11e45075221680dcc25e3da1d3c32710e5a98603 |
25-Jan-2017 |
Todd Kennedy <toddke@google.com> |
Define targetSandboxVersion The new attribute allows both ephemeral and non-ephemeral apps to opt into a new, tighter security model. Test: Manual; built app w/ targetSandboxVersion and verified the security domain Change-Id: I8fcaf84e25f0519b438ba51302f79790e680e025
rc/android/security/net/config/NetworkSecurityConfigTests.java
|
8aeb59ebcd50a510d024dc082fa17b192074c63d |
10-Jan-2017 |
Paul Duffin <paulduffin@google.com> |
Prepare for removal of legacy-test from default targets In preparation for removing junit classes from the Android API the legacy-test target will be removed from the TARGET_DEFAULT_JAVA_LIBRARIES. This change adds explicit dependencies on junit and/or legacy-android-test to ensure that modules will compile properly once it is removed. Bug: 30188076 Test: make checkbuild Change-Id: I13e88297731253420e4e5f5291d503f13a39a156
ndroid.mk
|
b8feba10f4fc86a2bc31f56a1757632f0292f38f |
06-Dec-2016 |
Chad Brubaker <cbrubaker@google.com> |
Default to not allowing cleartext traffic for ephemeral apps Test: NetworkSecurityPolicy.isCleartextTraffic permitted returns the expected defaults. Change-Id: I7d6577f8461bbf1f44eb21b4d813dba1746449fa
rc/android/security/net/config/NetworkSecurityConfigTests.java
|
bf9a82a6433701aa2f02761f3a7c425ffef4fa09 |
25-Mar-2016 |
Chad Brubaker <cbrubaker@google.com> |
Add handleTrustStorageUpdate This pruns all the stored trusted issuers so that changes to the system or user CA store are detected. Currently this is only exposed as a TestApi, but it can be hooked up to the trusted storage change event in a future commit. Bug: 27526668 Change-Id: Ic426254babab9a3177c968bc05b45e95eaac1fdd
rc/android/security/net/config/TestCertificateSource.java
|
7cc736da82b814b383daaa59609372917fd004cd |
23-Mar-2016 |
Chad Brubaker <cbrubaker@google.com> |
Properly handle whitespace in domain entries Domain entries can contain whitespace (or newlines) which should be ignored to avoid unexpectedly failing to match a domain. Bug: 27816377 Change-Id: I3691aa4abd409e7be97ad0cf1eb0195725e1b0ab
es/xml/domain_whitespace.xml
rc/android/security/net/config/XmlConfigTests.java
|
567f6f24747c80b4ab362a22985576c4f8a418fd |
29-Feb-2016 |
Chad Brubaker <cbrubaker@google.com> |
Allow debug-overrides to be specified in an extra resource An application can specify its debug-overrides in an extra resource with the same name suffixed with "_debug" (e.g. res/xml/security_config.xml and res/xml/security_config_debug.xml). By specifying the debug-overrides in an extra file release builds can strip out the file (and any certificate resources that the debug-overrides depend on) to prevent including testing configuration information in the release build of an application. Bug: 27418003 Change-Id: Ibfebc376360ca474fc0f9f2fd565faa0cffd9549
es/xml/bad_extra_debug_resource.xml
es/xml/bad_extra_debug_resource_debug.xml
es/xml/extra_debug_resource.xml
es/xml/extra_debug_resource_debug.xml
rc/android/security/net/config/XmlConfigTests.java
|
32d2a1024f75f7e917f2aca18d34322a46d36bcb |
24-Feb-2016 |
Chad Brubaker <cbrubaker@google.com> |
Dont trust the user added CA store by default for apps targeting N Android's security model is such that the applications data is secure by default unless the application specifically grants access to it. Application data in transit should have similar security properties. Bug: 27301579 Change-Id: I72f106aefecccd6edfcc1d3ae10131ad2f69a559
rc/android/security/net/config/NetworkSecurityConfigTests.java
|
aa6c3c3e252252b80c3900bd4c1ff27d37265c6d |
18-Dec-2015 |
Chad Brubaker <cbrubaker@google.com> |
