Make Settings app not use cleartext network traffic.

This CL switches the only two places which use cleartext HTTP in this app to HTTPS. It also declares in the AndroidManifest.xml that this app does not use cleartext network traffic, thus asking the platform and tools to block any such traffic from this app on best effort basis. NOTE: The only test that uses cleartext HTTP traffic is in VpnTests. This test makes cleartext HTTP requests to a third-party service which does not appear to support HTTPS. Thus, this CL temporarily relaxes the cleartext traffic policy during this test to keep it working. The correct longer-term fix for this test is to use a service that offers HTTPS. Bug: 19215516 Change-Id: Idf1ff8c66d43d77ef2114b2f1b676927844150e5
author: Alex Klyubin <klyubin@google.com> 2015-04-02 11:08:51 -0700
committer: Alex Klyubin <klyubin@google.com> 2015-04-02 11:30:15 -0700
commit: b009023c76227b6c984652683be7d054033eb935 (patch)
tree: e4bc12e97062ab77feccc068a77829066cc5528e
parent: 43a0cbad1bc630aca89ff59208f8f5f6260f3efd (diff)
download: packages_apps_Settings-b009023c76227b6c984652683be7d054033eb935.zip
packages_apps_Settings-b009023c76227b6c984652683be7d054033eb935.tar.gz
packages_apps_Settings-b009023c76227b6c984652683be7d054033eb935.tar.bz2
4 files changed, 13 insertions, 3 deletions
diff --git a/AndroidManifest.xml b/AndroidManifest.xml
index 35e679d..d0cafe3 100644
--- a/AndroidManifest.xml
+++ b/AndroidManifest.xml
@@ -82,7 +82,8 @@
             android:hardwareAccelerated="true"
             android:requiredForAllUsers="true"
             android:supportsRtl="true"
-            android:allowBackup="false">
+            android:allowBackup="false"
+            android:usesCleartextTraffic="false">
 
         <!-- Settings -->
 
diff --git a/src/com/android/settings/RadioInfo.java b/src/com/android/settings/RadioInfo.java
index 77927d9..fa98bac 100644
--- a/src/com/android/settings/RadioInfo.java
+++ b/src/com/android/settings/RadioInfo.java
@@ -754,7 +754,7 @@ public class RadioInfo extends Activity {
         HttpURLConnection urlConnection = null;
         try {
             // TODO: Hardcoded for now, make it UI configurable
-            URL url = new URL("http://www.google.com");
+            URL url = new URL("https://www.google.com");
             urlConnection = (HttpURLConnection) url.openConnection();
             if (urlConnection.getResponseCode() == 200) {
                 mHttpClientTestResult = "Pass";
diff --git a/src/com/android/settings/wifi/WifiStatusTest.java b/src/com/android/settings/wifi/WifiStatusTest.java
index 85afb7c..269058c 100644
--- a/src/com/android/settings/wifi/WifiStatusTest.java
+++ b/src/com/android/settings/wifi/WifiStatusTest.java
@@ -396,7 +396,7 @@ public class WifiStatusTest extends Activity {
         HttpURLConnection urlConnection = null;
         try {
             // TODO: Hardcoded for now, make it UI configurable
-            URL url = new URL("http://www.google.com");
+            URL url = new URL("https://www.google.com");
             urlConnection = (HttpURLConnection) url.openConnection();
             if (urlConnection.getResponseCode() == 200) {
                 mHttpClientTestResult = "Pass";
diff --git a/tests/src/com/android/settings/vpn2/VpnTests.java b/tests/src/com/android/settings/vpn2/VpnTests.java
index 6a01cc5..8300534 100644
--- a/tests/src/com/android/settings/vpn2/VpnTests.java
+++ b/tests/src/com/android/settings/vpn2/VpnTests.java
@@ -24,6 +24,7 @@ import android.os.RemoteException;
 import android.os.ServiceManager;
 import android.security.Credentials;
 import android.security.KeyStore;
+import android.security.NetworkSecurityPolicy;
 import android.test.InstrumentationTestCase;
 import android.test.InstrumentationTestRunner;
 import android.test.suitebuilder.annotation.LargeTest;
@@ -225,6 +226,13 @@ public class VpnTests extends InstrumentationTestCase {
     private String getIpAddress() {
         String ip = null;
         HttpURLConnection urlConnection = null;
+        // TODO: Rewrite this test to use an HTTPS URL.
+        // Because this test uses cleartext HTTP, the network security policy of this app needs to
+        // be temporarily relaxed to permit such traffic.
+        NetworkSecurityPolicy networkSecurityPolicy = NetworkSecurityPolicy.getInstance();
+        boolean cleartextTrafficPermittedBeforeTest =
+                networkSecurityPolicy.isCleartextTrafficPermitted();
+        networkSecurityPolicy.setCleartextTrafficPermitted(true);
         try {
             URL url = new URL(EXTERNAL_SERVER);
             urlConnection = (HttpURLConnection) url.openConnection();
@@ -248,6 +256,7 @@ public class VpnTests extends InstrumentationTestCase {
         } catch (JSONException e) {
             Log.e(TAG, "exception while creating JSONObject: " + e.toString());
         } finally {
+            networkSecurityPolicy.setCleartextTrafficPermitted(cleartextTrafficPermittedBeforeTest);
             if (urlConnection != null) {
                 urlConnection.disconnect();
             }
author	Alex Klyubin <klyubin@google.com>	2015-04-02 11:08:51 -0700
committer	Alex Klyubin <klyubin@google.com>	2015-04-02 11:30:15 -0700
commit	b009023c76227b6c984652683be7d054033eb935 (patch)
tree	e4bc12e97062ab77feccc068a77829066cc5528e
parent	43a0cbad1bc630aca89ff59208f8f5f6260f3efd (diff)
download	packages_apps_Settings-b009023c76227b6c984652683be7d054033eb935.zip packages_apps_Settings-b009023c76227b6c984652683be7d054033eb935.tar.gz packages_apps_Settings-b009023c76227b6c984652683be7d054033eb935.tar.bz2