Snap for 11071797 from ca5a01489d3731df2a04d0f69479802a50021085 to mainline-conscrypt-release (573423f4) · Commits · e / os / android_packages_modules_DnsResolver

Android.bp

+5 −1

Original line number	Diff line number	Diff line
		@@ -53,7 +53,7 @@ cc_library_headers {
		],
		}

		dnsresolver_aidl_interface_lateststable_version = "V11"
		dnsresolver_aidl_interface_lateststable_version = "V13"

		cc_library_static {
		name: "dnsresolver_aidl_interface-lateststable-ndk",
		@@ -149,6 +149,10 @@ aidl_interface {
		version: "12",
		imports: ["netd_event_listener_interface-V1"],
		},
		{
		version: "13",
		imports: ["netd_event_listener_interface-V1"],
		},

		],
		frozen: true,

DnsProxyListener.cpp

+21 −16

Original line number	Diff line number	Diff line
		@@ -322,9 +322,11 @@ void maybeLogQuery(int eventType, const android_net_context& netContext,

		void reportDnsEvent(int eventType, const android_net_context& netContext, int latencyUs,
		int returnCode, NetworkDnsEventReported& event, const std::string& query_name,
		const std::vector<std::string>& ip_addrs = {}, int total_ip_addr_count = 0) {
		uint32_t rate =
		(query_name.ends_with(".local") && is_mdns_supported_network(netContext.dns_netid) &&
		bool skipStats, const std::vector<std::string>& ip_addrs = {},
		int total_ip_addr_count = 0) {
		int32_t rate =
		skipStats ? 0
		: (query_name.ends_with(".local") && is_mdns_supported_network(netContext.dns_netid) &&
		android::net::Experiments::getInstance()->getFlag("mdns_resolution", 1))
		? getDnsEventSubsamplingRate(netContext.dns_netid, returnCode, true)
		: getDnsEventSubsamplingRate(netContext.dns_netid, returnCode, false);
		@@ -706,8 +708,7 @@ bool isUidNetworkingBlocked(uid_t uid, unsigned netId) {
		// application's UID. Its DNS packets are not subject to certain network restriction features.
		if (resolv_is_enforceDnsUid_enabled_network(netId)) return false;

		// TODO: Pass metered information from CS to DNS resolver and replace the hardcode value.
		return (ADnsHelper_isUidNetworkingBlocked)(uid, /metered=*/false) == 1;
		return (*ADnsHelper_isUidNetworkingBlocked)(uid, resolv_is_metered_network(netId)) == 1;
		}

		} // namespace
		@@ -904,7 +905,8 @@ void DnsProxyListener::GetAddrInfoHandler::run() {
		int32_t rv = 0;
		NetworkDnsEventReported event;
		initDnsEvent(&event, mNetContext);
		if (isUidNetworkingBlocked(mNetContext.uid, mNetContext.dns_netid)) {
		const bool isUidBlocked = isUidNetworkingBlocked(mNetContext.uid, mNetContext.dns_netid);
		if (isUidBlocked) {
		LOG(INFO) << "GetAddrInfoHandler::run: network access blocked";
		rv = EAI_FAIL;
		} else if (startQueryLimiter(uid)) {
		@@ -952,7 +954,7 @@ void DnsProxyListener::GetAddrInfoHandler::run() {
		std::vector<std::string> ip_addrs;
		const int total_ip_addr_count = extractGetAddrInfoAnswers(result, &ip_addrs);
		reportDnsEvent(INetdEventListener::EVENT_GETADDRINFO, mNetContext, latencyUs, rv, event, mHost,
		ip_addrs, total_ip_addr_count);
		isUidBlocked, ip_addrs, total_ip_addr_count);
		freeaddrinfo(result);
		}

