diff options
| -rw-r--r-- | core/java/android/security/net/config/ApplicationConfig.java | 14 | ||||
| -rw-r--r-- | core/java/android/security/net/config/NetworkSecurityConfigProvider.java | 51 |
2 files changed, 63 insertions, 2 deletions
diff --git a/core/java/android/security/net/config/ApplicationConfig.java b/core/java/android/security/net/config/ApplicationConfig.java index b6276418c49d..48359d47f091 100644 --- a/core/java/android/security/net/config/ApplicationConfig.java +++ b/core/java/android/security/net/config/ApplicationConfig.java @@ -144,4 +144,18 @@ public final class ApplicationConfig { return sInstance; } } + + /** @hide */ + public static ApplicationConfig getPlatformDefault() { + return new ApplicationConfig(new ConfigSource() { + @Override + public NetworkSecurityConfig getDefaultConfig() { + return NetworkSecurityConfig.DEFAULT; + } + @Override + public Set<Pair<Domain, NetworkSecurityConfig>> getPerDomainConfigs() { + return null; + } + }); + } } diff --git a/core/java/android/security/net/config/NetworkSecurityConfigProvider.java b/core/java/android/security/net/config/NetworkSecurityConfigProvider.java index ca8cdae47162..ac762efe85d2 100644 --- a/core/java/android/security/net/config/NetworkSecurityConfigProvider.java +++ b/core/java/android/security/net/config/NetworkSecurityConfigProvider.java @@ -16,13 +16,21 @@ package android.security.net.config; +import android.content.Context; +import android.content.pm.ApplicationInfo; +import android.content.pm.PackageManager; +import android.util.Log; +import java.security.Security; import java.security.Provider; /** @hide */ public final class NetworkSecurityConfigProvider extends Provider { - - private static String PREFIX = + private static final String LOG_TAG = "NetworkSecurityConfig"; + private static final String PREFIX = NetworkSecurityConfigProvider.class.getPackage().getName() + "."; + public static final String META_DATA_NETWORK_SECURITY_CONFIG = + "android.security.net.config"; + private static final boolean DBG = true; public NetworkSecurityConfigProvider() { // TODO: More clever name than this @@ -30,4 +38,43 @@ public final class NetworkSecurityConfigProvider extends Provider { put("TrustManagerFactory.PKIX", PREFIX + "RootTrustManagerFactorySpi"); put("Alg.Alias.TrustManagerFactory.X509", "PKIX"); } + + public static void install(Context context) { + ApplicationInfo info = null; + // TODO: This lookup shouldn't be done in the app startup path, it should be done lazily. + try { + info = context.getPackageManager().getApplicationInfo(context.getPackageName(), + PackageManager.GET_META_DATA); + } catch (PackageManager.NameNotFoundException e) { + throw new RuntimeException("Failed to look up ApplicationInfo", e); + } + int configResourceId = 0; + if (info != null && info.metaData != null) { + configResourceId = info.metaData.getInt(META_DATA_NETWORK_SECURITY_CONFIG); + } + + ApplicationConfig config; + if (configResourceId != 0) { + boolean debugBuild = (info.flags & ApplicationInfo.FLAG_DEBUGGABLE) != 0; + if (DBG) { + Log.d(LOG_TAG, "Using Network Security Config from resource " + + context.getResources().getResourceEntryName(configResourceId) + + " debugBuild: " + debugBuild); + } + ConfigSource source = new XmlConfigSource(context, configResourceId, debugBuild); + config = new ApplicationConfig(source); + } else { + if (DBG) { + Log.d(LOG_TAG, "No Network Security Config specified, using platform default"); + } + config = ApplicationConfig.getPlatformDefault(); + } + + ApplicationConfig.setDefaultInstance(config); + int pos = Security.insertProviderAt(new NetworkSecurityConfigProvider(), 1); + if (pos != 1) { + throw new RuntimeException("Failed to install provider as highest priority provider." + + " Provider was installed at position " + pos); + } + } } |