commit 848b5edd4adadfbf7c9a97f74173592e3a80c361
author Chad Brubaker <cbrubaker@google.com> Fri Jan 22 20:16:03 2016 -0800
committer Chad Brubaker <cbrubaker@google.com> Tue Jan 26 17:03:04 2016 +0000
tree 588e4e2a7c8d30e95f1e6f6ca85a69aff05ffcfc
parent 64701280b28a471f5b2469cb753605d3f7e27085

Use hostname aware isCleartextTrafficPermitted

The cleartext traffic blocking feature of
android.net.NetworkSecurityPolicy is being expanded to provide finer
grained controls (per hostname). This change integrates the Apache HTTP
stack with these finer grained controls.

Bug: 22666071
Change-Id: If557d7fbd4df708305fbb7656026fc366ac4bb6d

src/org/apache/http/impl/client/DefaultRequestDirector.java

diff --git a/src/org/apache/http/impl/client/DefaultRequestDirector.java b/src/org/apache/http/impl/client/DefaultRequestDirector.java
index 6f9dcd0..50c4a3f 100644
--- a/src/org/apache/http/impl/client/DefaultRequestDirector.java
+++ b/src/org/apache/http/impl/client/DefaultRequestDirector.java
@@ -432,7 +432,9 @@
                             this.log.debug("Attempt " + execCount + " to execute request");
                         }
                         // BEGIN android-added
-                        if ((!route.isSecure()) && (!isCleartextTrafficPermitted())) {
+                        if ((!route.isSecure())
+                                && (!isCleartextTrafficPermitted(
+                                        route.getTargetHost().getHostName()))) {
                             throw new IOException(
                                     "Cleartext traffic not permitted: " + route.getTargetHost());
                         }
@@ -1135,7 +1137,7 @@
     /** Cached android.security.NetworkSecurityPolicy.isCleartextTrafficPermitted method. */
     private static Method cleartextTrafficPermittedMethod;
 
-    private static boolean isCleartextTrafficPermitted() {
+    private static boolean isCleartextTrafficPermitted(String hostname) {
         // TODO: Remove this method once NetworkSecurityPolicy can be accessed without Reflection.
         // This method invokes NetworkSecurityPolicy.getInstance().isCleartextTrafficPermitted
         // via Reflection API.
@@ -1149,12 +1151,13 @@
                     Class<?> cls = Class.forName("android.security.NetworkSecurityPolicy");
                     Method getInstanceMethod = cls.getMethod("getInstance");
                     networkSecurityPolicy = getInstanceMethod.invoke(null);
-                    cleartextTrafficPermittedMethod = cls.getMethod("isCleartextTrafficPermitted");
+                    cleartextTrafficPermittedMethod =
+                            cls.getMethod("isCleartextTrafficPermitted", String.class);
                 }
                 policy = networkSecurityPolicy;
                 method = cleartextTrafficPermittedMethod;
             }
-            return (Boolean) method.invoke(policy);
+            return (Boolean) method.invoke(policy, hostname);
         } catch (ReflectiveOperationException e) {
             // Can't access the Android framework NetworkSecurityPolicy. To be backward compatible,
             // assume that cleartext traffic is permitted. Android CTS will take care of ensuring