From f5c662d5ac2ffc887660ff2957dfe4e1e8abc56a Mon Sep 17 00:00:00 2001 From: Alex Klyubin Date: Fri, 27 Mar 2015 10:17:55 -0700 Subject: Make DownloadProvider honor the cleartext traffic policy. This makes the Provider-side of the DownloadManager framework honor the per-UID cleartext network traffic policy. The policy is enforced in the Provider rather than in its client (DownloadManager) because download URLs could get redirected between HTTPS and HTTP and only the Provider currently has visibility into and control over this. Whether cleartext network traffic is permitted is a per-package policy. However, the DownloadProvider can only access the UID of the requesting application. Multiple packages can run under the same UID. In that scenario, cleartext traffic is permited for the UID if cleartext traffic is permitted for any of the packages running under the UID. This could be improved by making the DownloadManager provide the package name in addition to the UID. Bug: 19215516 Change-Id: Ib37585a7a2fc2869954d52a1b08052926f49bc9b --- .../downloads/DownloadProviderFunctionalTest.java | 17 +++++++++++++++++ .../android/providers/downloads/FakeSystemFacade.java | 6 ++++++ 2 files changed, 23 insertions(+) (limited to 'tests') diff --git a/tests/src/com/android/providers/downloads/DownloadProviderFunctionalTest.java b/tests/src/com/android/providers/downloads/DownloadProviderFunctionalTest.java index dbab203c..41dff672 100644 --- a/tests/src/com/android/providers/downloads/DownloadProviderFunctionalTest.java +++ b/tests/src/com/android/providers/downloads/DownloadProviderFunctionalTest.java @@ -101,6 +101,23 @@ public class DownloadProviderFunctionalTest extends AbstractDownloadProviderFunc runUntilStatus(downloadUri, Downloads.Impl.STATUS_SUCCESS); } + public void testCleartextTrafficPermittedFlagHonored() throws Exception { + enqueueResponse(buildResponse(HTTP_OK, FILE_CONTENT)); + enqueueResponse(buildResponse(HTTP_OK, FILE_CONTENT)); + + // Assert that HTTP request succeeds when cleartext traffic is permitted + mSystemFacade.mCleartextTrafficPermitted = true; + Uri downloadUri = requestDownload("/path"); + assertEquals("http", downloadUri.getScheme()); + runUntilStatus(downloadUri, Downloads.Impl.STATUS_SUCCESS); + + // Assert that HTTP request fails when cleartext traffic is not permitted + mSystemFacade.mCleartextTrafficPermitted = false; + downloadUri = requestDownload("/path"); + assertEquals("http", downloadUri.getScheme()); + runUntilStatus(downloadUri, Downloads.Impl.STATUS_BAD_REQUEST); + } + /** * Read a downloaded file from disk. */ diff --git a/tests/src/com/android/providers/downloads/FakeSystemFacade.java b/tests/src/com/android/providers/downloads/FakeSystemFacade.java index 5a15d399..7581e6fa 100644 --- a/tests/src/com/android/providers/downloads/FakeSystemFacade.java +++ b/tests/src/com/android/providers/downloads/FakeSystemFacade.java @@ -16,6 +16,7 @@ public class FakeSystemFacade implements SystemFacade { Long mMaxBytesOverMobile = null; Long mRecommendedMaxBytesOverMobile = null; List mBroadcastsSent = new ArrayList(); + boolean mCleartextTrafficPermitted = true; private boolean mReturnActualTime = false; public void setUp() { @@ -82,6 +83,11 @@ public class FakeSystemFacade implements SystemFacade { return true; } + @Override + public boolean isCleartextTrafficPermitted(int uid) { + return mCleartextTrafficPermitted; + } + public void setReturnActualTime(boolean flag) { mReturnActualTime = flag; } -- cgit v1.2.3