import android.content.pm.ApplicationInfo;
import android.util.Log;
import android.util.Pair;
+
import java.util.Set;
/** @hide */
private final Object mLock = new Object();
private final Context mContext;
- private final int mApplicationInfoFlags;
- private final int mTargetSdkVersion;
- private final int mConfigResourceId;
- private final int mTargetSandboxVesrsion;
+ private final ApplicationInfo mApplicationInfo;
private ConfigSource mConfigSource;
public ManifestConfigSource(Context context) {
mContext = context;
- // Cache values because ApplicationInfo is mutable and apps do modify it :(
- ApplicationInfo info = context.getApplicationInfo();
- mApplicationInfoFlags = info.flags;
- mTargetSdkVersion = info.targetSdkVersion;
- mConfigResourceId = info.networkSecurityConfigRes;
- mTargetSandboxVesrsion = info.targetSandboxVersion;
+ // Cache the info because ApplicationInfo is mutable and apps do modify it :(
+ mApplicationInfo = new ApplicationInfo(context.getApplicationInfo());
}
@Override
if (mConfigSource != null) {
return mConfigSource;
}
-
+ int configResource = mApplicationInfo.networkSecurityConfigRes;
ConfigSource source;
- if (mConfigResourceId != 0) {
- boolean debugBuild = (mApplicationInfoFlags & ApplicationInfo.FLAG_DEBUGGABLE) != 0;
+ if (configResource != 0) {
+ boolean debugBuild =
+ (mApplicationInfo.flags & ApplicationInfo.FLAG_DEBUGGABLE) != 0;
if (DBG) {
Log.d(LOG_TAG, "Using Network Security Config from resource "
- + mContext.getResources().getResourceEntryName(mConfigResourceId)
+ + mContext.getResources()
+ .getResourceEntryName(configResource)
+ " debugBuild: " + debugBuild);
}
- source = new XmlConfigSource(mContext, mConfigResourceId, debugBuild,
- mTargetSdkVersion, mTargetSandboxVesrsion);
+ source = new XmlConfigSource(mContext, configResource, mApplicationInfo);
} else {
if (DBG) {
Log.d(LOG_TAG, "No Network Security Config specified, using platform default");
// the legacy FLAG_USES_CLEARTEXT_TRAFFIC is not supported for Ephemeral apps, they
// should use the network security config.
boolean usesCleartextTraffic =
- (mApplicationInfoFlags & ApplicationInfo.FLAG_USES_CLEARTEXT_TRAFFIC) != 0
- && mTargetSandboxVesrsion < 2;
- source = new DefaultConfigSource(usesCleartextTraffic, mTargetSdkVersion,
- mTargetSandboxVesrsion);
+ (mApplicationInfo.flags & ApplicationInfo.FLAG_USES_CLEARTEXT_TRAFFIC) != 0
+ && mApplicationInfo.targetSandboxVersion < 2;
+ source = new DefaultConfigSource(usesCleartextTraffic, mApplicationInfo);
}
mConfigSource = source;
return mConfigSource;
private final NetworkSecurityConfig mDefaultConfig;
- public DefaultConfigSource(boolean usesCleartextTraffic, int targetSdkVersion,
- int targetSandboxVesrsion) {
- mDefaultConfig = NetworkSecurityConfig.getDefaultBuilder(targetSdkVersion,
- targetSandboxVesrsion)
+ DefaultConfigSource(boolean usesCleartextTraffic, ApplicationInfo info) {
+ mDefaultConfig = NetworkSecurityConfig.getDefaultBuilder(info)
.setCleartextTrafficPermitted(usesCleartextTraffic)
.build();
}
package android.security.net.config;
import android.content.Context;
+import android.content.pm.ApplicationInfo;
import android.content.res.Resources;
import android.content.res.XmlResourceParser;
-import android.os.Build;
import android.util.ArraySet;
import android.util.Base64;
import android.util.Pair;
-import com.android.internal.annotations.VisibleForTesting;
+
import com.android.internal.util.XmlUtils;
import org.xmlpull.v1.XmlPullParser;
private final Object mLock = new Object();
private final int mResourceId;
private final boolean mDebugBuild;
- private final int mTargetSdkVersion;
- private final int mTargetSandboxVesrsion;
+ private final ApplicationInfo mApplicationInfo;
