Make change and version bump to aml_res_331010000 for mainline module file: apex/manifest.json (19689af0) · Commits · e / os / android_packages_modules_DnsResolver

DnsProxyListener.cpp

+71 −57

Original line number	Original line	Diff line number	Diff line
	@@ -18,7 +18,6 @@

	#include <arpa/inet.h>		#include <arpa/inet.h>
	#include <dirent.h>		#include <dirent.h>
	#include <errno.h>
	#include <linux/if.h>		#include <linux/if.h>
	#include <math.h>		#include <math.h>
	#include <net/if.h>		#include <net/if.h>
	@@ -34,6 +33,7 @@
	#include <algorithm>		#include <algorithm>
	#include <vector>		#include <vector>

			#include <android-base/parseint.h>
	#include <android/multinetwork.h> // ResNsendFlags		#include <android/multinetwork.h> // ResNsendFlags
	#include <cutils/misc.h> // FIRST_APPLICATION_UID		#include <cutils/misc.h> // FIRST_APPLICATION_UID
	#include <cutils/multiuser.h>		#include <cutils/multiuser.h>
	@@ -63,6 +63,8 @@
	using aidl::android::net::metrics::INetdEventListener;		using aidl::android::net::metrics::INetdEventListener;
	using aidl::android::net::resolv::aidl::DnsHealthEventParcel;		using aidl::android::net::resolv::aidl::DnsHealthEventParcel;
	using aidl::android::net::resolv::aidl::IDnsResolverUnsolicitedEventListener;		using aidl::android::net::resolv::aidl::IDnsResolverUnsolicitedEventListener;
			using android::base::ParseInt;
			using android::base::ParseUint;
	using std::span;		using std::span;

	namespace android {		namespace android {
	@@ -235,23 +237,9 @@ int resNSendToAiError(int err, int rcode) {
	return EAI_SYSTEM;		return EAI_SYSTEM;
	}		}

	template <typename IntegralType>
	bool simpleStrtoul(const char* input, IntegralType* output, int base = 10) {
	char* endPtr;
	errno = 0;
	auto result = strtoul(input, &endPtr, base);
	// Check the length in order to ensure there is no "-" sign
	if (!input \|\| endPtr \|\| (endPtr - input) != static_cast<ptrdiff_t>(strlen(input)) \|\|
	(errno == ERANGE && (result == ULONG_MAX))) {
	return false;
	}
	*output = result;
	return true;
	}

	bool setQueryId(span<uint8_t> msg, uint16_t query_id) {		bool setQueryId(span<uint8_t> msg, uint16_t query_id) {
	if ((size_t)msg.size() < sizeof(HEADER)) {		if ((size_t)msg.size() < sizeof(HEADER)) {
	errno = EINVAL;		LOG(ERROR) << __func__ << ": Invalid parameter";
	return false;		return false;
	}		}
	auto hp = reinterpret_cast<HEADER*>(msg.data());		auto hp = reinterpret_cast<HEADER*>(msg.data());
	@@ -703,6 +691,17 @@ static bool evaluate_domain_name(const android_net_context& netcontext, const ch
	return gResNetdCallbacks.evaluate_domain_name(netcontext, host);		return gResNetdCallbacks.evaluate_domain_name(netcontext, host);
	}		}

			static int HandleArgumentError(SocketClient* cli, int errorcode, std::string strerrormessage,
			int argc, char** argv) {
			for (int i = 0; i < argc; i++) {
			strerrormessage += "argv[" + std::to_string(i) + "]=" + (argv[i] ? argv[i] : "null") + " ";
			}

			LOG(WARNING) << strerrormessage;
			cli->sendMsg(errorcode, strerrormessage.c_str(), false);
			return -1;
			}

	static bool sendBE32(SocketClient* c, uint32_t data) {		static bool sendBE32(SocketClient* c, uint32_t data) {
	uint32_t be_data = htonl(data);		uint32_t be_data = htonl(data);
	return c->sendData(&be_data, sizeof(be_data)) == 0;		return c->sendData(&be_data, sizeof(be_data)) == 0;
	@@ -911,22 +910,31 @@ DnsProxyListener::GetAddrInfoCmd::GetAddrInfoCmd() : FrameworkCommand("getaddrin
	int DnsProxyListener::GetAddrInfoCmd::runCommand(SocketClient* cli, int argc, char** argv) {		int DnsProxyListener::GetAddrInfoCmd::runCommand(SocketClient* cli, int argc, char** argv) {
	logArguments(argc, argv);		logArguments(argc, argv);

