Android 4.2 通知通過PendingIntent啟動Activity失敗的問題

今天突然發現在Android 4.2手機上點擊通知消息無法打開Activity的問題，具體Logcat信息如下：

01-09 11:37:43.733: WARN/ActivityManager(92): Unable to send startActivity intent
java.lang.SecurityException: Permission Denial: starting Intent { flg=0x10800000
cmp=org.goodev/.activities.ProjectActivity
bnds=[254,64][466,140] } from null (pid=-1, uid=10073) requires null
at
com.android.server.am.ActivityStack.startActivityLocked(ActivityStack.java:1973)
at
com.android.server.am.ActivityManagerService.
startActivityInPackage(ActivityManagerService.java:2271)
at
com.android.server.am.PendingIntentRecord.sendInner(PendingIntentRecord.java:212)
at
com.android.server.am.ActivityManagerService.
startActivityIntentSender(ActivityManagerService.java:2134)
at
android.app.ActivityManagerNative.onTransact(ActivityManagerNative.java:211)
at
com.android.server.am.ActivityManagerService.
onTransact(ActivityManagerService.java:1467)
at android.os.Binder.execTransact(Binder.java:320)
at dalvik.system.NativeStart.run(Native Method)

值得注意的地方用紅色標示了。

研究了一下發現，該問題應該是4.2關于安全加強控制導致的。 解決該問題比較簡單，在?AndroidManifest.xml 文件中 該Activity聲明的地方 添加一個 “android:exported=”true”” 屬性即可。

也就是說 在4.2系統中無法從外部啟動一個沒有exported的Activity。 而通過PendingIntent啟動Activity， 啟動源為系統，和被啟動的應用不是一個PID。

關于exported屬性的解釋如下：

android:exportedWhether or not the activity can be launched by components of other applications — “true” if it can be, and “false” if not. If “false“, the activity can be launched only by components of the same application or applications with the same user ID.

The default value depends on whether the activity contains intent filters. The absence of any filters means that the activity can be invoked only by specifying its exact class name. This implies that the activity is intended only for application-internal use (since others would not know the class name). So in this case, the default value is “false“. On the other hand, the presence of at least one filter implies that the activity is intended for external use, so the default value is “true“.

This attribute is not the only way to limit an activity’s exposure to other applications. You can also use a permission to limit the external entities that can invoke the activity (see the?permission?attribute).

詳細信息參考：http://developer.android.com/guide/topics/manifest/activity-element.html#exported