Add listeners for CertificateTranspaency DeviceConfig flags
Flag: com.android.ct.flags.certificate_transparency_service
Bug: 319829948
Test: adb shell device_config put certificate_transparency log_list_data_url <url>
Change-Id: Ief074fbef21ca18e6882852d53e90e7ddbbd78fa
diff --git a/networksecurity/service/Android.bp b/networksecurity/service/Android.bp
index 66d201a..e33abd5 100644
--- a/networksecurity/service/Android.bp
+++ b/networksecurity/service/Android.bp
@@ -27,6 +27,7 @@
],
libs: [
+ "framework-configinfrastructure",
"framework-connectivity-pre-jarjar",
"service-connectivity-pre-jarjar",
],
diff --git a/networksecurity/service/src/com/android/server/net/ct/CertificateTransparencyFlagsListener.java b/networksecurity/service/src/com/android/server/net/ct/CertificateTransparencyFlagsListener.java
new file mode 100644
index 0000000..8dd5951
--- /dev/null
+++ b/networksecurity/service/src/com/android/server/net/ct/CertificateTransparencyFlagsListener.java
@@ -0,0 +1,67 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.android.server.net.ct;
+
+import static android.provider.DeviceConfig.NAMESPACE_TETHERING;
+
+import android.content.Context;
+import android.provider.DeviceConfig;
+import android.provider.DeviceConfig.Properties;
+import android.text.TextUtils;
+import android.util.Log;
+
+import com.android.modules.utils.build.SdkLevel;
+
+import java.util.concurrent.Executors;
+
+/** Listener class for the Certificate Transparency Phenotype flags. */
+class CertificateTransparencyFlagsListener implements DeviceConfig.OnPropertiesChangedListener {
+
+ private static final String TAG = "CertificateTransparency";
+
+ private static final String VERSION = "version";
+ private static final String CONTENT_URL = "content_url";
+ private static final String METADATA_URL = "metadata_url";
+
+ CertificateTransparencyFlagsListener(Context context) {}
+
+ void initialize() {
+ DeviceConfig.addOnPropertiesChangedListener(
+ NAMESPACE_TETHERING, Executors.newSingleThreadExecutor(), this);
+ // TODO: handle property changes triggering on boot before registering this listener.
+ }
+
+ @Override
+ public void onPropertiesChanged(Properties properties) {
+ if (!SdkLevel.isAtLeastV() || !NAMESPACE_TETHERING.equals(properties.getNamespace())) {
+ return;
+ }
+
+ String newVersion = DeviceConfig.getString(NAMESPACE_TETHERING, VERSION, "");
+ String newContentUrl = DeviceConfig.getString(NAMESPACE_TETHERING, CONTENT_URL, "");
+ String newMetadataUrl = DeviceConfig.getString(NAMESPACE_TETHERING, METADATA_URL, "");
+ if (TextUtils.isEmpty(newVersion)
+ || TextUtils.isEmpty(newContentUrl)
+ || TextUtils.isEmpty(newMetadataUrl)) {
+ return;
+ }
+
+ Log.d(TAG, "newVersion=" + newVersion);
+ Log.d(TAG, "newContentUrl=" + newContentUrl);
+ Log.d(TAG, "newMetadataUrl=" + newMetadataUrl);
+ // TODO: start download of URLs.
+ }
+}
diff --git a/networksecurity/service/src/com/android/server/net/ct/CertificateTransparencyService.java b/networksecurity/service/src/com/android/server/net/ct/CertificateTransparencyService.java
index 8c53bf7..406a57f 100644
--- a/networksecurity/service/src/com/android/server/net/ct/CertificateTransparencyService.java
+++ b/networksecurity/service/src/com/android/server/net/ct/CertificateTransparencyService.java
@@ -23,6 +23,7 @@
import com.android.net.ct.flags.Flags;
import com.android.net.module.util.DeviceConfigUtils;
+import com.android.server.SystemService;
/** Implementation of the Certificate Transparency service. */
@RequiresApi(Build.VERSION_CODES.VANILLA_ICE_CREAM)
@@ -32,6 +33,8 @@
private static final String CERTIFICATE_TRANSPARENCY_ENABLED =
"certificate_transparency_service_enabled";
+ private final CertificateTransparencyFlagsListener mFlagsListener;
+
/**
* @return true if the CertificateTransparency service is enabled.
*/
@@ -43,7 +46,9 @@
}
/** Creates a new {@link CertificateTransparencyService} object. */
- public CertificateTransparencyService(Context context) {}
+ public CertificateTransparencyService(Context context) {
+ mFlagsListener = new CertificateTransparencyFlagsListener(context);
+ }
/**
* Called by {@link com.android.server.ConnectivityServiceInitializer}.
@@ -51,6 +56,13 @@
* @see com.android.server.SystemService#onBootPhase
*/
public void onBootPhase(int phase) {
- Log.d(TAG, "CertificateTransparencyService#onBootPhase " + phase);
+
+ switch (phase) {
+ case SystemService.PHASE_BOOT_COMPLETED:
+ Log.d(TAG, "setting up flags listeners");
+ mFlagsListener.initialize();
+ break;
+ default:
+ }
}
}