Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 75a89452 authored by Mike Yu's avatar Mike Yu Committed by Automerger Merge Worker
Browse files

Delete IPrivateDnsServer.h am: 86e45646

parents f1cc3fd6 86e45646
Loading
Loading
Loading
Loading
+11 −16
Original line number Diff line number Diff line
@@ -20,23 +20,23 @@
#include <string>
#include <vector>

#include <netdutils/InternetAddresses.h>
#include <netinet/in.h>

#include <params.h>

#include "IPrivateDnsServer.h"
#include "PrivateDnsCommon.h"

namespace android {
namespace net {

// DnsTlsServer represents a recursive resolver that supports, or may support, a
// secure protocol.
struct DnsTlsServer : public IPrivateDnsServer {
struct DnsTlsServer {
    // Default constructor.
    DnsTlsServer() {}

    explicit DnsTlsServer(const netdutils::IPAddress& ip)
        : DnsTlsServer(netdutils::IPSockAddr(ip, 853)) {}
        : DnsTlsServer(netdutils::IPSockAddr(ip, kDotPort)) {}
    explicit DnsTlsServer(const netdutils::IPSockAddr& addr) : ss(addr) {}

    // The server location, including IP and port.
@@ -64,17 +64,12 @@ struct DnsTlsServer : public IPrivateDnsServer {
    bool wasExplicitlyConfigured() const;
    std::string toIpString() const;

    PrivateDnsTransport transport() const override { return PrivateDnsTransport::kDot; }
    std::string provider() const override { return name; }
    netdutils::IPSockAddr addr() const override { return netdutils::IPSockAddr::toIPSockAddr(ss); }
    uint32_t validationMark() const override { return mark; }
    std::string provider() const { return name; }
    netdutils::IPSockAddr addr() const { return netdutils::IPSockAddr::toIPSockAddr(ss); }
    uint32_t validationMark() const { return mark; }

    Validation validationState() const override { return mValidation; }
    void setValidationState(Validation val) override { mValidation = val; }
    bool probe() override {
        // TODO: implement it.
        return false;
    }
    Validation validationState() const { return mValidation; }
    void setValidationState(Validation val) { mValidation = val; }

    // The socket mark used for validation.
    // Note that the mark of a connection to which the DnsResolver sends app's DNS requests can
@@ -84,8 +79,8 @@ struct DnsTlsServer : public IPrivateDnsServer {

    // Return whether or not the server can be used for a network. It depends on
    // the resolver configuration.
    bool active() const override { return mActive; }
    void setActive(bool val) override { mActive = val; }
    bool active() const { return mActive; }
    void setActive(bool val) { mActive = val; }

  private:
    // State, unrelated to the comparison of DnsTlsServer objects.

IPrivateDnsServer.h

deleted100644 → 0
+0 −60
Original line number Diff line number Diff line
/*
 * Copyright (C) 2021 The Android Open Source Project
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

#pragma once

#include <string>

#include <netdutils/InternetAddresses.h>

#include "PrivateDnsCommon.h"

namespace android::net {

class IPrivateDnsServer {
  public:
    virtual ~IPrivateDnsServer(){};

    virtual PrivateDnsTransport transport() const = 0;
    bool isDot() const { return transport() == PrivateDnsTransport::kDot; }
    bool isDoh() const { return transport() == PrivateDnsTransport::kDoh; }

    // Returns the provider name of the server.
    virtual std::string provider() const = 0;

    // Returns the IP address of the server.
    virtual netdutils::IPSockAddr addr() const = 0;

    // Returns the socket mark used for probe.
    virtual uint32_t validationMark() const = 0;

    // Sets the validation state.
    virtual void setValidationState(Validation val) = 0;

    // Returns the validation state.
    virtual Validation validationState() const = 0;

    // Checks the server supports private DNS.
    virtual bool probe() = 0;

    // Sets if the server should be active.
    virtual void setActive(bool val) = 0;

    // Returns if the server is active.
    virtual bool active() const = 0;
};

}  // namespace android::net
+24 −25
Original line number Diff line number Diff line
@@ -99,33 +99,33 @@ int PrivateDnsConfiguration::setDot(int32_t netId, uint32_t mark,
    PrivateDnsTracker tmp;
    for (const auto& s : servers) {
        // The IP addresses are guaranteed to be valid.
        auto server = std::make_unique<DnsTlsServer>(IPAddress::forString(s));
        server->name = name;
        server->certificate = caCert;
        server->mark = mark;
        tmp[ServerIdentity(*server)] = std::move(server);
        DnsTlsServer server(IPAddress::forString(s));
        server.name = name;
        server.certificate = caCert;
        server.mark = mark;
        tmp[ServerIdentity(server)] = server;
    }

