Android Permission denial in Widget RemoteViewsFactory for Content

Question

I have a widget which I am trying to use to display information from my app\'s local database inside of a listview.

I\'m using the RemoteViewsService.RemoteViewsFact

Answer 1

This is happening because RemoteViewsFactory is being called from a remote process, and that context is being used for permission enforcement. (The remote caller doesn't have permission to use your provider, so it throws a SecurityException.)

To solve this, you can clear the identity of the remote process, so that permission enforcement is checked against your app instead of against the remote caller. Here's a common pattern you'll find across the platform:

final long token = Binder.clearCallingIdentity();
try {
    [perform your query, etc]
} finally {
    Binder.restoreCallingIdentity(token);
}

Answer 2

Put this in your onDataSetChanged() method:

    Thread thread = new Thread() {
        public void run() {
            query();
        }
    };
    thread.start();
    try {
        thread.join();
    } catch (InterruptedException e) {
    }

Fetch data from the database inside query() method. I do not know why fetching data in a separate thread helps get around this problem, but it works! I got this from one of the Android examples.

Answer 3

If this only happens for 4.2 and not the rest, you need to set the android:exported="true", because the default is changed: http://developer.android.com/about/versions/android-4.2.html

Content providers are no longer exported by default. That is, the default value for the android:exported attribute is now “false". If it’s important that other apps be able to access your content provider, you must now explicitly set android:exported="true".