我们开始注意到,使用Java 7(特别是更新4),我们的所有用户都开始使用我们的Webstart应用程序看到这一点:
[14:42:58,422] AWT-EventQueue-0(DEBUG) java.lang.SecurityException: class "CLASSNAME" does not match trust level of other classes in the same package
[14:42:58,422] AWT-EventQueue-0(DEBUG) at com.sun.deploy.security.CPCallbackHandler$ChildElement.checkResource(Unknown Source)
[14:42:58,422] AWT-EventQueue-0(DEBUG) at com.sun.deploy.security.DeployURLClassPath$JarLoader.checkResource(Unknown Source)
[14:42:58,422] AWT-EventQueue-0(DEBUG) at com.sun.deploy.security.DeployURLClassPath$JarLoader.getResource(Unknown Source)
[14:42:58,422] AWT-EventQueue-0(DEBUG) at com.sun.deploy.security.DeployURLClassPath.getResource(Unknown Source)
[14:42:58,422] AWT-EventQueue-0(DEBUG) at java.net.URLClassLoader$1.run(Unknown Source)
[14:42:58,422] AWT-EventQueue-0(DEBUG) at java.net.URLClassLoader$1.run(Unknown Source)
[14:42:58,422] AWT-EventQueue-0(DEBUG) at java.security.AccessController.doPrivileged(Native Method)
[14:42:58,422] AWT-EventQueue-0(DEBUG) at java.net.URLClassLoader.findClass(Unknown Source)
[14:42:58,422] AWT-EventQueue-0(DEBUG) at com.sun.jnlp.JNLPClassLoader.findClass(Unknown Source)
[14:42:58,422] AWT-EventQueue-0(DEBUG) at java.lang.ClassLoader.loadClass(Unknown Source)
[14:42:58,422] AWT-EventQueue-0(DEBUG) at java.lang.ClassLoader.loadClass(Unknown Source)...More
其中CLASSNAME =几乎每个类都在应用程序执行中的几个jar中的随机点,打破了几个行为.如果我们的用户使用Java 6,他们没有问题!只是7(更新4).我们签署所有的罐子,主要的应用罐子和它的库罐子.即启动我们的webstart应用程序的用户看到蓝色盾牌而不是黄色或红色.
这显然是一个问题,因为用户现在更频繁地升级到Java 7.我试图通过使用先前的安装(工作)或安装新的应用程序来强制我们的应用程序在用户计算机上使用Java 6 …
我有一个android.intent.action.SEND具有图片mime类型的intent过滤器的活动.
一旦用户(共享图片从下载管理器专门)与我的活动(UploadActivity),活动将检查用户是否登录.如果不是,它将存储原意(含EXTRA_STREAM),并且用户发送到LoginActivity .该用户登录后,将使用原始保存的意图将其带回UploadActivity.
现在,即使恢复了原来的意图,我也得到了一个java.lang.SecurityException: Permission Denial: reading com.android.providers.downloads.DownloadProvider uri....
我理解为什么我会这样做.这是因为我没有原始意图的临时许可.
编辑:LogCat
FATAL EXCEPTION: main
java.lang.RuntimeException: Unable to start activity ComponentInfo{com.example/com.example.UploadActivity}: java.lang.SecurityException: Permission Denial: reading com.android.providers.downloads.DownloadProvider uri content://downloads/all_downloads/1145 from pid=16585, uid=10086 requires android.permission.ACCESS_ALL_DOWNLOADS, or grantUriPermission()
at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:2180)
at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:2230)
at android.app.ActivityThread.access$600(ActivityThread.java:141)
at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1234)
at android.os.Handler.dispatchMessage(Handler.java:99)
at android.os.Looper.loop(Looper.java:137)
at android.app.ActivityThread.main(ActivityThread.java:5041)
at java.lang.reflect.Method.invokeNative(Native Method)
at java.lang.reflect.Method.invoke(Method.java:511)
at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:793)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:560)
at dalvik.system.NativeStart.main(Native Method)
Caused by: java.lang.SecurityException: Permission Denial: reading com.android.providers.downloads.DownloadProvider uri content://downloads/all_downloads/1145 from pid=16585, …我想在设备中获取音乐文件.这是我做的:
public ArrayList<Track> getAllSongsFromSDCARD()
{
allTracks = new ArrayList<Track>();
String[] STAR = { "*" };
Uri allsongsuri = MediaStore.Audio.Media.EXTERNAL_CONTENT_URI;
String selection = MediaStore.Audio.Media.IS_MUSIC + " != 0";
Cursor cursor = mContext.getApplicationContext().getContentResolver().query(allsongsuri, STAR, selection, null, null);
if (cursor != null) {
if (cursor.moveToFirst()) {
do {
String song_name = cursor
.getString(cursor
