am 2110a28a: am a4c4c575: Merge "Add android.security.NetworkSecurityPolicy."

* commit '2110a28a6c7ef7d7802028d0a2dd9c14ceb432e1':
  Add android.security.NetworkSecurityPolicy.

2 files changed, 70 insertions, 0 deletions

diff --git a/core/java/android/app/ActivityThread.java b/core/java/android/app/ActivityThread.java
index 7b8ec74fcf7e..4880db125fa8 100644
--- a/core/java/android/app/ActivityThread.java
+++ b/core/java/android/app/ActivityThread.java
@@ -74,6 +74,7 @@ import android.os.SystemProperties;
 import android.os.Trace;
 import android.os.UserHandle;
 import android.provider.Settings;
+import android.security.NetworkSecurityPolicy;
 import android.util.AndroidRuntimeException;
 import android.util.ArrayMap;
 import android.util.DisplayMetrics;
@@ -4480,6 +4481,9 @@ public final class ActivityThread {
             StrictMode.enableDeathOnNetwork();
         }
 
+        NetworkSecurityPolicy.getInstance().setCleartextTrafficPermitted(
+                (data.appInfo.flags & ApplicationInfo.FLAG_USES_CLEARTEXT_TRAFFIC) != 0);
+
         if (data.debugMode != IApplicationThread.DEBUG_OFF) {
             // XXX should have option to change the port.
             Debug.changeDebugPort(8100);
diff --git a/core/java/android/security/NetworkSecurityPolicy.java b/core/java/android/security/NetworkSecurityPolicy.java
new file mode 100644
index 000000000000..c7274e84db81
--- /dev/null
+++ b/core/java/android/security/NetworkSecurityPolicy.java
@@ -0,0 +1,66 @@
+/**
+ * Copyright (c) 2015, The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security;
+
+/**
+ * Network security policy.
+ *
+ * @hide
+ */
+public class NetworkSecurityPolicy {
+
+  private static final NetworkSecurityPolicy INSTANCE = new NetworkSecurityPolicy();
+
+  private boolean mCleartextTrafficPermitted = true;
+
+  private NetworkSecurityPolicy() {}
+
+  /**
+   * Gets the policy.
+   */
+  public static NetworkSecurityPolicy getInstance() {
+    return INSTANCE;
+  }
+
+  /**
+   * Checks whether cleartext network traffic (e.g., HTTP, WebSockets, XMPP, IMAP, SMTP -- without
+   * TLS or STARTTLS) is permitted for this process.
+   *
+   * <p>When cleartext network traffic is not permitted, the platform's components (e.g., HTTP
+   * stacks, {@code WebView}, {@code MediaPlayer}) will refuse this process's requests to use
+   * cleartext traffic. Third-party libraries are encouraged to honor this setting as well.
+   */
+  public boolean isCleartextTrafficPermitted() {
+    synchronized (this) {
+      return mCleartextTrafficPermitted;
+    }
+  }
+
+  /**
+   * Sets whether cleartext network traffic is permitted for this process.
+   *
+   * <p>This method is used by the platform early on in the application's initialization to set the
+   * policy.
+   *
+   * @hide
+   */
+  public void setCleartextTrafficPermitted(boolean permitted) {
+    synchronized (this) {
+      mCleartextTrafficPermitted = permitted;
+    }
+  }
+}