Use an attribute for the network security config resource

Originally we went with the meta-data approach to make unbundling
easier, however with the amount of platform changes that the config
ended up relying on it would be better to focus on exposing it through
the platform.

Bug:28763009
Change-Id: Iaf80001b1980220cd2e1e05faf2dc86af41700e1

6 files changed, 29 insertions, 35 deletions

diff --git a/core/java/android/app/ActivityThread.java b/core/java/android/app/ActivityThread.java
index a30a60673aa3..dff07693c82f 100644
--- a/core/java/android/app/ActivityThread.java
+++ b/core/java/android/app/ActivityThread.java
@@ -5221,7 +5221,7 @@ public final class ActivityThread {
         // code is loaded to prevent issues with instances of TLS objects being created before
         // the provider is installed.
         Trace.traceBegin(Trace.TRACE_TAG_ACTIVITY_MANAGER, "NetworkSecurityConfigProvider.install");
-        NetworkSecurityConfigProvider.install(appContext);
+        NetworkSecurityConfigProvider.install(appContext, data.appInfo);
         Trace.traceEnd(Trace.TRACE_TAG_ACTIVITY_MANAGER);
 
         // Continue loading instrumentation.
diff --git a/core/java/android/content/pm/ApplicationInfo.java b/core/java/android/content/pm/ApplicationInfo.java
index 51a7be4c1a67..b7364e299784 100644
--- a/core/java/android/content/pm/ApplicationInfo.java
+++ b/core/java/android/content/pm/ApplicationInfo.java
@@ -764,6 +764,12 @@ public class ApplicationInfo extends PackageItemInfo implements Parcelable {
      */
     public int installLocation = PackageInfo.INSTALL_LOCATION_UNSPECIFIED;
 
+    /**
+     * Resource file providing the application's Network Security Config.
+     * @hide
+     */
+    public int networkSecurityConfigRes;
+
     public void dump(Printer pw, String prefix) {
         dump(pw, prefix, DUMP_FLAG_ALL);
     }
@@ -835,6 +841,10 @@ public class ApplicationInfo extends PackageItemInfo implements Parcelable {
                 pw.println(prefix + "fullBackupContent="
                         + (fullBackupContent < 0 ? "false" : "true"));
             }
+            if (networkSecurityConfigRes != 0) {
+                pw.println(prefix + "networkSecurityConfigRes=0x"
+                        + Integer.toHexString(networkSecurityConfigRes));
+            }
         }
         super.dumpBack(pw, prefix);
     }
@@ -921,6 +931,7 @@ public class ApplicationInfo extends PackageItemInfo implements Parcelable {
         uiOptions = orig.uiOptions;
         backupAgentName = orig.backupAgentName;
         fullBackupContent = orig.fullBackupContent;
+        networkSecurityConfigRes = orig.networkSecurityConfigRes;
     }
 
     public String toString() {
@@ -976,6 +987,7 @@ public class ApplicationInfo extends PackageItemInfo implements Parcelable {
         dest.writeInt(descriptionRes);
         dest.writeInt(uiOptions);
         dest.writeInt(fullBackupContent);
+        dest.writeInt(networkSecurityConfigRes);
     }
 
     public static final Parcelable.Creator<ApplicationInfo> CREATOR
@@ -1031,6 +1043,7 @@ public class ApplicationInfo extends PackageItemInfo implements Parcelable {
         descriptionRes = source.readInt();
         uiOptions = source.readInt();
         fullBackupContent = source.readInt();
+        networkSecurityConfigRes = source.readInt();
     }
 
     /**
diff --git a/core/java/android/content/pm/PackageParser.java b/core/java/android/content/pm/PackageParser.java
index de1284ec248f..adf9fe62c37e 100644
--- a/core/java/android/content/pm/PackageParser.java
+++ b/core/java/android/content/pm/PackageParser.java
@@ -2945,6 +2945,10 @@ public class PackageParser {
             ai.privateFlags |= PRIVATE_FLAG_RESIZEABLE_ACTIVITIES;
         }
 
+        ai.networkSecurityConfigRes = sa.getResourceId(
+                com.android.internal.R.styleable.AndroidManifestApplication_networkSecurityConfig,
+                0);
+
         String str;
         str = sa.getNonConfigurationString(
                 com.android.internal.R.styleable.AndroidManifestApplication_permission, 0);
diff --git a/core/java/android/security/NetworkSecurityPolicy.java b/core/java/android/security/NetworkSecurityPolicy.java
index 9530acaea064..331063e2bfac 100644
--- a/core/java/android/security/NetworkSecurityPolicy.java
+++ b/core/java/android/security/NetworkSecurityPolicy.java
@@ -17,10 +17,7 @@
 package android.security;
 
 import android.annotation.TestApi;
-import android.content.Context;
-import android.content.pm.PackageManager;
 import android.security.net.config.ApplicationConfig;
-import android.security.net.config.ManifestConfigSource;
 
 /**
  * Network security policy.
@@ -93,19 +90,6 @@ public class NetworkSecurityPolicy {
         libcore.net.NetworkSecurityPolicy.setInstance(policy);
     }
 
