android – Warning: Exported activity does not require permission

1. 什麼情況下出現:
使用SDK版本為20
創建工程後,添加一個自定義Activity並在manifest.xml中進行定義。
[html] 
<application 
        android:icon="@drawable/ic_launcher" 
        android:label="@string/app_name" 
        android:theme="@style/AppTheme" > 
        <activity android:name=".MainActivity" 
            android:label="@string/title_activity_main" > 
            <intent-filter> 
                <action android:name="android.intent.action.MAIN" /> 
                <category android:name="android.intent.category.LAUNCHER" /> 
            </intent-filter> 
        </activity> 
         
        <activity android:name=".SecondActivity" 
            android:exported="false"> 
            <intent-filter> 
                <action android:name="android.intent.action.CREATE_SHORTCUT" /> 
            </intent-filter> 
        </activity> 
    </application> 

添加intent-filter後就會報這個warning。

2. 錯誤原因:
這是因為添加瞭intent-filter後該Activity已經暴露給瞭不同進程的應用(其他應用程序),他們實例化該Activity不需要任何的權限。
當然你可以指定此Activity僅用於程序內部使用,或者添加權限。

3. 解決辦法:
定義Activity的地方添加 android:exported="false" 或者定義權限。
[html] 
        <activity android:name=".SecondActivity" 
            android:exported="false"> 
            <intent-filter> 
                <action android:name="android.intent.action.CREATE_SHORTCUT" /> 
            </intent-filter> 
        </activity>  www.aiwalls.com

PS : 由於測試的Activity是為瞭做添加Activity對應的快捷方式到HomeScreen的,所以exported應該為true。要不然無法正常添加。

 android:exported
Whether or not the activity can be launched by components of other applications — "true" if it can be, and "false" if not. If "false", the activity can be launched only by components of the same application or applications with the same user ID.
The default value depends on whether the activity contains intent filters. The absence of any filters means that the activity can be invoked only by specifying its exact class name. This implies that the activity is intended only for application-internal use (since others would not know the class name). So in this case, the default value is "false". On the other hand, the presence of at least one filter implies that the activity is intended for external use, so the default value is "true".
This attribute is not the only way to limit an activity's exposure to other applications. You can also use a permission to limit the external entities that can invoke the activity (see the permissionattribute).

You May Also Like