Alex Klyubin | f9034cc | 2015-02-12 11:43:09 -0800 | [diff] [blame] | 1 | /** |
| 2 | * Copyright (c) 2015, The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
| 17 | package android.security; |
| 18 | |
| 19 | /** |
| 20 | * Network security policy. |
| 21 | * |
Alex Klyubin | 84750f3 | 2015-03-23 10:51:20 -0700 | [diff] [blame] | 22 | * <p>Network stacks/components should honor this policy to make it possible to centrally control |
| 23 | * the relevant aspects of network security behavior. |
| 24 | * |
| 25 | * <p>The policy currently consists of a single flag: whether cleartext network traffic is |
| 26 | * permitted. See {@link #isCleartextTrafficPermitted()}. |
Alex Klyubin | f9034cc | 2015-02-12 11:43:09 -0800 | [diff] [blame] | 27 | */ |
| 28 | public class NetworkSecurityPolicy { |
| 29 | |
Alex Klyubin | 84750f3 | 2015-03-23 10:51:20 -0700 | [diff] [blame] | 30 | private static final NetworkSecurityPolicy INSTANCE = new NetworkSecurityPolicy(); |
Alex Klyubin | f9034cc | 2015-02-12 11:43:09 -0800 | [diff] [blame] | 31 | |
Alex Klyubin | 84750f3 | 2015-03-23 10:51:20 -0700 | [diff] [blame] | 32 | private NetworkSecurityPolicy() {} |
Alex Klyubin | f9034cc | 2015-02-12 11:43:09 -0800 | [diff] [blame] | 33 | |
Alex Klyubin | 84750f3 | 2015-03-23 10:51:20 -0700 | [diff] [blame] | 34 | /** |
| 35 | * Gets the policy for this process. |
| 36 | * |
| 37 | * <p>It's fine to cache this reference. Any changes to the policy will be immediately visible |
| 38 | * through the reference. |
| 39 | */ |
| 40 | public static NetworkSecurityPolicy getInstance() { |
| 41 | return INSTANCE; |
Alex Klyubin | f9034cc | 2015-02-12 11:43:09 -0800 | [diff] [blame] | 42 | } |
Alex Klyubin | f9034cc | 2015-02-12 11:43:09 -0800 | [diff] [blame] | 43 | |
Alex Klyubin | 84750f3 | 2015-03-23 10:51:20 -0700 | [diff] [blame] | 44 | /** |
| 45 | * Returns whether cleartext network traffic (e.g. HTTP, FTP, WebSockets, XMPP, IMAP, SMTP -- |
| 46 | * without TLS or STARTTLS) is permitted for this process. |
| 47 | * |
| 48 | * <p>When cleartext network traffic is not permitted, the platform's components (e.g. HTTP and |
Alex Klyubin | 7cb000f | 2015-03-26 11:00:04 -0700 | [diff] [blame] | 49 | * FTP stacks, {@link android.webkit.WebView}, {@link android.media.MediaPlayer}) will refuse |
| 50 | * this process's requests to use cleartext traffic. Third-party libraries are strongly |
| 51 | * encouraged to honor this setting as well. |
Alex Klyubin | 84750f3 | 2015-03-23 10:51:20 -0700 | [diff] [blame] | 52 | * |
| 53 | * <p>This flag is honored on a best effort basis because it's impossible to prevent all |
| 54 | * cleartext traffic from Android applications given the level of access provided to them. For |
| 55 | * example, there's no expectation that the {@link java.net.Socket} API will honor this flag |
| 56 | * because it cannot determine whether its traffic is in cleartext. However, most network |
| 57 | * traffic from applications is handled by higher-level network stacks/components which can |
| 58 | * honor this aspect of the policy. |
| 59 | */ |
| 60 | public boolean isCleartextTrafficPermitted() { |
Alex Klyubin | 403a494 | 2015-03-25 09:00:37 -0700 | [diff] [blame] | 61 | return libcore.net.NetworkSecurityPolicy.isCleartextTrafficPermitted(); |
Alex Klyubin | f9034cc | 2015-02-12 11:43:09 -0800 | [diff] [blame] | 62 | } |
Alex Klyubin | 84750f3 | 2015-03-23 10:51:20 -0700 | [diff] [blame] | 63 | |
| 64 | /** |
| 65 | * Sets whether cleartext network traffic is permitted for this process. |
| 66 | * |
| 67 | * <p>This method is used by the platform early on in the application's initialization to set |
| 68 | * the policy. |
| 69 | * |
| 70 | * @hide |
| 71 | */ |
| 72 | public void setCleartextTrafficPermitted(boolean permitted) { |
Alex Klyubin | 403a494 | 2015-03-25 09:00:37 -0700 | [diff] [blame] | 73 | libcore.net.NetworkSecurityPolicy.setCleartextTrafficPermitted(permitted); |
Alex Klyubin | 84750f3 | 2015-03-23 10:51:20 -0700 | [diff] [blame] | 74 | } |
Alex Klyubin | f9034cc | 2015-02-12 11:43:09 -0800 | [diff] [blame] | 75 | } |