Android access network storage

Sample for Android Storage Access Framework aka Scoped Storage for Basic Use Cases.

As we all know, Google enforces their Android Security Policy changes by requiring setting targetSdkVersion aka API level in the Apps to a certain minimum. The apps that do not comply with this requirement will not be allowed to Google Play Store. Currently, minimal targetSdkVersion is 29 (Android 10), but this will change soon. As stated in the official documentation here:

One of the requirements for Api level 29 was usage of Android Storage Access Framework (SAF) instead of just getting a “WRITE_EXTERNAL_STORAGE” permission. This requirement was not enforced, though, because developers could just add android:requestLegacyExternalStorage=”true” to the App’s Manifest and use the old approach.

With the new requirement to target API level 30 old approach will not work:

So, all Apps that read or write files on the external storage will have to move the files to “internal” storage accessed by getFilesDir(), which is somewhat hard for the users to find or start using Storage Access Framework.

AFAIK, overwhelming majority of the apps, that used external storage for files other than media (audio, pics, etc) used the same pattern:

1. Make a directory on the external storage
2. Use this directory for all their file read/write operations

In this article I’ll try to help the developers migrate this pattern to the Storage Access Framework.

from App’s manifest. This permission is no longer needed. Than add dependency to our build.gradle:

This library contains all we need to use the SAF API.

SAF API allows users to give the App limited access to files on the device, the App receives permission to read/write to specific folders only. This permission can be persisted for later use, but should be checked every time nevertheless, since the system can revoke the permission at any time. Actually the documentation says:

App have to ask the User a permission for a folder (Document Tree as it is called in SAF documentation) that user may create:

Inside the onActivityResult the App receives the Uri of the folder that user had selected. The Uri’s scheme is content:, not file:.

The treeUri we received here is actually our goal — it points to the folder our app may use for it’s files. It can be stored as “toString” to shared preferences, and persistable permission can be taken. Thus the App will be able to use the permissions later, even after device restart. So, actually the App should first check if there is a stored Uri string in shared prefs, then check if the stored Uri string has the read/write permission and then write into the Uri.

Function arePermissionsGranted iterates through all the SAF persisted permissions for the App and checks if given Uri has permission.

It is important to remember that the amount of SAF permissions for an App is limited as CommonsWare mentioned in his blog:

The App should release persisted permissions if the User deleted or moved the folder or the permission is no longer needed.

Once the App has the treeUri either from onActivityResult or from shared preferences, and persistedPermissions are OK, it is time to use it. Make a file inside the directory:

The file here is of type androidx.documentfile.provider.DocumentFile and allows to obtain a FileOutputStream or FileInputStream like this:

So this is how we can change our App to use Storage Access Framework and be compliant with upcoming Google Play Store requirements.

Important to note that when testing on a physical device do not create files and use the file manager from Your PC to check the files at the same time. Windows file explorer might show file size of 0 Kb if the containing folder was open before the App created the file in it.

Please refer to this sample for full code:

Источник

Storage Access Framework

In this document show more show less

Key classes

Videos

Code Samples

See Also

Android 4.4 (API level 19) introduces the Storage Access Framework (SAF). The SAF makes it simple for users to browse and open documents, images, and other files across all of their their preferred document storage providers. A standard, easy-to-use UI lets users browse files and access recents in a consistent way across apps and providers.

Cloud or local storage services can participate in this ecosystem by implementing a DocumentsProvider that encapsulates their services. Client apps that need access to a provider’s documents can integrate with the SAF with just a few lines of code.

The SAF includes the following:

• Document provider—A content provider that allows a storage service (such as Google Drive) to reveal the files it manages. A document provider is implemented as a subclass of the DocumentsProvider class. The document-provider schema is based on a traditional file hierarchy, though how your document provider physically stores data is up to you. The Android platform includes several built-in document providers, such as Downloads, Images, and Videos.
• Client app—A custom app that invokes the ACTION_OPEN_DOCUMENT and/or ACTION_CREATE_DOCUMENT intent and receives the files returned by document providers.
• Picker—A system UI that lets users access documents from all document providers that satisfy the client app’s search criteria.

