1 /*
2  * Copyright (C) 2015 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 package android.security.net.config;
18 
19 import android.content.Context;
20 import android.util.Log;
21 
22 import java.security.Provider;
23 import java.security.Security;
24 
25 /** @hide */
26 public final class NetworkSecurityConfigProvider extends Provider {
27     private static final String LOG_TAG = "nsconfig";
28     private static final String PREFIX =
29             NetworkSecurityConfigProvider.class.getPackage().getName() + ".";
30 
NetworkSecurityConfigProvider()31     public NetworkSecurityConfigProvider() {
32         // TODO: More clever name than this
33         super("AndroidNSSP", 1.0, "Android Network Security Policy Provider");
34         put("TrustManagerFactory.PKIX", PREFIX + "RootTrustManagerFactorySpi");
35         put("Alg.Alias.TrustManagerFactory.X509", "PKIX");
36     }
37 
install(Context context)38     public static void install(Context context) {
39         ApplicationConfig config = new ApplicationConfig(new ManifestConfigSource(context));
40         ApplicationConfig.setDefaultInstance(config);
41         int pos = Security.insertProviderAt(new NetworkSecurityConfigProvider(), 1);
42         if (pos != 1) {
43             throw new RuntimeException("Failed to install provider as highest priority provider."
44                     + " Provider was installed at position " + pos);
45         }
46         libcore.net.NetworkSecurityPolicy.setInstance(new ConfigNetworkSecurityPolicy(config));
47     }
48 
49     /**
50      * For a shared process, resolves conflicting values of usesCleartextTraffic.
51      * 1. Throws a RuntimeException if the shared process with conflicting
52      * usesCleartextTraffic values have per domain rules.
53      * 2. Sets the default instance to the least strict config.
54      */
handleNewApplication(Context context)55     public static void handleNewApplication(Context context) {
56         ApplicationConfig config = new ApplicationConfig(new ManifestConfigSource(context));
57         ApplicationConfig defaultConfig = ApplicationConfig.getDefaultInstance();
58         String mProcessName = context.getApplicationInfo().processName;
59         if (defaultConfig != null) {
60             if (defaultConfig.isCleartextTrafficPermitted()
61                     != config.isCleartextTrafficPermitted()) {
62                 Log.w(LOG_TAG, mProcessName
63                         + ": New config does not match the previously set config.");
64 
65                 if (defaultConfig.hasPerDomainConfigs()
66                         || config.hasPerDomainConfigs()) {
67                     throw new RuntimeException("Found multiple conflicting per-domain rules");
68                 }
69                 config = defaultConfig.isCleartextTrafficPermitted() ? defaultConfig : config;
70             }
71         }
72         ApplicationConfig.setDefaultInstance(config);
73     }
74 }
75