Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(328)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 2546213003: Implement net/ support for Android's NetworkSecurityPolicy (Closed)

Created:
4 years ago by mgersh
Modified:
4 years ago
Reviewers:
pauljensen, mef, mmenke
CC:
chromium-reviews, cbentzel+watch_chromium.org, agrieve+watch_chromium.org
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

Implement net/ support for Android's NetworkSecurityPolicy NetworkSecurityPolicy allows apps to disallow cleartext requests, globally (starting from M) or by hostname (starting from N). This CL adds support for this feature in URLRequestHttpJob, and a flag on the URLRequestContext to enable it. It's off by default and only prevents requests using the "http" and "ws" schemes. Uses will be added in future CLs. BUG=474197, 473848 Committed: https://crrev.com/d21d6d14ce943e47ecaaa221870bb89ae82c120b Cr-Commit-Position: refs/heads/master@{#438661}

Patch Set 1 #

Total comments: 18

Patch Set 2 : Address comments and add test #

Total comments: 4

Patch Set 3 : More comments #

Total comments: 2

Patch Set 4 : add new error code, cleanup #

Total comments: 4

Patch Set 5 : move some code #

Total comments: 4

Patch Set 6 : fixes #

Patch Set 7 : fixes #

Total comments: 2
Unified diffs Side-by-side diffs Delta from patch set Stats (+159 lines, -26 lines) Patch
M net/BUILD.gn View 1 2 3 4 5 6 1 chunk +1 line, -0 lines 0 comments Download
M net/android/BUILD.gn View 1 2 3 4 1 chunk +1 line, -0 lines 0 comments Download
M net/android/java/src/org/chromium/net/AndroidNetworkLibrary.java View 1 2 3 4 2 chunks +18 lines, -0 lines 0 comments Download
A net/android/javatests/src/org/chromium/net/AndroidNetworkLibraryTestUtil.java View 1 2 3 4 5 1 chunk +32 lines, -0 lines 0 comments Download
M net/android/network_library.h View 1 2 3 4 5 1 chunk +4 lines, -0 lines 0 comments Download
M net/android/network_library.cc View 2 3 4 1 chunk +6 lines, -0 lines 0 comments Download
M net/base/net_error_list.h View 1 2 3 1 chunk +4 lines, -0 lines 0 comments Download
M net/url_request/url_request_context.h View 1 2 3 4 5 6 2 chunks +12 lines, -0 lines 0 comments Download
M net/url_request/url_request_context.cc View 1 2 3 4 5 6 2 chunks +3 lines, -1 line 0 comments Download
M net/url_request/url_request_http_job.cc View 1 2 3 4 5 6 3 chunks +32 lines, -25 lines 2 comments Download
M net/url_request/url_request_http_job_unittest.cc View 1 2 3 4 2 chunks +46 lines, -0 lines 0 comments Download