.getColumnIndex(MediaStore.Audio.Media.DISPLAY_NAME));
int song_id = cursor.getInt(cursor
.getColumnIndex(MediaStore.Audio.Media._ID));
String fullpath = cursor.getString(cursor
.getColumnIndex(MediaStore.Audio.Media.DATA));
String album_name = cursor.getString(cursor
.getColumnIndex(MediaStore.Audio.Media.ALBUM));
int album_id = cursor.getInt(cursor
.getColumnIndex(MediaStore.Audio.Media.ALBUM_ID));
String artist_name = cursor.getString(cursor
.getColumnIndex(MediaStore.Audio.Media.ARTIST));
int artist_id = cursor.getInt(cursor …我正在尝试从服务器下载一些 .pdf 文件到download文件夹
在某些设备上随机抛出此异常
Xiomi 运行 android (8,7,6):97% 仅在此设备中崩溃
已授予存储运行时权限并且可以正常工作
我发现某些设备即使在运行时许可后也无法工作
文件路径.xml
<?xml version="1.0" encoding="utf-8"?>
<paths>
<files-path
name="images"
path="images/" />
<external-files-path
name="share"
path="share/" />
<external-files-path
name="reminder_images"
path="reminder_images/" />
</paths>
安卓清单
<provider
android:name="androidx.core.content.FileProvider"
android:authorities="${applicationId}.provider"
android:exported="false"
android:grantUriPermissions="true">
<meta-data
android:name="android.support.FILE_PROVIDER_PATHS"
android:resource="@xml/file_paths" />
</provider>
堆栈跟踪
Caused by java.lang.SecurityException: Unsupported path /storage/emulated/999/Download/Somefile.pdf
at android.os.Parcel.readException(Parcel.java:2013)
at android.database.DatabaseUtils.readExceptionFromParcel(DatabaseUtils.java:183)
at android.database.DatabaseUtils.readExceptionFromParcel(DatabaseUtils.java:135)
at android.content.ContentProviderProxy.insert(ContentProviderProxy.java:476)
at android.content.ContentResolver.insert(ContentResolver.java:1555)
at android.app.DownloadManager.enqueue(DownloadManager.java:1163)
at com.esafirm.rxdownloader.RxDownloader.download(RxDownloader.java:83)
at com.esafirm.rxdownloader.RxDownloader.download(RxDownloader.java:60)
at in.okcredit.app.ui.account.AccountActivity.onReportGenerated(AccountActivity.java:320)
at in.okcredit.app.ui.account.AccountPresenter$1.onSuccess(AccountPresenter.java:118)
at in.okcredit.app.ui.account.AccountPresenter$1.onSuccess(AccountPresenter.java:111)
at io.reactivex.internal.operators.single.SingleObserveOn$ObserveOnSingleObserver.run(SingleObserveOn.java:81)
at io.reactivex.android.schedulers.HandlerScheduler$ScheduledRunnable.run(HandlerScheduler.java:119)
at android.os.Handler.handleCallback(Handler.java:794)
at android.os.Handler.dispatchMessage(Handler.java:99)
at …我想要完成的是使用URLLoader类和URLRequest将一些二进制数据,特别是表示PNG图像的ByteArray上传到服务器.
当我将contentTypeURLRequest 的属性设置为'multipart/form-data'而不是默认值时,调用会urlLoader.load()导致安全异常.
当我将该contentType属性保留为默认属性时,它可以正常工作,但需要很长时间(与PNG文件的长度成比例)才能将文件上载到服务器.
所以,我的问题是为什么我得到这个安全例外?我怎么能避免它呢?
请注意,我的SWF是从开发服务器提供的,而不是本地文件系统(准确地说是Google App Engine开发服务器).
这是代码:
var pngFile:ByteArray = PNGEncoder.encode(bitmapData);
var urlRequest:URLRequest = new URLRequest('/API/uploadImage');
// With this line of code, the call to urlLoader.load() throws the following security exception:
// 'SecurityError: Error #2176: Certain actions, such as those that display a pop-up window, may only be invoked upon user interaction, for example by a mouse click or button press.'
urlRequest.contentType = 'multipart/form-data';
urlRequest.method = URLRequestMethod.POST;
urlRequest.data = pngFile;
urlRequest.requestHeaders.push(new URLRequestHeader('Cache-Control', …securityexception file-upload urlrequest urlloader actionscript-3
我有一个.NET 4 .exe(Winform桌面应用程序),我添加了一个WCF behaviorExtension.应用程序在本地计算机上加载正常,但在通过网络加载时会抛出SecurityException.如果我省略了setMaxFaultSizeBehavior behaviorExtension,那么我可以通过网络加载应用程序.我将不胜感激任何有助于实现这一目标的信息.我已确认文件未被阻止,并且程序集名称完全匹配,包括空格.
