From c3a6c78feddd53241ea64d8aae1867235e043a75 Mon Sep 17 00:00:00 2001
From: Chad Brubaker <cbrubaker@google.com>
Date: Wed, 8 Jun 2016 12:57:46 -0700
Subject: [PATCH] Don't depend directly on AppplicationInfo

ApplicationInfo is mutable and unfortunately some apps do actually
modify the flags. Due to the lazy loading nature of the network security
config this may lead to issues. Instead cache the needed flags and
resources at application startup.

Bug: 29063413

(cherry picked from commit 276ee969be89ba25e439839341953236adf80c40)

Change-Id: If638a716fd903b4e9dbabcbecb38bd4e26fef08c
---
 core/java/android/app/ActivityThread.java     |  2 +-
 .../net/config/ManifestConfigSource.java      | 31 ++++++++++---------
 .../config/NetworkSecurityConfigProvider.java |  5 ++-
 3 files changed, 19 insertions(+), 19 deletions(-)

diff --git a/core/java/android/app/ActivityThread.java b/core/java/android/app/ActivityThread.java
index a48065b120e44..2c2f6c17370c3 100644
--- a/core/java/android/app/ActivityThread.java
+++ b/core/java/android/app/ActivityThread.java
@@ -5260,7 +5260,7 @@ public final class ActivityThread {
         // code is loaded to prevent issues with instances of TLS objects being created before
         // the provider is installed.
         Trace.traceBegin(Trace.TRACE_TAG_ACTIVITY_MANAGER, "NetworkSecurityConfigProvider.install");
-        NetworkSecurityConfigProvider.install(appContext, data.appInfo);
+        NetworkSecurityConfigProvider.install(appContext);
         Trace.traceEnd(Trace.TRACE_TAG_ACTIVITY_MANAGER);
 
         // Continue loading instrumentation.
diff --git a/core/java/android/security/net/config/ManifestConfigSource.java b/core/java/android/security/net/config/ManifestConfigSource.java
index d59b5e35ac3c2..92bddb7bbf472 100644
--- a/core/java/android/security/net/config/ManifestConfigSource.java
+++ b/core/java/android/security/net/config/ManifestConfigSource.java
@@ -29,13 +29,19 @@ public class ManifestConfigSource implements ConfigSource {
 
     private final Object mLock = new Object();
     private final Context mContext;
-    private final ApplicationInfo mInfo;
+    private final int mApplicationInfoFlags;
+    private final int mTargetSdkVersion;
+    private final int mConfigResourceId;
 
     private ConfigSource mConfigSource;
 
-    public ManifestConfigSource(Context context, ApplicationInfo info) {
+    public ManifestConfigSource(Context context) {
         mContext = context;
-        mInfo = info;
+        // Cache values because ApplicationInfo is mutable and apps do modify it :(
+        ApplicationInfo info = context.getApplicationInfo();
+        mApplicationInfoFlags = info.flags;
+        mTargetSdkVersion = info.targetSdkVersion;
+        mConfigResourceId = info.networkSecurityConfigRes;
     }
 
     @Override
@@ -53,29 +59,24 @@ public class ManifestConfigSource implements ConfigSource {
             if (mConfigSource != null) {
                 return mConfigSource;
             }
-            int targetSdkVersion = mInfo.targetSdkVersion;
-            int configResourceId = 0;
-            if (mInfo != null) {
-                configResourceId = mInfo.networkSecurityConfigRes;
-            }
 
             ConfigSource source;
-            if (configResourceId != 0) {
-                boolean debugBuild = (mInfo.flags & ApplicationInfo.FLAG_DEBUGGABLE) != 0;
+            if (mConfigResourceId != 0) {
+                boolean debugBuild = (mApplicationInfoFlags & ApplicationInfo.FLAG_DEBUGGABLE) != 0;
                 if (DBG) {
                     Log.d(LOG_TAG, "Using Network Security Config from resource "
-                            + mContext.getResources().getResourceEntryName(configResourceId)
+                            + mContext.getResources().getResourceEntryName(mConfigResourceId)
                             + " debugBuild: " + debugBuild);
                 }
-                source = new XmlConfigSource(mContext, configResourceId, debugBuild,
-                        targetSdkVersion);
+                source = new XmlConfigSource(mContext, mConfigResourceId, debugBuild,
+                        mTargetSdkVersion);
             } else {
                 if (DBG) {
                     Log.d(LOG_TAG, "No Network Security Config specified, using platform default");
                 }
                 boolean usesCleartextTraffic =
-                        (mInfo.flags & ApplicationInfo.FLAG_USES_CLEARTEXT_TRAFFIC) != 0;
-                source = new DefaultConfigSource(usesCleartextTraffic, targetSdkVersion);
+                        (mApplicationInfoFlags & ApplicationInfo.FLAG_USES_CLEARTEXT_TRAFFIC) != 0;
+                source = new DefaultConfigSource(usesCleartextTraffic, mTargetSdkVersion);
             }
             mConfigSource = source;
             return mConfigSource;
diff --git a/core/java/android/security/net/config/NetworkSecurityConfigProvider.java b/core/java/android/security/net/config/NetworkSecurityConfigProvider.java
index 4c51cc365a7ad..0f6687341395e 100644
--- a/core/java/android/security/net/config/NetworkSecurityConfigProvider.java
+++ b/core/java/android/security/net/config/NetworkSecurityConfigProvider.java
@@ -17,7 +17,6 @@
 package android.security.net.config;
 
 import android.content.Context;
-import android.content.pm.ApplicationInfo;
 import java.security.Security;
 import java.security.Provider;
 
@@ -33,8 +32,8 @@ public final class NetworkSecurityConfigProvider extends Provider {
         put("Alg.Alias.TrustManagerFactory.X509", "PKIX");
     }
 
-    public static void install(Context context, ApplicationInfo info) {
-        ApplicationConfig config = new ApplicationConfig(new ManifestConfigSource(context, info));
+    public static void install(Context context) {
+        ApplicationConfig config = new ApplicationConfig(new ManifestConfigSource(context));
         ApplicationConfig.setDefaultInstance(config);
         int pos = Security.insertProviderAt(new NetworkSecurityConfigProvider(), 1);
         if (pos != 1) {