在Android O中遇到一个比较有意思的bug,大概描述为:应用A中需要打开一张图片,这时候选择机器中图库或者是谷歌自带的相册都会出现黑屏现象。
10-23 17:16:58.781 812 2012 W ActivityManager: For security reasons, the system cannot issue a Uri permission grant to content://com.xxx.fileProvider/external_storage/Bugreport/endusertest/data/000000000000000_1508737212738/.nomedia/OIMG-1508737223937-5346144739450824145.jpg [user 0]; use startActivityAsCaller() instead
在源码中找到log的出处:
在 ActivityManagerService.java (AMS) 中的checkGrantUriPermissionLocked()方 法内的如下代码块中打印的:
// Bail early if system is trying to hand out permissions directly; it
// must always grant permissions on behalf of someone explicit.
finalint callingAppId=UserHandle.getAppId(callingUid);
if((callingAppId== SYSTEM_UID)||(callingAppId== ROOT_UID)){
if("com.android.settings.files".equals(grantUri.uri.getAuthority())){
// Exempted authority for cropping user photos in Settings app
}else{
Slog.w(TAG,"For security reasons, the system cannot issue a Uri permission"
+" grant to "+ grantUri+"; use startActivityAsCaller() instead");
return-1;
}
}
从代码来看,如果APP是root用户,或者具有系统级权限(例如:设置了 android:sharedUserId="android.uid.system" 属 性),并且提供的Uri的authority不是“com.android.settings.files” 时,就会打印上述warning的log.
而应用A设置了 android:sharedUserId="android.uid.system" 属性,这样就相当于应用A的UID就是SYSTEM_UID,又它的的authority不是“com.android.settings.files”,故会返回-1,显示成黑屏。
if 的这个判断只是针对com.android.settings.files,且看其中的注释 // Exempted authority for cropping user photos in Settings app: 为了Settings app中裁剪用户photos来豁免授权 。
如果要增加其它的属于SYSTEM_UID或者ROOT_UID的provider是要我们自己可以直接在这个地方再加上
综上,最后的解决办法是在AMS的checkGrantUriPermissionLocked()函数中增加应用A中申明的provider:
// Bail early if system is trying to hand out permissions directly; it
// must always grant permissions on behalf of someone explicit.
final int callingAppId = UserHandle.getAppId(callingUid);
if ((callingAppId == SYSTEM_UID) || (callingAppId == ROOT_UID)) {
if ("com.android.settings.files".equals(grantUri.uri.getAuthority())) {
// Exempted authority for cropping user photos in Settings app
//Add-BEGIN by mengqin.zhang
} else if ("com.xxx.fileProvider".equals(grantUri.uri.getAuthority())) {
// Exempted authority for user to open photos in A app
//Add-END
} else {
Slog.w(TAG, "For security reasons, the system cannot issue a Uri permission"
+ " grant to " + grantUri + "; use startActivityAsCaller() instead");
return -1;
}
}
在Android N中是不存在这个问题的,虽然只是从N到O,但是还是有很多细节地方做了修改,故还是要认真分析代码。