NetworkSecurityPolicy.java revision 2091ab94568edc20a9a36e8877026d65897d538d 
1/**
2 * Copyright (c) 2015, The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 *     http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17package android.security;
18
19/**
20 * Network security policy.
21 *
22 * <p>Network stacks/components should honor this policy to make it possible to centrally control
23 * the relevant aspects of network security behavior.
24 *
25 * <p>The policy currently consists of a single flag: whether cleartext network traffic is
26 * permitted. See {@link #isCleartextTrafficPermitted()}.
27 */
28public class NetworkSecurityPolicy {
29
30    private static final NetworkSecurityPolicy INSTANCE = new NetworkSecurityPolicy();
31
32    private NetworkSecurityPolicy() {}
33
34    /**
35     * Gets the policy for this process.
36     *
37     * <p>It's fine to cache this reference. Any changes to the policy will be immediately visible
38     * through the reference.
39     */
40    public static NetworkSecurityPolicy getInstance() {
41        return INSTANCE;
42    }
43
44    /**
45     * Returns whether cleartext network traffic (e.g. HTTP, FTP, WebSockets, XMPP, IMAP, SMTP --
46     * without TLS or STARTTLS) is permitted for all network communication from this process.
47     *
48     * <p>When cleartext network traffic is not permitted, the platform's components (e.g. HTTP and
49     * FTP stacks, {@link android.app.DownloadManager}, {@link android.media.MediaPlayer}) will
50     * refuse this process's requests to use cleartext traffic. Third-party libraries are strongly
51     * encouraged to honor this setting as well.
52     *
53     * <p>This flag is honored on a best effort basis because it's impossible to prevent all
54     * cleartext traffic from Android applications given the level of access provided to them. For
55     * example, there's no expectation that the {@link java.net.Socket} API will honor this flag
56     * because it cannot determine whether its traffic is in cleartext. However, most network
57     * traffic from applications is handled by higher-level network stacks/components which can
58     * honor this aspect of the policy.
59     *
60     * <p>NOTE: {@link android.webkit.WebView} does not honor this flag.
61     */
62    public boolean isCleartextTrafficPermitted() {
63        return libcore.net.NetworkSecurityPolicy.getInstance().isCleartextTrafficPermitted();
64    }
65
66    /**
67     * Returns whether cleartext network traffic (e.g. HTTP, FTP, XMPP, IMAP, SMTP -- without
68     * TLS or STARTTLS) is permitted for communicating with {@code hostname} for this process.
69     *
70     * @see #isCleartextTrafficPermitted()
71     * @hide
72     */
73    public boolean isCleartextTrafficPermitted(String hostname) {
74        return libcore.net.NetworkSecurityPolicy.getInstance()
75                .isCleartextTrafficPermitted(hostname);
76    }
77
78    /**
79     * Sets whether cleartext network traffic is permitted for this process.
80     *
81     * <p>This method is used by the platform early on in the application's initialization to set
82     * the policy.
83     *
84     * @hide
85     */
86    public void setCleartextTrafficPermitted(boolean permitted) {
87        FrameworkNetworkSecurityPolicy policy = new FrameworkNetworkSecurityPolicy(permitted);
88        libcore.net.NetworkSecurityPolicy.setInstance(policy);
89    }
90}
91