Merge "Gate CT via the certificateTransparencyConfiguration flag" into main am: bb15d82306
Original change: https://android-review.googlesource.com/c/platform/packages/modules/Connectivity/+/3391690
Change-Id: I8e1c9188537ed300327f9943a68bd9b5833f8794
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
diff --git a/networksecurity/service/Android.bp b/networksecurity/service/Android.bp
index a41e6a0..f27acb7 100644
--- a/networksecurity/service/Android.bp
+++ b/networksecurity/service/Android.bp
@@ -34,6 +34,7 @@
static_libs: [
"auto_value_annotations",
+ "android.security.flags-aconfig-java-export",
],
plugins: [
diff --git a/networksecurity/service/src/com/android/server/net/ct/CertificateTransparencyInstaller.java b/networksecurity/service/src/com/android/server/net/ct/CertificateTransparencyInstaller.java
index 4ca97eb..9970667 100644
--- a/networksecurity/service/src/com/android/server/net/ct/CertificateTransparencyInstaller.java
+++ b/networksecurity/service/src/com/android/server/net/ct/CertificateTransparencyInstaller.java
@@ -83,7 +83,7 @@
DirectoryUtils.makeDir(mRootDirectory);
if (!compatVersion.install(newContent, version)) {
- Log.e(TAG, "Failed to install logs for compatibility version " + compatibilityVersion);
+ Log.e(TAG, "Failed to install logs version " + version);
return false;
}
Log.i(TAG, "New logs installed at " + compatVersion.getLogsDir());
diff --git a/networksecurity/service/src/com/android/server/net/ct/CertificateTransparencyService.java b/networksecurity/service/src/com/android/server/net/ct/CertificateTransparencyService.java
index eef867c..6151727 100644
--- a/networksecurity/service/src/com/android/server/net/ct/CertificateTransparencyService.java
+++ b/networksecurity/service/src/com/android/server/net/ct/CertificateTransparencyService.java
@@ -16,13 +16,17 @@
package com.android.server.net.ct;
+import static android.security.Flags.certificateTransparencyConfiguration;
+
+import static com.android.net.ct.flags.Flags.certificateTransparencyJob;
+import static com.android.net.ct.flags.Flags.certificateTransparencyService;
+
import android.annotation.RequiresApi;
import android.content.Context;
import android.net.ct.ICertificateTransparencyManager;
import android.os.Build;
import android.provider.DeviceConfig;
-import com.android.net.ct.flags.Flags;
import com.android.server.SystemService;
/** Implementation of the Certificate Transparency service. */
@@ -37,9 +41,11 @@
*/
public static boolean enabled(Context context) {
return DeviceConfig.getBoolean(
- Config.NAMESPACE_NETWORK_SECURITY, Config.FLAG_SERVICE_ENABLED,
- /* defaultValue= */ true)
- && Flags.certificateTransparencyService();
+ Config.NAMESPACE_NETWORK_SECURITY,
+ Config.FLAG_SERVICE_ENABLED,
+ /* defaultValue= */ true)
+ && certificateTransparencyService()
+ && certificateTransparencyConfiguration();
}
/** Creates a new {@link CertificateTransparencyService} object. */
@@ -54,7 +60,6 @@
downloadHelper,
signatureVerifier,
new CertificateTransparencyInstaller());
-
mFlagsListener =
new CertificateTransparencyFlagsListener(dataStore, signatureVerifier, downloader);
mCertificateTransparencyJob =
@@ -67,10 +72,9 @@
* @see com.android.server.SystemService#onBootPhase
*/
public void onBootPhase(int phase) {
-
switch (phase) {
case SystemService.PHASE_BOOT_COMPLETED:
- if (Flags.certificateTransparencyJob()) {
+ if (certificateTransparencyJob()) {
mCertificateTransparencyJob.initialize();
} else {
mFlagsListener.initialize();