			int ai_flags = 0;
			int ai_family = 0;
			int ai_socktype = 0;
			int ai_protocol = 0;
			unsigned netId = 0;
			std::string strErr = "GetAddrInfoCmd::runCommand: ";

	if (argc != 8) {		if (argc != 8) {
	char* msg = nullptr;		strErr = strErr + "invalid number of arguments: " + std::to_string(argc);
	asprintf(&msg, "Invalid number of arguments to getaddrinfo: %i", argc);		return HandleArgumentError(cli, ResponseCode::CommandParameterError, strErr, 0, NULL);
	LOG(WARNING) << "GetAddrInfoCmd::runCommand: " << (msg ? msg : "null");
	cli->sendMsg(ResponseCode::CommandParameterError, msg, false);
	free(msg);
	return -1;
	}		}

	const std::string name = argv[1];		const std::string name = argv[1];
	const std::string service = argv[2];		const std::string service = argv[2];
	int ai_flags = strtol(argv[3], nullptr, 10);		if (!ParseInt(argv[3], &ai_flags))
	int ai_family = strtol(argv[4], nullptr, 10);		return HandleArgumentError(cli, ResponseCode::CommandParameterError, strErr, argc, argv);
	int ai_socktype = strtol(argv[5], nullptr, 10);		if (!ParseInt(argv[4], &ai_family))
	int ai_protocol = strtol(argv[6], nullptr, 10);		return HandleArgumentError(cli, ResponseCode::CommandParameterError, strErr, argc, argv);
	unsigned netId = strtoul(argv[7], nullptr, 10);		if (!ParseInt(argv[5], &ai_socktype))
			return HandleArgumentError(cli, ResponseCode::CommandParameterError, strErr, argc, argv);
			if (!ParseInt(argv[6], &ai_protocol))
			return HandleArgumentError(cli, ResponseCode::CommandParameterError, strErr, argc, argv);
			if (!ParseUint(argv[7], &netId))
			return HandleArgumentError(cli, ResponseCode::CommandParameterError, strErr, argc, argv);

	const bool useLocalNameservers = checkAndClearUseLocalNameserversFlag(&netId);		const bool useLocalNameservers = checkAndClearUseLocalNameserversFlag(&netId);
	const uid_t uid = cli->getUid();		const uid_t uid = cli->getUid();

	@@ -967,7 +975,7 @@ int DnsProxyListener::ResNSendCommand::runCommand(SocketClient* cli, int argc, c
	}		}

	unsigned netId;		unsigned netId;
	if (!simpleStrtoul(argv[1], &netId)) {		if (!ParseUint(argv[1], &netId)) {
	LOG(WARNING) << "ResNSendCommand::runCommand: resnsend: from UID " << uid		LOG(WARNING) << "ResNSendCommand::runCommand: resnsend: from UID " << uid
	<< ", invalid netId";		<< ", invalid netId";
	sendBE32(cli, -EINVAL);		sendBE32(cli, -EINVAL);
	@@ -975,7 +983,7 @@ int DnsProxyListener::ResNSendCommand::runCommand(SocketClient* cli, int argc, c
	}		}

	uint32_t flags;		uint32_t flags;
	if (!simpleStrtoul(argv[2], &flags)) {		if (!ParseUint(argv[2], &flags)) {
	LOG(WARNING) << "ResNSendCommand::runCommand: resnsend: from UID " << uid		LOG(WARNING) << "ResNSendCommand::runCommand: resnsend: from UID " << uid
	<< ", invalid flags";		<< ", invalid flags";
	sendBE32(cli, -EINVAL);		sendBE32(cli, -EINVAL);
	@@ -1077,9 +1085,14 @@ void DnsProxyListener::ResNSendHandler::run() {
	return;		return;
	}		}

	// Restore query id and send answer		// Restore query id
	if (!setQueryId({ansBuf.data(), ansLen}, original_query_id) \|\|		if (!setQueryId({ansBuf.data(), ansLen}, original_query_id)) {
	!sendLenAndData(mClient, ansLen, ansBuf.data())) {		LOG(WARNING) << "ResNSendHandler::run: resnsend: failed to restore query id";
			return;
			}