		@@ -1116,7 +1118,8 @@ void DnsProxyListener::ResNSendHandler::run() {
		int ansLen = -1;
		NetworkDnsEventReported event;
		initDnsEvent(&event, mNetContext);
		if (isUidNetworkingBlocked(mNetContext.uid, mNetContext.dns_netid)) {
		const bool isUidBlocked = isUidNetworkingBlocked(mNetContext.uid, mNetContext.dns_netid);
		if (isUidBlocked) {
		LOG(INFO) << "ResNSendHandler::run: network access blocked";
		ansLen = -ECONNREFUSED;
		} else if (startQueryLimiter(uid)) {
		@@ -1147,7 +1150,7 @@ void DnsProxyListener::ResNSendHandler::run() {
		}
		if (rr_type == ns_t_a \|\| rr_type == ns_t_aaaa) {
		reportDnsEvent(INetdEventListener::EVENT_RES_NSEND, mNetContext, latencyUs,
		resNSendToAiError(ansLen, rcode), event, rr_name);
		resNSendToAiError(ansLen, rcode), event, rr_name, isUidBlocked);
		}
		return;
		}
		@@ -1177,8 +1180,8 @@ void DnsProxyListener::ResNSendHandler::run() {
		const int total_ip_addr_count =
		extractResNsendAnswers(std::span(ansBuf.data(), ansLen), rr_type, &ip_addrs);
		reportDnsEvent(INetdEventListener::EVENT_RES_NSEND, mNetContext, latencyUs,
		resNSendToAiError(ansLen, rcode), event, rr_name, ip_addrs,
		total_ip_addr_count);
		resNSendToAiError(ansLen, rcode), event, rr_name, /skipStats=/false,
		ip_addrs, total_ip_addr_count);
		}
		}

		@@ -1320,7 +1323,8 @@ void DnsProxyListener::GetHostByNameHandler::run() {
		int32_t rv = 0;
		NetworkDnsEventReported event;
		initDnsEvent(&event, mNetContext);
		if (isUidNetworkingBlocked(mNetContext.uid, mNetContext.dns_netid)) {
		const bool isUidBlocked = isUidNetworkingBlocked(mNetContext.uid, mNetContext.dns_netid);
		if (isUidBlocked) {
		LOG(INFO) << "GetHostByNameHandler::run: network access blocked";
		rv = EAI_FAIL;
		} else if (startQueryLimiter(uid)) {
		@@ -1364,7 +1368,7 @@ void DnsProxyListener::GetHostByNameHandler::run() {
		std::vector<std::string> ip_addrs;
		const int total_ip_addr_count = extractGetHostByNameAnswers(hp, &ip_addrs);
		reportDnsEvent(INetdEventListener::EVENT_GETHOSTBYNAME, mNetContext, latencyUs, rv, event,
		mName, ip_addrs, total_ip_addr_count);
		mName, isUidBlocked, ip_addrs, total_ip_addr_count);
		}

		std::string DnsProxyListener::GetHostByNameHandler::threadName() {
		@@ -1483,7 +1487,8 @@ void DnsProxyListener::GetHostByAddrHandler::run() {
		NetworkDnsEventReported event;
		initDnsEvent(&event, mNetContext);

		if (isUidNetworkingBlocked(mNetContext.uid, mNetContext.dns_netid)) {
		const bool isUidBlocked = isUidNetworkingBlocked(mNetContext.uid, mNetContext.dns_netid);
		if (isUidBlocked) {
		LOG(INFO) << "GetHostByAddrHandler::run: network access blocked";
		rv = EAI_FAIL;
		} else if (startQueryLimiter(uid)) {
		@@ -1529,7 +1534,7 @@ void DnsProxyListener::GetHostByAddrHandler::run() {
		}

		reportDnsEvent(INetdEventListener::EVENT_GETHOSTBYADDR, mNetContext, latencyUs, rv, event,
		(hp && hp->h_name) ? hp->h_name : "null", {}, 0);
		(hp && hp->h_name) ? hp->h_name : "null", isUidBlocked, {}, 0);
		}

		std::string DnsProxyListener::GetHostByAddrHandler::threadName() {

Experiments.h

+0 −1

Original line number	Diff line number	Diff line
		@@ -69,7 +69,6 @@ class Experiments {
		"parallel_lookup_sleep_time",
		"retransmission_time_interval",
		"retry_count",
		"skip_4a_query_on_v6_linklocal_addr",
		"sort_nameservers",
		};
		// This value is used in updateInternal as the default value if any flags can't be found.

OWNERS

+1 −0

Original line number	Diff line number	Diff line
		# Bug component: 31808
		set noparent
		file:platform/packages/modules/Connectivity:main:/OWNERS_core_networking

PrivateDnsConfiguration.cpp

+2 −2

Original line number	Diff line number	Diff line
		@@ -534,8 +534,8 @@ base::Result<DnsTlsServer*> PrivateDnsConfiguration::getDotServerLocked(

		auto iter = netPair->second.find(identity);
		if (iter == netPair->second.end()) {
		return Errorf("Failed to get private DNS: server {{{}/{}}} not found", identity.sockaddr,
		identity.provider);
		return Errorf("Failed to get private DNS: server {{{}/{}}} not found",
		identity.sockaddr.toString(), identity.provider);
		}

		return &iter->second;