NetworkSecurityPolicy.java revision 84750f3a69ecfe4238fa1143e7ed6d7bd24fadc3 
1/**
2 * Copyright (c) 2015, The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 *     http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17package android.security;
18
19/**
20 * Network security policy.
21 *
22 * <p>Network stacks/components should honor this policy to make it possible to centrally control
23 * the relevant aspects of network security behavior.
24 *
25 * <p>The policy currently consists of a single flag: whether cleartext network traffic is
26 * permitted. See {@link #isCleartextTrafficPermitted()}.
27 *
28 * @hide
29 */
30public class NetworkSecurityPolicy {
31
32    private static final NetworkSecurityPolicy INSTANCE = new NetworkSecurityPolicy();
33
34    private volatile boolean mCleartextTrafficPermitted = true;
35
36    private NetworkSecurityPolicy() {}
37
38    /**
39     * Gets the policy for this process.
40     *
41     * <p>It's fine to cache this reference. Any changes to the policy will be immediately visible
42     * through the reference.
43     */
44    public static NetworkSecurityPolicy getInstance() {
45        return INSTANCE;
46    }
47
48    /**
49     * Returns whether cleartext network traffic (e.g. HTTP, FTP, WebSockets, XMPP, IMAP, SMTP --
50     * without TLS or STARTTLS) is permitted for this process.
51     *
52     * <p>When cleartext network traffic is not permitted, the platform's components (e.g. HTTP and
53     * FTP stacks, {@code WebView}, {@code MediaPlayer}) will refuse this process's requests to use
54     * cleartext traffic. Third-party libraries are strongly encouraged to honor this setting as
55     * well.
56     *
57     * <p>This flag is honored on a best effort basis because it's impossible to prevent all
58     * cleartext traffic from Android applications given the level of access provided to them. For
59     * example, there's no expectation that the {@link java.net.Socket} API will honor this flag
60     * because it cannot determine whether its traffic is in cleartext. However, most network
61     * traffic from applications is handled by higher-level network stacks/components which can
62     * honor this aspect of the policy.
63     */
64    public boolean isCleartextTrafficPermitted() {
65        return mCleartextTrafficPermitted;
66    }
67
68    /**
69     * Sets whether cleartext network traffic is permitted for this process.
70     *
71     * <p>This method is used by the platform early on in the application's initialization to set
72     * the policy.
73     *
74     * @hide
75     */
76    public void setCleartextTrafficPermitted(boolean permitted) {
77        mCleartextTrafficPermitted = permitted;
78    }
79}
80