diff options
author | Alex Klyubin <klyubin@google.com> | 2015-04-02 11:08:51 -0700 |
---|---|---|
committer | Alex Klyubin <klyubin@google.com> | 2015-04-02 11:30:15 -0700 |
commit | b009023c76227b6c984652683be7d054033eb935 (patch) | |
tree | e4bc12e97062ab77feccc068a77829066cc5528e | |
parent | 43a0cbad1bc630aca89ff59208f8f5f6260f3efd (diff) | |
download | packages_apps_Settings-b009023c76227b6c984652683be7d054033eb935.zip packages_apps_Settings-b009023c76227b6c984652683be7d054033eb935.tar.gz packages_apps_Settings-b009023c76227b6c984652683be7d054033eb935.tar.bz2 |
Make Settings app not use cleartext network traffic.
This CL switches the only two places which use cleartext HTTP in this
app to HTTPS. It also declares in the AndroidManifest.xml that this
app does not use cleartext network traffic, thus asking the platform
and tools to block any such traffic from this app on best effort
basis.
NOTE: The only test that uses cleartext HTTP traffic is in VpnTests.
This test makes cleartext HTTP requests to a third-party service which
does not appear to support HTTPS. Thus, this CL temporarily relaxes
the cleartext traffic policy during this test to keep it working. The
correct longer-term fix for this test is to use a service that offers
HTTPS.
Bug: 19215516
Change-Id: Idf1ff8c66d43d77ef2114b2f1b676927844150e5
-rw-r--r-- | AndroidManifest.xml | 3 | ||||
-rw-r--r-- | src/com/android/settings/RadioInfo.java | 2 | ||||
-rw-r--r-- | src/com/android/settings/wifi/WifiStatusTest.java | 2 | ||||
-rw-r--r-- | tests/src/com/android/settings/vpn2/VpnTests.java | 9 |
4 files changed, 13 insertions, 3 deletions
diff --git a/AndroidManifest.xml b/AndroidManifest.xml index 35e679d..d0cafe3 100644 --- a/AndroidManifest.xml +++ b/AndroidManifest.xml @@ -82,7 +82,8 @@ android:hardwareAccelerated="true" android:requiredForAllUsers="true" android:supportsRtl="true" - android:allowBackup="false"> + android:allowBackup="false" + android:usesCleartextTraffic="false"> <!-- Settings --> diff --git a/src/com/android/settings/RadioInfo.java b/src/com/android/settings/RadioInfo.java index 77927d9..fa98bac 100644 --- a/src/com/android/settings/RadioInfo.java +++ b/src/com/android/settings/RadioInfo.java @@ -754,7 +754,7 @@ public class RadioInfo extends Activity { HttpURLConnection urlConnection = null; try { // TODO: Hardcoded for now, make it UI configurable - URL url = new URL("http://www.google.com"); + URL url = new URL("https://www.google.com"); urlConnection = (HttpURLConnection) url.openConnection(); if (urlConnection.getResponseCode() == 200) { mHttpClientTestResult = "Pass"; diff --git a/src/com/android/settings/wifi/WifiStatusTest.java b/src/com/android/settings/wifi/WifiStatusTest.java index 85afb7c..269058c 100644 --- a/src/com/android/settings/wifi/WifiStatusTest.java +++ b/src/com/android/settings/wifi/WifiStatusTest.java @@ -396,7 +396,7 @@ public class WifiStatusTest extends Activity { HttpURLConnection urlConnection = null; try { // TODO: Hardcoded for now, make it UI configurable - URL url = new URL("http://www.google.com"); + URL url = new URL("https://www.google.com"); urlConnection = (HttpURLConnection) url.openConnection(); if (urlConnection.getResponseCode() == 200) { mHttpClientTestResult = "Pass"; diff --git a/tests/src/com/android/settings/vpn2/VpnTests.java b/tests/src/com/android/settings/vpn2/VpnTests.java index 6a01cc5..8300534 100644 --- a/tests/src/com/android/settings/vpn2/VpnTests.java +++ b/tests/src/com/android/settings/vpn2/VpnTests.java @@ -24,6 +24,7 @@ import android.os.RemoteException; import android.os.ServiceManager; import android.security.Credentials; import android.security.KeyStore; +import android.security.NetworkSecurityPolicy; import android.test.InstrumentationTestCase; import android.test.InstrumentationTestRunner; import android.test.suitebuilder.annotation.LargeTest; @@ -225,6 +226,13 @@ public class VpnTests extends InstrumentationTestCase { private String getIpAddress() { String ip = null; HttpURLConnection urlConnection = null; + // TODO: Rewrite this test to use an HTTPS URL. + // Because this test uses cleartext HTTP, the network security policy of this app needs to + // be temporarily relaxed to permit such traffic. + NetworkSecurityPolicy networkSecurityPolicy = NetworkSecurityPolicy.getInstance(); + boolean cleartextTrafficPermittedBeforeTest = + networkSecurityPolicy.isCleartextTrafficPermitted(); + networkSecurityPolicy.setCleartextTrafficPermitted(true); try { URL url = new URL(EXTERNAL_SERVER); urlConnection = (HttpURLConnection) url.openConnection(); @@ -248,6 +256,7 @@ public class VpnTests extends InstrumentationTestCase { } catch (JSONException e) { Log.e(TAG, "exception while creating JSONObject: " + e.toString()); } finally { + networkSecurityPolicy.setCleartextTrafficPermitted(cleartextTrafficPermittedBeforeTest); if (urlConnection != null) { urlConnection.disconnect(); } |