diff options
author | Chad Brubaker <cbrubaker@google.com> | 2018-04-13 16:18:11 -0700 |
---|---|---|
committer | Chad Brubaker <cbrubaker@google.com> | 2018-04-13 17:04:43 -0700 |
commit | 49eff81262c3b85a1640d01e202a8067eae5be68 (patch) | |
tree | 5218794c49a34c60f44578aa8d472b2ecb6e450b /src/com/android/providers/downloads/RealSystemFacade.java | |
parent | a2b909b2f5a1d2f25f5b8ad810b49f56123999e6 (diff) | |
download | android_packages_providers_DownloadProvider-49eff81262c3b85a1640d01e202a8067eae5be68.tar.gz android_packages_providers_DownloadProvider-49eff81262c3b85a1640d01e202a8067eae5be68.tar.bz2 android_packages_providers_DownloadProvider-49eff81262c3b85a1640d01e202a8067eae5be68.zip |
Use the network security config's cleartext settings
Previously DownloadManager only respected the manifest attribute, this
change makes DownloadManager handle both the manifest and the network
security config
Change-Id: I5666a1eea6278acc3864620a0e5a4c3ae37635b8
Fixes: 78028215
Test: atest CtsNetSecConfigDownloadManagerTestCases
Diffstat (limited to 'src/com/android/providers/downloads/RealSystemFacade.java')
-rw-r--r-- | src/com/android/providers/downloads/RealSystemFacade.java | 38 |
1 files changed, 7 insertions, 31 deletions
diff --git a/src/com/android/providers/downloads/RealSystemFacade.java b/src/com/android/providers/downloads/RealSystemFacade.java index 9d07999b..a0ce92c3 100644 --- a/src/com/android/providers/downloads/RealSystemFacade.java +++ b/src/com/android/providers/downloads/RealSystemFacade.java @@ -90,25 +90,6 @@ class RealSystemFacade implements SystemFacade { } @Override - public boolean isCleartextTrafficPermitted(int uid) { - PackageManager packageManager = mContext.getPackageManager(); - String[] packageNames = packageManager.getPackagesForUid(uid); - if (ArrayUtils.isEmpty(packageNames)) { - // Unknown UID -- fail safe: cleartext traffic not permitted - return false; - } - - // Cleartext traffic is permitted from the UID if it's permitted for any of the packages - // belonging to that UID. - for (String packageName : packageNames) { - if (isCleartextTrafficPermitted(packageName)) { - return true; - } - } - return false; - } - - @Override public SSLContext getSSLContextForPackage(Context context, String packageName) throws GeneralSecurityException { ApplicationConfig appConfig; @@ -124,22 +105,17 @@ class RealSystemFacade implements SystemFacade { } /** - * Returns whether cleartext network traffic (HTTP) is permitted for the provided package. + * Returns whether cleartext network traffic (HTTP) is permitted for the provided package to + * {@code host}. */ - private boolean isCleartextTrafficPermitted(String packageName) { - PackageManager packageManager = mContext.getPackageManager(); - PackageInfo packageInfo; + public boolean isCleartextTrafficPermitted(String packageName, String host) { + ApplicationConfig appConfig; try { - packageInfo = packageManager.getPackageInfo(packageName, 0); + appConfig = NetworkSecurityPolicy.getApplicationConfigForPackage(mContext, packageName); } catch (NameNotFoundException e) { - // Unknown package -- fail safe: cleartext traffic not permitted - return false; - } - ApplicationInfo applicationInfo = packageInfo.applicationInfo; - if (applicationInfo == null) { - // No app info -- fail safe: cleartext traffic not permitted + // Unknown package -- fail for safety return false; } - return (applicationInfo.flags & ApplicationInfo.FLAG_USES_CLEARTEXT_TRAFFIC) != 0; + return appConfig.isCleartextTrafficPermitted(host); } } |