NetworkSecurityPolicy.java revision 84750f3a69ecfe4238fa1143e7ed6d7bd24fadc3
1/** 2 * Copyright (c) 2015, The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17package android.security; 18 19/** 20 * Network security policy. 21 * 22 * <p>Network stacks/components should honor this policy to make it possible to centrally control 23 * the relevant aspects of network security behavior. 24 * 25 * <p>The policy currently consists of a single flag: whether cleartext network traffic is 26 * permitted. See {@link #isCleartextTrafficPermitted()}. 27 * 28 * @hide 29 */ 30public class NetworkSecurityPolicy { 31 32 private static final NetworkSecurityPolicy INSTANCE = new NetworkSecurityPolicy(); 33 34 private volatile boolean mCleartextTrafficPermitted = true; 35 36 private NetworkSecurityPolicy() {} 37 38 /** 39 * Gets the policy for this process. 40 * 41 * <p>It's fine to cache this reference. Any changes to the policy will be immediately visible 42 * through the reference. 43 */ 44 public static NetworkSecurityPolicy getInstance() { 45 return INSTANCE; 46 } 47 48 /** 49 * Returns whether cleartext network traffic (e.g. HTTP, FTP, WebSockets, XMPP, IMAP, SMTP -- 50 * without TLS or STARTTLS) is permitted for this process. 51 * 52 * <p>When cleartext network traffic is not permitted, the platform's components (e.g. HTTP and 53 * FTP stacks, {@code WebView}, {@code MediaPlayer}) will refuse this process's requests to use 54 * cleartext traffic. Third-party libraries are strongly encouraged to honor this setting as 55 * well. 56 * 57 * <p>This flag is honored on a best effort basis because it's impossible to prevent all 58 * cleartext traffic from Android applications given the level of access provided to them. For 59 * example, there's no expectation that the {@link java.net.Socket} API will honor this flag 60 * because it cannot determine whether its traffic is in cleartext. However, most network 61 * traffic from applications is handled by higher-level network stacks/components which can 62 * honor this aspect of the policy. 63 */ 64 public boolean isCleartextTrafficPermitted() { 65 return mCleartextTrafficPermitted; 66 } 67 68 /** 69 * Sets whether cleartext network traffic is permitted for this process. 70 * 71 * <p>This method is used by the platform early on in the application's initialization to set 72 * the policy. 73 * 74 * @hide 75 */ 76 public void setCleartextTrafficPermitted(boolean permitted) { 77 mCleartextTrafficPermitted = permitted; 78 } 79} 80