I am trying to determine how to access a ContentProvider which exists in another profile.
I have an app/service in the managed profile which implements a content provider. I have a 2nd app/service in the primary profile and I want it to be able to access the managed app's content provider. i.e. cross-profile
Right now I am prototyping the implementation using a modified version of android-testdpc. I have added a ContentProvider to the testdpc source. I want to be able to access this ContentProvider, which is in the managed profile, from another app that is running in the primary profile.
I know that using DevicePolicyManager.AddCrossProfileIntentFilter() I can allow intents sent in the managed profile to also be resolved in the parent, or vice versa. The documentation states that only activity intents are supported. Using AddCrossProfileIntentFilter() I have successfully been able to pass data between the two apps by using intents and startActivity().
However, using activities is not what I want to do since in Q and later I cannot start an activity from a background app/service.
I have no problem accessing the ContentProvider if the two apps exists in the same profile but I have been unable to determine how to make this work cross-profile.
I finally got this working.
To do so I needed to use an activity in the content provider to give permission to the other app. The non-content provider app must send an intent to an activity in the content provider app, requesting permission to access the content provider, using startActivityForResult().
This activity returns an intent, setting the content provider URI with Intent.setData() and permissions with Intent.setFlags(). In my case I included Intent.FLAG_GRANT_PERSISTABLE_URI_PERMISSION to make the permission persistent. The non-content provider app gets the result intent in onActivityResult(), gets the URI from the result then calls ContentResolver.takePersistableUriPermission().
To make this work cross-profile I used DevicePolicyManager.addCrossProfileIntentFilter() to allow the permission request intent to cross profiles. When crossing profiles I noticed that the content provider URI returned in the result intent include the user id. i.e. “content://[email protected]/test". Making a query using this URI will cross profiles.
This helped https://www.futurelearn.com/courses/secure-android-app-development/0/steps/21592