am 98ff619d: am d4a2e7c4: am ff022cb1: Merge "Address pending comments for NetworkSecurityPolicy."

/**

/**

 * Network security policy.

 * Network security policy.

 *

 *

 * <p>Network stacks/components should honor this policy to make it possible to centrally control

 * the relevant aspects of network security behavior.

 *

 * <p>The policy currently consists of a single flag: whether cleartext network traffic is

 * permitted. See {@link #isCleartextTrafficPermitted()}.

 *

 * @hide

 * @hide

 */

 */

public class NetworkSecurityPolicy {

public class NetworkSecurityPolicy {

    private static final NetworkSecurityPolicy INSTANCE = new NetworkSecurityPolicy();

    private static final NetworkSecurityPolicy INSTANCE = new NetworkSecurityPolicy();

  private boolean mCleartextTrafficPermitted = true;

    private volatile boolean mCleartextTrafficPermitted = true;

    private NetworkSecurityPolicy() {}

    private NetworkSecurityPolicy() {}

    /**

    /**

   * Gets the policy.

     * Gets the policy for this process.

     *

     * <p>It's fine to cache this reference. Any changes to the policy will be immediately visible

     * through the reference.

     */

     */

    public static NetworkSecurityPolicy getInstance() {

    public static NetworkSecurityPolicy getInstance() {

        return INSTANCE;

        return INSTANCE;

    }

    }

    /**

    /**

   * Checks whether cleartext network traffic (e.g., HTTP, WebSockets, XMPP, IMAP, SMTP -- without

     * Returns whether cleartext network traffic (e.g. HTTP, FTP, WebSockets, XMPP, IMAP, SMTP --

   * TLS or STARTTLS) is permitted for this process.

     * without TLS or STARTTLS) is permitted for this process.

     *

     *

   * <p>When cleartext network traffic is not permitted, the platform's components (e.g., HTTP

     * <p>When cleartext network traffic is not permitted, the platform's components (e.g. HTTP and

   * stacks, {@code WebView}, {@code MediaPlayer}) will refuse this process's requests to use

     * FTP stacks, {@code WebView}, {@code MediaPlayer}) will refuse this process's requests to use

   * cleartext traffic. Third-party libraries are encouraged to honor this setting as well.

     * cleartext traffic. Third-party libraries are strongly encouraged to honor this setting as

     * well.

     *

     * <p>This flag is honored on a best effort basis because it's impossible to prevent all

     * cleartext traffic from Android applications given the level of access provided to them. For

     * example, there's no expectation that the {@link java.net.Socket} API will honor this flag

     * because it cannot determine whether its traffic is in cleartext. However, most network

     * traffic from applications is handled by higher-level network stacks/components which can

     * honor this aspect of the policy.

     */

     */

    public boolean isCleartextTrafficPermitted() {

    public boolean isCleartextTrafficPermitted() {

    synchronized (this) {

        return mCleartextTrafficPermitted;

        return mCleartextTrafficPermitted;

    }

    }

  }

    /**

    /**

     * Sets whether cleartext network traffic is permitted for this process.

     * Sets whether cleartext network traffic is permitted for this process.

     *

     *

   * <p>This method is used by the platform early on in the application's initialization to set the

     * <p>This method is used by the platform early on in the application's initialization to set

   * policy.

     * the policy.

     *

     *

     * @hide

     * @hide

     */

     */

    public void setCleartextTrafficPermitted(boolean permitted) {

    public void setCleartextTrafficPermitted(boolean permitted) {

    synchronized (this) {

        mCleartextTrafficPermitted = permitted;

        mCleartextTrafficPermitted = permitted;

    }

    }

}

}

}