Merge "Dont trust the user added CA store by default for apps targeting N" into nyc-dev

am: c1b0236d70 * commit 'c1b0236d7069c99195607a48c5d10377e6750748': Dont trust the user added CA store by default for apps targeting N
2016-02-25 00:22:06 +00:00
parent 6c5aacccd8 c1b0236d70
commit bc2cd253a0
4 changed files with 123 additions and 16 deletions
--- a/core/java/android/security/net/config/ManifestConfigSource.java
+++ b/core/java/android/security/net/config/ManifestConfigSource.java
@@ -61,6 +61,7 @@ public class ManifestConfigSource implements ConfigSource {
            } catch (PackageManager.NameNotFoundException e) {
                throw new RuntimeException("Failed to look up ApplicationInfo", e);
            }
+            int targetSdkVersion = info.targetSdkVersion;
            int configResourceId = 0;
            if (info != null && info.metaData != null) {
                configResourceId = info.metaData.getInt(META_DATA_NETWORK_SECURITY_CONFIG);
@@ -74,14 +75,15 @@ public class ManifestConfigSource implements ConfigSource {
                            + mContext.getResources().getResourceEntryName(configResourceId)
                            + " debugBuild: " + debugBuild);
                }
-                source = new XmlConfigSource(mContext, configResourceId, debugBuild);
+                source = new XmlConfigSource(mContext, configResourceId, debugBuild,
+                        targetSdkVersion);
            } else {
                if (DBG) {
                    Log.d(LOG_TAG, "No Network Security Config specified, using platform default");
                }
                boolean usesCleartextTraffic =
                        (info.flags & ApplicationInfo.FLAG_USES_CLEARTEXT_TRAFFIC) != 0;
-                source = new DefaultConfigSource(usesCleartextTraffic);
+                source = new DefaultConfigSource(usesCleartextTraffic, targetSdkVersion);
            }
            mConfigSource = source;
            return mConfigSource;
@@ -92,11 +94,11 @@ public class ManifestConfigSource implements ConfigSource {

        private final NetworkSecurityConfig mDefaultConfig;

-        public DefaultConfigSource(boolean usesCleartextTraffic) {
-            mDefaultConfig = NetworkSecurityConfig.getDefaultBuilder()
+        public DefaultConfigSource(boolean usesCleartextTraffic, int targetSdkVersion) {
+            mDefaultConfig = NetworkSecurityConfig.getDefaultBuilder(targetSdkVersion)
                    .setCleartextTrafficPermitted(usesCleartextTraffic)
                    .build();
-       }
+        }

        @Override
        public NetworkSecurityConfig getDefaultConfig() {
--- a/core/java/android/security/net/config/NetworkSecurityConfig.java
+++ b/core/java/android/security/net/config/NetworkSecurityConfig.java
@@ -16,6 +16,7 @@

 package android.security.net.config;

+import android.os.Build;
 import android.util.ArrayMap;
 import android.util.ArraySet;
 import java.security.cert.X509Certificate;
@@ -37,7 +38,6 @@ public final class NetworkSecurityConfig {
    public static final boolean DEFAULT_CLEARTEXT_TRAFFIC_PERMITTED = true;
    /** @hide */
    public static final boolean DEFAULT_HSTS_ENFORCED = false;
-    public static final NetworkSecurityConfig DEFAULT = getDefaultBuilder().build();

    private final boolean mCleartextTrafficPermitted;
    private final boolean mHstsEnforced;
@@ -163,21 +163,28 @@ public final class NetworkSecurityConfig {
     * <li>Cleartext traffic is permitted.</li>
     * <li>HSTS is not enforced.</li>
     * <li>No certificate pinning is used.</li>
-     * <li>The system and user added trusted certificate stores are trusted for connections.</li>
+     * <li>The system certificate store is trusted for connections.</li>
+     * <li>If the application targets API level 23 (Android M) or lower then the user certificate
+     * store is trusted by default as well.</li>
     * </ol>
     *
     * @hide
     */
-    public static final Builder getDefaultBuilder() {
-        return new Builder()
+    public static final Builder getDefaultBuilder(int targetSdkVersion) {
+        Builder builder = new Builder()
                .setCleartextTrafficPermitted(DEFAULT_CLEARTEXT_TRAFFIC_PERMITTED)
                .setHstsEnforced(DEFAULT_HSTS_ENFORCED)
                // System certificate store, does not bypass static pins.
                .addCertificatesEntryRef(
-                        new CertificatesEntryRef(SystemCertificateSource.getInstance(), false))
-                // User certificate store, does not bypass static pins.
-                .addCertificatesEntryRef(
-                        new CertificatesEntryRef(UserCertificateSource.getInstance(), false));
+                        new CertificatesEntryRef(SystemCertificateSource.getInstance(), false));
+        // Applications targeting N and above must opt in into trusting the user added certificate
+        // store.
+        if (targetSdkVersion <= Build.VERSION_CODES.M) {
+            // User certificate store, does not bypass static pins.
+            builder.addCertificatesEntryRef(
+                    new CertificatesEntryRef(UserCertificateSource.getInstance(), false));
+        }
+        return builder;
    }

    /**
--- a/core/java/android/security/net/config/XmlConfigSource.java
+++ b/core/java/android/security/net/config/XmlConfigSource.java
@@ -3,9 +3,11 @@ package android.security.net.config;
 import android.content.Context;
 import android.content.res.Resources;
 import android.content.res.XmlResourceParser;
+import android.os.Build;
 import android.util.ArraySet;
 import android.util.Base64;
 import android.util.Pair;
+import com.android.internal.annotations.VisibleForTesting;
 import com.android.internal.util.XmlUtils;

 import org.xmlpull.v1.XmlPullParser;
@@ -34,20 +36,29 @@ public class XmlConfigSource implements ConfigSource {
    private final Object mLock = new Object();
    private final int mResourceId;
    private final boolean mDebugBuild;
+    private final int mTargetSdkVersion;

    private boolean mInitialized;
    private NetworkSecurityConfig mDefaultConfig;
    private Set<Pair<Domain, NetworkSecurityConfig>> mDomainMap;
    private Context mContext;

+    @VisibleForTesting
    public XmlConfigSource(Context context, int resourceId) {
        this(context, resourceId, false);
    }

+    @VisibleForTesting
    public XmlConfigSource(Context context, int resourceId, boolean debugBuild) {
+        this(context, resourceId, debugBuild, Build.VERSION_CODES.CUR_DEVELOPMENT);
+    }
+
+    public XmlConfigSource(Context context, int resourceId, boolean debugBuild,
+            int targetSdkVersion) {
        mResourceId = resourceId;
        mContext = context;
        mDebugBuild = debugBuild;
+        mTargetSdkVersion = targetSdkVersion;
    }

    public Set<Pair<Domain, NetworkSecurityConfig>> getPerDomainConfigs() {
@@ -341,7 +352,7 @@ public class XmlConfigSource implements ConfigSource {
        // Use the platform default as the parent of the base config for any values not provided
        // there. If there is no base config use the platform default.
        NetworkSecurityConfig.Builder platformDefaultBuilder =
-                NetworkSecurityConfig.getDefaultBuilder();
+                NetworkSecurityConfig.getDefaultBuilder(mTargetSdkVersion);
        addDebugAnchorsIfNeeded(debugConfigBuilder, platformDefaultBuilder);
        if (baseConfigBuilder != null) {
            baseConfigBuilder.setParent(platformDefaultBuilder);