Brion Emde wrote:
> I'm just trying to make happen what is described here, with the custom
> permission:
>
> http://developer.android.com/guide/topics/manifest/manifest-intro.html#perms
>
> i.e. I want my activities (I'm only showing one below) and
> ContentProvider to not be accessible from other applications, because
> they hold the user's personal medical data.
Bear in mind that they *will* be accessible from other applications, so
long as those other applications request the permission and the user
agrees to it.
If you absolutely do not ever want another application to access the
data, don't implement a ContentProvider, because the primary purpose of
a ContentProvider is to provide data to other applications.
> Here is my AndroidManifest.xml. I can't figure out what is wrong. My
> main activity gets a permission denial like this:
>
> ActivityManager: java.lang.SecurityException: Permission Denial:
> starting Intent { act=android.intent.action.MAIN
> cat=[android.intent.category.LAUNCHER] flg=0x10000000
> cmp=com.eyebrowssoftware.bptracker/.BPRecordList } from null (pid=-1,
> uid=-1) requires com.eyebrowssoftware.BPTracker.permission.MEDICAL
>
> --- ANDROID MANIFEST.xml ---
>
> <?xml version="1.0" encoding="utf-8"?>
> <manifest xmlns:android="http://schemas.android.com/apk/res/android";
> package="com.eyebrowssoftware.bptracker"
> android:versionCode="1"
> android:versionName="1.0"
> <permission
> android:name="com.eyebrowssoftware.BPTracker.permission.MEDICAL"
> android:permissionGroup="android.permission-group.PERSONAL_INFO"
> android:label="@string/bp_permission_label"
> android:description="@string/bp_permission_description"
> android:protectionLevel="normal"
> />
> <uses-permission
> android:name="com.eyebrowssoftware.BPTracker.permission.MEDICAL"
> />
> <application
> android:name=".BPTracker"
> android:icon="@drawable/icon"
> android:label="@string/app_name"
> android:debuggable="true">
>
> <activity
> android:name=".BPRecordList"
> android:label="@string/app_name"
> android:theme="@android:style/Theme.Light"
>
> android:permission="com.eyebrowssoftware.BPTracker.permission.MEDICAL"
> >
> <intent-filter>
> <action android:name="android.intent.action.MAIN" />
> <category
> android:name="android.intent.category.LAUNCHER" />
> </intent-filter>
> </activity>
> <!-- only showing launcher activity, others omitted for
> clarity -->
>
> <provider
> android:name=".BPProvider"
> android:authorities="com.eyebrowssoftware.bptracker.bp"
> android:label="@string/title_provider"
> android:icon="@drawable/icon"
>
> android:permission="com.eyebrowssoftware.BPTracker.permission.MEDICAL"
> />
> </application>
> <uses-sdk
> android:targetSdkVersion="4"
> android:minSdkVersion="3"
> />
> <supports-screens
> android:largeScreens="true"
> android:smallScreens="true"
> android:anyDensity="true"
> android:resizeable="true"
> android:normalScreens="true"
> />
> </manifest>
>
"android:permission -- The name of a permission that clients must have
to launch the activity or otherwise get it to respond to an intent. If a
caller of startActivity() or startActivityForResult() has not been
granted the specified permission, its intent will not be delivered to
the activity."
(from
http://developer.android.com/guide/topics/manifest/activity-element.html#prmsn)
The Launcher does not hold the
com.eyebrowssoftware.BPTracker.permission.MEDICAL permission. Hence, it
can't start it.
I am not quite sure why you are trying to protect activities with a
permission. I can understand the permission on the content provider, if
you want users to agree to allow the other apps access to the data. But
who cares if, for some screwball reason, something else (like, say, the
Launcher) wants to open one of your activities? It's not like they can
access the actual data in any way. That's why, for example, you can do
an ACTION_VIEW on a contact without the READ_CONTACTS permission.
--
Mark Murphy (a Commons Guy)
http://commonsware.com | http://twitter.com/commonsguy
Android Training in NYC: 30 April-2 May 2010: http://guruloft.com
--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en
To unsubscribe, reply using "remove me" as the subject.
