public class NetworkSecurityPolicy extends Object
Network stacks/components should honor this policy to make it possible to centrally control the relevant aspects of network security behavior.
The policy currently consists of a single flag: whether cleartext network traffic is
permitted. See isCleartextTrafficPermitted()
.
Modifier and Type | Method and Description |
---|---|
static ApplicationConfig |
getApplicationConfigForPackage(Context context,
String packageName)
Returns an
ApplicationConfig based on the configuration for packageName . |
static NetworkSecurityPolicy |
getInstance()
Gets the policy for this process.
|
void |
handleTrustStorageUpdate()
Handle an update to the system or user certificate stores.
|
boolean |
isCleartextTrafficPermitted()
Returns whether cleartext network traffic (e.g.
|
boolean |
isCleartextTrafficPermitted(String hostname)
Returns whether cleartext network traffic (e.g.
|
void |
setCleartextTrafficPermitted(boolean permitted)
Sets whether cleartext network traffic is permitted for this process.
|
public static NetworkSecurityPolicy getInstance()
It's fine to cache this reference. Any changes to the policy will be immediately visible through the reference.
public boolean isCleartextTrafficPermitted()
When cleartext network traffic is not permitted, the platform's components (e.g. HTTP and
FTP stacks, DownloadManager
, MediaPlayer
) will
refuse this process's requests to use cleartext traffic. Third-party libraries are strongly
encouraged to honor this setting as well.
This flag is honored on a best effort basis because it's impossible to prevent all
cleartext traffic from Android applications given the level of access provided to them. For
example, there's no expectation that the Socket
API will honor this flag
because it cannot determine whether its traffic is in cleartext. However, most network
traffic from applications is handled by higher-level network stacks/components which can
honor this aspect of the policy.
NOTE: WebView
does not honor this flag.
public boolean isCleartextTrafficPermitted(String hostname)
hostname
for this process.isCleartextTrafficPermitted()
public void setCleartextTrafficPermitted(boolean permitted)
This method is used by the platform early on in the application's initialization to set the policy.
public void handleTrustStorageUpdate()
public static ApplicationConfig getApplicationConfigForPackage(Context context, String packageName) throws PackageManager.NameNotFoundException
ApplicationConfig
based on the configuration for packageName
.