Support TrustedCertificateStore.findAllIssuers Change-Id: I176ec42c9907e50ee218e4fb352b530ca797be46
rc/android/security/net/config/TestCertificateSource.java
|
49ce7dc2baa9ee867fc7b78301c65fab2168a9b2 |
14-Dec-2015 |
Chad Brubaker <cbrubaker@google.com> |
Merge "Check for null hostnames in RootTrustManager"
|
dd586a46c9ce5f9790ae097f491b088300603452 |
11-Dec-2015 |
Chad Brubaker <cbrubaker@google.com> |
Check for null hostnames in RootTrustManager Even if the hostname aware method is called if the hostname is null then the destination is unknown and the configuration can be ambiguous. Change-Id: I7cacbd57a42604933fdc882371f143dc0a20902d
rc/android/security/net/config/XmlConfigTests.java
|
fa9beebb83abe38fa04c14dc628bc5c1b4b068cd |
25-Nov-2015 |
Chad Brubaker <cbrubaker@google.com> |
Expose findByIssuerAndSignature This will be used to create a custom conscrypt TrustedCertificateStore to avoid loading all of the trusted certificates into memory in a keystore. Change-Id: Iaf54b691393ecadae6c7ff56b8adc6a2a2923d29
rc/android/security/net/config/TestCertificateSource.java
|
d3af9620817220d737fdb532c1ae1032bdd65e11 |
16-Nov-2015 |
Chad Brubaker <cbrubaker@google.com> |
Expose findTrustAnchorBySubjectAndPublicKey This allows for faster lookups of TrustAnchors when checking pin overrides without needing to iterate over all certificates. Currently only the system and user trusted certificate store are optimized to avoid reading the entire source before doing the trust anchor lookup, improvements to the resource source will come in a later commit. This also refactors System/UserCertificateSource to avoid code duplication. Change-Id: Ice00c5e047140f3d102306937556b761faaf0d0e
es/xml/override_dedup.xml
rc/android/security/net/config/TestCertificateSource.java
rc/android/security/net/config/XmlConfigTests.java
|
5a1078f40dd511901c33ccf78be6e2d5081d6637 |
10-Nov-2015 |
Chad Brubaker <cbrubaker@google.com> |
Add NetworkSecurityConfigProvider Change-Id: I321e3ca94cc2a8d5e0e5d82a83b255ff5b8a71d2
rc/android/security/net/config/TestUtils.java
rc/android/security/net/config/XmlConfigTests.java
|
08d36202daeb3e668911c9902edb61b6894f822e |
09-Nov-2015 |
Chad Brubaker <cbrubaker@google.com> |
Add support for debug-overrides configuration Debug overrides are only used if the application is debuggable in order to help local debugging and development by trusting additional CAs. In a non-debuggable version of the application the debug-overrides are ignored. Trust anchors in the debug override configuration have two key differences from those in base-config and domain-config: 1) trust anchors in the debug-overrides are trusted for all connections in addition to any trust anchors included in the relevant base/domain configs. 2) By default trust anchors in the debug config override pins, as their purpose is for connecting to non-standard servers for debugging and testing and those servers should not be pinned in the production configuration. Change-Id: I15ee98eae182be0ffaa49b06bc5e1c6c3d22baee
es/raw/test_debug_ca.pem
es/xml/debug_basic.xml
es/xml/debug_domain.xml
es/xml/debug_inherit.xml
rc/android/security/net/config/XmlConfigTests.java
|
bd173c28fcded629da722c6669f1b6478cdcd94f |
07-Nov-2015 |
Chad Brubaker <cbrubaker@google.com> |
Support nested domain-config elements Nested domain-config inherit unset parameters from the domain-config they are nested in. This helps avoid copy and pasted configs that are almost the same except a few minor differences for a domain with slightly different requirements. For example: Consider a domain-config for example.com that, among other settings, does not enforce hsts. Now if you want the rules for example.com to apply to secure.example.com except that hsts _is_ enforced you can make a nested domain-config for secure.example.com under example.com that sets hstsEnforced="true" and nothing else. Change-Id: I9e33f7e62127fd7f4f15c3560fff2f2626477bd4
