Merge "Allow debug-overrides to be specified in an extra resource" into nyc-dev
diff --git a/core/java/android/security/net/config/XmlConfigSource.java b/core/java/android/security/net/config/XmlConfigSource.java
index 2a8773c..d57d0f5 100644
--- a/core/java/android/security/net/config/XmlConfigSource.java
+++ b/core/java/android/security/net/config/XmlConfigSource.java
@@ -339,7 +339,7 @@
}
if (mDebugBuild) {
debugConfigBuilder =
- parseConfigEntry(parser, seenDomains, null, CONFIG_DEBUG).get(0).first;
+ parseConfigEntry(parser, null, null, CONFIG_DEBUG).get(0).first;
} else {
XmlUtils.skipCurrentTag(parser);
}
@@ -348,6 +348,11 @@
XmlUtils.skipCurrentTag(parser);
}
}
+ // If debug is true and there was no debug-overrides in the file check for an extra
+ // _debug resource.
+ if (mDebugBuild && debugConfigBuilder == null) {
+ debugConfigBuilder = parseDebugOverridesResource();
+ }
// Use the platform default as the parent of the base config for any values not provided
// there. If there is no base config use the platform default.
@@ -385,6 +390,43 @@
mDomainMap = configs;
}
+ private NetworkSecurityConfig.Builder parseDebugOverridesResource()
+ throws IOException, XmlPullParserException, ParserException {
+ Resources resources = mContext.getResources();
+ String packageName = resources.getResourcePackageName(mResourceId);
+ String entryName = resources.getResourceEntryName(mResourceId);
+ int resId = resources.getIdentifier(entryName + "_debug", "xml", packageName);
+ // No debug-overrides resource was found, nothing to parse.
+ if (resId == 0) {
+ return null;
+ }
+ NetworkSecurityConfig.Builder debugConfigBuilder = null;
+ // Parse debug-overrides out of the _debug resource.
+ try (XmlResourceParser parser = resources.getXml(resId)) {
+ XmlUtils.beginDocument(parser, "network-security-config");
+ int outerDepth = parser.getDepth();
+ boolean seenDebugOverrides = false;
+ while (XmlUtils.nextElementWithin(parser, outerDepth)) {
+ if ("debug-overrides".equals(parser.getName())) {
+ if (seenDebugOverrides) {
+ throw new ParserException(parser, "Only one debug-overrides allowed");
+ }
+ if (mDebugBuild) {
+ debugConfigBuilder =
+ parseConfigEntry(parser, null, null, CONFIG_DEBUG).get(0).first;
+ } else {
+ XmlUtils.skipCurrentTag(parser);
+ }
+ seenDebugOverrides = true;
+ } else {
+ XmlUtils.skipCurrentTag(parser);
+ }
+ }
+ }
+
+ return debugConfigBuilder;
+ }
+
public static class ParserException extends Exception {
public ParserException(XmlPullParser parser, String message, Throwable cause) {
diff --git a/tests/NetworkSecurityConfigTest/res/xml/bad_extra_debug_resource.xml b/tests/NetworkSecurityConfigTest/res/xml/bad_extra_debug_resource.xml
new file mode 100644
index 0000000..8093b9d
--- /dev/null
+++ b/tests/NetworkSecurityConfigTest/res/xml/bad_extra_debug_resource.xml
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="utf-8"?>
+<network-security-config>
+ <base-config>
+ <trust-anchors>
+ </trust-anchors>
+ </base-config>
+</network-security-config>
diff --git a/tests/NetworkSecurityConfigTest/res/xml/bad_extra_debug_resource_debug.xml b/tests/NetworkSecurityConfigTest/res/xml/bad_extra_debug_resource_debug.xml
new file mode 100644
index 0000000..fc24df5
--- /dev/null
+++ b/tests/NetworkSecurityConfigTest/res/xml/bad_extra_debug_resource_debug.xml
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- debug-overrides not inside network-security-config should cause a parsing error -->
+<debug-overrides>
+ <trust-anchors>
+ <certificates src="system" />
+ </trust-anchors>
+</debug-overrides>
diff --git a/tests/NetworkSecurityConfigTest/res/xml/extra_debug_resource.xml b/tests/NetworkSecurityConfigTest/res/xml/extra_debug_resource.xml
new file mode 100644
index 0000000..8093b9d
--- /dev/null
+++ b/tests/NetworkSecurityConfigTest/res/xml/extra_debug_resource.xml
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="utf-8"?>
+<network-security-config>
+ <base-config>
+ <trust-anchors>
+ </trust-anchors>
+ </base-config>
+</network-security-config>
diff --git a/tests/NetworkSecurityConfigTest/res/xml/extra_debug_resource_debug.xml b/tests/NetworkSecurityConfigTest/res/xml/extra_debug_resource_debug.xml
new file mode 100644
index 0000000..6a2ad37
--- /dev/null
+++ b/tests/NetworkSecurityConfigTest/res/xml/extra_debug_resource_debug.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="utf-8"?>
+<network-security-config>
+ <debug-overrides>
+ <trust-anchors>
+ <certificates src="system" />
+ </trust-anchors>
+ </debug-overrides>
+</network-security-config>
diff --git a/tests/NetworkSecurityConfigTest/src/android/security/net/config/XmlConfigTests.java b/tests/NetworkSecurityConfigTest/src/android/security/net/config/XmlConfigTests.java
index 35e3ef4..10bcc18 100644
--- a/tests/NetworkSecurityConfigTest/src/android/security/net/config/XmlConfigTests.java
+++ b/tests/NetworkSecurityConfigTest/src/android/security/net/config/XmlConfigTests.java
@@ -431,4 +431,37 @@
TestUtils.assertConnectionSucceeds(context, "android.com", 443);
TestUtils.assertUrlConnectionSucceeds(context, "android.com", 443);
}
+
+ public void testExtraDebugResource() throws Exception {
+ XmlConfigSource source =
+ new XmlConfigSource(getContext(), R.xml.extra_debug_resource, true);
+ ApplicationConfig appConfig = new ApplicationConfig(source);
+ assertFalse(appConfig.hasPerDomainConfigs());
+ NetworkSecurityConfig config = appConfig.getConfigForHostname("");
+ MoreAsserts.assertNotEmpty(config.getTrustAnchors());
+
+ // Check that the _debug file is ignored if debug is false.
+ source = new XmlConfigSource(getContext(), R.xml.extra_debug_resource, false);
+ appConfig = new ApplicationConfig(source);
+ assertFalse(appConfig.hasPerDomainConfigs());
+ config = appConfig.getConfigForHostname("");
+ MoreAsserts.assertEmpty(config.getTrustAnchors());
+ }
+
+ public void testExtraDebugResourceIgnored() throws Exception {
+ // Verify that parsing the extra debug config resource fails only when debugging is true.
+ XmlConfigSource source =
+ new XmlConfigSource(getContext(), R.xml.bad_extra_debug_resource, false);
+ ApplicationConfig appConfig = new ApplicationConfig(source);
+ // Force parsing the config file.
+ appConfig.getConfigForHostname("");
+
+ source = new XmlConfigSource(getContext(), R.xml.bad_extra_debug_resource, true);
+ appConfig = new ApplicationConfig(source);
+ try {
+ appConfig.getConfigForHostname("");
+ fail("Bad extra debug resource did not fail to parse");
+ } catch (RuntimeException expected) {
+ }
+ }
}