问题描述

我正在阅读有关在活动中声明权限的信息.根据文档

I was reading about declaring permissions in activity. According to the documentation

要尝试这一点，我创建了2个示例应用程序.第一个应用程序将尝试使用明确意图直接启动第二个应用程序的活动，另外，第二个应用程序将声明我从第一个应用程序启动的特定活动的权限.

To try this out, I created 2 sample Apps. First App will try to directly launch an activity of the second App, using an explicit intent,Also, the Second App will declare a permission for the particular activity which I'm launching from first App.

这些是我遵循的步骤

1. 创建了2个应用程序(说发送方和接收方)
2. 在发件人的清单中添加了权限< uses-permission android:name ="permission.SHARE_POST"/>

3. 现在，通过单击Sender App的按钮，我将称为 ShareActivity 的Receivers Activity如下

1. Created 2 Apps (Say Sender And Receiver)
2. Added the permission <uses-permission android:name="permission.SHARE_POST"/> in the Manifest of sender

3. Now , from a button click of Sender App, I'm calling Receivers Activity called ShareActivity as follows

    Intent intent = new Intent();
    intent.setComponent(new ComponentName("basics.android.com.androidbasics","basics.android.com.androidbasics.ShareActivity"));
    startActivity(intent);

注意: basics.android.com.androidbasics 是接收方的程序包名称

NOTE: basics.android.com.androidbasics is the package name of the receiver

下面是Second App(接收方)清单中的活动声明

Below given is the activity declaration in Second App's (Receiver) Manifest

       <activity
        android:name=".ShareActivity"
        android:exported="true"
        android:permission="permission.SHARE_POST"/>

现在，当我同时运行两个应用程序并尝试从发件人处发送 ShareActivity 时，出现以下错误

Now, when I run both the Apps, and try to lauch ShareActivity from sender, I get the following error

Caused by: java.lang.SecurityException: Permission Denial: starting Intent { cmp=basics.android.com.androidbasics/.ShareActivity } from ProcessRecord{e09a1fc 26267:sender.android.com.sender/u0a925} (pid=26267, uid=10925) requires permission.SHARE_POST

似乎发件人还没有权限 permission.SHARE_POST .但是我已经在发件人清单中声明了它.这里发生了什么事?

Seems like the sender does't have the permission permission.SHARE_POST yet. But I have already declared it in the manifest of sender.Whats happening here?

推荐答案

在Android中使用自定义权限是一项相当高级的操作.基本配方是:

Using custom permissions is a fairly advanced thing to do in Android. The basic recipe is:

1. 确定所需的权限名称.它在设备上必须是唯一的.因此， permission.SHARE_POST 不是一个好选择—添加与您的域名或您要用作应用程序 applicationId 值基础的其他任何内容绑定的前缀.
2. 在使用权限进行自我保护的应用中，声明< permission> 元素，并使用 android:name 属性保存步骤1中的权限名称.(可选)为其提供一个 android:protectionLevel 属性(例如， signature ，因此只有使用同一签名密钥签名的应用才能一起使用).
3. 在使用权限进行保护的应用中，在组件上添加 android:permission 属性(例如，< activity> )，其值为您从步骤1开始的权限名称.
4. 在要与步骤3中的应用进行通信的应用中，添加< uses-permission> 属性，并保留一个 android:name 属性步骤1中的权限名称.
5. 在这两个应用程序中，将您的 minSdkVersion 设置为21，因为旧版本的自定义权限存在安全问题.

1. Decide what you want the permission name to be. It needs to be unique on the device. So, permission.SHARE_POST is not a good choice — add a prefix that is tied to your domain name or whatever else it is that you are using as the basis for your apps' applicationId values.
2. In the app that is defending itself with the permission, declare a <permission> element, with an android:name attribute holding the permission name from step #1. Optionally, give it an android:protectionLevel attribute (e.g., signature, so only apps signed by the same signing key can work together).
3. In the app that is defending itself with the permission, add an android:permission attribute on the component (e.g., <activity>), with a value of your permission name from step #1.
4. In the app that is looking to communicate with the app from step #3, add the <uses-permission> attribute, with an android:name attribute holding the permission name from step #1.
5. In both apps, set your minSdkVersion to 21, as there are security problems with custom permissions on older versions.

如果始终在客户端之前安装防御程序(步骤2和3)(步骤4)，则此方法将起作用.如果您希望这些应用程序可以按任一顺序安装，则将上面的第2步替换为:

This will work, if the defender (step #2 and #3) will always be installed before the client (step #4). If you want the apps to be installable in either order, replace step #2 from above with:

1. 在两个应用程序中 ，声明一个< permission> 元素，并保留一个 android:name 属性步骤1中的权限名称.(可选)为其指定一个 android:protectionLevel 属性(例如， signature ，因此只有使用同一签名密钥签名的应用才能一起使用).另外，请确保两个应用程序始终使用相同的签名密钥进行签名，否则它们将无法定义相同的权限.

1. In both apps, declare a <permission> element, with an android:name attribute holding the permission name from step #1. Optionally, give it an android:protectionLevel attribute (e.g., signature, so only apps signed by the same signing key can work together). Also, ensure that both apps are always signed by the same signing key, as otherwise they cannot both define the same permission.

这篇关于SecurityException:权限被拒绝:通过显式意图启动Activity时的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！