Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f9034cc4 authored by Alex Klyubin's avatar Alex Klyubin
Browse files

Add android.security.NetworkSecurityPolicy. 

The initial purpose of the NetworkSecurityPolicy class is to provide a
way for network libraries to check whether cleartext network traffic
(e.g., HTTP, WebSockets, XMPP, IMAP, SMTP) should be blocked from this
process.

The policy is set declaratively by the app developer in the app's
manifest and can be queried from ApplicationInfo.flags. Unfortunately,
several network stacks (bundled and unbundled) do not have a reference
to ApplicationInfo or Context.

Alternatives:
* Keep this API hidden (and thus potentially move it from framework to
  libcore), thus precluding unbundled HTTP stacks from using the API.
* Introduce a new java.lang.System property instead of this API.
  However, such properties are a mess and not as powerful/extensible
  as a public class.

Bug: 19215516
Change-Id: If22056a74d257bf1d805ebb4fc284240b3d338f1
parent 4177b8cb

core/java/android/app/ActivityThread.java

+4 −0
Original line number Diff line number Diff line
@@ -75,6 +75,7 @@ import android.os.SystemProperties; 
import android.os.Trace;

import android.os.UserHandle;

import android.provider.Settings;

import android.security.NetworkSecurityPolicy;

import android.util.AndroidRuntimeException;

import android.util.ArrayMap;

import android.util.DisplayMetrics;
@@ -4435,6 +4436,9 @@ public final class ActivityThread { 
            StrictMode.enableDeathOnNetwork();

        }



        NetworkSecurityPolicy.getInstance().setCleartextTrafficPermitted(

                (data.appInfo.flags & ApplicationInfo.FLAG_USES_CLEARTEXT_TRAFFIC) != 0);



        if (data.debugMode != IApplicationThread.DEBUG_OFF) {

            // XXX should have option to change the port.

            Debug.changeDebugPort(8100);

core/java/android/security/NetworkSecurityPolicy.java

0 → 100644
+66 −0
Original line number Diff line number Diff line 
/**

 * Copyright (c) 2015, The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *     http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */



package android.security;



/**

 * Network security policy.

 *

 * @hide

 */

public class NetworkSecurityPolicy {



  private static final NetworkSecurityPolicy INSTANCE = new NetworkSecurityPolicy();



  private boolean mCleartextTrafficPermitted = true;



  private NetworkSecurityPolicy() {}



  /**

   * Gets the policy.

   */

  public static NetworkSecurityPolicy getInstance() {

    return INSTANCE;

  }



  /**

   * Checks whether cleartext network traffic (e.g., HTTP, WebSockets, XMPP, IMAP, SMTP -- without

   * TLS or STARTTLS) is permitted for this process.

   *

   * <p>When cleartext network traffic is not permitted, the platform's components (e.g., HTTP

   * stacks, {@code WebView}, {@code MediaPlayer}) will refuse this process's requests to use

   * cleartext traffic. Third-party libraries are encouraged to honor this setting as well.

   */

  public boolean isCleartextTrafficPermitted() {

    synchronized (this) {

      return mCleartextTrafficPermitted;

    }

  }



  /**

   * Sets whether cleartext network traffic is permitted for this process.

   *

   * <p>This method is used by the platform early on in the application's initialization to set the

   * policy.

   *

   * @hide

   */

  public void setCleartextTrafficPermitted(boolean permitted) {

    synchronized (this) {

      mCleartextTrafficPermitted = permitted;

    }

  }

}