Some of the features offered by the SAF are as follows:

• Lets users browse content from all document providers, not just a single app.
• Makes it possible for your app to have long term, persistent access to documents owned by a document provider. Through this access users can add, edit, save, and delete files on the provider.
• Supports multiple user accounts and transient roots such as USB storage providers, which only appear if the drive is plugged in.

Overview

The SAF centers around a content provider that is a subclass of the DocumentsProvider class. Within a document provider, data is structured as a traditional file hierarchy:

Figure 1. Document provider data model. A Root points to a single Document, which then starts the fan-out of the entire tree.

Note the following:

• Each document provider reports one or more «roots» which are starting points into exploring a tree of documents. Each root has a unique COLUMN_ROOT_ID , and it points to a document (a directory) representing the contents under that root. Roots are dynamic by design to support use cases like multiple accounts, transient USB storage devices, or user login/log out.
• Under each root is a single document. That document points to 1 to N documents, each of which in turn can point to 1 to N documents.
• Each storage backend surfaces individual files and directories by referencing them with a unique COLUMN_DOCUMENT_ID . Document IDs must be unique and not change once issued, since they are used for persistent URI grants across device reboots.
• Documents can be either an openable file (with a specific MIME type), or a directory containing additional documents (with the MIME_TYPE_DIR MIME type).
• Each document can have different capabilities, as described by COLUMN_FLAGS . For example, FLAG_SUPPORTS_WRITE , FLAG_SUPPORTS_DELETE , and FLAG_SUPPORTS_THUMBNAIL . The same COLUMN_DOCUMENT_ID can be included in multiple directories.

Control Flow

As stated above, the document provider data model is based on a traditional file hierarchy. However, you can physically store your data however you like, as long as it can be accessed through the DocumentsProvider API. For example, you could use tag-based cloud storage for your data.

Figure 2 shows an example of how a photo app might use the SAF to access stored data:

Figure 2. Storage Access Framework Flow

Note the following:

• In the SAF, providers and clients don’t interact directly. A client requests permission to interact with files (that is, to read, edit, create, or delete files).
• The interaction starts when an application (in this example, a photo app) fires the intent ACTION_OPEN_DOCUMENT or ACTION_CREATE_DOCUMENT . The intent may include filters to further refine the criteria—for example, «give me all openable files that have the ‘image’ MIME type.»
• Once the intent fires, the system picker goes to each registered provider and shows the user the matching content roots.
• The picker gives users a standard interface for accessing documents, even though the underlying document providers may be very different. For example, figure 2 shows a Google Drive provider, a USB provider, and a cloud provider.

Figure 3 shows a picker in which a user searching for images has selected a Google Drive account:

Figure 3. Picker

When the user selects Google Drive the images are displayed, as shown in figure 4. From that point on, the user can interact with them in whatever ways are supported by the provider and client app.

Figure 4. Images

Writing a Client App

On Android 4.3 and lower, if you want your app to retrieve a file from another app, it must invoke an intent such as ACTION_PICK or ACTION_GET_CONTENT . The user must then select a single app from which to pick a file and the selected app must provide a user interface for the user to browse and pick from the available files.

On Android 4.4 and higher, you have the additional option of using the ACTION_OPEN_DOCUMENT intent, which displays a picker UI controlled by the system that allows the user to browse all files that other apps have made available. From this single UI, the user can pick a file from any of the supported apps.

ACTION_OPEN_DOCUMENT is not intended to be a replacement for ACTION_GET_CONTENT . The one you should use depends on the needs of your app:

• Use ACTION_GET_CONTENT if you want your app to simply read/import data. With this approach, the app imports a copy of the data, such as an image file.
• Use ACTION_OPEN_DOCUMENT if you want your app to have long term, persistent access to documents owned by a document provider. An example would be a photo-editing app that lets users edit images stored in a document provider.

