c72875b01e04a12fa25bbc5468cf87f8bf11fcfa |
|
28-Apr-2016 |
Chad Brubaker <cbrubaker@google.com> |
Update trusted certificates when the trust store is changed This CL flushes the trusted cert cache of all active Network Security Configs and their TrustManagers. Previously CA addition mostly worked however removed CAs would remain cached in the X509TrustManager causing the removed CA to still be trusted. Change-Id: I0f5fd39932f8f8ed3ec5dfd088a82e982b366c43
/frameworks/base/core/java/android/security/NetworkSecurityPolicy.java
|
9f779ab4affc3bbe401ed6bb433ee78a934162a6 |
|
20-Jun-2016 |
Chad Brubaker <cbrubaker@google.com> |
Add getApplicationConfigForPackage getApplicationConfigForPackage will be used by system components that need to make connections for apps, e.g. DownloadManager, so that their secure connections have the same configuration as those from the app itself. Bug: 29505888 Change-Id: Idf1cac6307431911eda34529d3fd50f9ca0da314
/frameworks/base/core/java/android/security/NetworkSecurityPolicy.java
|
c845b2a21cedda4dd221fcf01aae74706ecade94 |
|
13-May-2016 |
Chad Brubaker <cbrubaker@google.com> |
Use an attribute for the network security config resource Originally we went with the meta-data approach to make unbundling easier, however with the amount of platform changes that the config ended up relying on it would be better to focus on exposing it through the platform. Bug:28763009 Change-Id: Iaf80001b1980220cd2e1e05faf2dc86af41700e1
/frameworks/base/core/java/android/security/NetworkSecurityPolicy.java
|
bf9a82a6433701aa2f02761f3a7c425ffef4fa09 |
|
25-Mar-2016 |
Chad Brubaker <cbrubaker@google.com> |
Add handleTrustStorageUpdate This pruns all the stored trusted issuers so that changes to the system or user CA store are detected. Currently this is only exposed as a TestApi, but it can be hooked up to the trusted storage change event in a future commit. Bug: 27526668 Change-Id: Ic426254babab9a3177c968bc05b45e95eaac1fdd
/frameworks/base/core/java/android/security/NetworkSecurityPolicy.java
|
d321954f72439f041032d63a57c72081a1a69440 |
|
25-Jan-2016 |
Chad Brubaker <cbrubaker@google.com> |
Merge "Add getApplicationConfigForPackage" am: 7519dce8c2 am: 8500093a35 * commit '8500093a351c40fdd2077fcd724396f72b51d3ba': Add getApplicationConfigForPackage
|
056e8b5a5ac041fd3db0a1e02b819baf38ebdc88 |
|
23-Jan-2016 |
Chad Brubaker <cbrubaker@google.com> |
Add getApplicationConfigForPackage This allows services which make network connections on behalf of applications to honor the application's network security policy. Change-Id: I562b7bd0eb20f2f8c9f8342c211166d4e3397780
/frameworks/base/core/java/android/security/NetworkSecurityPolicy.java
|
25e34339ba3e305c966d147eede3343803371ed2 |
|
05-Jan-2016 |
Chad Brubaker <cbrubaker@google.com> |
Unhide hostname aware isCleartextTrafficPermitted Change-Id: Id2bde5889d963ca2820fdecce1628dce022b510b
/frameworks/base/core/java/android/security/NetworkSecurityPolicy.java
|
2091ab94568edc20a9a36e8877026d65897d538d |
|
09-Dec-2015 |
Chad Brubaker <cbrubaker@google.com> |
Add hostname aware isCleartextTrafficPermitted Change-Id: I22b9ea277407846f9c333ce0cc37c25a2be1381e
/frameworks/base/core/java/android/security/NetworkSecurityPolicy.java
|
6568cf185de1f540e87b827966dc09a268bf77a6 |
|
08-Dec-2015 |
Chad Brubaker <cbrubaker@google.com> |
