Network security config for range of ip addresses?
In Android P, cleartext communication is disabled by default. Instead, there are two options:
- One needs to explicitly declare that cleartext communication is allowed in the manifest file with
- Or needs to declare the allowed domains that allow cleartext communication via a network security config.
My question has to do with the second approach. I can whitelist a specific ip address like this in network_security_config.xml
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">192.168.1.1</domain>
</domain-config>
</network-security-config>
However, I would like to whitelist all private ip addresses. I had a few trial-and-error cases but I wasn't able to make it work.
In essence, is there an option given to define a range of ip addresses in the network security config?
android android-security android-9.0-pie asked Nov 15 '18 at 10:17
user10293922user10293922
61
add a comment |
In Android P, cleartext communication is disabled by default. Instead, there are two options:
- One needs to explicitly declare that cleartext communication is allowed in the manifest file with
- Or needs to declare the allowed domains that allow cleartext communication via a network security config.
My question has to do with the second approach. I can whitelist a specific ip address like this in network_security_config.xml
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">192.168.1.1</domain>
</domain-config>
</network-security-config>
However, I would like to whitelist all private ip addresses. I had a few trial-and-error cases but I wasn't able to make it work.
In essence, is there an option given to define a range of ip addresses in the network security config?
android android-security android-9.0-pie asked Nov 15 '18 at 10:17
user10293922user10293922
61
add a comment |
In Android P, cleartext communication is disabled by default. Instead, there are two options:
- One needs to explicitly declare that cleartext communication is allowed in the manifest file with
- Or needs to declare the allowed domains that allow cleartext communication via a network security config.
My question has to do with the second approach. I can whitelist a specific ip address like this in network_security_config.xml
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">192.168.1.1</domain>
</domain-config>
</network-security-config>
However, I would like to whitelist all private ip addresses. I had a few trial-and-error cases but I wasn't able to make it work.
In essence, is there an option given to define a range of ip addresses in the network security config?
android android-security android-9.0-pie asked Nov 15 '18 at 10:17
user10293922user10293922
61
In Android P, cleartext communication is disabled by default. Instead, there are two options:
- One needs to explicitly declare that cleartext communication is allowed in the manifest file with
- Or needs to declare the allowed domains that allow cleartext communication via a network security config.
My question has to do with the second approach. I can whitelist a specific ip address like this in network_security_config.xml
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">192.168.1.1</domain>
</domain-config>
</network-security-config>
However, I would like to whitelist all private ip addresses. I had a few trial-and-error cases but I wasn't able to make it work.
In essence, is there an option given to define a range of ip addresses in the network security config?
android android-security android-9.0-pie android android-security android-9.0-pie asked Nov 15 '18 at 10:17
user10293922user10293922
61
asked Nov 15 '18 at 10:17
user10293922user10293922
61
asked Nov 15 '18 at 10:17
user10293922user10293922
61
asked Nov 15 '18 at 10:17
user10293922user10293922
61
asked Nov 15 '18 at 10:17
user10293922user10293922
61
61
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
No, sorry.
In fact, I suspect that supporting <domain includeSubdomains="true">192.168.1.1</domain> is accidental and may not prove reliable over time, if they start to think that <domain> refers to actual domain names and not arbitrary host values, such as IP addresses.
answered Nov 15 '18 at 12:01
CommonsWareCommonsWare
777k13918951941
Thank you for your answer! If I may ask, how did you arrive at that conclusion? Did you see something at the source code,by trial and error or just by the semantical meaning and android docs?
– user10293922
Nov 16 '18 at 8:50
@user10293922: I ported the network security configuration code to a standalone library that works back to Android 4.2. That being said, my statement is based more on the semantical meaning and Android docs.
– CommonsWare
Nov 16 '18 at 12:06
@CommonsWare could you please look at this stackoverflow.com/questions/53798484/… - maybe you know what's the problem.. Thanks!
– atlascoder
Dec 16 '18 at 12:56
add a comment |
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53317137%2fnetwork-security-config-for-range-of-ip-addresses%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
No, sorry.
In fact, I suspect that supporting <domain includeSubdomains="true">192.168.1.1</domain> is accidental and may not prove reliable over time, if they start to think that <domain> refers to actual domain names and not arbitrary host values, such as IP addresses.
answered Nov 15 '18 at 12:01
CommonsWareCommonsWare
777k13918951941
Thank you for your answer! If I may ask, how did you arrive at that conclusion? Did you see something at the source code,by trial and error or just by the semantical meaning and android docs?
– user10293922
Nov 16 '18 at 8:50
@user10293922: I ported the network security configuration code to a standalone library that works back to Android 4.2. That being said, my statement is based more on the semantical meaning and Android docs.
