diff options
| author | Alex Klyubin <klyubin@google.com> | 2015-04-16 22:28:05 +0000 |
|---|---|---|
| committer | Android (Google) Code Review <android-gerrit@google.com> | 2015-04-16 22:28:06 +0000 |
| commit | 35075a07659254413b587b7a6557a1b922d8757f (patch) | |
| tree | 6fe97460e20aff5b2870261bba77f82ef0270fad /docs | |
| parent | 843b327ae29e6f8823db46ea357653c91c9a6958 (diff) | |
| parent | e35cefbf23ec2fe55e8be9e4d20fc9adf4374171 (diff) | |
| download | frameworks_base-35075a07659254413b587b7a6557a1b922d8757f.zip frameworks_base-35075a07659254413b587b7a6557a1b922d8757f.tar.gz frameworks_base-35075a07659254413b587b7a6557a1b922d8757f.tar.bz2 | |
Merge "Document usesCleartextTraffic app-level attribute."
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/html/guide/topics/manifest/application-element.jd | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/docs/html/guide/topics/manifest/application-element.jd b/docs/html/guide/topics/manifest/application-element.jd index b5af9c3..d6ad656 100644 --- a/docs/html/guide/topics/manifest/application-element.jd +++ b/docs/html/guide/topics/manifest/application-element.jd @@ -32,6 +32,7 @@ page.title=<application> android:<a href="#testOnly">testOnly</a>=["true" | "false"] android:<a href="#theme">theme</a>="<i>resource or theme</i>" android:<a href="#uioptions">uiOptions</a>=["none" | "splitActionBarWhenNarrow"] + android:<a href="#usesCleartextTraffic">usesCleartextTraffic</a>=["true" | "false"] android:<a href="#vmSafeMode">vmSafeMode</a>=["true" | "false"] > . . . </application></pre></dd> @@ -446,6 +447,32 @@ href="{@docRoot}guide/topics/ui/actionbar.html">Action Bar</a> developer guide.< <p>This attribute was added in API level 14.</p> </dd> +<dt><a name="usesCleartextTraffic"></a>{@code android:usesCleartextTraffic}</dt> +<dd>Indicates whether the app intends to use cleartext network traffic, such as cleartext HTTP. +The default value is {@code "true"}. + +<p>When the attribute is set to {@code "false"}, platform components (for example, HTTP and FTP +stacks, {@link android.webkit.WebView}, {@link android.app.DownloadManager}, +{@link android.media.MediaPlayer}) will refuse the app's requests to use cleartext traffic. +Third-party libraries are strongly encouraged to honor this setting as well. The key reason for +avoiding cleartext traffic is the lack of confidentiality, authenticity, and protections against +tampering: a network attacker can eavesdrop on transmitted data and also modify it without being +detected. + +<p>This flag is honored on a best effort basis because it's impossible to prevent all cleartext +traffic from Android applications given the level of access provided to them. For example, there's +no expectation that the {@link java.net.Socket} API will honor this flag because it cannot +determine whether its traffic is in cleartext. However, most network traffic from applications is +handled by higher-level network stacks/components which can honor this flag by either reading it +from {@link android.content.pm.ApplicationInfo#flags ApplicationInfo.flags} or +{@link android.security.NetworkSecurityPolicy#isCleartextTrafficPermitted() NetworkSecurityPolicy.isCleartextTrafficPermitted()}. + +<p>During app development, StrictMode can be used to identify any cleartext traffic from the app: see +{@link android.os.StrictMode.VmPolicy.Builder#detectCleartextNetwork() StrictMode.VmPolicy.Builder.detectCleartextNetwork()}. + +<p>This attribute was added in API level 23.</p> +</dd> + <dt><a name="vmSafeMode"></a>{@code android:vmSafeMode}</dt> <dd>Indicates whether the app would like the virtual machine (VM) to operate in safe mode. The default value is {@code "false"}. |