Use an attribute for the network security config resource
Originally we went with the meta-data approach to make unbundling
easier, however with the amount of platform changes that the config
ended up relying on it would be better to focus on exposing it through
the platform.
Bug:28763009
Change-Id: Iaf80001b1980220cd2e1e05faf2dc86af41700e1
diff --git a/core/java/android/app/ActivityThread.java b/core/java/android/app/ActivityThread.java
index a30a606..dff0769 100644
--- a/core/java/android/app/ActivityThread.java
+++ b/core/java/android/app/ActivityThread.java
@@ -5221,7 +5221,7 @@
// code is loaded to prevent issues with instances of TLS objects being created before
// the provider is installed.
Trace.traceBegin(Trace.TRACE_TAG_ACTIVITY_MANAGER, "NetworkSecurityConfigProvider.install");
- NetworkSecurityConfigProvider.install(appContext);
+ NetworkSecurityConfigProvider.install(appContext, data.appInfo);
Trace.traceEnd(Trace.TRACE_TAG_ACTIVITY_MANAGER);
// Continue loading instrumentation.
diff --git a/core/java/android/content/pm/ApplicationInfo.java b/core/java/android/content/pm/ApplicationInfo.java
index 51a7be4..b7364e2 100644
--- a/core/java/android/content/pm/ApplicationInfo.java
+++ b/core/java/android/content/pm/ApplicationInfo.java
@@ -764,6 +764,12 @@
*/
public int installLocation = PackageInfo.INSTALL_LOCATION_UNSPECIFIED;
+ /**
+ * Resource file providing the application's Network Security Config.
+ * @hide
+ */
+ public int networkSecurityConfigRes;
+
public void dump(Printer pw, String prefix) {
dump(pw, prefix, DUMP_FLAG_ALL);
}
@@ -835,6 +841,10 @@
pw.println(prefix + "fullBackupContent="
+ (fullBackupContent < 0 ? "false" : "true"));
}
+ if (networkSecurityConfigRes != 0) {
+ pw.println(prefix + "networkSecurityConfigRes=0x"
+ + Integer.toHexString(networkSecurityConfigRes));
+ }
}
super.dumpBack(pw, prefix);
}
@@ -921,6 +931,7 @@
uiOptions = orig.uiOptions;
backupAgentName = orig.backupAgentName;
fullBackupContent = orig.fullBackupContent;
+ networkSecurityConfigRes = orig.networkSecurityConfigRes;
}
public String toString() {
@@ -976,6 +987,7 @@
dest.writeInt(descriptionRes);
dest.writeInt(uiOptions);
dest.writeInt(fullBackupContent);
+ dest.writeInt(networkSecurityConfigRes);
}
public static final Parcelable.Creator<ApplicationInfo> CREATOR
@@ -1031,6 +1043,7 @@
descriptionRes = source.readInt();
uiOptions = source.readInt();
fullBackupContent = source.readInt();
+ networkSecurityConfigRes = source.readInt();
}
/**
diff --git a/core/java/android/content/pm/PackageParser.java b/core/java/android/content/pm/PackageParser.java
index de1284e..adf9fe6 100644
--- a/core/java/android/content/pm/PackageParser.java
+++ b/core/java/android/content/pm/PackageParser.java
@@ -2945,6 +2945,10 @@
ai.privateFlags |= PRIVATE_FLAG_RESIZEABLE_ACTIVITIES;
}
+ ai.networkSecurityConfigRes = sa.getResourceId(
+ com.android.internal.R.styleable.AndroidManifestApplication_networkSecurityConfig,
+ 0);
+
String str;
str = sa.getNonConfigurationString(
com.android.internal.R.styleable.AndroidManifestApplication_permission, 0);
diff --git a/core/java/android/security/NetworkSecurityPolicy.java b/core/java/android/security/NetworkSecurityPolicy.java
index 9530aca..331063e 100644
--- a/core/java/android/security/NetworkSecurityPolicy.java
+++ b/core/java/android/security/NetworkSecurityPolicy.java
@@ -17,10 +17,7 @@
package android.security;
import android.annotation.TestApi;
-import android.content.Context;
-import android.content.pm.PackageManager;
import android.security.net.config.ApplicationConfig;
-import android.security.net.config.ManifestConfigSource;
/**
* Network security policy.
@@ -93,19 +90,6 @@
libcore.net.NetworkSecurityPolicy.setInstance(policy);
}
-
- /**
- * Returns an {@link ApplicationConfig} based on the configuration for {@code packageName}.
- *
- * @hide
- */
- public static ApplicationConfig getApplicationConfigForPackage(Context context,
- String packageName) throws PackageManager.NameNotFoundException {
- Context appContext = context.createPackageContext(packageName, 0);
- ManifestConfigSource source = new ManifestConfigSource(appContext);
- return new ApplicationConfig(source);
- }
-
/**
* Handle an update to the system or user certificate stores.
