Much like enumerating activities and packages, drozer also provides some modules for listing all of the content providers and some information on them. The following recipe talks about how to do this using the app.provider.info module.
Let's get started enumerating content providers.
- Execute the following command from your drozer terminal:
dz> run app.provider.info - This will return the following information about a content provider:
- Authorities – the names of the classes implementing their SQLite frontends
- Read permission
- Write permission
- Grant URI permissions
- Paths
Let's take a look at the code for the app.provider.info module.
Note
The following code is available at https://github.com/mwrlabs/drozer/blob/766329cacde6dbf1ba05ca5dee36b882041f1b01/src/drozer/modules/app/provider.py.
def execute(self, arguments):
if arguments.package == None:
for package in self.packageManager().getPackages (common.PackageManager.GET_PROVIDERS | common.PackageManager.GET_URI_PERMISSION_PATTERNS):
self.__get_providers(arguments, package)
else:
package = self.packageManager().getPackageInfo(arguments.package, common.PackageManager.GET_PROVIDERS | common.PackageManager.GET_URI_PERMISSION_PATTERNS)
self.__get_providers(arguments, package)
def get_completion_suggestions(self, action, text, **kwargs):
if action.dest == "permission":
return ["null"] + android.permissions
def __get_providers(self, arguments, package):
providers = self.match_filter(package.providers, 'authority', arguments.filter)
if arguments.permission != None:
r_providers = self.match_filter(providers, 'readPermission', arguments.permission)
w_providers = self.match_filter(providers, 'writePermission', arguments.permission)
The first notable part of the code is where the script makes a call to the package manager. Here's what it looks like:
self.packageManager().getPackages(common.PackageManager.GET_PROVIDERS | common.PackageManager.GET_URI_PERMISSION_PATTERNS)
The script grabs a list of packages by making a call to the Android package manager and throws it some flags that make sure it gets the providers back with their grant URI permission patterns. Next we see that once the details about the content providers have been collected by the package manager, the script makes a call to a function called __get_provider(), which extracts information about the read and write permissions of the provider, if any. Using some simple string matching via the match_filters() call, the __get_provider() function basically looks for some string value in the section that defines the content provider's permissions. This string value is marked by either readPermission for the permissions required to read from the content provider or writePermission, which, surprisingly enough, is required to write to the content provider. After this, it resets the provider object before printing it out to the console.
Much like the other .info modules in drozer, you can add filter information in the following ways:
- Search based on package names:
dz> run app.provider.info –a [package name]Or:
dz> run app.provider.info –-package [package name] - Search based on permissions:
dz> run app.provider.info –p [Permission label]Or:
dz> run app.provider.info –-permission [permission label]
- The Content Providers webpage at http://developer.android.com/guide/topics/providers/content-providers.html