private boolean mInitialized;
private NetworkSecurityConfig mDefaultConfig;
private Set<Pair<Domain, NetworkSecurityConfig>> mDomainMap;
private Context mContext;
- @VisibleForTesting
- public XmlConfigSource(Context context, int resourceId) {
- this(context, resourceId, false);
- }
-
- @VisibleForTesting
- public XmlConfigSource(Context context, int resourceId, boolean debugBuild) {
- this(context, resourceId, debugBuild, Build.VERSION_CODES.CUR_DEVELOPMENT);
- }
-
- @VisibleForTesting
- public XmlConfigSource(Context context, int resourceId, boolean debugBuild,
- int targetSdkVersion) {
- this(context, resourceId, debugBuild, targetSdkVersion, 1 /*targetSandboxVersion*/);
- }
-
- public XmlConfigSource(Context context, int resourceId, boolean debugBuild,
- int targetSdkVersion, int targetSandboxVesrsion) {
- mResourceId = resourceId;
+ public XmlConfigSource(Context context, int resourceId, ApplicationInfo info) {
mContext = context;
- mDebugBuild = debugBuild;
- mTargetSdkVersion = targetSdkVersion;
- mTargetSandboxVesrsion = targetSandboxVesrsion;
+ mResourceId = resourceId;
+ mApplicationInfo = new ApplicationInfo(info);
+
+ mDebugBuild = (mApplicationInfo.flags & ApplicationInfo.FLAG_DEBUGGABLE) != 0;
}
public Set<Pair<Domain, NetworkSecurityConfig>> getPerDomainConfigs() {
// Use the platform default as the parent of the base config for any values not provided
// there. If there is no base config use the platform default.
NetworkSecurityConfig.Builder platformDefaultBuilder =
- NetworkSecurityConfig.getDefaultBuilder(mTargetSdkVersion, mTargetSandboxVesrsion);
+ NetworkSecurityConfig.getDefaultBuilder(mApplicationInfo);
addDebugAnchorsIfNeeded(debugConfigBuilder, platformDefaultBuilder);
if (baseConfigBuilder != null) {
baseConfigBuilder.setParent(platformDefaultBuilder);
package android.security.net.config;
import android.content.Context;
+import android.content.pm.ApplicationInfo;
import android.test.AndroidTestCase;
import android.test.MoreAsserts;
import android.util.ArraySet;
private final static String DEBUG_CA_SUBJ = "O=AOSP, CN=Test debug CA";
public void testEmptyConfigFile() throws Exception {
- XmlConfigSource source = new XmlConfigSource(getContext(), R.xml.empty_config);
+ XmlConfigSource source = new XmlConfigSource(getContext(), R.xml.empty_config,
+ TestUtils.makeApplicationInfo());
ApplicationConfig appConfig = new ApplicationConfig(source);
assertFalse(appConfig.hasPerDomainConfigs());
NetworkSecurityConfig config = appConfig.getConfigForHostname("");
}
public void testEmptyAnchors() throws Exception {
- XmlConfigSource source = new XmlConfigSource(getContext(), R.xml.empty_trust);
+ XmlConfigSource source = new XmlConfigSource(getContext(), R.xml.empty_trust,
+ TestUtils.makeApplicationInfo());
ApplicationConfig appConfig = new ApplicationConfig(source);
assertFalse(appConfig.hasPerDomainConfigs());
NetworkSecurityConfig config = appConfig.getConfigForHostname("");
}
public void testBasicDomainConfig() throws Exception {
- XmlConfigSource source = new XmlConfigSource(getContext(), R.xml.domain1);
+ XmlConfigSource source = new XmlConfigSource(getContext(), R.xml.domain1,
+ TestUtils.makeApplicationInfo());
ApplicationConfig appConfig = new ApplicationConfig(source);
assertTrue(appConfig.hasPerDomainConfigs());
NetworkSecurityConfig config = appConfig.getConfigForHostname("");
}
public void testBasicPinning() throws Exception {
- XmlConfigSource source = new XmlConfigSource(getContext(), R.xml.pins1);
+ XmlConfigSource source = new XmlConfigSource(getContext(), R.xml.pins1,
+ TestUtils.makeApplicationInfo());
ApplicationConfig appConfig = new ApplicationConfig(source);
assertTrue(appConfig.hasPerDomainConfigs());
// Check android.com.