* @hide
diff --git a/core/java/android/security/net/config/ManifestConfigSource.java b/core/java/android/security/net/config/ManifestConfigSource.java
index be0821c..d59b5e3 100644
--- a/core/java/android/security/net/config/ManifestConfigSource.java
+++ b/core/java/android/security/net/config/ManifestConfigSource.java
@@ -18,25 +18,24 @@
import android.content.Context;
import android.content.pm.ApplicationInfo;
-import android.content.pm.PackageManager;
import android.util.Log;
import android.util.Pair;
import java.util.Set;
/** @hide */
public class ManifestConfigSource implements ConfigSource {
- public static final String META_DATA_NETWORK_SECURITY_CONFIG =
- "android.security.net.config";
private static final boolean DBG = true;
private static final String LOG_TAG = "NetworkSecurityConfig";
private final Object mLock = new Object();
private final Context mContext;
+ private final ApplicationInfo mInfo;
private ConfigSource mConfigSource;
- public ManifestConfigSource(Context context) {
+ public ManifestConfigSource(Context context, ApplicationInfo info) {
mContext = context;
+ mInfo = info;
}
@Override
@@ -54,22 +53,15 @@
if (mConfigSource != null) {
return mConfigSource;
}
- ApplicationInfo info;
- try {
- info = mContext.getPackageManager().getApplicationInfo(mContext.getPackageName(),
- PackageManager.GET_META_DATA);
- } catch (PackageManager.NameNotFoundException e) {
- throw new RuntimeException("Failed to look up ApplicationInfo", e);
- }
- int targetSdkVersion = info.targetSdkVersion;
+ int targetSdkVersion = mInfo.targetSdkVersion;
int configResourceId = 0;
- if (info != null && info.metaData != null) {
- configResourceId = info.metaData.getInt(META_DATA_NETWORK_SECURITY_CONFIG);
+ if (mInfo != null) {
+ configResourceId = mInfo.networkSecurityConfigRes;
}
ConfigSource source;
if (configResourceId != 0) {
- boolean debugBuild = (info.flags & ApplicationInfo.FLAG_DEBUGGABLE) != 0;
+ boolean debugBuild = (mInfo.flags & ApplicationInfo.FLAG_DEBUGGABLE) != 0;
if (DBG) {
Log.d(LOG_TAG, "Using Network Security Config from resource "
+ mContext.getResources().getResourceEntryName(configResourceId)
@@ -82,7 +74,7 @@
Log.d(LOG_TAG, "No Network Security Config specified, using platform default");
}
boolean usesCleartextTraffic =
- (info.flags & ApplicationInfo.FLAG_USES_CLEARTEXT_TRAFFIC) != 0;
+ (mInfo.flags & ApplicationInfo.FLAG_USES_CLEARTEXT_TRAFFIC) != 0;
source = new DefaultConfigSource(usesCleartextTraffic, targetSdkVersion);
}
mConfigSource = source;
diff --git a/core/java/android/security/net/config/NetworkSecurityConfigProvider.java b/core/java/android/security/net/config/NetworkSecurityConfigProvider.java
index 0f66873..4c51cc3 100644
--- a/core/java/android/security/net/config/NetworkSecurityConfigProvider.java
+++ b/core/java/android/security/net/config/NetworkSecurityConfigProvider.java
@@ -17,6 +17,7 @@
package android.security.net.config;
import android.content.Context;
+import android.content.pm.ApplicationInfo;
import java.security.Security;
import java.security.Provider;
@@ -32,8 +33,8 @@
put("Alg.Alias.TrustManagerFactory.X509", "PKIX");
}
- public static void install(Context context) {
- ApplicationConfig config = new ApplicationConfig(new ManifestConfigSource(context));
+ public static void install(Context context, ApplicationInfo info) {
+ ApplicationConfig config = new ApplicationConfig(new ManifestConfigSource(context, info));
ApplicationConfig.setDefaultInstance(config);
int pos = Security.insertProviderAt(new NetworkSecurityConfigProvider(), 1);
if (pos != 1) {
diff --git a/core/res/res/values/attrs_manifest.xml b/core/res/res/values/attrs_manifest.xml
index 6c4340a..d69d73d 100644
--- a/core/res/res/values/attrs_manifest.xml
+++ b/core/res/res/values/attrs_manifest.xml
@@ -1178,6 +1178,9 @@
-->
<attr name="autoVerify" format="boolean" />
+ <!-- An XML resource with the application's Network Security Config. -->
+ <attr name="networkSecurityConfig" format="reference" />
+
<!-- The <code>manifest</code> tag is the root of an
<code>AndroidManifest.xml</code> file,
describing the contents of an Android package (.apk) file. One
@@ -1313,6 +1316,7 @@
<attr name="defaultToDeviceProtectedStorage" format="boolean" />
<attr name="directBootAware" />
<attr name="resizeableActivity" />
+ <attr name="networkSecurityConfig" />
</declare-styleable>
<!-- The <code>permission</code> tag declares a security permission that can be
used to control access from other packages to specific components or
diff --git a/core/res/res/values/public.xml b/core/res/res/values/public.xml
index ac48184..8e9e978 100644
--- a/core/res/res/values/public.xml
+++ b/core/res/res/values/public.xml
@@ -2718,6 +2718,7 @@
<public type="attr" name="numberPickerStyle" />
<public type="attr" name="enableVrMode" />
<public type="attr" name="hash" />
+ <public type="attr" name="networkSecurityConfig" />
<public type="style" name="Theme.Material.Light.DialogWhenLarge.DarkActionBar" />
<public type="style" name="Widget.Material.SeekBar.Discrete" />