Loading Android.bp +1 −1 Original line number Diff line number Diff line Loading @@ -53,7 +53,7 @@ cc_library_headers { ], } dnsresolver_aidl_interface_lateststable_version = "V11" dnsresolver_aidl_interface_lateststable_version = "V12" cc_library_static { name: "dnsresolver_aidl_interface-lateststable-ndk", Loading DnsProxyListener.cpp +21 −16 Original line number Diff line number Diff line Loading @@ -322,9 +322,11 @@ void maybeLogQuery(int eventType, const android_net_context& netContext, void reportDnsEvent(int eventType, const android_net_context& netContext, int latencyUs, int returnCode, NetworkDnsEventReported& event, const std::string& query_name, const std::vector<std::string>& ip_addrs = {}, int total_ip_addr_count = 0) { uint32_t rate = (query_name.ends_with(".local") && is_mdns_supported_network(netContext.dns_netid) && bool skipStats, const std::vector<std::string>& ip_addrs = {}, int total_ip_addr_count = 0) { int32_t rate = skipStats ? 0 : (query_name.ends_with(".local") && is_mdns_supported_network(netContext.dns_netid) && android::net::Experiments::getInstance()->getFlag("mdns_resolution", 1)) ? getDnsEventSubsamplingRate(netContext.dns_netid, returnCode, true) : getDnsEventSubsamplingRate(netContext.dns_netid, returnCode, false); Loading Loading @@ -706,8 +708,7 @@ bool isUidNetworkingBlocked(uid_t uid, unsigned netId) { // application's UID. Its DNS packets are not subject to certain network restriction features. if (resolv_is_enforceDnsUid_enabled_network(netId)) return false; // TODO: Pass metered information from CS to DNS resolver and replace the hardcode value. return (*ADnsHelper_isUidNetworkingBlocked)(uid, /*metered=*/false) == 1; return (*ADnsHelper_isUidNetworkingBlocked)(uid, resolv_is_metered_network(netId)) == 1; } } // namespace Loading Loading @@ -904,7 +905,8 @@ void DnsProxyListener::GetAddrInfoHandler::run() { int32_t rv = 0; NetworkDnsEventReported event; initDnsEvent(&event, mNetContext); if (isUidNetworkingBlocked(mNetContext.uid, mNetContext.dns_netid)) { const bool isUidBlocked = isUidNetworkingBlocked(mNetContext.uid, mNetContext.dns_netid); if (isUidBlocked) { LOG(INFO) << "GetAddrInfoHandler::run: network access blocked"; rv = EAI_FAIL; } else if (startQueryLimiter(uid)) { Loading Loading @@ -952,7 +954,7 @@ void DnsProxyListener::GetAddrInfoHandler::run() { std::vector<std::string> ip_addrs; const int total_ip_addr_count = extractGetAddrInfoAnswers(result, &ip_addrs); reportDnsEvent(INetdEventListener::EVENT_GETADDRINFO, mNetContext, latencyUs, rv, event, mHost, ip_addrs, total_ip_addr_count); isUidBlocked, ip_addrs, total_ip_addr_count); freeaddrinfo(result); } Loading Loading @@ -1116,7 +1118,8 @@ void DnsProxyListener::ResNSendHandler::run() { int ansLen = -1; NetworkDnsEventReported event; initDnsEvent(&event, mNetContext); if (isUidNetworkingBlocked(mNetContext.uid, mNetContext.dns_netid)) { const bool isUidBlocked = isUidNetworkingBlocked(mNetContext.uid, mNetContext.dns_netid); if (isUidBlocked) { LOG(INFO) << "ResNSendHandler::run: network access blocked"; ansLen = -ECONNREFUSED; } else if (startQueryLimiter(uid)) { Loading Loading @@ -1147,7 +1150,7 @@ void DnsProxyListener::ResNSendHandler::run() { } if (rr_type == ns_t_a || rr_type == ns_t_aaaa) { reportDnsEvent(INetdEventListener::EVENT_RES_NSEND, mNetContext, latencyUs, resNSendToAiError(ansLen, rcode), event, rr_name); resNSendToAiError(ansLen, rcode), event, rr_name, isUidBlocked); } return; } Loading Loading @@ -1177,8 +1180,8 @@ void DnsProxyListener::ResNSendHandler::run() { const int total_ip_addr_count = extractResNsendAnswers(std::span(ansBuf.data(), ansLen), rr_type, &ip_addrs); reportDnsEvent(INetdEventListener::EVENT_RES_NSEND, mNetContext, latencyUs, resNSendToAiError(ansLen, rcode), event, rr_name, ip_addrs, total_ip_addr_count); resNSendToAiError(ansLen, rcode), event, rr_name, /*skipStats=*/false, ip_addrs, total_ip_addr_count); } } Loading Loading @@ -1320,7 +1323,8 @@ void DnsProxyListener::GetHostByNameHandler::run() { int32_t rv = 0; NetworkDnsEventReported event; initDnsEvent(&event, mNetContext); if (isUidNetworkingBlocked(mNetContext.uid, mNetContext.dns_netid)) { const bool isUidBlocked = isUidNetworkingBlocked(mNetContext.uid, mNetContext.dns_netid); if (isUidBlocked) { LOG(INFO) << "GetHostByNameHandler::run: network access blocked"; rv = EAI_FAIL; } else if (startQueryLimiter(uid)) { Loading Loading @@ -1364,7 +1368,7 @@ void DnsProxyListener::GetHostByNameHandler::run() { std::vector<std::string> ip_addrs; const int total_ip_addr_count = extractGetHostByNameAnswers(hp, &ip_addrs); reportDnsEvent(INetdEventListener::EVENT_GETHOSTBYNAME, mNetContext, latencyUs, rv, event, mName, ip_addrs, total_ip_addr_count); mName, isUidBlocked, ip_addrs, total_ip_addr_count); } std::string DnsProxyListener::GetHostByNameHandler::threadName() { Loading Loading @@ -1483,7 +1487,8 @@ void DnsProxyListener::GetHostByAddrHandler::run() { NetworkDnsEventReported event; initDnsEvent(&event, mNetContext); if (isUidNetworkingBlocked(mNetContext.uid, mNetContext.dns_netid)) { const bool isUidBlocked = isUidNetworkingBlocked(mNetContext.uid, mNetContext.dns_netid); if (isUidBlocked) { LOG(INFO) << "GetHostByAddrHandler::run: network access blocked"; rv = EAI_FAIL; } else if (startQueryLimiter(uid)) { Loading Loading @@ -1529,7 +1534,7 @@ void DnsProxyListener::GetHostByAddrHandler::run() { } reportDnsEvent(INetdEventListener::EVENT_GETHOSTBYADDR, mNetContext, latencyUs, rv, event, (hp && hp->h_name) ? hp->h_name : "null", {}, 0); (hp && hp->h_name) ? hp->h_name : "null", isUidBlocked, {}, 0); } std::string DnsProxyListener::GetHostByAddrHandler::threadName() { Loading ResolverController.cpp +2 −1 Original line number Diff line number Diff line Loading @@ -237,7 +237,8 @@ int ResolverController::setResolverConfiguration(const ResolverParamsParcel& res return resolv_set_nameservers(resolverParams.netId, resolverParams.servers, resolverParams.domains, res_params, resolverParams.resolverOptions, resolverParams.transportTypes); resolverParams.resolverOptions, resolverParams.transportTypes, resolverParams.meteredNetwork); } int ResolverController::getResolverInfo(int32_t netId, std::vector<std::string>* servers, Loading res_cache.cpp +12 −1 Original line number Diff line number Diff line Loading @@ -1065,6 +1065,7 @@ struct NetConfig { int tc_mode = aidl::android::net::IDnsResolver::TC_MODE_DEFAULT; bool enforceDnsUid = false; std::vector<int32_t> transportTypes; bool metered = false; }; /* gets cache associated with a network, or NULL if none exists */ Loading Loading @@ -1642,7 +1643,7 @@ std::vector<std::string> getCustomizedTableByName(const size_t netid, const char int resolv_set_nameservers(unsigned netid, const std::vector<std::string>& servers, const std::vector<std::string>& domains, const res_params& params, const std::optional<ResolverOptionsParcel> optionalResolverOptions, const std::vector<int32_t>& transportTypes) { const std::vector<int32_t>& transportTypes, bool metered) { std::vector<std::string> nameservers = filter_nameservers(servers); const int numservers = static_cast<int>(nameservers.size()); Loading Loading @@ -1709,6 +1710,7 @@ int resolv_set_nameservers(unsigned netid, const std::vector<std::string>& serve return -EINVAL; } netconfig->transportTypes = transportTypes; netconfig->metered = metered; if (optionalResolverOptions.has_value()) { const ResolverOptionsParcel& resolverOptions = optionalResolverOptions.value(); return netconfig->setOptions(resolverOptions); Loading Loading @@ -2090,6 +2092,7 @@ void resolv_netconfig_dump(DumpWriter& dw, unsigned netid) { // TODO: dump info->hosts dw.println("TC mode: %s", tc_mode_to_str(info->tc_mode)); dw.println("TransportType: %s", transport_type_to_str(info->transportTypes)); dw.println("Metered: %s", info->metered ? "true" : "false"); } } Loading @@ -2110,3 +2113,11 @@ bool resolv_is_enforceDnsUid_enabled_network(unsigned netid) { } return false; } bool resolv_is_metered_network(unsigned netid) { std::lock_guard guard(cache_mutex); if (const auto info = find_netconfig_locked(netid); info != nullptr) { return info->metered; } return false; } resolv_cache.h +4 −1 Original line number Diff line number Diff line Loading @@ -81,7 +81,7 @@ std::vector<std::string> getCustomizedTableByName(const size_t netid, const char int resolv_set_nameservers(unsigned netid, const std::vector<std::string>& servers, const std::vector<std::string>& domains, const res_params& params, std::optional<aidl::android::net::ResolverOptionsParcel> resolverOptions, const std::vector<int32_t>& transportTypes = {}); const std::vector<int32_t>& transportTypes = {}, bool metered = false); // Sets options for a given network. int resolv_set_options(unsigned netid, const aidl::android::net::ResolverOptionsParcel& options); Loading Loading @@ -146,3 +146,6 @@ int resolv_get_max_cache_entries(unsigned netid); // Return true if the enforceDnsUid is enabled on the network. bool resolv_is_enforceDnsUid_enabled_network(unsigned netid); // Return true if the network is metered. bool resolv_is_metered_network(unsigned netid); Loading
Android.bp +1 −1 Original line number Diff line number Diff line Loading @@ -53,7 +53,7 @@ cc_library_headers { ], } dnsresolver_aidl_interface_lateststable_version = "V11" dnsresolver_aidl_interface_lateststable_version = "V12" cc_library_static { name: "dnsresolver_aidl_interface-lateststable-ndk", Loading
DnsProxyListener.cpp +21 −16 Original line number Diff line number Diff line Loading @@ -322,9 +322,11 @@ void maybeLogQuery(int eventType, const android_net_context& netContext, void reportDnsEvent(int eventType, const android_net_context& netContext, int latencyUs, int returnCode, NetworkDnsEventReported& event, const std::string& query_name, const std::vector<std::string>& ip_addrs = {}, int total_ip_addr_count = 0) { uint32_t rate = (query_name.ends_with(".local") && is_mdns_supported_network(netContext.dns_netid) && bool skipStats, const std::vector<std::string>& ip_addrs = {}, int total_ip_addr_count = 0) { int32_t rate = skipStats ? 0 : (query_name.ends_with(".local") && is_mdns_supported_network(netContext.dns_netid) && android::net::Experiments::getInstance()->getFlag("mdns_resolution", 1)) ? getDnsEventSubsamplingRate(netContext.dns_netid, returnCode, true) : getDnsEventSubsamplingRate(netContext.dns_netid, returnCode, false); Loading Loading @@ -706,8 +708,7 @@ bool isUidNetworkingBlocked(uid_t uid, unsigned netId) { // application's UID. Its DNS packets are not subject to certain network restriction features. if (resolv_is_enforceDnsUid_enabled_network(netId)) return false; // TODO: Pass metered information from CS to DNS resolver and replace the hardcode value. return (*ADnsHelper_isUidNetworkingBlocked)(uid, /*metered=*/false) == 1; return (*ADnsHelper_isUidNetworkingBlocked)(uid, resolv_is_metered_network(netId)) == 1; } } // namespace Loading Loading @@ -904,7 +905,8 @@ void DnsProxyListener::GetAddrInfoHandler::run() { int32_t rv = 0; NetworkDnsEventReported event; initDnsEvent(&event, mNetContext); if (isUidNetworkingBlocked(mNetContext.uid, mNetContext.dns_netid)) { const bool isUidBlocked = isUidNetworkingBlocked(mNetContext.uid, mNetContext.dns_netid); if (isUidBlocked) { LOG(INFO) << "GetAddrInfoHandler::run: network access blocked"; rv = EAI_FAIL; } else if (startQueryLimiter(uid)) { Loading Loading @@ -952,7 +954,7 @@ void DnsProxyListener::GetAddrInfoHandler::run() { std::vector<std::string> ip_addrs; const int total_ip_addr_count = extractGetAddrInfoAnswers(result, &ip_addrs); reportDnsEvent(INetdEventListener::EVENT_GETADDRINFO, mNetContext, latencyUs, rv, event, mHost, ip_addrs, total_ip_addr_count); isUidBlocked, ip_addrs, total_ip_addr_count); freeaddrinfo(result); } Loading Loading @@ -1116,7 +1118,8 @@ void DnsProxyListener::ResNSendHandler::run() { int ansLen = -1; NetworkDnsEventReported event; initDnsEvent(&event, mNetContext); if (isUidNetworkingBlocked(mNetContext.uid, mNetContext.dns_netid)) { const bool isUidBlocked = isUidNetworkingBlocked(mNetContext.uid, mNetContext.dns_netid); if (isUidBlocked) { LOG(INFO) << "ResNSendHandler::run: network access blocked"; ansLen = -ECONNREFUSED; } else if (startQueryLimiter(uid)) { Loading Loading @@ -1147,7 +1150,7 @@ void DnsProxyListener::ResNSendHandler::run() { } if (rr_type == ns_t_a || rr_type == ns_t_aaaa) { reportDnsEvent(INetdEventListener::EVENT_RES_NSEND, mNetContext, latencyUs, resNSendToAiError(ansLen, rcode), event, rr_name); resNSendToAiError(ansLen, rcode), event, rr_name, isUidBlocked); } return; } Loading Loading @@ -1177,8 +1180,8 @@ void DnsProxyListener::ResNSendHandler::run() { const int total_ip_addr_count = extractResNsendAnswers(std::span(ansBuf.data(), ansLen), rr_type, &ip_addrs); reportDnsEvent(INetdEventListener::EVENT_RES_NSEND, mNetContext, latencyUs, resNSendToAiError(ansLen, rcode), event, rr_name, ip_addrs, total_ip_addr_count); resNSendToAiError(ansLen, rcode), event, rr_name, /*skipStats=*/false, ip_addrs, total_ip_addr_count); } } Loading Loading @@ -1320,7 +1323,8 @@ void DnsProxyListener::GetHostByNameHandler::run() { int32_t rv = 0; NetworkDnsEventReported event; initDnsEvent(&event, mNetContext); if (isUidNetworkingBlocked(mNetContext.uid, mNetContext.dns_netid)) { const bool isUidBlocked = isUidNetworkingBlocked(mNetContext.uid, mNetContext.dns_netid); if (isUidBlocked) { LOG(INFO) << "GetHostByNameHandler::run: network access blocked"; rv = EAI_FAIL; } else if (startQueryLimiter(uid)) { Loading Loading @@ -1364,7 +1368,7 @@ void DnsProxyListener::GetHostByNameHandler::run() { std::vector<std::string> ip_addrs; const int total_ip_addr_count = extractGetHostByNameAnswers(hp, &ip_addrs); reportDnsEvent(INetdEventListener::EVENT_GETHOSTBYNAME, mNetContext, latencyUs, rv, event, mName, ip_addrs, total_ip_addr_count); mName, isUidBlocked, ip_addrs, total_ip_addr_count); } std::string DnsProxyListener::GetHostByNameHandler::threadName() { Loading Loading @@ -1483,7 +1487,8 @@ void DnsProxyListener::GetHostByAddrHandler::run() { NetworkDnsEventReported event; initDnsEvent(&event, mNetContext); if (isUidNetworkingBlocked(mNetContext.uid, mNetContext.dns_netid)) { const bool isUidBlocked = isUidNetworkingBlocked(mNetContext.uid, mNetContext.dns_netid); if (isUidBlocked) { LOG(INFO) << "GetHostByAddrHandler::run: network access blocked"; rv = EAI_FAIL; } else if (startQueryLimiter(uid)) { Loading Loading @@ -1529,7 +1534,7 @@ void DnsProxyListener::GetHostByAddrHandler::run() { } reportDnsEvent(INetdEventListener::EVENT_GETHOSTBYADDR, mNetContext, latencyUs, rv, event, (hp && hp->h_name) ? hp->h_name : "null", {}, 0); (hp && hp->h_name) ? hp->h_name : "null", isUidBlocked, {}, 0); } std::string DnsProxyListener::GetHostByAddrHandler::threadName() { Loading