}
public void testExpiredPin() throws Exception {
- XmlConfigSource source = new XmlConfigSource(getContext(), R.xml.expired_pin);
+ XmlConfigSource source = new XmlConfigSource(getContext(), R.xml.expired_pin,
+ TestUtils.makeApplicationInfo());
ApplicationConfig appConfig = new ApplicationConfig(source);
assertTrue(appConfig.hasPerDomainConfigs());
// Check android.com.
}
public void testOverridesPins() throws Exception {
- XmlConfigSource source = new XmlConfigSource(getContext(), R.xml.override_pins);
+ XmlConfigSource source = new XmlConfigSource(getContext(), R.xml.override_pins,
+ TestUtils.makeApplicationInfo());
ApplicationConfig appConfig = new ApplicationConfig(source);
assertTrue(appConfig.hasPerDomainConfigs());
// Check android.com.
}
public void testBadPin() throws Exception {
- XmlConfigSource source = new XmlConfigSource(getContext(), R.xml.bad_pin);
+ XmlConfigSource source = new XmlConfigSource(getContext(), R.xml.bad_pin,
+ TestUtils.makeApplicationInfo());
ApplicationConfig appConfig = new ApplicationConfig(source);
assertTrue(appConfig.hasPerDomainConfigs());
// Check android.com.
}
public void testMultipleDomains() throws Exception {
- XmlConfigSource source = new XmlConfigSource(getContext(), R.xml.multiple_domains);
+ XmlConfigSource source = new XmlConfigSource(getContext(), R.xml.multiple_domains,
+ TestUtils.makeApplicationInfo());
ApplicationConfig appConfig = new ApplicationConfig(source);
assertTrue(appConfig.hasPerDomainConfigs());
NetworkSecurityConfig config = appConfig.getConfigForHostname("android.com");
}
public void testMultipleDomainConfigs() throws Exception {
- XmlConfigSource source = new XmlConfigSource(getContext(), R.xml.multiple_configs);
+ XmlConfigSource source = new XmlConfigSource(getContext(), R.xml.multiple_configs,
+ TestUtils.makeApplicationInfo());
ApplicationConfig appConfig = new ApplicationConfig(source);
assertTrue(appConfig.hasPerDomainConfigs());
// Should be two different config objects
}
public void testIncludeSubdomains() throws Exception {
- XmlConfigSource source = new XmlConfigSource(getContext(), R.xml.subdomains);
+ XmlConfigSource source = new XmlConfigSource(getContext(), R.xml.subdomains,
+ TestUtils.makeApplicationInfo());
ApplicationConfig appConfig = new ApplicationConfig(source);
assertTrue(appConfig.hasPerDomainConfigs());
// Try connections.
}
public void testAttributes() throws Exception {
- XmlConfigSource source = new XmlConfigSource(getContext(), R.xml.attributes);
+ XmlConfigSource source = new XmlConfigSource(getContext(), R.xml.attributes,
+ TestUtils.makeApplicationInfo());
ApplicationConfig appConfig = new ApplicationConfig(source);
assertFalse(appConfig.hasPerDomainConfigs());
NetworkSecurityConfig config = appConfig.getConfigForHostname("");
}
public void testResourcePemCertificateSource() throws Exception {
- XmlConfigSource source = new XmlConfigSource(getContext(), R.xml.resource_anchors_pem);
+ XmlConfigSource source = new XmlConfigSource(getContext(), R.xml.resource_anchors_pem,
+ TestUtils.makeApplicationInfo());
ApplicationConfig appConfig = new ApplicationConfig(source);
// Check android.com.
