am 98ff619d: am d4a2e7c4: am ff022cb1: Merge "Address pending comments for NetworkSecurityPolicy."

* commit '98ff619d79dd213b21e0cb468d6432f0b4e153b4': Address pending comments for NetworkSecurityPolicy.
author: Alex Klyubin <klyubin@google.com> 2015-03-25 16:52:44 +0000
committer: Android Git Automerger <android-git-automerger@android.com> 2015-03-25 16:52:44 +0000
commit: 17badbaf83746244e21eaf41c5108f935b00c877 (patch)
tree: 720be086aac259e9e61b9ddb67ac7988e2a6e1d1
parent: a223d658306fea5c0a6d30c9850058d5afadb2d1 (diff)
parent: 98ff619d79dd213b21e0cb468d6432f0b4e153b4 (diff)
1 files changed, 46 insertions, 33 deletions
diff --git a/core/java/android/security/NetworkSecurityPolicy.java b/core/java/android/security/NetworkSecurityPolicy.java
index c7274e84db81..b26b10ce47a5 100644
--- a/core/java/android/security/NetworkSecurityPolicy.java
+++ b/core/java/android/security/NetworkSecurityPolicy.java
@@ -19,48 +19,61 @@ package android.security;
 /**
  * Network security policy.
  *
+ * <p>Network stacks/components should honor this policy to make it possible to centrally control
+ * the relevant aspects of network security behavior.
+ *
+ * <p>The policy currently consists of a single flag: whether cleartext network traffic is
+ * permitted. See {@link #isCleartextTrafficPermitted()}.
+ *
  * @hide
  */
 public class NetworkSecurityPolicy {
 
-  private static final NetworkSecurityPolicy INSTANCE = new NetworkSecurityPolicy();
+    private static final NetworkSecurityPolicy INSTANCE = new NetworkSecurityPolicy();
 
-  private boolean mCleartextTrafficPermitted = true;
+    private volatile boolean mCleartextTrafficPermitted = true;
 
-  private NetworkSecurityPolicy() {}
+    private NetworkSecurityPolicy() {}
 
-  /**
-   * Gets the policy.
-   */
-  public static NetworkSecurityPolicy getInstance() {
-    return INSTANCE;
-  }
+    /**
+     * Gets the policy for this process.
+     *
+     * <p>It's fine to cache this reference. Any changes to the policy will be immediately visible
+     * through the reference.
+     */
+    public static NetworkSecurityPolicy getInstance() {
+        return INSTANCE;
+    }
 
-  /**
-   * Checks whether cleartext network traffic (e.g., HTTP, WebSockets, XMPP, IMAP, SMTP -- without
-   * TLS or STARTTLS) is permitted for this process.
-   *
-   * <p>When cleartext network traffic is not permitted, the platform's components (e.g., HTTP
-   * stacks, {@code WebView}, {@code MediaPlayer}) will refuse this process's requests to use
-   * cleartext traffic. Third-party libraries are encouraged to honor this setting as well.
-   */
-  public boolean isCleartextTrafficPermitted() {
-    synchronized (this) {
-      return mCleartextTrafficPermitted;
+    /**
+     * Returns whether cleartext network traffic (e.g. HTTP, FTP, WebSockets, XMPP, IMAP, SMTP --
+     * without TLS or STARTTLS) is permitted for this process.
+     *
+     * <p>When cleartext network traffic is not permitted, the platform's components (e.g. HTTP and
+     * FTP stacks, {@code WebView}, {@code MediaPlayer}) will refuse this process's requests to use
+     * cleartext traffic. Third-party libraries are strongly encouraged to honor this setting as
+     * well.
+     *
+     * <p>This flag is honored on a best effort basis because it's impossible to prevent all
+     * cleartext traffic from Android applications given the level of access provided to them. For
+     * example, there's no expectation that the {@link java.net.Socket} API will honor this flag
+     * because it cannot determine whether its traffic is in cleartext. However, most network
+     * traffic from applications is handled by higher-level network stacks/components which can
+     * honor this aspect of the policy.
+     */
+    public boolean isCleartextTrafficPermitted() {
+        return mCleartextTrafficPermitted;
     }
-  }
 
-  /**
-   * Sets whether cleartext network traffic is permitted for this process.
-   *
-   * <p>This method is used by the platform early on in the application's initialization to set the
-   * policy.
-   *
-   * @hide
-   */
-  public void setCleartextTrafficPermitted(boolean permitted) {
-    synchronized (this) {
-      mCleartextTrafficPermitted = permitted;
+    /**
+     * Sets whether cleartext network traffic is permitted for this process.
+     *
+     * <p>This method is used by the platform early on in the application's initialization to set
+     * the policy.
+     *
+     * @hide
+     */
+    public void setCleartextTrafficPermitted(boolean permitted) {
+        mCleartextTrafficPermitted = permitted;
     }
-  }
 }
author	Alex Klyubin <klyubin@google.com>	2015-03-25 16:52:44 +0000
committer	Android Git Automerger <android-git-automerger@android.com>	2015-03-25 16:52:44 +0000
commit	17badbaf83746244e21eaf41c5108f935b00c877 (patch)
tree	720be086aac259e9e61b9ddb67ac7988e2a6e1d1
parent	a223d658306fea5c0a6d30c9850058d5afadb2d1 (diff)
parent	98ff619d79dd213b21e0cb468d6432f0b4e153b4 (diff)