ResolverController.cpp +2 −1 Original line number Diff line number Diff line Loading @@ -237,7 +237,8 @@ int ResolverController::setResolverConfiguration(const ResolverParamsParcel& res return resolv_set_nameservers(resolverParams.netId, resolverParams.servers, resolverParams.domains, res_params, resolverParams.resolverOptions, resolverParams.transportTypes); resolverParams.resolverOptions, resolverParams.transportTypes, resolverParams.meteredNetwork); } int ResolverController::getResolverInfo(int32_t netId, std::vector<std::string>* servers, Loading
res_cache.cpp +12 −1 Original line number Diff line number Diff line Loading @@ -1065,6 +1065,7 @@ struct NetConfig { int tc_mode = aidl::android::net::IDnsResolver::TC_MODE_DEFAULT; bool enforceDnsUid = false; std::vector<int32_t> transportTypes; bool metered = false; }; /* gets cache associated with a network, or NULL if none exists */ Loading Loading @@ -1642,7 +1643,7 @@ std::vector<std::string> getCustomizedTableByName(const size_t netid, const char int resolv_set_nameservers(unsigned netid, const std::vector<std::string>& servers, const std::vector<std::string>& domains, const res_params& params, const std::optional<ResolverOptionsParcel> optionalResolverOptions, const std::vector<int32_t>& transportTypes) { const std::vector<int32_t>& transportTypes, bool metered) { std::vector<std::string> nameservers = filter_nameservers(servers); const int numservers = static_cast<int>(nameservers.size()); Loading Loading @@ -1709,6 +1710,7 @@ int resolv_set_nameservers(unsigned netid, const std::vector<std::string>& serve return -EINVAL; } netconfig->transportTypes = transportTypes; netconfig->metered = metered; if (optionalResolverOptions.has_value()) { const ResolverOptionsParcel& resolverOptions = optionalResolverOptions.value(); return netconfig->setOptions(resolverOptions); Loading Loading @@ -2090,6 +2092,7 @@ void resolv_netconfig_dump(DumpWriter& dw, unsigned netid) { // TODO: dump info->hosts dw.println("TC mode: %s", tc_mode_to_str(info->tc_mode)); dw.println("TransportType: %s", transport_type_to_str(info->transportTypes)); dw.println("Metered: %s", info->metered ? "true" : "false"); } } Loading @@ -2110,3 +2113,11 @@ bool resolv_is_enforceDnsUid_enabled_network(unsigned netid) { } return false; } bool resolv_is_metered_network(unsigned netid) { std::lock_guard guard(cache_mutex); if (const auto info = find_netconfig_locked(netid); info != nullptr) { return info->metered; } return false; }
resolv_cache.h +4 −1 Original line number Diff line number Diff line Loading @@ -81,7 +81,7 @@ std::vector<std::string> getCustomizedTableByName(const size_t netid, const char int resolv_set_nameservers(unsigned netid, const std::vector<std::string>& servers, const std::vector<std::string>& domains, const res_params& params, std::optional<aidl::android::net::ResolverOptionsParcel> resolverOptions, const std::vector<int32_t>& transportTypes = {}); const std::vector<int32_t>& transportTypes = {}, bool metered = false); // Sets options for a given network. int resolv_set_options(unsigned netid, const aidl::android::net::ResolverOptionsParcel& options); Loading Loading @@ -146,3 +146,6 @@ int resolv_get_max_cache_entries(unsigned netid); // Return true if the enforceDnsUid is enabled on the network. bool resolv_is_enforceDnsUid_enabled_network(unsigned netid); // Return true if the network is metered. bool resolv_is_metered_network(unsigned netid);