NetworkSecurityConfig config = appConfig.getConfigForHostname("android.com");
}
public void testResourceDerCertificateSource() throws Exception {
- XmlConfigSource source = new XmlConfigSource(getContext(), R.xml.resource_anchors_der);
+ XmlConfigSource source = new XmlConfigSource(getContext(), R.xml.resource_anchors_der,
+ TestUtils.makeApplicationInfo());
ApplicationConfig appConfig = new ApplicationConfig(source);
// Check android.com.
NetworkSecurityConfig config = appConfig.getConfigForHostname("android.com");
}
public void testNestedDomainConfigs() throws Exception {
- XmlConfigSource source = new XmlConfigSource(getContext(), R.xml.nested_domains);
+ XmlConfigSource source = new XmlConfigSource(getContext(), R.xml.nested_domains,
+ TestUtils.makeApplicationInfo());
ApplicationConfig appConfig = new ApplicationConfig(source);
assertTrue(appConfig.hasPerDomainConfigs());
NetworkSecurityConfig parent = appConfig.getConfigForHostname("android.com");
}
public void testNestedDomainConfigsOverride() throws Exception {
- XmlConfigSource source = new XmlConfigSource(getContext(), R.xml.nested_domains_override);
+ XmlConfigSource source = new XmlConfigSource(getContext(), R.xml.nested_domains_override,
+ TestUtils.makeApplicationInfo());
ApplicationConfig appConfig = new ApplicationConfig(source);
assertTrue(appConfig.hasPerDomainConfigs());
NetworkSecurityConfig parent = appConfig.getConfigForHostname("android.com");
}
public void testDebugOverridesDisabled() throws Exception {
- XmlConfigSource source = new XmlConfigSource(getContext(), R.xml.debug_basic, false);
+ XmlConfigSource source = new XmlConfigSource(getContext(), R.xml.debug_basic,
+ TestUtils.makeApplicationInfo());
ApplicationConfig appConfig = new ApplicationConfig(source);
NetworkSecurityConfig config = appConfig.getConfigForHostname("");
Set<TrustAnchor> anchors = config.getTrustAnchors();
}
public void testBasicDebugOverrides() throws Exception {
- XmlConfigSource source = new XmlConfigSource(getContext(), R.xml.debug_basic, true);
+ ApplicationInfo info = TestUtils.makeApplicationInfo();
+ info.flags |= ApplicationInfo.FLAG_DEBUGGABLE;
+ XmlConfigSource source = new XmlConfigSource(getContext(), R.xml.debug_basic, info);
ApplicationConfig appConfig = new ApplicationConfig(source);
NetworkSecurityConfig config = appConfig.getConfigForHostname("");
Set<TrustAnchor> anchors = config.getTrustAnchors();
}
public void testDebugOverridesWithDomain() throws Exception {
- XmlConfigSource source = new XmlConfigSource(getContext(), R.xml.debug_domain, true);
+ ApplicationInfo info = TestUtils.makeApplicationInfo();
+ info.flags |= ApplicationInfo.FLAG_DEBUGGABLE;
+ XmlConfigSource source = new XmlConfigSource(getContext(), R.xml.debug_domain, info);
ApplicationConfig appConfig = new ApplicationConfig(source);
NetworkSecurityConfig config = appConfig.getConfigForHostname("android.com");
Set<TrustAnchor> anchors = config.getTrustAnchors();
}
public void testDebugInherit() throws Exception {
- XmlConfigSource source = new XmlConfigSource(getContext(), R.xml.debug_domain, true);
+ ApplicationInfo info = TestUtils.makeApplicationInfo();
+ info.flags |= ApplicationInfo.FLAG_DEBUGGABLE;
+ XmlConfigSource source = new XmlConfigSource(getContext(), R.xml.debug_domain, info);
ApplicationConfig appConfig = new ApplicationConfig(source);
NetworkSecurityConfig config = appConfig.getConfigForHostname("android.com");
Set<TrustAnchor> anchors = config.getTrustAnchors();
private void testBadConfig(int configId) throws Exception {
