Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b0b6e6b4 authored by Thiébaud Weksteen's avatar Thiébaud Weksteen
Browse files

Keep existing policy when calling setCleartextTrafficPermitted 

When calling setCleartextTrafficPermitted, the NetworkSecurityPolicy is
replaced with a new policy, with a specific value for
cleartextTrafficPermitted. It means that any other attribute of the
policy is dropped (i.e., isCertificateTransparencyVerificationRequired).

Update setCleartextTrafficPermitted to overlay the current policy
instead of replacing it. Rename FrameworkNetworkSecurityPolicy to
OverlayNetworkSecurityPolicy to better reflect the behaviour of this
class.

Bug: 354824117
Test: presubmit
Test: atest CtsSecurityTestCases:android.security.cts.StagefrightTest
Flag: EXEMPT bugfix
Change-Id: I653f4cf78ee34b0a9b1ccaf21a8137c4a39365bb
parent e0150b49

core/java/android/security/NetworkSecurityPolicy.java

+4 −1
Original line number Diff line number Diff line
@@ -88,7 +88,10 @@ public class NetworkSecurityPolicy { 
     * @hide

     */

    public void setCleartextTrafficPermitted(boolean permitted) {

        FrameworkNetworkSecurityPolicy policy = new FrameworkNetworkSecurityPolicy(permitted);

        libcore.net.NetworkSecurityPolicy currentPolicy =

                libcore.net.NetworkSecurityPolicy.getInstance();

        OverlayNetworkSecurityPolicy policy =

                new OverlayNetworkSecurityPolicy(currentPolicy, permitted);

        libcore.net.NetworkSecurityPolicy.setInstance(policy);

    }

core/java/android/security/FrameworkNetworkSecurityPolicy.javacore/java/android/security/OverlayNetworkSecurityPolicy.java

+8 −5
Original line number Diff line number Diff line 
/**

 * Copyright (c) 2015, The Android Open Source Project

 * Copyright (c) 2015 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.
@@ -21,10 +21,13 @@ package android.security; 
 *

 * @hide

 */

public class FrameworkNetworkSecurityPolicy extends libcore.net.NetworkSecurityPolicy {

public class OverlayNetworkSecurityPolicy extends libcore.net.NetworkSecurityPolicy {

    private final libcore.net.NetworkSecurityPolicy mParent;

    private final boolean mCleartextTrafficPermitted;



    public FrameworkNetworkSecurityPolicy(boolean cleartextTrafficPermitted) {

    public OverlayNetworkSecurityPolicy(libcore.net.NetworkSecurityPolicy

            policy, boolean cleartextTrafficPermitted) {

        mParent = policy;

        mCleartextTrafficPermitted = cleartextTrafficPermitted;

    }
@@ -40,6 +43,6 @@ public class FrameworkNetworkSecurityPolicy extends libcore.net.NetworkSecurityP 


    @Override

    public boolean isCertificateTransparencyVerificationRequired(String hostname) {

        return false;

        return mParent.isCertificateTransparencyVerificationRequired(hostname);

    }

}