Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 84750f3a authored by Alex Klyubin's avatar Alex Klyubin
Browse files

Address pending comments for NetworkSecurityPolicy. 

This is a follow-up to
https://android-review.googlesource.com/#/c/131920/, addressing some
outstanding comments.

This CL also switches the source file to the correct indentation.

Bug: 19215516
Change-Id: Ia48455ab351081e11619afcccadb8fa90340391d
parent a4c4c575

core/java/android/security/NetworkSecurityPolicy.java

+46 −33
Original line number Diff line number Diff line
@@ -19,48 +19,61 @@ package android.security; 
/**

 * Network security policy.

 *

 * <p>Network stacks/components should honor this policy to make it possible to centrally control

 * the relevant aspects of network security behavior.

 *

 * <p>The policy currently consists of a single flag: whether cleartext network traffic is

 * permitted. See {@link #isCleartextTrafficPermitted()}.

 *

 * @hide

 */

public class NetworkSecurityPolicy {



    private static final NetworkSecurityPolicy INSTANCE = new NetworkSecurityPolicy();



  private boolean mCleartextTrafficPermitted = true;

    private volatile boolean mCleartextTrafficPermitted = true;



    private NetworkSecurityPolicy() {}



    /**

   * Gets the policy.

     * Gets the policy for this process.

     *

     * <p>It's fine to cache this reference. Any changes to the policy will be immediately visible

     * through the reference.

     */

    public static NetworkSecurityPolicy getInstance() {

        return INSTANCE;

    }



    /**

   * Checks whether cleartext network traffic (e.g., HTTP, WebSockets, XMPP, IMAP, SMTP -- without

   * TLS or STARTTLS) is permitted for this process.

     * Returns whether cleartext network traffic (e.g. HTTP, FTP, WebSockets, XMPP, IMAP, SMTP --

     * without TLS or STARTTLS) is permitted for this process.

     *

   * <p>When cleartext network traffic is not permitted, the platform's components (e.g., HTTP

   * stacks, {@code WebView}, {@code MediaPlayer}) will refuse this process's requests to use

   * cleartext traffic. Third-party libraries are encouraged to honor this setting as well.

     * <p>When cleartext network traffic is not permitted, the platform's components (e.g. HTTP and

     * FTP stacks, {@code WebView}, {@code MediaPlayer}) will refuse this process's requests to use

     * cleartext traffic. Third-party libraries are strongly encouraged to honor this setting as

     * well.

     *

     * <p>This flag is honored on a best effort basis because it's impossible to prevent all

     * cleartext traffic from Android applications given the level of access provided to them. For

     * example, there's no expectation that the {@link java.net.Socket} API will honor this flag

     * because it cannot determine whether its traffic is in cleartext. However, most network

     * traffic from applications is handled by higher-level network stacks/components which can

     * honor this aspect of the policy.

     */

    public boolean isCleartextTrafficPermitted() {

    synchronized (this) {

        return mCleartextTrafficPermitted;

    }

  }



    /**

     * Sets whether cleartext network traffic is permitted for this process.

     *

   * <p>This method is used by the platform early on in the application's initialization to set the

   * policy.

     * <p>This method is used by the platform early on in the application's initialization to set

     * the policy.

     *

     * @hide

     */

    public void setCleartextTrafficPermitted(boolean permitted) {

    synchronized (this) {

        mCleartextTrafficPermitted = permitted;

    }

}
 
}