Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit bf9a82a6 authored by Chad Brubaker's avatar Chad Brubaker
Browse files

Add handleTrustStorageUpdate 

This pruns all the stored trusted issuers so that changes to the system
or user CA store are detected. Currently this is only exposed as a
TestApi, but it can be hooked up to the trusted storage change event
in a future commit.

Bug: 27526668
Change-Id: Ic426254babab9a3177c968bc05b45e95eaac1fdd
parent 822de0d9

api/test-current.txt

+1 −0
Original line number Diff line number Diff line
@@ -34341,6 +34341,7 @@ package android.security { 














  public class NetworkSecurityPolicy {















    method public static android.security.NetworkSecurityPolicy getInstance();













    method public void handleTrustStorageUpdate();















    method public boolean isCleartextTrafficPermitted();















    method public boolean isCleartextTrafficPermitted(java.lang.String);















  }

























core/java/android/security/NetworkSecurityPolicy.java



+10
−0




























Original line number
Diff line number
Diff line








@@ -16,6 +16,7 @@





























package android.security;





























import android.annotation.TestApi;















import android.content.Context;















import android.content.pm.PackageManager;















import android.security.net.config.ApplicationConfig;










@@ -104,4 +105,13 @@ public class NetworkSecurityPolicy {













        ManifestConfigSource source = new ManifestConfigSource(appContext);















        return new ApplicationConfig(source);















    }



























    /**













     * Handle an update to the system or user certificate stores.













     * @hide













     */













    @TestApi













    public void handleTrustStorageUpdate() {













        ApplicationConfig.getDefaultInstance().handleTrustStorageUpdate();













    }















}
























core/java/android/security/net/config/ApplicationConfig.java



+15
−0




























Original line number
Diff line number
Diff line








@@ -17,6 +17,7 @@













package android.security.net.config;































import android.util.Pair;













import java.util.HashSet;















import java.util.Locale;















import java.util.Set;















import javax.net.ssl.X509TrustManager;










@@ -146,6 +147,20 @@ public final class ApplicationConfig {













        return getConfigForHostname(hostname).isCleartextTrafficPermitted();















    }





























    public void handleTrustStorageUpdate() {













        ensureInitialized();













        mDefaultConfig.handleTrustStorageUpdate();













        if (mConfigs != null) {













            Set<NetworkSecurityConfig> updatedConfigs =













                    new HashSet<NetworkSecurityConfig>(mConfigs.size());













            for (Pair<Domain, NetworkSecurityConfig> entry : mConfigs) {













                if (updatedConfigs.add(entry.second)) {













                    entry.second.handleTrustStorageUpdate();













                }













            }













        }













    }





























    private void ensureInitialized() {















        synchronized(mLock) {















            if (mInitialized) {

































core/java/android/security/net/config/CertificateSource.java



+1
−0




























Original line number
Diff line number
Diff line








@@ -25,4 +25,5 @@ public interface CertificateSource {













    X509Certificate findBySubjectAndPublicKey(X509Certificate cert);















    X509Certificate findByIssuerAndSignature(X509Certificate cert);















    Set<X509Certificate> findAllByIssuerAndSignature(X509Certificate cert);













    void handleTrustStorageUpdate();















}
























core/java/android/security/net/config/CertificatesEntryRef.java



+4
−0




























Original line number
Diff line number
Diff line








@@ -64,4 +64,8 @@ public final class CertificatesEntryRef {













    public Set<X509Certificate> findAllCertificatesByIssuerAndSignature(X509Certificate cert) {















        return mSource.findAllByIssuerAndSignature(cert);















    }



























    public void handleTrustStorageUpdate() {













        mSource.handleTrustStorageUpdate();













    }















}