			// Send answer
			if (!sendLenAndData(mClient, ansLen, ansBuf.data())) {
	PLOG(WARNING) << "ResNSendHandler::run: resnsend: failed to send answer to uid " << uid		PLOG(WARNING) << "ResNSendHandler::run: resnsend: failed to send answer to uid " << uid
	<< " pid " << mClient->getPid();		<< " pid " << mClient->getPid();
	return;		return;
	@@ -1124,7 +1137,7 @@ int DnsProxyListener::GetDnsNetIdCommand::runCommand(SocketClient* cli, int argc
	}		}

	unsigned netId;		unsigned netId;
	if (!simpleStrtoul(argv[1], &netId)) {		if (!ParseUint(argv[1], &netId)) {
	LOG(WARNING) << "GetDnsNetIdCommand::runCommand: getdnsnetid: from UID " << uid		LOG(WARNING) << "GetDnsNetIdCommand::runCommand: getdnsnetid: from UID " << uid
	<< ", invalid netId";		<< ", invalid netId";
	sendCodeAndBe32(cli, ResponseCode::DnsProxyQueryResult, -EINVAL);		sendCodeAndBe32(cli, ResponseCode::DnsProxyQueryResult, -EINVAL);
	@@ -1158,20 +1171,22 @@ DnsProxyListener::GetHostByNameCmd::GetHostByNameCmd() : FrameworkCommand("getho
	int DnsProxyListener::GetHostByNameCmd::runCommand(SocketClient* cli, int argc, char** argv) {		int DnsProxyListener::GetHostByNameCmd::runCommand(SocketClient* cli, int argc, char** argv) {
	logArguments(argc, argv);		logArguments(argc, argv);

			unsigned netId = 0;
			int af = 0;
			std::string strErr = "GetHostByNameCmd::runCommand: ";

	if (argc != 4) {		if (argc != 4) {
	char* msg = nullptr;		strErr = strErr + "invalid number of arguments: " + std::to_string(argc);
	asprintf(&msg, "Invalid number of arguments to gethostbyname: %i", argc);		return HandleArgumentError(cli, ResponseCode::CommandParameterError, strErr, 0, NULL);
	LOG(WARNING) << "GetHostByNameCmd::runCommand: " << (msg ? msg : "null");
	cli->sendMsg(ResponseCode::CommandParameterError, msg, false);
	free(msg);
	return -1;
	}		}

			if (!ParseUint(argv[1], &netId))
			return HandleArgumentError(cli, ResponseCode::CommandParameterError, strErr, argc, argv);
			std::string name = argv[2];
			if (!ParseInt(argv[3], &af))
			return HandleArgumentError(cli, ResponseCode::CommandParameterError, strErr, argc, argv);
	uid_t uid = cli->getUid();		uid_t uid = cli->getUid();
	unsigned netId = strtoul(argv[1], nullptr, 10);
	const bool useLocalNameservers = checkAndClearUseLocalNameserversFlag(&netId);		const bool useLocalNameservers = checkAndClearUseLocalNameserversFlag(&netId);
	std::string name = argv[2];
	int af = strtol(argv[3], nullptr, 10);

	android_net_context netcontext;		android_net_context netcontext;
	gResNetdCallbacks.get_network_context(netId, uid, &netcontext);		gResNetdCallbacks.get_network_context(netId, uid, &netcontext);
	@@ -1292,33 +1307,32 @@ DnsProxyListener::GetHostByAddrCmd::GetHostByAddrCmd() : FrameworkCommand("getho

	int DnsProxyListener::GetHostByAddrCmd::runCommand(SocketClient* cli, int argc, char** argv) {		int DnsProxyListener::GetHostByAddrCmd::runCommand(SocketClient* cli, int argc, char** argv) {
	logArguments(argc, argv);		logArguments(argc, argv);
			int addrLen = 0;
			int addrFamily = 0;
			unsigned netId = 0;
			std::string strErr = "GetHostByAddrCmd::runCommand: ";

	if (argc != 5) {		if (argc != 5) {
	char* msg = nullptr;		strErr = strErr + "invalid number of arguments: " + std::to_string(argc);
	asprintf(&msg, "Invalid number of arguments to gethostbyaddr: %i", argc);		return HandleArgumentError(cli, ResponseCode::CommandParameterError, strErr, 0, NULL);
	LOG(WARNING) << "GetHostByAddrCmd::runCommand: " << (msg ? msg : "null");
	cli->sendMsg(ResponseCode::CommandParameterError, msg, false);
	free(msg);
	return -1;
	}		}

