Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 00991408 authored by Lorenzo Colitti's avatar Lorenzo Colitti Committed by Gerrit Code Review
Browse files

Merge changes Ia7c66ff3,I47a8d41d 

* changes:
  Fix ResolverTest.BlockDnsQueryWithUidRule.
  fchown DNS lookup sockets to UID of the app that sent the DNS lookup.
parents 5350f611 eb9aeecb

Android.bp

+2 −0
Original line number Diff line number Diff line
@@ -165,6 +165,7 @@ cc_test { 
        "libnetd_resolv_headers",

    ],

    shared_libs: [

        "libbpf_android",

        "libbase",

        "libbinder",

        "libcrypto",
@@ -178,6 +179,7 @@ cc_test { 
        "libnetd_test_dnsresponder",

        "libnetd_test_metrics_listener",

        "libnetd_test_tun_interface",

        "libnetd_test_utils",

        "libnetdutils",

        "netd_aidl_interface-V2-cpp",

        "netd_event_listener_interface-V1-cpp",

DnsTlsSocket.cpp

+6 −0
Original line number Diff line number Diff line
@@ -26,6 +26,7 @@ 
#include <openssl/sha.h>

#include <sys/eventfd.h>

#include <sys/poll.h>

#include <unistd.h>

#include <algorithm>



#include "DnsTlsSessionCache.h"
@@ -34,6 +35,7 @@ 
#include <android-base/logging.h>



#include "netdutils/SocketOption.h"

#include "private/android_filesystem_config.h"  // AID_DNS



namespace android {
@@ -80,6 +82,10 @@ Status DnsTlsSocket::tcpConnect() { 
        return Status(errno);

    }



    if (fchown(mSslFd.get(), AID_DNS, -1) == -1) {

        LOG(WARNING) << "Failed to chown socket: %s" << strerror(errno);

    }



    const socklen_t len = sizeof(mMark);

    if (setsockopt(mSslFd.get(), SOL_SOCKET, SO_MARK, &mMark, len) == -1) {

        LOG(ERROR) << "Failed to set socket mark";

res_init.cpp

+1 −0
Original line number Diff line number Diff line
@@ -313,6 +313,7 @@ void res_setnetcontext(res_state statp, const struct android_net_context* netcon 
                       android::net::NetworkDnsEventReported* _Nonnull event) {

    if (statp != NULL) {

        statp->netid = netcontext->dns_netid;

        statp->uid = netcontext->uid;

        statp->_mark = netcontext->dns_mark;

        if (netcontext->flags & NET_CONTEXT_FLAG_USE_EDNS) {

            statp->options |= RES_USE_EDNS0 | RES_USE_DNSSEC;

res_send.cpp

+6 −2
Original line number Diff line number Diff line
@@ -772,7 +772,9 @@ same_ns: 
                    return -1;

            }

        }

        fchown(statp->_vcsock, AID_DNS, -1);

        if (fchown(statp->_vcsock, statp->uid, -1) == -1) {

            PLOG(WARNING) << __func__ << ": Failed to chown socket";

        }

        if (statp->_mark != MARK_UNSET) {

            if (setsockopt(statp->_vcsock, SOL_SOCKET, SO_MARK, &statp->_mark,

                           sizeof(statp->_mark)) < 0) {
@@ -1015,7 +1017,9 @@ static int send_dg(res_state statp, res_params* params, const u_char* buf, int b 
            }

        }



        fchown(statp->_u._ext.nssocks[ns], AID_DNS, -1);

        if (fchown(statp->_u._ext.nssocks[ns], statp->uid, -1) == -1) {

            PLOG(WARNING) << __func__ << ": Failed to chown socket";

        }

        if (statp->_mark != MARK_UNSET) {

            if (setsockopt(statp->_u._ext.nssocks[ns], SOL_SOCKET, SO_MARK, &(statp->_mark),

                           sizeof(statp->_mark)) < 0) {

resolv_private.h

+1 −0
Original line number Diff line number Diff line
@@ -89,6 +89,7 @@ struct res_state_ext; 


struct __res_state {

    unsigned netid;                        /* NetId: cache key and socket mark */

    uid_t uid;                             /* uid of the app that sent the DNS lookup */

    u_long options;                        /* option flags - see below. */

    int nscount;                           /* number of name srvers */

    struct sockaddr_in nsaddr_list[MAXNS]; /* address of name server */