Change cleartext traffic permitted default for P apps (fcc46336) · Commits · e / os / android_frameworks_base

core/java/android/security/net/config/NetworkSecurityConfig.java

+4 −2

Original line number	Diff line number	Diff line
		@@ -164,7 +164,8 @@ public final class NetworkSecurityConfig {
		* <p>
		* The default configuration has the following properties:
		* <ol>
		* <li>Cleartext traffic is permitted for non-ephemeral apps.</li>
		* <li>If the application targets API level 27 (Android O MR1) or lower then cleartext traffic
		* is allowed by default.</li>
		* <li>Cleartext traffic is not permitted for ephemeral apps.</li>
		* <li>HSTS is not enforced.</li>
		* <li>No certificate pinning is used.</li>
		@@ -183,7 +184,8 @@ public final class NetworkSecurityConfig {
		// System certificate store, does not bypass static pins.
		.addCertificatesEntryRef(
		new CertificatesEntryRef(SystemCertificateSource.getInstance(), false));
		final boolean cleartextTrafficPermitted = info.targetSandboxVersion < 2;
		final boolean cleartextTrafficPermitted = info.targetSdkVersion < Build.VERSION_CODES.P
		&& info.targetSandboxVersion < 2;
		builder.setCleartextTrafficPermitted(cleartextTrafficPermitted);
		// Applications targeting N and above must opt in into trusting the user added certificate
		// store.