1 /* 2 * Copyright (C) 2015 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package android.security.net.config; 18 19 import android.content.Context; 20 import android.content.pm.ApplicationInfo; 21 import android.util.Log; 22 import android.util.Pair; 23 24 import java.util.Set; 25 26 /** @hide */ 27 public class ManifestConfigSource implements ConfigSource { 28 private static final boolean DBG = true; 29 private static final String LOG_TAG = "NetworkSecurityConfig"; 30 31 private final Object mLock = new Object(); 32 private final Context mContext; 33 private final ApplicationInfo mApplicationInfo; 34 35 private ConfigSource mConfigSource; 36 ManifestConfigSource(Context context)37 public ManifestConfigSource(Context context) { 38 mContext = context; 39 // Cache the info because ApplicationInfo is mutable and apps do modify it :( 40 mApplicationInfo = new ApplicationInfo(context.getApplicationInfo()); 41 } 42 43 @Override getPerDomainConfigs()44 public Set<Pair<Domain, NetworkSecurityConfig>> getPerDomainConfigs() { 45 return getConfigSource().getPerDomainConfigs(); 46 } 47 48 @Override getDefaultConfig()49 public NetworkSecurityConfig getDefaultConfig() { 50 return getConfigSource().getDefaultConfig(); 51 } 52 getConfigSource()53 private ConfigSource getConfigSource() { 54 synchronized (mLock) { 55 if (mConfigSource != null) { 56 return mConfigSource; 57 } 58 int configResource = mApplicationInfo.networkSecurityConfigRes; 59 ConfigSource source; 60 if (configResource != 0) { 61 boolean debugBuild = 62 (mApplicationInfo.flags & ApplicationInfo.FLAG_DEBUGGABLE) != 0; 63 if (DBG) { 64 Log.d(LOG_TAG, "Using Network Security Config from resource " 65 + mContext.getResources() 66 .getResourceEntryName(configResource) 67 + " debugBuild: " + debugBuild); 68 } 69 source = new XmlConfigSource(mContext, configResource, mApplicationInfo); 70 } else { 71 if (DBG) { 72 Log.d(LOG_TAG, "No Network Security Config specified, using platform default"); 73 } 74 // the legacy FLAG_USES_CLEARTEXT_TRAFFIC is not supported for Ephemeral apps, they 75 // should use the network security config. 76 boolean usesCleartextTraffic = 77 (mApplicationInfo.flags & ApplicationInfo.FLAG_USES_CLEARTEXT_TRAFFIC) != 0 78 && mApplicationInfo.targetSandboxVersion < 2; 79 source = new DefaultConfigSource(usesCleartextTraffic, mApplicationInfo); 80 } 81 mConfigSource = source; 82 return mConfigSource; 83 } 84 } 85 86 private static final class DefaultConfigSource implements ConfigSource { 87 88 private final NetworkSecurityConfig mDefaultConfig; 89 90 DefaultConfigSource(boolean usesCleartextTraffic, ApplicationInfo info) { 91 mDefaultConfig = NetworkSecurityConfig.getDefaultBuilder(info) 92 .setCleartextTrafficPermitted(usesCleartextTraffic) 93 .build(); 94 } 95 96 @Override 97 public NetworkSecurityConfig getDefaultConfig() { 98 return mDefaultConfig; 99 } 100 101 @Override 102 public Set<Pair<Domain, NetworkSecurityConfig>> getPerDomainConfigs() { 103 return null; 104 } 105 } 106 } 107