es/xml/nested_domains.xml
es/xml/nested_domains_override.xml
rc/android/security/net/config/XmlConfigTests.java
|
5f96702f582050c1598136ed2a748f76b981c94e |
05-Nov-2015 |
Chad Brubaker <cbrubaker@google.com> |
Add xml source for network security configuration XmlConfigSource parses an ApplicationConfig from an xml resource. Currently this supports app-wide default configuration via the base-config element, per domain via the domain-config element and inheritance of unset properties at parse time. Inheritance of unset properties is currently only: domain-config -> base-config -> platform default configuration Where the most specific value is used. For example: If the base-config specifies trust anchors, all connections will use those anchors except for connections to a domain which has a domain-config that specifies trust anchors, in which case the domain-config's trust anchors will be used. If the domain-config or base-config don't set trust anchors, or don't exist, then the platform default trust anchors will be used. Nested domain-config entries, debug-overrides, and thorough documentation of the xml format will follow in later commits. Change-Id: I1232ff1e8079a81b340bc12e142f0889f6947aa0
ndroidManifest.xml
es/raw/ca_certs_der.der
es/raw/ca_certs_pem.pem
es/xml/attributes.xml
es/xml/bad_config0.xml
es/xml/bad_config1.xml
es/xml/bad_config2.xml
es/xml/bad_config3.xml
es/xml/bad_config4.xml
es/xml/bad_config5.xml
es/xml/bad_pin.xml
es/xml/domain1.xml
es/xml/empty_config.xml
es/xml/empty_trust.xml
es/xml/expired_pin.xml
es/xml/multiple_configs.xml
es/xml/multiple_domains.xml
es/xml/override_pins.xml
es/xml/pins1.xml
es/xml/resource_anchors_der.xml
es/xml/resource_anchors_pem.xml
es/xml/subdomains.xml
rc/android/security/net/config/NetworkSecurityConfigTests.java
rc/android/security/net/config/TestUtils.java
rc/android/security/net/config/XmlConfigTests.java
|
80a73f5939364a07d8e83d3a90de6dc789e1b334 |
05-Nov-2015 |
Chad Brubaker <cbrubaker@google.com> |
Use a builder for NetworkSecurityConfig The builder supports all the standard builder set* methods as well as setting a parent builder to use when values are not set (recursively). This allows us to have a level of inheretence in configurations without complicating the lookup and trust checking logic by doing inheretence when building the configs. Change-Id: I054af83451e52761227479eadf9cb9803437505f
rc/android/security/net/config/NetworkSecurityConfigTests.java
|
6bc1e3966c4890ee3d47b5e527b800f2700ed627 |
24-Oct-2015 |
Chad Brubaker <cbrubaker@google.com> |
Add initial network security config implementation Initial implementation of a unified application wide static network security configuration. This currently encompases: * Trust decisions such as what trust anchors to use as well as static certificate pinning. * Policy on what to do with cleartext traffic. In order to prevent issues due to interplay of various components in an application and their potentially different security requirements configuration can be specified at a per-domain granularity in addition to application wide defaults. This change contains the internal data structures and trust management code, hooking these up in application startup will come in a future commit. Change-Id: I53ce5ba510a4221d58839e61713262a8f4c6699c
ndroid.mk
ndroidManifest.xml
rc/android/security/net/config/NetworkSecurityConfigTests.java
rc/android/security/net/config/TestCertificateSource.java
rc/android/security/net/config/TestConfigSource.java
|