Android 4.2 通知通过PendingIntent启动Activity失败的问题

今天突然发现在Android 4.2手机上点击通知消息无法打开Activity的问题，具体Logcat信息如下：

01-09 11:37:43.733: WARN/ActivityManager(92): Unable to send startActivity intent
java.lang.SecurityException: Permission Denial: starting Intent { flg=0x10800000
cmp=org.goodev/.activities.ProjectActivity
bnds=[254,64][466,140] } from null (pid=-1, uid=10073) requires null
at
com.android.server.am.ActivityStack.startActivityLocked(ActivityStack.java:1973)
at
com.android.server.am.ActivityManagerService.
startActivityInPackage(ActivityManagerService.java:2271)
at
com.android.server.am.PendingIntentRecord.sendInner(PendingIntentRecord.java:212)
at
com.android.server.am.ActivityManagerService.
startActivityIntentSender(ActivityManagerService.java:2134)
at
android.app.ActivityManagerNative.onTransact(ActivityManagerNative.java:211)
at
com.android.server.am.ActivityManagerService.
onTransact(ActivityManagerService.java:1467)
at android.os.Binder.execTransact(Binder.java:320)
at dalvik.system.NativeStart.run(Native Method)

值得注意的地方用红色标示了。

研究了一下发现，该问题应该是4.2关于安全加强控制导致的。 解决该问题比较简单，在 AndroidManifest.xml 文件中 该Activity声明的地方 添加一个 “android:exported=”true”” 属性即可。

也就是说 在4.2系统中无法从外部启动一个没有exported的Activity。 而通过PendingIntent启动Activity， 启动源为系统，和被启动的应用不是一个PID。

关于exported属性的解释如下：

android:exportedWhether or not the activity can be launched by components of other applications — “true” if it can be, and “false” if not. If “false“, the activity can be launched only by components of the
same application or applications with the same user ID.

The default value depends on whether the activity contains intent
filters. The absence of any filters means that the activity can be
invoked only by specifying its exact class name. This implies that the
activity is intended only for application-internal use
(since others would not know the class name). So in this case, the
default value is “false“. On the other hand, the presence
of at least one filter implies that the activity is intended for
external use, so the default value is “true“.

This attribute is not the only way to limit an activity’s exposure to
other applications. You can also use a permission to limit the external
entities that can invoke the activity (see the permission attribute).

详细信息参考：http://developer.android.com/guide/topics/manifest/activity-element.html#exported