I know cleartext been disabled by default by android. May I know where exactly I can enable in aosp instead of adding in all packages with network config files?
Where I can permit by adding the below line?
cleartextTrafficPermitted="true
external/okhttp/android/main/java/com/squareup/okttp/Handler
public static OkUrlFactory createHttpOkUrlFactory(Proxy proxy) {
OkHttpClient client = new OkHttpClient();
// Explicitly set the timeouts to infinity.
client.setConnectTimeout(0, TimeUnit.MILLISECONDS);
client.setReadTimeout(0, TimeUnit.MILLISECONDS);
client.setWriteTimeout(0, TimeUnit.MILLISECONDS);
// Set the default (same protocol) redirect behavior. The default can be overridden for
// each instance using HttpURLConnection.setInstanceFollowRedirects().
client.setFollowRedirects(HttpURLConnection.getFollowRedirects());
// Do not permit http -> https and https -> http redirects.
client.setFollowSslRedirects(false);
// Permit cleartext traffic only (this is a handler for HTTP, not for HTTPS).
client.setConnectionSpecs(CLEARTEXT_ONLY);
// When we do not set the Proxy explicitly OkHttp picks up a ProxySelector using
// ProxySelector.getDefault().
if (proxy != null) {
client.setProxy(proxy);
}
// OkHttp requires that we explicitly set the response cache.
OkUrlFactory okUrlFactory = new OkUrlFactory(client);
// Use the installed NetworkSecurityPolicy to determine which requests are permitted over
// http.
OkUrlFactories.setUrlFilter(okUrlFactory, CLEARTEXT_FILTER);
ResponseCache responseCache = ResponseCache.getDefault();
if (responseCache != null) {
AndroidInternal.setResponseCache(okUrlFactory, responseCache);
}
return okUrlFactory;
}
private static final class CleartextURLFilter implements URLFilter {
@Override
public void checkURLPermitted(URL url) throws IOException {
String host = url.getHost();
if (!NetworkSecurityPolicy.getInstance().isCleartextTrafficPermitted(host)) {
throw new IOException("Cleartext HTTP traffic to " + host + " not permitted");
}
}
}
In any apps if I use http, I get error as Cleartext HTTP traffic to 124.60.5.6 not permitted";
So instead of changing in apps, is it possible to change in aosp?
Seems like its enough if you do
builder.setCleartextTrafficPermitted(true);
in line 189 seems sufficient since you are using older applications which probably doesn't have any network config and only uses default ones.
I hope you have done your homework on the implications on bypassing a security feature. That being said, the class responsible for the exception is in framework with package android.security.net.config and class responsible is NetworkSecurityConfig.
As of writing this answer, the static builder class has a property boolean mCleartextTrafficPermittedSet which is set to false by default. You might have to default it to true which makes the method getEffectiveCleartextTrafficPermitted() in the NetworkSecurityConfig class return mCleartextTrafficPermitted which in return returns DEFAULT_CLEARTEXT_TRAFFIC_PERMITTED which is by default set to true
The flow would be
getEffectiveCleartextTrafficPermitted() returns mCleartextTrafficPermitted returns DEFAULT_CLEARTEXT_TRAFFIC_PERMITTED returns true by default.
If this is all confusing, call setCleartextTrafficPermitted(true) on the builder whenever the builder is created.
The source for the class is available here: https://android.googlesource.com/platform/frameworks/base.git/+/refs/heads/master/core/java/android/security/net/config/NetworkSecurityConfig.java
Note: I have not tried this and merely gone through the source and inferred the above. You are welcome to try and correct me if something is wrong.
Edit by updating from @Shadow:
In NetworkSecurityConfig, change the boolean variable from true to false.
//public static final boolean DEFAULT_CLEARTEXT_TRAFFIC_PERMITTED = true;
public static final boolean DEFAULT_CLEARTEXT_TRAFFIC_PERMITTED = false;
Also in ManifestConfigSource, comment the below line,
/*boolean usesCleartextTraffic =
(mApplicationInfo.flags & ApplicationInfo.FLAG_USES_CLEARTEXT_TRAFFIC) != 0
&& mApplicationInfo.targetSandboxVersion < 2;*/
and directly apply as usesCleartextTraffic as true.
boolean usesCleartextTraffic =true;