How to resolve plaintext that is not allowed in aosp
I know android disables plaintext by default. Can I know exactly where I can enable in aosp instead of adding all packages with network profiles?
Where can I allow by adding the following line?
cleartextTrafficPermitted=”true
External/okhttp/android/main/java/com/squareup/okttp/handler
public static OkUrlFactory createHttpOkUrlFactory(Proxy proxy) {
OkHttpClient client = new OkHttpClient();
Explicitly set the timeouts to infinity.
client.setConnectTimeout(0, TimeUnit.MILLISECONDS);
client.setReadTimeout(0, TimeUnit.MILLISECONDS);
client.setWriteTimeout(0, TimeUnit.MILLISECONDS);
Set the default (same protocol) redirect behavior. The default can be overridden for
each instance using HttpURLConnection.setInstanceFollowRedirects().
client.setFollowRedirects(HttpURLConnection.getFollowRedirects());
Do not permit http -> https and https -> http redirects.
client.setFollowSslRedirects(false);
Permit cleartext traffic only (this is a handler for HTTP, not for HTTPS).
client.setConnectionSpecs(CLEARTEXT_ONLY);
When we do not set the Proxy explicitly OkHttp picks up a ProxySelector using
ProxySelector.getDefault().
if (proxy != null) {
client.setProxy(proxy);
}
OkHttp requires that we explicitly set the response cache.
OkUrlFactory okUrlFactory = new OkUrlFactory(client);
Use the installed NetworkSecurityPolicy to determine which requests are permitted over
http.
OkUrlFactories.setUrlFilter(okUrlFactory, CLEARTEXT_FILTER);
ResponseCache responseCache = ResponseCache.getDefault();
if (responseCache != null) {
AndroidInternal.setResponseCache(okUrlFactory, responseCache);
}
return okUrlFactory;
}
private static final class CleartextURLFilter implements URLFilter {
@Override
public void checkURLPermitted(URL url) throws IOException {
String host = url.getHost();
if (! NetworkSecurityPolicy.getInstance().isCleartextTrafficPermitted(host)) {
throw new IOException("Cleartext HTTP traffic to " + host + " not permitted");
}
}
}
In any application, if I use http, I get an error message because plaintext HTTP traffic to 124.60.5.6 is not allowed”;
So not changed in the app, but can it be changed in aosp?
Solution
If you do that, it’s enough
builder.setCleartextTrafficPermitted(true);
Line 189 seems to be enough because you are using older applications that may not have any network configuration, just the default configuration.
Old answer
I hope you’ve done your homework on the impact of bypassing security features. That being said, the class responsible for the exception is NetworkSecurityConfig
in the framework that packages android.security.net.config.
At the time of writing this answer, the static builder class has a property, boolean mCleartextTrafficPermittedSet
, which is set to false
by default. You may have to default it to true
, which causes the method getEffectiveCleartextTrafficPermitted()
in the NetworkSecurityConfig
class to return mCleartextTrafficPermitted
Returns DEFAULT_CLEARTEXT_TRAFFIC_PERMITTED
as a return with the default setting to true
The process is
getEffectiveCleartextTrafficPermitted()
returns mCleartextTrafficPermitted
returns DEFAULT_CLEARTEXT_TRAFFIC_PERMITTED
returns true by default
。
If this is all confusing, call setCleartextTrafficPermitted(true)
on the builder when creating it.
The source code for this class is available here: https://android.googlesource.com/platform/frameworks/base.git/+/refs/heads/master/core/java/android/security/net/config/NetworkSecurityConfig.java
Note: I haven’t tried this, just went through the source code and extrapolated the above. If something is wrong, you are welcome to try to correct me.
Edit via @Shadow update:
In NetworkSecurityConfig, change the boolean variable from true to false.
//public static final boolean DEFAULT_CLEARTEXT_TRAFFIC_PERMITTED = true;
public static final boolean DEFAULT_CLEARTEXT_TRAFFIC_PERMITTED = false;
Also in ManifestConfigSource, comment out the following line
/*boolean usesCleartextTraffic =
(mApplicationInfo.flags & ApplicationInfo.FLAG_USES_CLEARTEXT_TRAFFIC) != 0
&& mApplicationInfo.targetSandboxVersion < 2; */
and directly apply that usesCleartextTraffic is true.
boolean usesCleartextTraffic =true;