今天尝试往系统中另外一个应用的ContentProvider中写入数据,没想到报错了。
java.lang.SecurityException: Permission Denial: writing com.mediatek.todos.provider.TodoProvider uri content://com.mediatek.todos/todos from pid=8753, uid=1000 requires the provider be exported, or grantUriPermission()
网上查了下,加上android:exported=”true”就行了。
<provider android:name=”.provider.TodoProvider”
android:authorities=”com.mediatek.todos”
android:multiprocess=”false”
android:exported=”true”/>
我的印象中之前好像默认是可以有权限insert其他content provider。查了下android官方网站:
Android:exported- Whether the content provider is available for other applications to use:
true: The provider is available to other applications. Any application can use the provider’s content URI to access it, subject to the permissions specified for the provider.false: The provider is not available to other applications. Setandroid:exported="false"to limit access to the provider to your applications. Only applications that have the same user ID (UID) as the provider will have access to it.
The default value is
"true"for applications that set eitherandroid:minSdkVersionorandroid:targetSdkVersionto"16"or lower. For applications that set either of these attributes to"17"or higher, the default is"false".You can set
android:exported="false"and still limit access to your provider by setting permissions with thepermissionattribute.
大致意思是sdk低于等于16默认是true,大于等于17默认是false。google 对content provider的安全也重视了。
762