This section describes how to write client apps based on the ACTION_OPEN_DOCUMENT and ACTION_CREATE_DOCUMENT intents.

Search for documents

The following snippet uses ACTION_OPEN_DOCUMENT to search for document providers that contain image files:

Note the following:

• When the app fires the ACTION_OPEN_DOCUMENT intent, it launches a picker that displays all matching document providers.
• Adding the category CATEGORY_OPENABLE to the intent filters the results to display only documents that can be opened, such as image files.
• The statement intent.setType(«image/*») further filters to display only documents that have the image MIME data type.

Process Results

Once the user selects a document in the picker, onActivityResult() gets called. The URI that points to the selected document is contained in the resultData parameter. Extract the URI using getData() . Once you have it, you can use it to retrieve the document the user wants. For example:

Examine document metadata

Once you have the URI for a document, you gain access to its metadata. This snippet grabs the metadata for a document specified by the URI, and logs it:

Open a document

Once you have the URI for a document, you can open it or do whatever else you want to do with it.

Bitmap

Here is an example of how you might open a Bitmap :

Note that you should not do this operation on the UI thread. Do it in the background, using AsyncTask . Once you open the bitmap, you can display it in an ImageView .

Get an InputStream

Here is an example of how you can get an InputStream from the URI. In this snippet, the lines of the file are being read into a string:

Create a new document

Your app can create a new document in a document provider using the ACTION_CREATE_DOCUMENT intent. To create a file you give your intent a MIME type and a file name, and launch it with a unique request code. The rest is taken care of for you:

Once you create a new document you can get its URI in onActivityResult() , so that you can continue to write to it.

Delete a document

If you have the URI for a document and the document’s Document.COLUMN_FLAGS contains SUPPORTS_DELETE , you can delete the document. For example:

Edit a document

You can use the SAF to edit a text document in place. This snippet fires the ACTION_OPEN_DOCUMENT intent and uses the category CATEGORY_OPENABLE to to display only documents that can be opened. It further filters to show only text files:

Next, from onActivityResult() (see Process results) you can call code to perform the edit. The following snippet gets a FileOutputStream from the ContentResolver . By default it uses “write” mode. It’s best practice to ask for the least amount of access you need, so don’t ask for read/write if all you need is write:

Persist permissions

When your app opens a file for reading or writing, the system gives your app a URI permission grant for that file. It lasts until the user’s device restarts. But suppose your app is an image-editing app, and you want users to be able to access the last 5 images they edited, directly from your app. If the user’s device has restarted, you’d have to send the user back to the system picker to find the files, which is obviously not ideal.

To prevent this from happening, you can persist the permissions the system gives your app. Effectively, your app «takes» the persistable URI permission grant that the system is offering. This gives the user continued access to the files through your app, even if the device has been restarted:

There is one final step. You may have saved the most recent URIs your app accessed, but they may no longer be valid—another app may have deleted or modified a document. Thus, you should always call getContentResolver().takePersistableUriPermission() to check for the freshest data.

Writing a Custom Document Provider

If you’re developing an app that provides storage services for files (such as a cloud save service), you can make your files available through the SAF by writing a custom document provider. This section describes how to do this.

Manifest

To implement a custom document provider, add the following to your application’s manifest:

• A target of API level 19 or higher.
• A

element that declares your custom storage provider.

The name of your provider, which is its class name, including package name. For example: com.example.android.storageprovider.MyCloudProvider .

The name of your authority, which is your package name (in this example, com.example.android.storageprovider ) plus the type of content provider ( documents ). For example, com.example.android.storageprovider.documents .

The attribute android:exported set to «true» . You must export your provider so that other apps can see it.

The attribute android:grantUriPermissions set to «true» . This setting allows the system to grant other apps access to content in your provider. For a discussion of how to persist a grant for a particular document, see Persist permissions.

The MANAGE_DOCUMENTS permission. By default a provider is available to everyone. Adding this permission restricts your provider to the system. This restriction is important for security.