	char* addrStr = argv[1];		char* addrStr = argv[1];
	int addrLen = strtol(argv[2], nullptr, 10);		if (!ParseInt(argv[2], &addrLen))
	int addrFamily = strtol(argv[3], nullptr, 10);		return HandleArgumentError(cli, ResponseCode::CommandParameterError, strErr, argc, argv);
			if (!ParseInt(argv[3], &addrFamily))
			return HandleArgumentError(cli, ResponseCode::CommandParameterError, strErr, argc, argv);
			if (!ParseUint(argv[4], &netId))
			return HandleArgumentError(cli, ResponseCode::CommandParameterError, strErr, argc, argv);
	uid_t uid = cli->getUid();		uid_t uid = cli->getUid();
	unsigned netId = strtoul(argv[4], nullptr, 10);
	const bool useLocalNameservers = checkAndClearUseLocalNameserversFlag(&netId);		const bool useLocalNameservers = checkAndClearUseLocalNameserversFlag(&netId);

	in6_addr addr;		in6_addr addr;
	errno = 0;		errno = 0;
	int result = inet_pton(addrFamily, addrStr, &addr);		int result = inet_pton(addrFamily, addrStr, &addr);
	if (result <= 0) {		if (result <= 0) {
	char* msg = nullptr;		strErr = strErr + "inet_pton(\"" + addrStr + "\") failed " + strerror(errno);
	asprintf(&msg, "inet_pton(\"%s\") failed %s", addrStr, strerror(errno));		return HandleArgumentError(cli, ResponseCode::OperationFailed, strErr, 0, NULL);
	LOG(WARNING) << "GetHostByAddrCmd::runCommand: " << (msg ? msg : "null");
	cli->sendMsg(ResponseCode::OperationFailed, msg, false);
	free(msg);
	return -1;
	}		}

	android_net_context netcontext;		android_net_context netcontext;

DnsTlsDispatcher.cpp

+1 −1

Original line number	Original line	Diff line number	Diff line
	@@ -229,7 +229,7 @@ DnsTlsTransport::Response DnsTlsDispatcher::query(const DnsTlsServer& server, un
	// happens, the xport will be marked as unusable and DoT queries won't be sent to		// happens, the xport will be marked as unusable and DoT queries won't be sent to
	// it anymore. Eventually, after IDLE_TIMEOUT, the xport will be destroyed, and		// it anymore. Eventually, after IDLE_TIMEOUT, the xport will be destroyed, and
	// a new xport will be created.		// a new xport will be created.
	const auto result = PrivateDnsConfiguration::getInstance().requestValidation(		const auto result = PrivateDnsConfiguration::getInstance().requestDotValidation(
	netId, PrivateDnsConfiguration::ServerIdentity{server}, mark);		netId, PrivateDnsConfiguration::ServerIdentity{server}, mark);
	LOG(WARNING) << "Requested validation for " << server.toIpString() << " with mark 0x"		LOG(WARNING) << "Requested validation for " << server.toIpString() << " with mark 0x"
	<< std::hex << mark << ", "		<< std::hex << mark << ", "

DnsTlsQueryMap.cpp

+1 −0

Original line number	Original line	Diff line number	Diff line
	@@ -112,6 +112,7 @@ int32_t DnsTlsQueryMap::getFreeId() {
	std::vector<DnsTlsQueryMap::Query> DnsTlsQueryMap::getAll() {		std::vector<DnsTlsQueryMap::Query> DnsTlsQueryMap::getAll() {
	std::lock_guard guard(mLock);		std::lock_guard guard(mLock);
	std::vector<DnsTlsQueryMap::Query> queries;		std::vector<DnsTlsQueryMap::Query> queries;
			queries.reserve(mQueries.size());
	for (auto& q : mQueries) {		for (auto& q : mQueries) {
	queries.push_back(q.second.query);		queries.push_back(q.second.query);
	}		}

DnsTlsServer.h

+11 −16

Original line number	Original line	Diff line number	Diff line
	@@ -20,23 +20,23 @@
	#include <string>		#include <string>
	#include <vector>		#include <vector>

			#include <netdutils/InternetAddresses.h>
	#include <netinet/in.h>		#include <netinet/in.h>

