Use calling app's Network Security Config for HTTPS downloads

Bug:29505888
Change-Id: Ifc33fd75e44d1dbc5a4ce5caa8e1ff938b94623e

1 files changed, 22 insertions, 0 deletions

diff --git a/src/com/android/providers/downloads/RealSystemFacade.java b/src/com/android/providers/downloads/RealSystemFacade.java
index 2203eefc..df1d245f 100644
--- a/src/com/android/providers/downloads/RealSystemFacade.java
+++ b/src/com/android/providers/downloads/RealSystemFacade.java
@@ -26,6 +26,13 @@ import android.content.pm.PackageManager.NameNotFoundException;
 import android.net.ConnectivityManager;
 import android.net.Network;
 import android.net.NetworkInfo;
+import android.security.NetworkSecurityPolicy;
+import android.security.net.config.ApplicationConfig;
+
+import java.security.GeneralSecurityException;
+
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManager;
 
 import com.android.internal.util.ArrayUtils;
 
@@ -94,6 +101,21 @@ class RealSystemFacade implements SystemFacade {
         return false;
     }
 
+    @Override
+    public SSLContext getSSLContextForPackage(Context context, String packageName)
+            throws GeneralSecurityException {
+        ApplicationConfig appConfig;
+        try {
+            appConfig = NetworkSecurityPolicy.getApplicationConfigForPackage(context, packageName);
+        } catch (NameNotFoundException e) {
+            // Unknown package -- fallback to the default SSLContext
+            return SSLContext.getDefault();
+        }
+        SSLContext ctx = SSLContext.getInstance("TLS");
+        ctx.init(null, new TrustManager[] {appConfig.getTrustManager()}, null);
+        return ctx;
+    }
+
     /**
      * Returns whether cleartext network traffic (HTTP) is permitted for the provided package.
      */