Now that the libcore's NetworkSecurityPolicy abstraction is in place,
the framework version of the abstraction should delegate to the
libcore one, to avoid them getting out of sync.
Bug: 19215516
Change-Id: Ic57341d703a13e0fb100dc414958e8fd54e03816
This is a follow-up to
https://android-review.googlesource.com/#/c/131920/, addressing some
outstanding comments.
This CL also switches the source file to the correct indentation.
Bug: 19215516
Change-Id: Ia48455ab351081e11619afcccadb8fa90340391d
Having it as a raw byte[] caused issues in keystore because keymaster
handles a null blob differently than a blob with null contents. Make
this explicit in the API.
Change-Id: Ifcf550f438608b8f09fc589d00d06fffa6ee463b
The initial purpose of the NetworkSecurityPolicy class is to provide a
way for network libraries to check whether cleartext network traffic
(e.g., HTTP, WebSockets, XMPP, IMAP, SMTP) should be blocked from this
process.
The policy is set declaratively by the app developer in the app's
manifest and can be queried from ApplicationInfo.flags. Unfortunately,
several network stacks (bundled and unbundled) do not have a reference
to ApplicationInfo or Context.
Alternatives:
* Keep this API hidden (and thus potentially move it from framework to
libcore), thus precluding unbundled HTTP stacks from using the API.
* Introduce a new java.lang.System property instead of this API.
However, such properties are a mess and not as powerful/extensible
as a public class.
Bug: 19215516
Change-Id: If22056a74d257bf1d805ebb4fc284240b3d338f1
The attribute declares whether the app intends to use cleartext
network traffic (e.g., HTTP, WebSockets, XMPP, SMTP, IMAP -- without
TLS or STARTTLS). The default value is true. If set to false, the app
declares that it does not intend to use cleartext network traffic. In
this case the app requests the platform, tooling, and third-party
libraries to prevent it from using cleartext traffic. The danger of
cleartext network traffic is that its confidentiality, authenticity,
and integrity are not guaranteed.
This feature is designed to help apps which care about security of
data exchanged over the network. These apps can accidentally
regress/downgrade to using cleartext network communications. This
typically happens when the server the app communicates with all of a
sudden tells it to use cleartext communications (e.g, HTTP URL
instead of an HTTPS URL) or when one of the components of the app gets
updated and regresses to cleartext communications without the
developer noticing.
In general, the prevention measures are on best effort basis. It's
impossible to automatically prevent all instances of cleartext
traffic. For example, an app bent on bypassing restrictions could
perform low-level network I/O with unusual TCP packet fragmentation,
or could use a custom application-level protocol.
The expectation is that most apps use libraries for network
communications and these libraries over time will start to honor this
flag, thus increasing the protections offered by it.
Bug: 19215516
Change-Id: I8700d51ddbc5d528faa4b6a5fa5bc9551ad02d13
%p is not a valid conversion in format strings. It is also superfluous,
as it is already known that location is null.
Bug: 19797138
Change-Id: I5784e28b05b4ca9aac57e0fc9da4a7f01d9b3247
The comparator's equal implementation doesn't satisfy the constraints
of an equals method, namely being reflexive. Use the standard Object
implementation instead.
Bug: 19797138
Change-Id: I74f888e99533e1945aab7ab10fe8ee3ded6388f4
The constructor was public API, doh. Gotta do this differently.
This reverts commit 33c5b2a62f3e62382c41e24c6b527119978816a0.
Change-Id: Iadca87fe6a8866a8bd9d6f2a91578ec0d4c44691