The android:enabled attribute set to a boolean value defined in a resource file. The purpose of this attribute is to disable the provider on devices running Android 4.3 or lower. For example, android:enabled=»@bool/atLeastKitKat» . In addition to including this attribute in the manifest, you need to do the following:

• In your bool.xml resources file under res/values/ , add this line:
• In your bool.xml resources file under res/values-v19/ , add this line:

An intent filter that includes the android.content.action.DOCUMENTS_PROVIDER action, so that your provider appears in the picker when the system searches for providers.

Here are excerpts from a sample manifest that includes a provider:

Supporting devices running Android 4.3 and lower

The ACTION_OPEN_DOCUMENT intent is only available on devices running Android 4.4 and higher. If you want your application to support ACTION_GET_CONTENT to accommodate devices that are running Android 4.3 and lower, you should disable the ACTION_GET_CONTENT intent filter in your manifest for devices running Android 4.4 or higher. A document provider and ACTION_GET_CONTENT should be considered mutually exclusive. If you support both of them simultaneously, your app will appear twice in the system picker UI, offering two different ways of accessing your stored data. This would be confusing for users.

Here is the recommended way of disabling the ACTION_GET_CONTENT intent filter for devices running Android version 4.4 or higher:

1. In your bool.xml resources file under res/values/ , add this line:
2. In your bool.xml resources file under res/values-v19/ , add this line:
3. Add an activity alias to disable the ACTION_GET_CONTENT intent filter for versions 4.4 (API level 19) and higher. For example:

Contracts

Usually when you write a custom content provider, one of the tasks is implementing contract classes, as described in the Content Providers developers guide. A contract class is a public final class that contains constant definitions for the URIs, column names, MIME types, and other metadata that pertain to the provider. The SAF provides these contract classes for you, so you don’t need to write your own:

For example, here are the columns you might return in a cursor when your document provider is queried for documents or the root:

Subclass DocumentsProvider

The next step in writing a custom document provider is to subclass the abstract class DocumentsProvider . At minimum, you need to implement the following methods:

These are the only methods you are strictly required to implement, but there are many more you might want to. See DocumentsProvider for details.

Implement queryRoots

Your implementation of queryRoots() must return a Cursor pointing to all the root directories of your document providers, using columns defined in DocumentsContract.Root .

In the following snippet, the projection parameter represents the specific fields the caller wants to get back. The snippet creates a new cursor and adds one row to it—one root, a top level directory, like Downloads or Images. Most providers only have one root. You might have more than one, for example, in the case of multiple user accounts. In that case, just add a second row to the cursor.

Implement queryChildDocuments

Your implementation of queryChildDocuments() must return a Cursor that points to all the files in the specified directory, using columns defined in DocumentsContract.Document .

This method gets called when you choose an application root in the picker UI. It gets the child documents of a directory under the root. It can be called at any level in the file hierarchy, not just the root. This snippet makes a new cursor with the requested columns, then adds information about every immediate child in the parent directory to the cursor. A child can be an image, another directory—any file:

Implement queryDocument

Your implementation of queryDocument() must return a Cursor that points to the specified file, using columns defined in DocumentsContract.Document .

The queryDocument() method returns the same information that was passed in queryChildDocuments() , but for a specific file:

Implement openDocument

You must implement openDocument() to return a ParcelFileDescriptor representing the specified file. Other apps can use the returned ParcelFileDescriptor to stream data. The system calls this method once the user selects a file and the client app requests access to it by calling openFileDescriptor() . For example:

Security

Suppose your document provider is a password-protected cloud storage service and you want to make sure that users are logged in before you start sharing their files. What should your app do if the user is not logged in? The solution is to return zero roots in your implementation of queryRoots() . That is, an empty root cursor:

The other step is to call getContentResolver().notifyChange() . Remember the DocumentsContract ? We’re using it to make this URI. The following snippet tells the system to query the roots of your document provider whenever the user’s login status changes. If the user is not logged in, a call to queryRoots() returns an empty cursor, as shown above. This ensures that a provider’s documents are only available if the user is logged into the provider.

Источник