– CommonsWare
Nov 16 '18 at 12:06
@CommonsWare could you please look at this stackoverflow.com/questions/53798484/… - maybe you know what's the problem.. Thanks!
– atlascoder
Dec 16 '18 at 12:56
add a comment |
No, sorry.
In fact, I suspect that supporting <domain includeSubdomains="true">192.168.1.1</domain> is accidental and may not prove reliable over time, if they start to think that <domain> refers to actual domain names and not arbitrary host values, such as IP addresses.
answered Nov 15 '18 at 12:01
CommonsWareCommonsWare
777k13918951941
Thank you for your answer! If I may ask, how did you arrive at that conclusion? Did you see something at the source code,by trial and error or just by the semantical meaning and android docs?
– user10293922
Nov 16 '18 at 8:50
@user10293922: I ported the network security configuration code to a standalone library that works back to Android 4.2. That being said, my statement is based more on the semantical meaning and Android docs.
– CommonsWare
Nov 16 '18 at 12:06
@CommonsWare could you please look at this stackoverflow.com/questions/53798484/… - maybe you know what's the problem.. Thanks!
– atlascoder
Dec 16 '18 at 12:56
add a comment |
No, sorry.
In fact, I suspect that supporting <domain includeSubdomains="true">192.168.1.1</domain> is accidental and may not prove reliable over time, if they start to think that <domain> refers to actual domain names and not arbitrary host values, such as IP addresses.
answered Nov 15 '18 at 12:01
CommonsWareCommonsWare
777k13918951941
No, sorry.
In fact, I suspect that supporting <domain includeSubdomains="true">192.168.1.1</domain> is accidental and may not prove reliable over time, if they start to think that <domain> refers to actual domain names and not arbitrary host values, such as IP addresses.
answered Nov 15 '18 at 12:01
CommonsWareCommonsWare
777k13918951941
answered Nov 15 '18 at 12:01
CommonsWareCommonsWare
777k13918951941
answered Nov 15 '18 at 12:01
CommonsWareCommonsWare
777k13918951941
answered Nov 15 '18 at 12:01
CommonsWareCommonsWare
777k13918951941
777k13918951941
Thank you for your answer! If I may ask, how did you arrive at that conclusion? Did you see something at the source code,by trial and error or just by the semantical meaning and android docs?
– user10293922
Nov 16 '18 at 8:50
@user10293922: I ported the network security configuration code to a standalone library that works back to Android 4.2. That being said, my statement is based more on the semantical meaning and Android docs.
– CommonsWare
Nov 16 '18 at 12:06
@CommonsWare could you please look at this stackoverflow.com/questions/53798484/… - maybe you know what's the problem.. Thanks!
– atlascoder
Dec 16 '18 at 12:56
add a comment |
Thank you for your answer! If I may ask, how did you arrive at that conclusion? Did you see something at the source code,by trial and error or just by the semantical meaning and android docs?
– user10293922
Nov 16 '18 at 8:50
@user10293922: I ported the network security configuration code to a standalone library that works back to Android 4.2. That being said, my statement is based more on the semantical meaning and Android docs.
– CommonsWare
Nov 16 '18 at 12:06
@CommonsWare could you please look at this stackoverflow.com/questions/53798484/… - maybe you know what's the problem.. Thanks!
– atlascoder
Dec 16 '18 at 12:56
Thank you for your answer! If I may ask, how did you arrive at that conclusion? Did you see something at the source code,by trial and error or just by the semantical meaning and android docs?
– user10293922
Nov 16 '18 at 8:50
Thank you for your answer! If I may ask, how did you arrive at that conclusion? Did you see something at the source code,by trial and error or just by the semantical meaning and android docs?
– user10293922
Nov 16 '18 at 8:50
@user10293922: I ported the network security configuration code to a standalone library that works back to Android 4.2. That being said, my statement is based more on the semantical meaning and Android docs.
– CommonsWare
Nov 16 '18 at 12:06
@user10293922: I ported the network security configuration code to a standalone library that works back to Android 4.2. That being said, my statement is based more on the semantical meaning and Android docs.
– CommonsWare
Nov 16 '18 at 12:06
@CommonsWare could you please look at this stackoverflow.com/questions/53798484/… - maybe you know what's the problem.. Thanks!
– atlascoder
Dec 16 '18 at 12:56
@CommonsWare could you please look at this stackoverflow.com/questions/53798484/… - maybe you know what's the problem.. Thanks!
– atlascoder
Dec 16 '18 at 12:56
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53317137%2fnetwork-security-config-for-range-of-ip-addresses%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
