有足够的权限
UriMatcher
*/
//matcher当与传递进来的uil匹配时,看看有没有正确的暗号,如果匹配正确,就去操作后门
//否则就no-matcher
private static UriMatcher matcher = new UriMatcher(UriMatcher.NO_MATCH);
private static final int SUCCESS = 1;
static{
matcher.addURI("com.chen.db","accounts",SUCCESS);
}
@Nullable
@Override
public String getType(@NonNull Uri uri) {
return null;
}
@Nullable
@Override
public Uri insert(@NonNull Uri uri, @Nullable ContentValues values) {
int result = matcher.match(uri);
if (result == SUCCESS){
//暗号对了
System.out.println("使用后门程序,修改数据......");
}else{
//暗号不对
System.out.println("暗号不对....");
}
return null;
}
@Override
public int delete(@NonNull Uri uri, @Nullable String selection, @Nullable String[] selectionArgs) {
return 0;
}
@Override
public int update(@NonNull Uri uri, @Nullable ContentValues values, @Nullable String selection, @Nullable String[] selectionArgs) {
return 0;
}
}
但是这样所以的应用都可以直接访问到,这样就不安全了
所以就引入UriMatcher 充当"保安"的角色
/*
保安:在开后门的时候,检查应用是否有足够的权限
UriMatcher
*/
//matcher当与传递进来的uil匹配时,看看有没有正确的暗号,如果匹配正确,就去操作后门
//否则就no-matcher
private static UriMatcher matcher = new UriMatcher(UriMatcher.NO_MATCH);
private static final int SUCCESS = 1;
static{
//accounts相当于口令,只有访问的应用带有
matcher.addURI("com.chen.db","accounts",SUCCESS);
}
public Uri insert(@NonNull Uri uri, @Nullable ContentValues values) {
int result = matcher.match(uri);
if (result == SUCCESS){
//暗号对了
System.out.println("使用后门程序,修改数据......");
}else{
//暗号不对
System.out.println("暗号不对....");
}
return null;
}
网友评论