1 /* 2 * Copyright (C) 2015 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package android.security.net.config; 18 19 import android.content.Context; 20 import android.content.pm.ApplicationInfo; 21 import android.util.Log; 22 import android.util.Pair; 23 import java.util.Set; 24 25 /** @hide */ 26 public class ManifestConfigSource implements ConfigSource { 27 private static final boolean DBG = true; 28 private static final String LOG_TAG = "NetworkSecurityConfig"; 29 30 private final Object mLock = new Object(); 31 private final Context mContext; 32 private final int mApplicationInfoFlags; 33 private final int mTargetSdkVersion; 34 private final int mConfigResourceId; 35 private final int mTargetSandboxVesrsion; 36 37 private ConfigSource mConfigSource; 38 ManifestConfigSource(Context context)39 public ManifestConfigSource(Context context) { 40 mContext = context; 41 // Cache values because ApplicationInfo is mutable and apps do modify it :( 42 ApplicationInfo info = context.getApplicationInfo(); 43 mApplicationInfoFlags = info.flags; 44 mTargetSdkVersion = info.targetSdkVersion; 45 mConfigResourceId = info.networkSecurityConfigRes; 46 mTargetSandboxVesrsion = info.targetSandboxVersion; 47 } 48 49 @Override getPerDomainConfigs()50 public Set<Pair<Domain, NetworkSecurityConfig>> getPerDomainConfigs() { 51 return getConfigSource().getPerDomainConfigs(); 52 } 53 54 @Override getDefaultConfig()55 public NetworkSecurityConfig getDefaultConfig() { 56 return getConfigSource().getDefaultConfig(); 57 } 58 getConfigSource()59 private ConfigSource getConfigSource() { 60 synchronized (mLock) { 61 if (mConfigSource != null) { 62 return mConfigSource; 63 } 64 65 ConfigSource source; 66 if (mConfigResourceId != 0) { 67 boolean debugBuild = (mApplicationInfoFlags & ApplicationInfo.FLAG_DEBUGGABLE) != 0; 68 if (DBG) { 69 Log.d(LOG_TAG, "Using Network Security Config from resource " 70 + mContext.getResources().getResourceEntryName(mConfigResourceId) 71 + " debugBuild: " + debugBuild); 72 } 73 source = new XmlConfigSource(mContext, mConfigResourceId, debugBuild, 74 mTargetSdkVersion, mTargetSandboxVesrsion); 75 } else { 76 if (DBG) { 77 Log.d(LOG_TAG, "No Network Security Config specified, using platform default"); 78 } 79 // the legacy FLAG_USES_CLEARTEXT_TRAFFIC is not supported for Ephemeral apps, they 80 // should use the network security config. 81 boolean usesCleartextTraffic = 82 (mApplicationInfoFlags & ApplicationInfo.FLAG_USES_CLEARTEXT_TRAFFIC) != 0 83 && mTargetSandboxVesrsion < 2; 84 source = new DefaultConfigSource(usesCleartextTraffic, mTargetSdkVersion, 85 mTargetSandboxVesrsion); 86 } 87 mConfigSource = source; 88 return mConfigSource; 89 } 90 } 91 92 private static final class DefaultConfigSource implements ConfigSource { 93 94 private final NetworkSecurityConfig mDefaultConfig; 95 96 public DefaultConfigSource(boolean usesCleartextTraffic, int targetSdkVersion, 97 int targetSandboxVesrsion) { 98 mDefaultConfig = NetworkSecurityConfig.getDefaultBuilder(targetSdkVersion, 99 targetSandboxVesrsion) 100 .setCleartextTrafficPermitted(usesCleartextTraffic) 101 .build(); 102 } 103 104 @Override 105 public NetworkSecurityConfig getDefaultConfig() { 106 return mDefaultConfig; 107 } 108 109 @Override 110 public Set<Pair<Domain, NetworkSecurityConfig>> getPerDomainConfigs() { 111 return null; 112 } 113 } 114 } 115