try {
- XmlConfigSource source = new XmlConfigSource(getContext(), configId);
+ XmlConfigSource source = new XmlConfigSource(getContext(), configId,
+ TestUtils.makeApplicationInfo());
ApplicationConfig appConfig = new ApplicationConfig(source);
appConfig.getConfigForHostname("android.com");
fail("Bad config " + getContext().getResources().getResourceName(configId)
}
public void testTrustManagerKeystore() throws Exception {
- XmlConfigSource source = new XmlConfigSource(getContext(), R.xml.bad_pin, true);
+ XmlConfigSource source = new XmlConfigSource(getContext(), R.xml.bad_pin,
+ TestUtils.makeApplicationInfo());
ApplicationConfig appConfig = new ApplicationConfig(source);
Provider provider = new NetworkSecurityConfigProvider();
TrustManagerFactory tmf =
}
public void testDebugDedup() throws Exception {
- XmlConfigSource source = new XmlConfigSource(getContext(), R.xml.override_dedup, true);
+ ApplicationInfo info = TestUtils.makeApplicationInfo();
+ info.flags |= ApplicationInfo.FLAG_DEBUGGABLE;
+ XmlConfigSource source = new XmlConfigSource(getContext(), R.xml.override_dedup, info);
ApplicationConfig appConfig = new ApplicationConfig(source);
assertTrue(appConfig.hasPerDomainConfigs());
// Check android.com.
}
public void testExtraDebugResource() throws Exception {
+ ApplicationInfo info = TestUtils.makeApplicationInfo();
+ info.flags |= ApplicationInfo.FLAG_DEBUGGABLE;
XmlConfigSource source =
- new XmlConfigSource(getContext(), R.xml.extra_debug_resource, true);
+ new XmlConfigSource(getContext(), R.xml.extra_debug_resource, info);
ApplicationConfig appConfig = new ApplicationConfig(source);
assertFalse(appConfig.hasPerDomainConfigs());
NetworkSecurityConfig config = appConfig.getConfigForHostname("");
MoreAsserts.assertNotEmpty(config.getTrustAnchors());
// Check that the _debug file is ignored if debug is false.
- source = new XmlConfigSource(getContext(), R.xml.extra_debug_resource, false);
+ source = new XmlConfigSource(getContext(), R.xml.extra_debug_resource,
+ TestUtils.makeApplicationInfo());
appConfig = new ApplicationConfig(source);
assertFalse(appConfig.hasPerDomainConfigs());
config = appConfig.getConfigForHostname("");
public void testExtraDebugResourceIgnored() throws Exception {
// Verify that parsing the extra debug config resource fails only when debugging is true.
XmlConfigSource source =
- new XmlConfigSource(getContext(), R.xml.bad_extra_debug_resource, false);
+ new XmlConfigSource(getContext(), R.xml.bad_extra_debug_resource,
+ TestUtils.makeApplicationInfo());
ApplicationConfig appConfig = new ApplicationConfig(source);
// Force parsing the config file.
appConfig.getConfigForHostname("");
- source = new XmlConfigSource(getContext(), R.xml.bad_extra_debug_resource, true);
+ ApplicationInfo info = TestUtils.makeApplicationInfo();
+ info.flags |= ApplicationInfo.FLAG_DEBUGGABLE;
+ source = new XmlConfigSource(getContext(), R.xml.bad_extra_debug_resource, info);
appConfig = new ApplicationConfig(source);
try {
appConfig.getConfigForHostname("");
public void testDomainWhitespaceTrimming() throws Exception {
XmlConfigSource source =
- new XmlConfigSource(getContext(), R.xml.domain_whitespace, false);
+ new XmlConfigSource(getContext(), R.xml.domain_whitespace,
+ TestUtils.makeApplicationInfo());
ApplicationConfig appConfig = new ApplicationConfig(source);
NetworkSecurityConfig defaultConfig = appConfig.getConfigForHostname("");
MoreAsserts.assertNotEqual(defaultConfig, appConfig.getConfigForHostname("developer.android.com"));