search

singwhatiwanna / android-art-res

the source code in research art of android development
Apache License 2.0
1.73k stars 757 forks source link

ContentProvider中定义的权限,本应用中使用是否不需要验证权限? #20

Open qingfengmy opened 8 years ago

qingfengmy commented 8 years ago

如定义权限如下:

<permission
        android:name="qingfengmy.developmentofart.provider"
        android:protectionLevel="normal" />

定义provider如下:

<provider
            android:name="._2activity.ContentProvider.BookProvider"
            android:authorities="qingfengmy.developmentofart.bookprovider"
            android:exported="true"
            android:permission="qingfengmy.developmentofart.provider"
            android:process=":provider" />

那么在当前应用的Activity中不需要添加如下权限,也可以调用provider的query方法。

<uses-permission android:name="qingfengmy.developmentofart.provider"/>

尽管Activity和provide不是同一进程,但是同一应用,同一应用就可以忽略provider的permission,是否如此?

wargame22 commented 7 years ago

1.A provider's application can specify permissions that other applications must have in order to access the provider's data

  1. However, components in the provider's application always have full read and write access, regardless of the specified permissions.

from : https://developer.android.com/guide/topics/providers/content-provider-basics.html#Permissions