Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 690b19fa authored by Mike Yu's avatar Mike Yu
Browse files

Introduce IPrivateDnsServer 

This is a base class for DnsTlsServer and defines some common
functions for both DoT and DoH. No functionality changes.

Bug: 186177613
Test: cd packages/modules/DnsResolver && atest
Change-Id: If4744456b973789a0d6ecddc3fdda70431ee16d4
parent ad96ef83

DnsTlsServer.h

+15 −6
Original line number Diff line number Diff line
@@ -24,14 +24,14 @@ 


#include <params.h>



#include "PrivateDnsCommon.h"

#include "IPrivateDnsServer.h"



namespace android {

namespace net {



// DnsTlsServer represents a recursive resolver that supports, or may support, a

// secure protocol.

struct DnsTlsServer {

struct DnsTlsServer : public IPrivateDnsServer {

    // Default constructor.

    DnsTlsServer() {}
@@ -63,8 +63,17 @@ struct DnsTlsServer { 
    bool wasExplicitlyConfigured() const;

    std::string toIpString() const;



    Validation validationState() const { return mValidation; }

    void setValidationState(Validation val) { mValidation = val; }

    PrivateDnsTransport transport() const override { return PrivateDnsTransport::kDot; }

    std::string provider() const override { return name; }

    netdutils::IPSockAddr addr() const override { return netdutils::IPSockAddr::toIPSockAddr(ss); }

    uint32_t validationMark() const override { return mark; }



    Validation validationState() const override { return mValidation; }

    void setValidationState(Validation val) override { mValidation = val; }

    bool probe() override {

        // TODO: implement it.

        return false;

    }



    // The socket mark used for validation.

    // Note that the mark of a connection to which the DnsResolver sends app's DNS requests can
@@ -74,8 +83,8 @@ struct DnsTlsServer { 


    // Return whether or not the server can be used for a network. It depends on

    // the resolver configuration.

    bool active() const { return mActive; }

    void setActive(bool val) { mActive = val; }

    bool active() const override { return mActive; }

    void setActive(bool val) override { mActive = val; }



  private:

    // State, unrelated to the comparison of DnsTlsServer objects.

IPrivateDnsServer.h

0 → 100644
+60 −0
Original line number Diff line number Diff line 
/*

 * Copyright (C) 2021 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */



#pragma once



#include <string>



#include <netdutils/InternetAddresses.h>



#include "PrivateDnsCommon.h"



namespace android::net {



class IPrivateDnsServer {

  public:

    virtual ~IPrivateDnsServer(){};



    virtual PrivateDnsTransport transport() const = 0;

    bool isDot() const { return transport() == PrivateDnsTransport::kDot; }

    bool isDoh() const { return transport() == PrivateDnsTransport::kDoh; }



    // Returns the provider name of the server.

    virtual std::string provider() const = 0;



    // Returns the IP address of the server.

    virtual netdutils::IPSockAddr addr() const = 0;



    // Returns the socket mark used for probe.

    virtual uint32_t validationMark() const = 0;



    // Sets the validation state.

    virtual void setValidationState(Validation val) = 0;



    // Returns the validation state.

    virtual Validation validationState() const = 0;



    // Checks the server supports private DNS.

    virtual bool probe() = 0;



    // Sets if the server should be active.

    virtual void setActive(bool val) = 0;



    // Returns if the server is active.

    virtual bool active() const = 0;

};



}  // namespace android::net

PrivateDnsCommon.h

+5 −0
Original line number Diff line number Diff line
@@ -18,6 +18,11 @@ 


namespace android::net {



enum class PrivateDnsTransport : uint8_t {

    kDot,  // DNS over TLS.

    kDoh,  // DNS over HTTPS.

};



// Validation status of a private DNS server on a specific netId.

enum class Validation : uint8_t {

    in_process,

PrivateDnsConfiguration.cpp

+3 −3
Original line number Diff line number Diff line
@@ -175,7 +175,7 @@ base::Result<void> PrivateDnsConfiguration::requestValidation(unsigned netId, 
    // Don't run the validation if |mark| (from android_net_context.dns_mark) is different.

    // This is to protect validation from running on unexpected marks.

    // Validation should be associated with a mark gotten by system permission.

    if (target->mark != mark) return Errorf("Socket mark mismatched");

    if (target->validationMark() != mark) return Errorf("Socket mark mismatched");



    updateServerState(identity, Validation::in_process, netId);

    startValidation(identity, netId, true);
@@ -216,8 +216,8 @@ void PrivateDnsConfiguration::startValidation(const ServerIdentity& identity, un 
            // ::validate() is a blocking call that performs network operations.

            // It can take milliseconds to minutes, up to the SYN retry limit.

            LOG(WARNING) << "Validating DnsTlsServer " << server.toIpString() << " with mark 0x"

                         << std::hex << server.mark;

            const bool success = DnsTlsTransport::validate(server, server.mark);

                         << std::hex << server.validationMark();

            const bool success = DnsTlsTransport::validate(server, server.validationMark());

            LOG(WARNING) << "validateDnsTlsServer returned " << success << " for "

                         << server.toIpString();