    // Create the tracker if it was not present
    auto& tracker = mPrivateDnsTransports[netId];

    // Add the servers if not contained in tracker.
    for (auto& [identity, server] : tmp) {
    for (const auto& [identity, server] : tmp) {
        if (tracker.find(identity) == tracker.end()) {
            tracker[identity] = std::move(server);
            tracker[identity] = server;
        }
    }

    for (auto& [identity, server] : tracker) {
        const bool active = tmp.find(identity) != tmp.end();
        server->setActive(active);
        server.setActive(active);

        // For simplicity, deem the validation result of inactive servers as unreliable.
        if (!server->active() && server->validationState() == Validation::success) {
        if (!server.active() && server.validationState() == Validation::success) {
            updateServerState(identity, Validation::success_but_expired, netId);
        }

        if (needsValidation(*server)) {
        if (needsValidation(server)) {
            updateServerState(identity, Validation::in_process, netId);
            startValidation(identity, netId, false);
        }
@@ -154,9 +154,8 @@ PrivateDnsStatus PrivateDnsConfiguration::getStatus(unsigned netId) const {
    const auto netPair = mPrivateDnsTransports.find(netId);
    if (netPair != mPrivateDnsTransports.end()) {
        for (const auto& [_, server] : netPair->second) {
            if (server->isDot() && server->active()) {
                DnsTlsServer& dotServer = *static_cast<DnsTlsServer*>(server.get());
                status.dotServersMap.emplace(dotServer, server->validationState());
            if (server.active()) {
                status.dotServersMap.emplace(server, server.validationState());
            }
        }
    }
@@ -202,18 +201,18 @@ base::Result<void> PrivateDnsConfiguration::requestValidation(unsigned netId,
        return result.error();
    }

    const IPrivateDnsServer* server = result.value();
    const DnsTlsServer* target = result.value();

    if (!server->active()) return Errorf("Server is not active");
    if (!target->active()) return Errorf("Server is not active");

    if (server->validationState() != Validation::success) {
    if (target->validationState() != Validation::success) {
        return Errorf("Server validation state mismatched");
    }

    // Don't run the validation if |mark| (from android_net_context.dns_mark) is different.
    // This is to protect validation from running on unexpected marks.
    // Validation should be associated with a mark gotten by system permission.
    if (server->validationMark() != mark) return Errorf("Socket mark mismatched");
    if (target->validationMark() != mark) return Errorf("Socket mark mismatched");

    updateServerState(identity, Validation::in_process, netId);
    startValidation(identity, netId, true);
@@ -227,7 +226,7 @@ void PrivateDnsConfiguration::startValidation(const ServerIdentity& identity, un
    // TODO: consider moving these code to the thread.
    const auto result = getPrivateDnsLocked(identity, netId);
    if (!result.ok()) return;
    DnsTlsServer server = *static_cast<const DnsTlsServer*>(result.value());
    DnsTlsServer server = *result.value();

    std::thread validate_thread([this, identity, server, netId, isRevalidation] {
        setThreadName(fmt::format("TlsVerify_{}", netId));
@@ -345,7 +344,7 @@ bool PrivateDnsConfiguration::recordPrivateDnsValidation(const ServerIdentity& i
                     << " was removed during private DNS validation";
        success = false;
        reevaluationStatus = DONT_REEVALUATE;
    } else if (!serverPair->second->active()) {
    } else if (!serverPair->second.active()) {
        LOG(WARNING) << "Server " << identity.sockaddr.ip().toString()
                     << " was removed from the configuration";
        success = false;
@@ -389,7 +388,7 @@ void PrivateDnsConfiguration::updateServerState(const ServerIdentity& identity,
    mPrivateDnsLog.push(std::move(record));
}

bool PrivateDnsConfiguration::needsValidation(const IPrivateDnsServer& server) const {
bool PrivateDnsConfiguration::needsValidation(const DnsTlsServer& server) const {
    // The server is not expected to be used on the network.
    if (!server.active()) return false;

