| 32d2a1024f75f7e917f2aca18d34322a46d36bcb |
|
24-Feb-2016 |
Chad Brubaker <cbrubaker@google.com> |
Dont trust the user added CA store by default for apps targeting N
Android's security model is such that the applications data is secure by
default unless the application specifically grants access to it.
Application data in transit should have similar security properties.
Bug: 27301579
Change-Id: I72f106aefecccd6edfcc1d3ae10131ad2f69a559
/frameworks/base/tests/NetworkSecurityConfigTest/src/android/security/net/config/NetworkSecurityConfigTests.java
|
| 5f96702f582050c1598136ed2a748f76b981c94e |
|
05-Nov-2015 |
Chad Brubaker <cbrubaker@google.com> |
Add xml source for network security configuration
XmlConfigSource parses an ApplicationConfig from an xml resource.
Currently this supports app-wide default configuration via the
base-config element, per domain via the domain-config element and
inheritance of unset properties at parse time.
Inheritance of unset properties is currently only:
domain-config -> base-config -> platform default configuration
Where the most specific value is used.
For example: If the base-config specifies trust anchors, all connections
will use those anchors except for connections to a domain which has a
domain-config that specifies trust anchors, in which case the
domain-config's trust anchors will be used. If the domain-config or
base-config don't set trust anchors, or don't exist, then the platform
default trust anchors will be used.
Nested domain-config entries, debug-overrides, and thorough
documentation of the xml format will follow in later commits.
Change-Id: I1232ff1e8079a81b340bc12e142f0889f6947aa0
/frameworks/base/tests/NetworkSecurityConfigTest/src/android/security/net/config/NetworkSecurityConfigTests.java
|
| 80a73f5939364a07d8e83d3a90de6dc789e1b334 |
|
05-Nov-2015 |
Chad Brubaker <cbrubaker@google.com> |
Use a builder for NetworkSecurityConfig
The builder supports all the standard builder set* methods as well as
setting a parent builder to use when values are not set (recursively).
This allows us to have a level of inheretence in configurations without
complicating the lookup and trust checking logic by doing inheretence
when building the configs.
Change-Id: I054af83451e52761227479eadf9cb9803437505f
/frameworks/base/tests/NetworkSecurityConfigTest/src/android/security/net/config/NetworkSecurityConfigTests.java
|
| 6bc1e3966c4890ee3d47b5e527b800f2700ed627 |
|
24-Oct-2015 |
Chad Brubaker <cbrubaker@google.com> |
Add initial network security config implementation
Initial implementation of a unified application wide static
network security configuration.
This currently encompases:
* Trust decisions such as what trust anchors to use as well as static
certificate pinning.
* Policy on what to do with cleartext traffic.
In order to prevent issues due to interplay of various components in an
application and their potentially different security requirements
configuration can be specified at a per-domain granularity in addition
to application wide defaults.
This change contains the internal data structures and trust management
code, hooking these up in application startup will come in a future
commit.
Change-Id: I53ce5ba510a4221d58839e61713262a8f4c6699c
/frameworks/base/tests/NetworkSecurityConfigTest/src/android/security/net/config/NetworkSecurityConfigTests.java
|