Merge "Delay CompatChanges evaluation for CT enabled default value" into main (bb0c44c9) · Commits · e / os / android_frameworks_base

core/java/android/security/net/config/ApplicationConfig.java

+1 −1

Original line number	Diff line number	Diff line
		@@ -165,7 +165,7 @@ public final class ApplicationConfig {
		public boolean isCertificateTransparencyVerificationRequired(@NonNull String hostname) {
		return certificateTransparencyConfiguration()
		? getConfigForHostname(hostname).isCertificateTransparencyVerificationRequired()
		: NetworkSecurityConfig.DEFAULT_CERTIFICATE_TRANSPARENCY_VERIFICATION_REQUIRED;
		: NetworkSecurityConfig.certificateTransparencyVerificationRequiredDefault();
		}

		public void handleTrustStorageUpdate() {

core/java/android/security/net/config/NetworkSecurityConfig.java

+22 −7

Original line number	Diff line number	Diff line
		@@ -37,6 +37,7 @@ import java.util.Comparator;
		import java.util.List;
		import java.util.Map;
		import java.util.Set;
		import java.util.concurrent.atomic.AtomicReference;

		/**
		* @hide
		@@ -56,11 +57,8 @@ public final class NetworkSecurityConfig {
		@EnabledAfter(targetSdkVersion = Build.VERSION_CODES.BAKLAVA)
		static final long DEFAULT_ENABLE_CERTIFICATE_TRANSPARENCY = 407952621L;

		/** @hide */
		public static final boolean DEFAULT_CERTIFICATE_TRANSPARENCY_VERIFICATION_REQUIRED =
		certificateTransparencyDefaultEnabled()
		&& majorMinorVersioningScheme()
		&& CompatChanges.isChangeEnabled(DEFAULT_ENABLE_CERTIFICATE_TRANSPARENCY);
		private static final AtomicReference<Boolean>
		sCertificateTransparencyVerificationRequiredDefault = new AtomicReference<>();

		private final boolean mCleartextTrafficPermitted;
		private final boolean mHstsEnforced;
		@@ -191,6 +189,23 @@ public final class NetworkSecurityConfig {
		getTrustManager().handleTrustStorageUpdate();
		}

		/**
		* Returns the default value for SCT verification. The value depends on the platform version and
		* on the app target sdk level.
		*
		* @hide
		*/
		public static boolean certificateTransparencyVerificationRequiredDefault() {
		return sCertificateTransparencyVerificationRequiredDefault.updateAndGet(
		defaultEnabled ->
		defaultEnabled != null
		? defaultEnabled
		: certificateTransparencyDefaultEnabled()
		&& majorMinorVersioningScheme()
		&& CompatChanges.isChangeEnabled(
		DEFAULT_ENABLE_CERTIFICATE_TRANSPARENCY));
		}

		/**
		* Return a {@link Builder} for the default {@code NetworkSecurityConfig}.
		*
		@@ -243,7 +258,7 @@ public final class NetworkSecurityConfig {
		private boolean mCleartextTrafficPermittedSet = false;
		private boolean mHstsEnforcedSet = false;
		private boolean mCertificateTransparencyVerificationRequired =
		DEFAULT_CERTIFICATE_TRANSPARENCY_VERIFICATION_REQUIRED;
		certificateTransparencyVerificationRequiredDefault();
		private boolean mCertificateTransparencyVerificationRequiredSet = false;
		private Builder mParentBuilder;

		@@ -373,7 +388,7 @@ public final class NetworkSecurityConfig {
		if (mParentBuilder != null) {
		return mParentBuilder.getCertificateTransparencyVerificationRequired();
		}
		return DEFAULT_CERTIFICATE_TRANSPARENCY_VERIFICATION_REQUIRED;
		return certificateTransparencyVerificationRequiredDefault();
		}

		public NetworkSecurityConfig build() {