Upstream AOSP changes (#1207)upstream-master

* Turn conscrypt-platform CT verification into a no-op

Upstreams https://r.android.com/2986189

Test: m conscrypt

* Remove NetworkSecurityPolicy references

Upstreams https://r.android.com/3048194

Test: build

---------

Co-authored-by: Sandro Montanari <sandrom@google.com>

2 files changed, 1 insertions, 101 deletions

diff --git a/libcore-stub/src/main/java/libcore/net/NetworkSecurityPolicy.java b/libcore-stub/src/main/java/libcore/net/NetworkSecurityPolicy.java
deleted file mode 100644
index d9c87a41..00000000
--- a/libcore-stub/src/main/java/libcore/net/NetworkSecurityPolicy.java
+++ /dev/null
@@ -1,98 +0,0 @@
-/*
- * Copyright (C) 2015 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package libcore.net;
-
-/**
- * Network security policy for this process/application.
- *
- * <p>Network stacks/components are expected to honor this policy. Components which can use the
- * Android framework API should be accessing this policy via the framework's
- * {@code android.security.NetworkSecurityPolicy} instead of via this class.
- *
- * <p>The policy currently consists of a single flag: whether cleartext network traffic is
- * permitted. See {@link #isCleartextTrafficPermitted()}.
- */
-public abstract class NetworkSecurityPolicy {
-
-    private static volatile NetworkSecurityPolicy instance = new DefaultNetworkSecurityPolicy();
-
-    public static NetworkSecurityPolicy getInstance() {
-        return instance;
-    }
-
-    public static void setInstance(NetworkSecurityPolicy policy) {
-        if (policy == null) {
-            throw new NullPointerException("policy == null");
-        }
-        instance = policy;
-    }
-
-    /**
-     * Returns {@code true} if cleartext network traffic (e.g. HTTP, FTP, XMPP, IMAP, SMTP --
-     * without TLS or STARTTLS) is permitted for all network communications of this process.
-     *
-     * <p>{@link #isCleartextTrafficPermitted(String)} should be used to determine if cleartext
-     * traffic is permitted for a specific host.
-     *
-     * <p>When cleartext network traffic is not permitted, the platform's components (e.g. HTTP
-     * stacks, {@code WebView}, {@code MediaPlayer}) will refuse this process's requests to use
-     * cleartext traffic. Third-party libraries are encouraged to do the same.
-     *
-     * <p>This flag is honored on a best effort basis because it's impossible to prevent all
-     * cleartext traffic from an application given the level of access provided to applications on
-     * Android. For example, there's no expectation that {@link java.net.Socket} API will honor this
-     * flag. Luckily, most network traffic from apps is handled by higher-level network stacks which
-     * can be made to honor this flag. Platform-provided network stacks (e.g. HTTP and FTP) honor
-     * this flag from day one, and well-established third-party network stacks will eventually
-     * honor it.
-     */
-    public abstract boolean isCleartextTrafficPermitted();
-
-    /**
-     * Returns {@code true} if cleartext network traffic (e.g. HTTP, FTP, XMPP, IMAP, SMTP --
-     * without TLS or STARTTLS) is permitted for communicating with {@code hostname} for this
-     * process.
-     *
-     * <p>See {@link #isCleartextTrafficPermitted} for more details.
-     */
-    public abstract boolean isCleartextTrafficPermitted(String hostname);
-
-    /**
-     * Returns {@code true} if Certificate Transparency information is required to be presented by
-     * the server and verified by the client in TLS connections to {@code hostname}.
-     *
-     * <p>See RFC6962 section 3.3 for more details.
-     */
-    public abstract boolean isCertificateTransparencyVerificationRequired(String hostname);
-
-    public static final class DefaultNetworkSecurityPolicy extends NetworkSecurityPolicy {
-        @Override
-        public boolean isCleartextTrafficPermitted() {
-            return true;
-        }
-
-        @Override
-        public boolean isCleartextTrafficPermitted(String hostname) {
-            return isCleartextTrafficPermitted();
-        }
-
-        @Override
-        public boolean isCertificateTransparencyVerificationRequired(String hostname) {
-            return false;
-        }
-    }
-}
diff --git a/platform/src/main/java/org/conscrypt/Platform.java b/platform/src/main/java/org/conscrypt/Platform.java
index cbeaa52a..36bc5bc6 100644
--- a/platform/src/main/java/org/conscrypt/Platform.java
+++ b/platform/src/main/java/org/conscrypt/Platform.java
@@ -61,7 +61,6 @@ import javax.net.ssl.SSLSocketFactory;
 import javax.net.ssl.StandardConstants;
 import javax.net.ssl.X509ExtendedTrustManager;
 import javax.net.ssl.X509TrustManager;
-import libcore.net.NetworkSecurityPolicy;
 import org.conscrypt.ct.CTLogStore;
 import org.conscrypt.ct.CTLogStoreImpl;
 import org.conscrypt.ct.CTPolicy;
@@ -462,8 +461,7 @@ final class Platform {
     }
 
     static boolean isCTVerificationRequired(String hostname) {
-        return NetworkSecurityPolicy.getInstance().isCertificateTransparencyVerificationRequired(
-                hostname);
+        return false;
     }
 
     static boolean supportsConscryptCertStore() {