	#include <params.h>		#include <params.h>

	#include "IPrivateDnsServer.h"		#include "PrivateDnsCommon.h"

	namespace android {		namespace android {
	namespace net {		namespace net {

	// DnsTlsServer represents a recursive resolver that supports, or may support, a		// DnsTlsServer represents a recursive resolver that supports, or may support, a
	// secure protocol.		// secure protocol.
	struct DnsTlsServer : public IPrivateDnsServer {		struct DnsTlsServer {
	// Default constructor.		// Default constructor.
	DnsTlsServer() {}		DnsTlsServer() {}

	explicit DnsTlsServer(const netdutils::IPAddress& ip)		explicit DnsTlsServer(const netdutils::IPAddress& ip)
	: DnsTlsServer(netdutils::IPSockAddr(ip, 853)) {}		: DnsTlsServer(netdutils::IPSockAddr(ip, kDotPort)) {}
	explicit DnsTlsServer(const netdutils::IPSockAddr& addr) : ss(addr) {}		explicit DnsTlsServer(const netdutils::IPSockAddr& addr) : ss(addr) {}

	// The server location, including IP and port.		// The server location, including IP and port.
	@@ -64,17 +64,12 @@ struct DnsTlsServer : public IPrivateDnsServer {
	bool wasExplicitlyConfigured() const;		bool wasExplicitlyConfigured() const;
	std::string toIpString() const;		std::string toIpString() const;

	PrivateDnsTransport transport() const override { return PrivateDnsTransport::kDot; }		std::string provider() const { return name; }
	std::string provider() const override { return name; }		netdutils::IPSockAddr addr() const { return netdutils::IPSockAddr::toIPSockAddr(ss); }
	netdutils::IPSockAddr addr() const override { return netdutils::IPSockAddr::toIPSockAddr(ss); }		uint32_t validationMark() const { return mark; }
	uint32_t validationMark() const override { return mark; }

	Validation validationState() const override { return mValidation; }		Validation validationState() const { return mValidation; }
	void setValidationState(Validation val) override { mValidation = val; }		void setValidationState(Validation val) { mValidation = val; }
	bool probe() override {
	// TODO: implement it.
	return false;
	}

	// The socket mark used for validation.		// The socket mark used for validation.
	// Note that the mark of a connection to which the DnsResolver sends app's DNS requests can		// Note that the mark of a connection to which the DnsResolver sends app's DNS requests can
	@@ -84,8 +79,8 @@ struct DnsTlsServer : public IPrivateDnsServer {

	// Return whether or not the server can be used for a network. It depends on		// Return whether or not the server can be used for a network. It depends on
	// the resolver configuration.		// the resolver configuration.
	bool active() const override { return mActive; }		bool active() const { return mActive; }
	void setActive(bool val) override { mActive = val; }		void setActive(bool val) { mActive = val; }

	private:		private:
	// State, unrelated to the comparison of DnsTlsServer objects.		// State, unrelated to the comparison of DnsTlsServer objects.

IPrivateDnsServer.h

deleted100644 → 0

+0 −60

Original line number	Original line	Diff line number	Diff line
	/*
	* Copyright (C) 2021 The Android Open Source Project
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	#pragma once

	#include <string>

	#include <netdutils/InternetAddresses.h>

	#include "PrivateDnsCommon.h"

	namespace android::net {

	class IPrivateDnsServer {
	public:
	virtual ~IPrivateDnsServer(){};

	virtual PrivateDnsTransport transport() const = 0;
	bool isDot() const { return transport() == PrivateDnsTransport::kDot; }
	bool isDoh() const { return transport() == PrivateDnsTransport::kDoh; }

	// Returns the provider name of the server.
	virtual std::string provider() const = 0;

	// Returns the IP address of the server.
	virtual netdutils::IPSockAddr addr() const = 0;

	// Returns the socket mark used for probe.
	virtual uint32_t validationMark() const = 0;

	// Sets the validation state.
	virtual void setValidationState(Validation val) = 0;

	// Returns the validation state.
	virtual Validation validationState() const = 0;

	// Checks the server supports private DNS.
	virtual bool probe() = 0;

	// Sets if the server should be active.
	virtual void setActive(bool val) = 0;

	// Returns if the server is active.
	virtual bool active() const = 0;
	};

	} // namespace android::net