app.config的相关部分看起来像这样(我缩短了类型名称和程序集名称,在实际的配置文件中,我使用完整的命名空间和程序集名称):
<system.serviceModel>
<bindings configSource="bindings.config" />
<client configSource="clients.config" />
<extensions>
<behaviorExtensions>
<add name="setMaxFaultSizeBehavior" type="SetMaxFaultSizeBehavior, BehaviorAssembly, Version=1.8.0.0, Culture=neutral, PublicKeyToken=41b332442f1101cc" />
</behaviorExtensions>
</extensions>
<behaviors>
<endpointBehaviors>
<behavior name="LargeQuotaBehavior">
<dataContractSerializer maxItemsInObjectGraph="2147483600" />
<setMaxFaultSizeBehavior />
</behavior>
</endpointBehaviors>
</behaviors>
通过网络运行时遇到的异常是:
An error occurred creating the configuration section handler for system.serviceModel/behaviors: Request failed. (\\server\Share\app.exe.Config line 22)
Exception Type: System.Configuration.ConfigurationErrorsException
Source: System.Configuration
具有System.Security.SecurityException的内部异常
我正在使用存储访问框架来获取 sd 卡上的写入权限(API >= 21)。
它在大多数设备上运行良好,但某些设备(例如 Galaxy S7(Edge、API 23))在调用 takePersistableUriPermission() 时会抛出 SecurityException。
Caused by: java.lang.SecurityException: No persistable permission grants found for UID 10150 and Uri 0 @ content://com.android.externalstorage.documents/tree/70CD-6B92
代码:
//call the SAF
Intent intent = new Intent(Intent.ACTION_OPEN_DOCUMENT_TREE);
startActivityForResult(intent, Config.REQUEST_SAF);
//Persist permissions
int flags = resultData.getFlags();
flags &= (Intent.FLAG_GRANT_READ_URI_PERMISSION | Intent.FLAG_GRANT_WRITE_URI_PERMISSION);
this.getContentResolver().takePersistableUriPermission(treeUri, flags); //throws exception
并非所有 S7 设备上都会出现该异常。我已在 2 台设备上成功测试了代码,但这一台设备抛出 SecurityException。
我可以在 SAF 的呼叫中添加一些标志吗?
intent.addFlags(
Intent.FLAG_GRANT_PERSISTABLE_URI_PERMISSION |
Intent.FLAG_GRANT_READ_URI_PERMISSION |
Intent.FLAG_GRANT_WRITE_URI_PERMISSION);
任何帮助表示赞赏。
我正进入(状态-
java.lang.SecurityException: Permission Denial: opening provider com.android.providers.media.MediaDocumentsProvider from ProcessRecord{f1d408f 5594:firebasejobscheduler.test.com.firbasejobschedulerdemo/u0a1227} (pid=5594, uid=11227) requires android.permission.MANAGE_DOCUMENTS or android.permission.MANAGE_DOCUMENTS
在
bm = MediaStore.Images.Media.getBitmap(context.getContentResolver(), uri);
我已检查过此帖子,但无法解决。我该如何解决?
android securityexception android-permissions android-securityexception
尝试将NLog实例初始化为静态类成员时,我得到一个奇怪的异常(更新:这发生在面向.NET 4.0的桌面应用程序中).
问题是,我只在一台特定的客户端计算机上获取它,并且无法在我的任何开发配置上重现.有人能指出我的方向,我应该寻找什么?
PS:用户也尝试使用管理员权限运行应用程序,获得相同的异常.
System.Configuration.ConfigurationErrorsException: An error occurred creating the configuration section handler for nlog: Request for permission of type "System.Security.Permissions.FileIOPermission, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" failed. (C:\Users\XXX\Desktop\Test.exe.Config line 9) ---> System.Security.SecurityException: Request for permission of type "System.Security.Permissions.FileIOPermission, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" failed.
in System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet)
in System.Security.CodeAccessPermission.Demand()
in System.AppDomainSetup.VerifyDir(String dir, Boolean normalize)
in NLog.Internal.Fakeables.AppDomainWrapper..ctor(AppDomain appDomain)
in NLog.Internal.Fakeables.AppDomainWrapper.get_CurrentDomain()
in NLog.Config.ConfigSectionHandler.System.Configuration.IConfigurationSectionHandler.Create(Object parent, Object configContext, XmlNode section)
in System.Configuration.RuntimeConfigurationRecord.RuntimeConfigurationFactory.CreateSectionImpl(RuntimeConfigurationRecord configRecord, FactoryRecord factoryRecord, SectionRecord sectionRecord, Object parentConfig, ConfigXmlReader …尝试在我的应用中选择铃声时,我的一些用户向Google Play报告了以下错误。(还有更多,但不相关)
java.lang.SecurityException: Permission Denial:
reading com.android.providers.media.MediaProvider
uri content://media/external/audio/media
from pid=5738, uid=10122 requires android.permission.READ_EXTERNAL_STORAGE
我认为此问题是由于外部存储上的某些提示而发生的。READ_EXTERNAL_STORAGE除非绝对必要,否则我不想在我的应用程序中包含许可。
有没有一种方法可以解决此问题,并且仅排除外部存储设备上可能出现的任何声音?
注意:我正在获取的铃声,RingtoneManager并在String和之间进行转换Uri。没有其他代码触及用户的媒体。
另外,我没有行号,因为stacktrace来自混淆的代码,并且重新映射堆栈跟踪没有提供行号。
android ×6
java ×3
.net ×1
.net-4.0 ×1
c# ×1
file-upload ×1
intentfilter ×1
java-7 ×1
nlog ×1
ringtone ×1
sd-card ×1
security ×1
urlloader ×1
urlrequest ×1
wcf ×1