Messages

Total messages: 36 (16 generated)
mgersh
PTAL. I've discussed the net/url_request/ part of the design a bunch with mmenke and sleevi, ...
4 years ago (2016-12-05 22:16:13 UTC) #5
pauljensen
This needs some tests, I think it blocks secure traffic. Can you use setCleartextTrafficPermitted() via ...
4 years ago (2016-12-07 13:20:28 UTC) #6
mgersh
We discussed this in person, but so it's written down: - Making 100 calls to ...
4 years ago (2016-12-13 17:02:58 UTC) #8
mmenke
This seems reasonable to me https://codereview.chromium.org/2546213003/diff/40001/net/url_request/url_request_http_job.cc File net/url_request/url_request_http_job.cc (right): https://codereview.chromium.org/2546213003/diff/40001/net/url_request/url_request_http_job.cc#newcode177 net/url_request/url_request_http_job.cc:177: net::URLRequestJob* MaybeInternallyRedirectOrFail( I think ...
4 years ago (2016-12-13 18:39:15 UTC) #9
mgersh
https://codereview.chromium.org/2546213003/diff/40001/net/url_request/url_request_http_job.cc File net/url_request/url_request_http_job.cc (right): https://codereview.chromium.org/2546213003/diff/40001/net/url_request/url_request_http_job.cc#newcode177 net/url_request/url_request_http_job.cc:177: net::URLRequestJob* MaybeInternallyRedirectOrFail( On 2016/12/13 18:39:14, mmenke wrote: > I ...
4 years ago (2016-12-13 19:01:58 UTC) #10
mmenke
net/url_request LGTM ( did not look at the test). https://codereview.chromium.org/2546213003/diff/60001/net/url_request/url_request_http_job.cc File net/url_request/url_request_http_job.cc (right): https://codereview.chromium.org/2546213003/diff/60001/net/url_request/url_request_http_job.cc#newcode217 net/url_request/url_request_http_job.cc:217: ...
4 years ago (2016-12-13 19:04:56 UTC) #11
mgersh
https://codereview.chromium.org/2546213003/diff/60001/net/url_request/url_request_http_job.cc File net/url_request/url_request_http_job.cc (right): https://codereview.chromium.org/2546213003/diff/60001/net/url_request/url_request_http_job.cc#newcode217 net/url_request/url_request_http_job.cc:217: net::ERR_BLOCKED_BY_CLIENT); On 2016/12/13 19:04:56, mmenke wrote: > May want ...
4 years ago (2016-12-13 19:34:42 UTC) #12
pauljensen
https://codereview.chromium.org/2546213003/diff/80001/net/android/java/src/org/chromium/net/AndroidNetworkLibrary.java File net/android/java/src/org/chromium/net/AndroidNetworkLibrary.java (right): https://codereview.chromium.org/2546213003/diff/80001/net/android/java/src/org/chromium/net/AndroidNetworkLibrary.java#newcode271 net/android/java/src/org/chromium/net/AndroidNetworkLibrary.java:271: private static void setUpSecurityPolicyForTesting() throws Exception { Can we ...
4 years ago (2016-12-14 15:31:22 UTC) #13
mgersh
https://codereview.chromium.org/2546213003/diff/80001/net/android/java/src/org/chromium/net/AndroidNetworkLibrary.java File net/android/java/src/org/chromium/net/AndroidNetworkLibrary.java (right): https://codereview.chromium.org/2546213003/diff/80001/net/android/java/src/org/chromium/net/AndroidNetworkLibrary.java#newcode271 net/android/java/src/org/chromium/net/AndroidNetworkLibrary.java:271: private static void setUpSecurityPolicyForTesting() throws Exception { On 2016/12/14 ...
4 years ago (2016-12-14 16:57:37 UTC) #14
pauljensen
lgtm module comments https://codereview.chromium.org/2546213003/diff/100001/net/android/javatests/src/org/chromium/net/AndroidNetworkLibraryTestUtil.java File net/android/javatests/src/org/chromium/net/AndroidNetworkLibraryTestUtil.java (right): https://codereview.chromium.org/2546213003/diff/100001/net/android/javatests/src/org/chromium/net/AndroidNetworkLibraryTestUtil.java#newcode20 net/android/javatests/src/org/chromium/net/AndroidNetworkLibraryTestUtil.java:20: * Helper for tests that simulates ...
4 years ago (2016-12-14 18:08:05 UTC) #15
mgersh
Thanks for your help getting this working! https://codereview.chromium.org/2546213003/diff/100001/net/android/javatests/src/org/chromium/net/AndroidNetworkLibraryTestUtil.java File net/android/javatests/src/org/chromium/net/AndroidNetworkLibraryTestUtil.java (right): https://codereview.chromium.org/2546213003/diff/100001/net/android/javatests/src/org/chromium/net/AndroidNetworkLibraryTestUtil.java#newcode20 net/android/javatests/src/org/chromium/net/AndroidNetworkLibraryTestUtil.java:20: * Helper ...
4 years ago (2016-12-14 19:17:24 UTC) #16
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2546213003/120001
4 years ago (2016-12-14 19:18:44 UTC) #19
commit-bot: I haz the power
Try jobs failed on following builders: linux_android_rel_ng on master.tryserver.chromium.android (JOB_FAILED, https://build.chromium.org/p/tryserver.chromium.android/builders/linux_android_rel_ng/builds/199247) ios-device-xcode-clang on master.tryserver.chromium.mac (JOB_FAILED, ...
4 years ago (2016-12-14 19:22:59 UTC) #21
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2546213003/140001
4 years ago (2016-12-14 19:37:05 UTC) #24
commit-bot: I haz the power
Try jobs failed on following builders: linux_android_rel_ng on master.tryserver.chromium.android (JOB_FAILED, https://build.chromium.org/p/tryserver.chromium.android/builders/linux_android_rel_ng/builds/199259)
4 years ago (2016-12-14 22:08:18 UTC) #26
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2546213003/140001
4 years ago (2016-12-14 22:14:28 UTC) #28
commit-bot: I haz the power
Committed patchset #7 (id:140001)
4 years ago (2016-12-14 23:07:09 UTC) #31
commit-bot: I haz the power
Patchset 7 (id:??) landed as https://crrev.com/d21d6d14ce943e47ecaaa221870bb89ae82c120b Cr-Commit-Position: refs/heads/master@{#438661}
4 years ago (2016-12-14 23:09:55 UTC) #33
mef
Nice! https://codereview.chromium.org/2546213003/diff/140001/net/url_request/url_request_http_job.cc File net/url_request/url_request_http_job.cc (right): https://codereview.chromium.org/2546213003/diff/140001/net/url_request/url_request_http_job.cc#newcode214 net/url_request/url_request_http_job.cc:214: // ERR_BLOCKED_BY_CLIENT if not. nit: ERR_CLEARTEXT_NOT_PERMITTED, not ERR_BLOCKED_BY_CLIENT.
4 years ago (2016-12-14 23:26:44 UTC) #35
mgersh
4 years ago (2016-12-15 15:12:37 UTC) #36
Message was sent while issue was closed. 
https://codereview.chromium.org/2546213003/diff/140001/net/url_request/url_re...
File net/url_request/url_request_http_job.cc (right):

https://codereview.chromium.org/2546213003/diff/140001/net/url_request/url_re...
net/url_request/url_request_http_job.cc:214: // ERR_BLOCKED_BY_CLIENT if not.
On 2016/12/14 23:26:44, mef wrote:
> nit: ERR_CLEARTEXT_NOT_PERMITTED, not ERR_BLOCKED_BY_CLIENT.

Oh, oops. Making a new CL to fix that.

Powered by Google App Engine
This is Rietveld 408576698