Account Options

  1. Sign in
The old Google Groups will be going away soon, but your browser is incompatible with the new version.
Google Groups Home
« Groups Home
Android Developers
Home
+ new post
About this group
Join this group
Message from discussion SecurityException in RemoteViewsService?
The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
 
From:
To:
Cc:
Followup To:
Add Cc | Add Followup-to | Edit Subject
Subject:
Validation:
For verification purposes please type the characters you see in the picture below or the numbers you hear by clicking the accessibility icon. Listen and type the numbers you hear
 
Kostya Vasilyev  
View profile  
 More options Aug 4 2012, 11:20 am
From: Kostya Vasilyev <kmans...@gmail.com>
Date: Sat, 4 Aug 2012 19:20:51 +0400
Local: Sat, Aug 4 2012 11:20 am
Subject: Re: [android-developers] SecurityException in RemoteViewsService?
Print | View thread | Show original | Report this message | Find messages by this author

I've run into this exact issue before.

My fix was to add Binder.clearCallingIdentity() in my RemoteViewsService
callbacks where I needed to access my non-exported provider.

Now we're back from the launcher's identity to the identity of the app's
process, where access is allowed.

It fit into the code structure like this:

public static class MyWidgetService extends RemoteViewsService {
@Override
 public RemoteViewsFactory onGetViewFactory(Intent intent) {
return new MyWidgetRemoteViewsFactory(getApplicationContext(), intent);
 }

}

private static class MyWidgetRemoteViewsFactory implements
RemoteViewsService.RemoteViewsFactory {
...
@Override
public void onDataSetChanged() {
MyLog.i(TAG, "onDataSetChanged");

* // Revert back to our process' identity so we can work with our content
provider*
* long identityToken = Binder.clearCallingIdentity();*
 try {
// Query the message list
Cursor listCursor = mContent.queryList(LIST_ITEM_LIMIT);
 if (listCursor != null) {
try {
....

} finally {

 listCursor.close();
}
}

 } finally {
* // Restore the identity - not sure if it's needed since we're going to
return right here, but*
* // it just *seems* cleaner*
* Binder.restoreCallingIdentity(identityToken);*
 }

}

The only place where MyWidgetRemoteViewsFactory uses the content provider
is its onDataSetChanged() -- contrary to proimises made by the
documentation, I've decided to play it safe and avoid keeping an open
cursor during the lifetime of the factory.

If your factory keeps an open cursor outside of one method's scope, you may
need this trick in the other methods as well.

-- K

2012/8/4 NickL <nicklongi...@gmail.com>

>  Error accessing content provider in RemoteViewService

>  Hi,

> I'm trying to build a home screen widget for my app and I am using
> stackview, remoteviewservice. In the RemoteViewsService, I need to query
> the content provider. My cotent provider is set exported=false. However,
> when I want to add the widget on screen, I get this error
> java.lang.SecurityException: Permission Denial: reading
> com.xxx.android.provider.**yyyContentProvider uri content://*com.zzz.an*<http://com.zzz.an/>
> *
> *
> If I set the provider to exported=true, it works well. But I don't want
> this solution. Anyone can helps me? Thanks.

>  --
> You received this message because you are subscribed to the Google
> Groups "Android Developers" group.
> To post to this group, send email to android-developers@googlegroups.com
> To unsubscribe from this group, send email to
> android-developers+unsubscribe@googlegroups.com
> For more options, visit this group at
> http://groups.google.com/group/android-developers?hl=en


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2013 Google