@@ -405,13 +404,13 @@ bool PrivateDnsConfiguration::needsValidation(const IPrivateDnsServer& server) c
    return false;
}

base::Result<IPrivateDnsServer*> PrivateDnsConfiguration::getPrivateDns(
        const ServerIdentity& identity, unsigned netId) {
base::Result<DnsTlsServer*> PrivateDnsConfiguration::getPrivateDns(const ServerIdentity& identity,
                                                                   unsigned netId) {
    std::lock_guard guard(mPrivateDnsLock);
    return getPrivateDnsLocked(identity, netId);
}

base::Result<IPrivateDnsServer*> PrivateDnsConfiguration::getPrivateDnsLocked(
base::Result<DnsTlsServer*> PrivateDnsConfiguration::getPrivateDnsLocked(
        const ServerIdentity& identity, unsigned netId) {
    auto netPair = mPrivateDnsTransports.find(netId);
    if (netPair == mPrivateDnsTransports.end()) {
@@ -424,7 +423,7 @@ base::Result<IPrivateDnsServer*> PrivateDnsConfiguration::getPrivateDnsLocked(
                      identity.provider);
    }

    return iter->second.get();
    return &iter->second;
}

void PrivateDnsConfiguration::setObserver(PrivateDnsValidationObserver* observer) {
@@ -611,7 +610,7 @@ bool PrivateDnsConfiguration::needReportEvent(uint32_t netId, ServerIdentity ide
            for (const auto& [id, server] : netPair->second) {
                if ((identity.sockaddr.ip() == id.sockaddr.ip()) &&
                    (identity.sockaddr.port() != id.sockaddr.port()) &&
                    (server->validationState() == Validation::success)) {
                    (server.validationState() == Validation::success)) {
                    LOG(DEBUG) << __func__
                               << ": Skip reporting DoH validation failure event, server addr: "
                               << identity.sockaddr.ip().toString();
+6 −7
Original line number Diff line number Diff line
@@ -39,7 +39,6 @@
namespace android {
namespace net {

// TODO: decouple the dependency of DnsTlsServer.
struct PrivateDnsStatus {
    PrivateDnsMode mode;

@@ -81,7 +80,7 @@ class PrivateDnsConfiguration {
        const netdutils::IPSockAddr sockaddr;
        const std::string provider;

        explicit ServerIdentity(const IPrivateDnsServer& server)
        explicit ServerIdentity(const DnsTlsServer& server)
            : sockaddr(server.addr()), provider(server.provider()) {}
        ServerIdentity(const netdutils::IPSockAddr& addr, const std::string& host)
            : sockaddr(addr), provider(host) {}
@@ -128,7 +127,7 @@ class PrivateDnsConfiguration {
            EXCLUDES(mPrivateDnsLock);

  private:
    typedef std::map<ServerIdentity, std::unique_ptr<IPrivateDnsServer>> PrivateDnsTracker;
    typedef std::map<ServerIdentity, DnsTlsServer> PrivateDnsTracker;

    PrivateDnsConfiguration() = default;

@@ -151,17 +150,17 @@ class PrivateDnsConfiguration {
    // Decide if a validation for |server| is needed. Note that servers that have failed
    // multiple validation attempts but for which there is still a validating
    // thread running are marked as being Validation::in_process.
    bool needsValidation(const IPrivateDnsServer& server) const REQUIRES(mPrivateDnsLock);
    bool needsValidation(const DnsTlsServer& server) const REQUIRES(mPrivateDnsLock);

    void updateServerState(const ServerIdentity& identity, Validation state, uint32_t netId)
            REQUIRES(mPrivateDnsLock);

    // For testing.
    base::Result<IPrivateDnsServer*> getPrivateDns(const ServerIdentity& identity, unsigned netId)
    base::Result<DnsTlsServer*> getPrivateDns(const ServerIdentity& identity, unsigned netId)
            EXCLUDES(mPrivateDnsLock);

    base::Result<IPrivateDnsServer*> getPrivateDnsLocked(const ServerIdentity& identity,
                                                         unsigned netId) REQUIRES(mPrivateDnsLock);
    base::Result<DnsTlsServer*> getPrivateDnsLocked(const ServerIdentity& identity, unsigned netId)
            REQUIRES(mPrivateDnsLock);

    void initDohLocked() REQUIRES(mPrivateDnsLock);
    int setDoh(int32_t netId, uint32_t mark, const std::vector<std::string>& servers,