The initial purpose of the NetworkSecurityPolicy class is to provide a
way for network libraries to check whether cleartext network traffic
(e.g., HTTP, WebSockets, XMPP, IMAP, SMTP) should be blocked from this
process.
The policy is set declaratively by the app developer in the app's
manifest and can be queried from ApplicationInfo.flags. Unfortunately,
several network stacks (bundled and unbundled) do not have a reference
to ApplicationInfo or Context.
Alternatives:
* Keep this API hidden (and thus potentially move it from framework to
libcore), thus precluding unbundled HTTP stacks from using the API.
* Introduce a new java.lang.System property instead of this API.
However, such properties are a mess and not as powerful/extensible
as a public class.
Bug: 19215516
Change-Id: If22056a74d257bf1d805ebb4fc284240b3d338f1
The attribute declares whether the app intends to use cleartext
network traffic (e.g., HTTP, WebSockets, XMPP, SMTP, IMAP -- without
TLS or STARTTLS). The default value is true. If set to false, the app
declares that it does not intend to use cleartext network traffic. In
this case the app requests the platform, tooling, and third-party
libraries to prevent it from using cleartext traffic. The danger of
cleartext network traffic is that its confidentiality, authenticity,
and integrity are not guaranteed.
This feature is designed to help apps which care about security of
data exchanged over the network. These apps can accidentally
regress/downgrade to using cleartext network communications. This
typically happens when the server the app communicates with all of a
sudden tells it to use cleartext communications (e.g, HTTP URL
instead of an HTTPS URL) or when one of the components of the app gets
updated and regresses to cleartext communications without the
developer noticing.
In general, the prevention measures are on best effort basis. It's
impossible to automatically prevent all instances of cleartext
traffic. For example, an app bent on bypassing restrictions could
perform low-level network I/O with unusual TCP packet fragmentation,
or could use a custom application-level protocol.
The expectation is that most apps use libraries for network
communications and these libraries over time will start to honor this
flag, thus increasing the protections offered by it.
Bug: 19215516
Change-Id: I8700d51ddbc5d528faa4b6a5fa5bc9551ad02d13
%p is not a valid conversion in format strings. It is also superfluous,
as it is already known that location is null.
Bug: 19797138
Change-Id: I5784e28b05b4ca9aac57e0fc9da4a7f01d9b3247
The comparator's equal implementation doesn't satisfy the constraints
of an equals method, namely being reflexive. Use the standard Object
implementation instead.
Bug: 19797138
Change-Id: I74f888e99533e1945aab7ab10fe8ee3ded6388f4
setSELinuxEnforce is not allowed by policy.
get/setBooleanValue and getBooleanNames are moot since SELinux
policy booleans are forbidden by CTS.
Change-Id: I512953edd1c38828efce698ae8475603775c32e8
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
performDexOptLibsLI and related methods were extracted to PackageDexOptimizer
class. Minor refactoring of PackageManagerService.
This is a non-functional change. It should simplify further work to allow
storing OAT files inside package dir.
(cherry picked from commit eeea67b8c3)
Change-Id: I3494a2da70605362bb6fb4625ffbee1cbe1cd457
Using an activity context with AudioManager could cause that context
to be held on to longer than desired, for example if the caller
acquired audio focus but never abandoned it. Fix acquire/abandon in
VideoView, and use the application context in AudioManager to mitigate
the issue for other misbehaving code.
Bug: https://code.google.com/p/android/issues/detail?id=152173
Change-Id: I0fb8390207422c784800dda25b1f2c03d4574bcd
SELinux guarantees that only the system_server and permissive domains such as su
are allowed to connect to the zygote socket. Remove obsolete security checks
that were only applicable when other processes could connect.
Bug: 19624279
Change-Id: I1c925d7facf19b3953b5deb85d992415344c4c9f
Using a static Pattern in UriMatcher prevents compile-time
initialization.
It is also not efficient, as String.split has a fast path for simple
splits.
Bug: 19542228
Change-Id: Ie9e5bfe6da04c6d05ec10b1426d0cd136ef46ef2
Using a static Pattern in ActivityThread prevents compile-time
initialization of ActivityThread and GestureDetector, which depends
on the former.
It is also not efficient, as String.split has a fast path for simple
splits.
Bug: 19542228
Change-Id: I5bb843c08c81e0d259bb8afafa87a8467bb1730e
Add a simple ArraySet.removeAll(ArraySet) method. This avoids two
allocations, a MapCollections helper and an Iterator object, over
the removeAll(Collection) code.
KeySetManagerService heavily calls removeAll during boot (about 9K
times in AOSP). This reduces GC stress and optimizes the removal
(about half the time the removed collection has only one element).
The removal method in KeySetManagerService is also done under a lock,
so that it gates parallelization efforts in PackageManagerService.
Bug: 19498314
Change-Id: Ib0e483adfd09831cd66ab19a820ebf6544a2b66f
