Loading AconfigFlags.bp +9 −0 Original line number Diff line number Diff line Loading @@ -125,6 +125,7 @@ aconfig_declarations_group { "libcore_readonly_aconfig_flags_lib", "libgui_flags_java_lib", "power_flags_lib", "networksecurity_exported_aconfig_flags_lib", "sdk_sandbox_exported_flags_lib", "surfaceflinger_flags_java_lib", "telecom_flags_core_java_lib", Loading Loading @@ -218,6 +219,14 @@ java_aconfig_library { defaults: ["framework-minus-apex-aconfig-java-defaults"], } // Conscrypt - Networksecurity java_aconfig_library { name: "networksecurity_exported_aconfig_flags_lib", aconfig_declarations: "networksecurity-aconfig-flags", mode: "exported", defaults: ["framework-minus-apex-aconfig-java-defaults"], } // Telecom java_aconfig_library { name: "telecom_flags_core_java_lib", Loading core/java/android/security/net/config/NetworkSecurityConfig.java +22 −1 Original line number Diff line number Diff line Loading @@ -16,6 +16,14 @@ package android.security.net.config; import static android.sdk.Flags.majorMinorVersioningScheme; import static com.android.org.conscrypt.net.flags.Flags.certificateTransparencyDefaultEnabled; import android.annotation.FlaggedApi; import android.app.compat.CompatChanges; import android.compat.annotation.ChangeId; import android.compat.annotation.EnabledAfter; import android.content.pm.ApplicationInfo; import android.os.Build; import android.util.ArrayMap; Loading @@ -38,8 +46,21 @@ public final class NetworkSecurityConfig { public static final boolean DEFAULT_CLEARTEXT_TRAFFIC_PERMITTED = true; /** @hide */ public static final boolean DEFAULT_HSTS_ENFORCED = false; /** * Enable Certificate Transparency verification checks by default on all TLS connections. Apps * can still opt-out via their Network Security Config. */ @ChangeId @FlaggedApi(android.sdk.Flags.FLAG_MAJOR_MINOR_VERSIONING_SCHEME) @EnabledAfter(targetSdkVersion = Build.VERSION_CODES.BAKLAVA) static final long DEFAULT_ENABLE_CERTIFICATE_TRANSPARENCY = 407952621L; /** @hide */ public static final boolean DEFAULT_CERTIFICATE_TRANSPARENCY_VERIFICATION_REQUIRED = false; public static final boolean DEFAULT_CERTIFICATE_TRANSPARENCY_VERIFICATION_REQUIRED = certificateTransparencyDefaultEnabled() && majorMinorVersioningScheme() && CompatChanges.isChangeEnabled(DEFAULT_ENABLE_CERTIFICATE_TRANSPARENCY); private final boolean mCleartextTrafficPermitted; private final boolean mHstsEnforced; Loading Loading
AconfigFlags.bp +9 −0 Original line number Diff line number Diff line Loading @@ -125,6 +125,7 @@ aconfig_declarations_group { "libcore_readonly_aconfig_flags_lib", "libgui_flags_java_lib", "power_flags_lib", "networksecurity_exported_aconfig_flags_lib", "sdk_sandbox_exported_flags_lib", "surfaceflinger_flags_java_lib", "telecom_flags_core_java_lib", Loading Loading @@ -218,6 +219,14 @@ java_aconfig_library { defaults: ["framework-minus-apex-aconfig-java-defaults"], } // Conscrypt - Networksecurity java_aconfig_library { name: "networksecurity_exported_aconfig_flags_lib", aconfig_declarations: "networksecurity-aconfig-flags", mode: "exported", defaults: ["framework-minus-apex-aconfig-java-defaults"], } // Telecom java_aconfig_library { name: "telecom_flags_core_java_lib", Loading
core/java/android/security/net/config/NetworkSecurityConfig.java +22 −1 Original line number Diff line number Diff line Loading @@ -16,6 +16,14 @@ package android.security.net.config; import static android.sdk.Flags.majorMinorVersioningScheme; import static com.android.org.conscrypt.net.flags.Flags.certificateTransparencyDefaultEnabled; import android.annotation.FlaggedApi; import android.app.compat.CompatChanges; import android.compat.annotation.ChangeId; import android.compat.annotation.EnabledAfter; import android.content.pm.ApplicationInfo; import android.os.Build; import android.util.ArrayMap; Loading @@ -38,8 +46,21 @@ public final class NetworkSecurityConfig { public static final boolean DEFAULT_CLEARTEXT_TRAFFIC_PERMITTED = true; /** @hide */ public static final boolean DEFAULT_HSTS_ENFORCED = false; /** * Enable Certificate Transparency verification checks by default on all TLS connections. Apps * can still opt-out via their Network Security Config. */ @ChangeId @FlaggedApi(android.sdk.Flags.FLAG_MAJOR_MINOR_VERSIONING_SCHEME) @EnabledAfter(targetSdkVersion = Build.VERSION_CODES.BAKLAVA) static final long DEFAULT_ENABLE_CERTIFICATE_TRANSPARENCY = 407952621L; /** @hide */ public static final boolean DEFAULT_CERTIFICATE_TRANSPARENCY_VERIFICATION_REQUIRED = false; public static final boolean DEFAULT_CERTIFICATE_TRANSPARENCY_VERIFICATION_REQUIRED = certificateTransparencyDefaultEnabled() && majorMinorVersioningScheme() && CompatChanges.isChangeEnabled(DEFAULT_ENABLE_CERTIFICATE_TRANSPARENCY); private final boolean mCleartextTrafficPermitted; private final boolean mHstsEnforced; Loading
