Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit c72875b0 authored by Chad Brubaker's avatar Chad Brubaker
Browse files

Update trusted certificates when the trust store is changed 

This CL flushes the trusted cert cache of all active Network Security
Configs and their TrustManagers. Previously CA addition mostly worked
however removed CAs would remain cached in the X509TrustManager causing
the removed CA to still be trusted.

Change-Id: I0f5fd39932f8f8ed3ec5dfd088a82e982b366c43
parent 4de59ef3

api/test-current.txt

+0 −1
Original line number Diff line number Diff line
@@ -34406,7 +34406,6 @@ package android.security { 














  public class NetworkSecurityPolicy {















    method public static android.security.NetworkSecurityPolicy getInstance();













    method public void handleTrustStorageUpdate();















    method public boolean isCleartextTrafficPermitted();















    method public boolean isCleartextTrafficPermitted(java.lang.String);















  }

























core/java/android/app/ActivityThread.java



+6
−0






























Original line number
Diff line number
Diff line








@@ -81,6 +81,7 @@ import android.os.Trace;













import android.os.TransactionTooLargeException;















import android.os.UserHandle;















import android.provider.Settings;













import android.security.NetworkSecurityPolicy;















import android.security.net.config.NetworkSecurityConfigProvider;















import android.util.AndroidRuntimeException;















import android.util.ArrayMap;










@@ -1324,6 +1325,11 @@ public final class ActivityThread {













            args.arg2 = voiceInteractor;















            sendMessage(H.LOCAL_VOICE_INTERACTION_STARTED, args);















        }



























        @Override













        public void handleTrustStorageUpdate() {













            NetworkSecurityPolicy.getInstance().handleTrustStorageUpdate();













        }















    }































    private int getLifecycleSeq() {

































core/java/android/app/ApplicationThreadNative.java



+14
−0






























Original line number
Diff line number
Diff line








@@ -749,6 +749,12 @@ public abstract class ApplicationThreadNative extends Binder













            schedulePictureInPictureModeChanged(b, inPip);















            return true;















        }













        case HANDLE_TRUST_STORAGE_UPDATE_TRANSACTION:













        {













            data.enforceInterface(IApplicationThread.descriptor);













            handleTrustStorageUpdate();













            return true;













        }































        }


























@@ -1522,4 +1528,12 @@ class ApplicationThreadProxy implements IApplicationThread {













                IBinder.FLAG_ONEWAY);















        data.recycle();















    }



























    @Override













    public void handleTrustStorageUpdate() throws RemoteException {













        Parcel data = Parcel.obtain();













        data.writeInterfaceToken(IApplicationThread.descriptor);













        mRemote.transact(HANDLE_TRUST_STORAGE_UPDATE_TRANSACTION, data, null, IBinder.FLAG_ONEWAY);













        data.recycle();













    }















}
























core/java/android/app/IApplicationThread.java



+2
−0






























Original line number
Diff line number
Diff line








@@ -161,6 +161,7 @@ public interface IApplicationThread extends IInterface {













    void scheduleMultiWindowModeChanged(IBinder token, boolean isInMultiWindowMode) throws RemoteException;















    void schedulePictureInPictureModeChanged(IBinder token, boolean isInPictureInPictureMode) throws RemoteException;















    void scheduleLocalVoiceInteractionStarted(IBinder token, IVoiceInteractor voiceInteractor) throws RemoteException;













    void handleTrustStorageUpdate() throws RemoteException;































    String descriptor = "android.app.IApplicationThread";


























@@ -224,4 +225,5 @@ public interface IApplicationThread extends IInterface {













    int SCHEDULE_MULTI_WINDOW_CHANGED_TRANSACTION = IBinder.FIRST_CALL_TRANSACTION+58;















    int SCHEDULE_PICTURE_IN_PICTURE_CHANGED_TRANSACTION = IBinder.FIRST_CALL_TRANSACTION+59;















    int SCHEDULE_LOCAL_VOICE_INTERACTION_STARTED_TRANSACTION = IBinder.FIRST_CALL_TRANSACTION+60;













    int HANDLE_TRUST_STORAGE_UPDATE_TRANSACTION = IBinder.FIRST_CALL_TRANSACTION+61;















}
























core/java/android/security/NetworkSecurityPolicy.java



+4
−2






























Original line number
Diff line number
Diff line








@@ -97,9 +97,11 @@ public class NetworkSecurityPolicy {













     * Handle an update to the system or user certificate stores.















     * @hide















     */













    @TestApi















    public void handleTrustStorageUpdate() {













        ApplicationConfig.getDefaultInstance().handleTrustStorageUpdate();













        ApplicationConfig config = ApplicationConfig.getDefaultInstance();













        if (config != null) {













            config.handleTrustStorageUpdate();













        }















    }































    /**