-
-    /**
-     * Returns an {@link ApplicationConfig} based on the configuration for {@code packageName}.
-     *
-     * @hide
-     */
-    public static ApplicationConfig getApplicationConfigForPackage(Context context,
-            String packageName) throws PackageManager.NameNotFoundException {
-        Context appContext = context.createPackageContext(packageName, 0);
-        ManifestConfigSource source = new ManifestConfigSource(appContext);
-        return new ApplicationConfig(source);
-    }
-
     /**
      * Handle an update to the system or user certificate stores.
      * @hide
diff --git a/core/java/android/security/net/config/ManifestConfigSource.java b/core/java/android/security/net/config/ManifestConfigSource.java
index be0821c0c730..d59b5e35ac3c 100644
--- a/core/java/android/security/net/config/ManifestConfigSource.java
+++ b/core/java/android/security/net/config/ManifestConfigSource.java
@@ -18,25 +18,24 @@ package android.security.net.config;
 
 import android.content.Context;
 import android.content.pm.ApplicationInfo;
-import android.content.pm.PackageManager;
 import android.util.Log;
 import android.util.Pair;
 import java.util.Set;
 
 /** @hide */
 public class ManifestConfigSource implements ConfigSource {
-    public static final String META_DATA_NETWORK_SECURITY_CONFIG =
-            "android.security.net.config";
     private static final boolean DBG = true;
     private static final String LOG_TAG = "NetworkSecurityConfig";
 
     private final Object mLock = new Object();
     private final Context mContext;
+    private final ApplicationInfo mInfo;
 
     private ConfigSource mConfigSource;
 
-    public ManifestConfigSource(Context context) {
+    public ManifestConfigSource(Context context, ApplicationInfo info) {
         mContext = context;
+        mInfo = info;
     }
 
     @Override
@@ -54,22 +53,15 @@ public class ManifestConfigSource implements ConfigSource {
             if (mConfigSource != null) {
                 return mConfigSource;
             }
-            ApplicationInfo info;
-            try {
-                info = mContext.getPackageManager().getApplicationInfo(mContext.getPackageName(),
-                        PackageManager.GET_META_DATA);
-            } catch (PackageManager.NameNotFoundException e) {
-                throw new RuntimeException("Failed to look up ApplicationInfo", e);
-            }
-            int targetSdkVersion = info.targetSdkVersion;
+            int targetSdkVersion = mInfo.targetSdkVersion;
             int configResourceId = 0;
-            if (info != null && info.metaData != null) {
-                configResourceId = info.metaData.getInt(META_DATA_NETWORK_SECURITY_CONFIG);
+            if (mInfo != null) {
+                configResourceId = mInfo.networkSecurityConfigRes;
             }
 
             ConfigSource source;
             if (configResourceId != 0) {
-                boolean debugBuild = (info.flags & ApplicationInfo.FLAG_DEBUGGABLE) != 0;
+                boolean debugBuild = (mInfo.flags & ApplicationInfo.FLAG_DEBUGGABLE) != 0;
                 if (DBG) {
                     Log.d(LOG_TAG, "Using Network Security Config from resource "
                             + mContext.getResources().getResourceEntryName(configResourceId)
@@ -82,7 +74,7 @@ public class ManifestConfigSource implements ConfigSource {
                     Log.d(LOG_TAG, "No Network Security Config specified, using platform default");
                 }
                 boolean usesCleartextTraffic =
-                        (info.flags & ApplicationInfo.FLAG_USES_CLEARTEXT_TRAFFIC) != 0;
+                        (mInfo.flags & ApplicationInfo.FLAG_USES_CLEARTEXT_TRAFFIC) != 0;
                 source = new DefaultConfigSource(usesCleartextTraffic, targetSdkVersion);
             }
             mConfigSource = source;
diff --git a/core/java/android/security/net/config/NetworkSecurityConfigProvider.java b/core/java/android/security/net/config/NetworkSecurityConfigProvider.java
index 0f6687341395..4c51cc365a7a 100644
--- a/core/java/android/security/net/config/NetworkSecurityConfigProvider.java
+++ b/core/java/android/security/net/config/NetworkSecurityConfigProvider.java
@@ -17,6 +17,7 @@
 package android.security.net.config;
 
 import android.content.Context;
+import android.content.pm.ApplicationInfo;
 import java.security.Security;
 import java.security.Provider;
 
@@ -32,8 +33,8 @@ public final class NetworkSecurityConfigProvider extends Provider {
         put("Alg.Alias.TrustManagerFactory.X509", "PKIX");
     }
 
-    public static void install(Context context) {
-        ApplicationConfig config = new ApplicationConfig(new ManifestConfigSource(context));
+    public static void install(Context context, ApplicationInfo info) {
+        ApplicationConfig config = new ApplicationConfig(new ManifestConfigSource(context, info));
         ApplicationConfig.setDefaultInstance(config);
         int pos = Security.insertProviderAt(new NetworkSecurityConfigProvider(), 1);
         if (pos != 1) {