Refactor NetworkSecurityPolicy to be pluggable This allows us to keep the logic for the NetworkSecurityPolicy in the framework instead of in libcore. Change-Id: I4bf494f79c27729cb17d93d90a91319492270ce9
/frameworks/base/core/java/android/security/NetworkSecurityPolicy.java
|
fbf4599a8edfc31585f207c434d35200a03657b4 |
|
21-Apr-2015 |
Alex Klyubin <klyubin@google.com> |
Document that WebView doesn't honor "uses cleartext traffic" flag. Bug: 19215516 Change-Id: I5dbbaa03f3cae007c0b9b68fcf8cc8f250c16a62
/frameworks/base/core/java/android/security/NetworkSecurityPolicy.java
|
e35cefbf23ec2fe55e8be9e4d20fc9adf4374171 |
|
15-Apr-2015 |
Alex Klyubin <klyubin@google.com> |
Document usesCleartextTraffic app-level attribute. This updates the documentation of the application element of AndroidManifest.xml to mention the new android:usesCleartextTraffic attribute. This also updates the Javadoc of android.security.NetworkSecurityPolicy and ApplicationInfo to match. Bug: 19215516 Change-Id: I5c221b56addae8988b4db51994d18ae379d0fbe3
/frameworks/base/core/java/android/security/NetworkSecurityPolicy.java
|
7cb000ff56babf18d39ab0aa31dfc5dcac0bf11e |
|
26-Mar-2015 |
Alex Klyubin <klyubin@google.com> |
Unhide public API about cleartext traffic policy. Bug: 19215516 Change-Id: I5da81a36c2f3d0edcf715a5f1b14b0a56c7abc6d
/frameworks/base/core/java/android/security/NetworkSecurityPolicy.java
|
403a494d5611b4d782981c39b4ed28b2340a32f9 |
|
25-Mar-2015 |
Alex Klyubin <klyubin@google.com> |
Framework's NetworkSecurityPolicy delegates to libcore's one. Now that the libcore's NetworkSecurityPolicy abstraction is in place, the framework version of the abstraction should delegate to the libcore one, to avoid them getting out of sync. Bug: 19215516 Change-Id: Ic57341d703a13e0fb100dc414958e8fd54e03816
/frameworks/base/core/java/android/security/NetworkSecurityPolicy.java
|
84750f3a69ecfe4238fa1143e7ed6d7bd24fadc3 |
|
23-Mar-2015 |
Alex Klyubin <klyubin@google.com> |
Address pending comments for NetworkSecurityPolicy. This is a follow-up to https://android-review.googlesource.com/#/c/131920/, addressing some outstanding comments. This CL also switches the source file to the correct indentation. Bug: 19215516 Change-Id: Ia48455ab351081e11619afcccadb8fa90340391d
/frameworks/base/core/java/android/security/NetworkSecurityPolicy.java
|
f9034cc4ae5a7d0ee67d505f46208384f9babf1c |
|
12-Feb-2015 |
Alex Klyubin <klyubin@google.com> |
Add android.security.NetworkSecurityPolicy. The initial purpose of the NetworkSecurityPolicy class is to provide a way for network libraries to check whether cleartext network traffic (e.g., HTTP, WebSockets, XMPP, IMAP, SMTP) should be blocked from this process. The policy is set declaratively by the app developer in the app's manifest and can be queried from ApplicationInfo.flags. Unfortunately, several network stacks (bundled and unbundled) do not have a reference to ApplicationInfo or Context. Alternatives: * Keep this API hidden (and thus potentially move it from framework to libcore), thus precluding unbundled HTTP stacks from using the API. * Introduce a new java.lang.System property instead of this API. However, such properties are a mess and not as powerful/extensible as a public class. Bug: 19215516 Change-Id: If22056a74d257bf1d805ebb4fc284240b3d338f1
/frameworks/base/core/java/android/security/NetworkSecurityPolicy.java
|