NetworkSecurityPolicy.java revision 403a494d5611b4d782981c39b4ed28b2340a32f9 
1/**
2 * Copyright (c) 2015, The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 *     http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17package android.security;
18
19/**
20 * Network security policy.
21 *
22 * <p>Network stacks/components should honor this policy to make it possible to centrally control
23 * the relevant aspects of network security behavior.
24 *
25 * <p>The policy currently consists of a single flag: whether cleartext network traffic is
26 * permitted. See {@link #isCleartextTrafficPermitted()}.
27 *
28 * @hide
29 */
30public class NetworkSecurityPolicy {
31
32    private static final NetworkSecurityPolicy INSTANCE = new NetworkSecurityPolicy();
33
34    private NetworkSecurityPolicy() {}
35
36    /**
37     * Gets the policy for this process.
38     *
39     * <p>It's fine to cache this reference. Any changes to the policy will be immediately visible
40     * through the reference.
41     */
42    public static NetworkSecurityPolicy getInstance() {
43        return INSTANCE;
44    }
45
46    /**
47     * Returns whether cleartext network traffic (e.g. HTTP, FTP, WebSockets, XMPP, IMAP, SMTP --
48     * without TLS or STARTTLS) is permitted for this process.
49     *
50     * <p>When cleartext network traffic is not permitted, the platform's components (e.g. HTTP and
51     * FTP stacks, {@code WebView}, {@code MediaPlayer}) will refuse this process's requests to use
52     * cleartext traffic. Third-party libraries are strongly encouraged to honor this setting as
53     * well.
54     *
55     * <p>This flag is honored on a best effort basis because it's impossible to prevent all
56     * cleartext traffic from Android applications given the level of access provided to them. For
57     * example, there's no expectation that the {@link java.net.Socket} API will honor this flag
58     * because it cannot determine whether its traffic is in cleartext. However, most network
59     * traffic from applications is handled by higher-level network stacks/components which can
60     * honor this aspect of the policy.
61     */
62    public boolean isCleartextTrafficPermitted() {
63        return libcore.net.NetworkSecurityPolicy.isCleartextTrafficPermitted();
64    }
65
66    /**
67     * Sets whether cleartext network traffic is permitted for this process.
68     *
69     * <p>This method is used by the platform early on in the application's initialization to set
70     * the policy.
71     *
72     * @hide
73     */
74    public void setCleartextTrafficPermitted(boolean permitted) {
75        libcore.net.NetworkSecurityPolicy.setCleartextTrafficPermitted(permitted);
76    }
77}
78