added option to include generic/permissive network security config file durin…

brut.apktool/apktool-cli/src/main/java/brut/apktool/Main.java

@@ -216,6 +216,9 @@ private static void cmdBuild(CommandLine cli) {
         if (cli.hasOption("d") || cli.hasOption("debug")) {
             buildOptions.debugMode = true;
         }
+        if (cli.hasOption("n") || cli.hasOption("net-sec-conf")) {
+            buildOptions.netSecConf = true;
+        }
         if (cli.hasOption("v") || cli.hasOption("verbose")) {
             buildOptions.verbose = true;
         }
@@ -366,6 +369,11 @@ private static void _Options() {
                 .desc("Sets android:debuggable to \"true\" in the APK's compiled manifest")
                 .build();
 
+        Option netSecConfOption = Option.builder("n")
+            .longOpt("net-sec-conf")
+            .desc("Adds a generic Network Security Configuration file in the output APK")
+            .build();
+
         Option noDbgOption = Option.builder("b")
                 .longOpt("no-debug-info")
                 .desc("don't write out debug info (.local, .param, .line, etc.)")
@@ -473,6 +481,7 @@ private static void _Options() {
 
             buildOptions.addOption(apiLevelOption);
             buildOptions.addOption(debugBuiOption);
+            buildOptions.addOption(netSecConfOption);
             buildOptions.addOption(aaptOption);
             buildOptions.addOption(originalOption);
             buildOptions.addOption(aapt2Option);
@@ -528,6 +537,7 @@ private static void _Options() {
         allOptions.addOption(noAssetOption);
         allOptions.addOption(keepResOption);
         allOptions.addOption(debugBuiOption);
+        allOptions.addOption(netSecConfOption);
         allOptions.addOption(aaptOption);
         allOptions.addOption(originalOption);
         allOptions.addOption(verboseOption);

brut.apktool/apktool-lib/src/main/java/brut/androlib/Androlib.java

@@ -36,6 +36,8 @@
 import org.apache.commons.io.FilenameUtils;
 import org.jf.dexlib2.iface.DexFile;
 
+import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.transform.TransformerException;
 import java.io.*;
 import java.util.*;
 import java.util.logging.Logger;
@@ -486,6 +488,25 @@ public boolean buildResourcesFull(File appDir, UsesFramework usesFramework)
                     }
                 }
 
+                if (buildOptions.netSecConf) {
+                    MetaInfo meta = readMetaFile(new ExtFile(appDir));
+                    if (meta.sdkInfo != null && meta.sdkInfo.get("targetSdkVersion") != null) {
+                        if (Integer.parseInt(meta.sdkInfo.get("targetSdkVersion")) < 24) {
+                            LOGGER.warning("Target SDK version is lower than 24! Network Security Configuration might be ignored!");
+                        }
+                    }
+                    File netSecConfOrig = new File(appDir, "res/xml/network_security_config.xml");
+                    if (netSecConfOrig.exists()) {
+                        netSecConfOrig.delete();
+                    }
+                    ResXmlPatcher.modNetworkSecurityConfig(netSecConfOrig);
+
+
+                    ResXmlPatcher.setNetworkSecurityConfig(new File(appDir, "AndroidManifest.xml"));
+                    LOGGER.info("Added permissive network security config in manifest");
+                }
+
+
                 File apkFile = File.createTempFile("APKTOOL", null);
                 apkFile.delete();
                 resourceFile.delete();
@@ -518,7 +539,7 @@ public boolean buildResourcesFull(File appDir, UsesFramework usesFramework)
                 apkFile.delete();
             }
             return true;
-        } catch (IOException | BrutException ex) {
+        } catch (IOException | BrutException | ParserConfigurationException | TransformerException ex) {
             throw new AndrolibException(ex);
         }
     }

brut.apktool/apktool-lib/src/main/java/brut/androlib/options/BuildOptions.java

@@ -22,6 +22,7 @@ public class BuildOptions {
     public boolean forceBuildAll = false;
     public boolean forceDeleteFramework = false;
     public boolean debugMode = false;
+    public boolean netSecConf = false;
     public boolean verbose = false;
     public boolean copyOriginalFiles = false;
     public final boolean updateFiles = false;

brut.apktool/apktool-lib/src/main/java/brut/androlib/res/xml/ResXmlPatcher.java

@@ -17,10 +17,7 @@
 package brut.androlib.res.xml;
 
 import brut.androlib.AndrolibException;
-import org.w3c.dom.Document;
-import org.w3c.dom.NamedNodeMap;
-import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
+import org.w3c.dom.*;
 import org.xml.sax.SAXException;
 
 import javax.xml.parsers.DocumentBuilder;
@@ -97,6 +94,75 @@ public static void setApplicationDebugTagTrue(File file) {
         }
     }
 
+    /**
+     * Sets the value of the network security config in the AndroidManifest file
+     *
+     * @param file AndroidManifest file
+     */
+    public static void setNetworkSecurityConfig(File file) {
+        if (file.exists()) {
+            try {
+                Document doc = loadDocument(file);
+                Node application = doc.getElementsByTagName("application").item(0);
+
+                // load attr
+                NamedNodeMap attr = application.getAttributes();
+                Node netSecConfAttr = attr.getNamedItem("android:networkSecurityConfig");
+
+                if (netSecConfAttr == null) {
+                    // there is not an already existing network security configuration
+                    netSecConfAttr = doc.createAttribute("android:networkSecurityConfig");
+                    attr.setNamedItem(netSecConfAttr);
+                }
+
+                // whether it already existed or it was created now set it to the proper value
+                netSecConfAttr.setNodeValue("@xml/network_security_config");
+
+                saveDocument(file, doc);
+
+            } catch (SAXException | ParserConfigurationException | IOException | TransformerException ignored) {
+            }
+        }
+    }
+
+    /**
+     * Creates a modified network security config file that is more permissive
+     *
+     * @param file network security config file
+     */
+    public static void modNetworkSecurityConfig(File file) throws ParserConfigurationException, TransformerException {
+        DocumentBuilderFactory documentFactory = DocumentBuilderFactory.newInstance();
+        DocumentBuilder documentBuilder = documentFactory.newDocumentBuilder();
+        Document document = documentBuilder.newDocument();
+        // root element
+        Element root = document.createElement("network-security-config");
+        document.appendChild(root);
+        Element baseConfig = document.createElement("base-config");
+        root.appendChild(baseConfig);
+        Element trustAnchors = document.createElement("trust-anchors");
+        baseConfig.appendChild(trustAnchors);
+
+        Element certSystem = document.createElement("certificates");
+        Attr attrSystem = document.createAttribute("src");
+        attrSystem.setValue("system");
+        certSystem.setAttributeNode(attrSystem);
+        trustAnchors.appendChild(certSystem);
+
+        Element certUser = document.createElement("certificates");
+        Attr attrUser = document.createAttribute("src");
+        attrUser.setValue("user");
+        certUser.setAttributeNode(attrUser);
+        trustAnchors.appendChild(certUser);
+
+        // create the xml file
+        //transform the DOM Object to an XML File
+        TransformerFactory transformerFactory = TransformerFactory.newInstance();
+        Transformer transformer = transformerFactory.newTransformer();
+        DOMSource domSource = new DOMSource(document);
+        StreamResult streamResult = new StreamResult(file);
+        transformer.transform(domSource, streamResult);
+    }
+
     /**
      * Any @string reference in a provider value in AndroidManifest.xml will break on
      * build, thus preventing the application from installing. This is from a bug/error