Support RDNS on cache and uid/pid tagging (8ab18ba2) · Commits · e / os / android_packages_modules_DnsResolver

DnsProxyListener.cpp

+6 −5

Original line number	Diff line number	Diff line
		@@ -147,7 +147,7 @@ bool hasPermissionToBypassPrivateDns(uid_t uid) {
		return false;
		}

		void maybeFixupNetContext(android_net_context* ctx) {
		void maybeFixupNetContext(android_net_context* ctx, pid_t pid) {
		if (requestingUseLocalNameservers(ctx->flags) && !hasPermissionToBypassPrivateDns(ctx->uid)) {
		// Not permitted; clear the flag.
		ctx->flags &= ~NET_CONTEXT_FLAG_USE_LOCAL_NAMESERVERS;
		@@ -161,6 +161,7 @@ void maybeFixupNetContext(android_net_context* ctx) {
		ctx->flags \|= NET_CONTEXT_FLAG_USE_DNS_OVER_TLS \| NET_CONTEXT_FLAG_USE_EDNS;
		}
		}
		ctx->pid = pid;
		}

		void addIpAddrWithinLimit(std::vector<std::string>* ip_addrs, const sockaddr* addr,
		@@ -669,7 +670,7 @@ void DnsProxyListener::GetAddrInfoHandler::run() {

		addrinfo* result = nullptr;
		Stopwatch s;
		maybeFixupNetContext(&mNetContext);
		maybeFixupNetContext(&mNetContext, mClient->getPid());
		const uid_t uid = mClient->getUid();
		int32_t rv = 0;
		NetworkDnsEventReported event;
		@@ -856,7 +857,7 @@ void DnsProxyListener::ResNSendHandler::run() {
		<< mNetContext.dns_mark << " " << mNetContext.uid << " " << mNetContext.flags << "}";

		Stopwatch s;
		maybeFixupNetContext(&mNetContext);
		maybeFixupNetContext(&mNetContext, mClient->getPid());

		// Decode
		std::vector<uint8_t> msg(MAXPACKET, 0);
		@@ -1073,7 +1074,7 @@ void DnsProxyListener::GetHostByNameHandler::doDns64Synthesis(int32_t* rv, hoste

		void DnsProxyListener::GetHostByNameHandler::run() {
		Stopwatch s;
		maybeFixupNetContext(&mNetContext);
		maybeFixupNetContext(&mNetContext, mClient->getPid());
		const uid_t uid = mClient->getUid();
		hostent* hp = nullptr;
		hostent hbuf;
		@@ -1236,7 +1237,7 @@ void DnsProxyListener::GetHostByAddrHandler::doDns64ReverseLookup(hostent* hbuf,

		void DnsProxyListener::GetHostByAddrHandler::run() {
		Stopwatch s;
		maybeFixupNetContext(&mNetContext);
		maybeFixupNetContext(&mNetContext, mClient->getPid());
		const uid_t uid = mClient->getUid();
		hostent* hp = nullptr;
		hostent hbuf;

DnsTlsSocket.cpp

+2 −1

Original line number	Diff line number	Diff line
		@@ -38,6 +38,7 @@
		#include <netdutils/SocketOption.h>
		#include <netdutils/ThreadUtil.h>

		#include "netd_resolv/resolv.h"
		#include "private/android_filesystem_config.h" // AID_DNS
		#include "resolv_private.h"

		@@ -95,7 +96,7 @@ Status DnsTlsSocket::tcpConnect() {
		return Status(errno);
		}

		resolv_tag_socket(mSslFd.get(), AID_DNS);
		resolv_tag_socket(mSslFd.get(), AID_DNS, NET_CONTEXT_INVALID_PID);

		const socklen_t len = sizeof(mMark);
		if (setsockopt(mSslFd.get(), SOL_SOCKET, SO_MARK, &mMark, len) == -1) {

getaddrinfo.cpp

+1 −0

Original line number	Diff line number	Diff line
		@@ -266,6 +266,7 @@ int getaddrinfo_numeric(const char* hostname, const char* servname, addrinfo hin
		.dns_netid = NETID_UNSET,
		.dns_mark = MARK_UNSET,
		.uid = NET_CONTEXT_INVALID_UID,
		.pid = NET_CONTEXT_INVALID_PID,
		};
		NetworkDnsEventReported event;
		return android_getaddrinfofornetcontext(hostname, servname, &hints, &netcontext, result,

include/netd_resolv/resolv.h

+15 −3

Original line number	Diff line number	Diff line
		@@ -30,6 +30,7 @@

		#include "params.h"

		#include <arpa/nameser.h>
		#include <netinet/in.h>

		/*
		@@ -43,6 +44,9 @@
		*/
		#define MARK_UNSET 0u

		#define NET_CONTEXT_INVALID_UID ((uid_t)-1)
		#define NET_CONTEXT_INVALID_PID ((pid_t)-1)

		/*
		* A struct to capture context relevant to network operations.
		*
		@@ -59,11 +63,12 @@ struct android_net_context {
		unsigned app_mark;
		unsigned dns_netid;
		unsigned dns_mark;
		uid_t uid;
		uid_t uid = NET_CONTEXT_INVALID_UID;
		unsigned flags;
		// Variable to store the pid of the application sending DNS query.
		pid_t pid = NET_CONTEXT_INVALID_PID;
		};

		#define NET_CONTEXT_INVALID_UID ((uid_t) -1)
		#define NET_CONTEXT_FLAG_USE_LOCAL_NAMESERVERS 0x00000001
		#define NET_CONTEXT_FLAG_USE_EDNS 0x00000002
		#define NET_CONTEXT_FLAG_USE_DNS_OVER_TLS 0x00000004
		@@ -74,7 +79,7 @@ typedef bool (check_calling_permission_callback)(const char permission);
		typedef void (*get_network_context_callback)(unsigned netid, uid_t uid,
		android_net_context* netcontext);
		typedef void (log_callback)(const char msg);
		typedef int (*tagSocketCallback)(int sockFd, uint32_t tag, uid_t uid);
		typedef int (*tagSocketCallback)(int sockFd, uint32_t tag, uid_t uid, pid_t pid);

		/*
		* Some functions needed by the resolver (e.g. checkCallingPermission()) live in
		@@ -95,3 +100,10 @@ LIBNETD_RESOLV_PUBLIC bool resolv_has_nameservers(unsigned netid);

		// Set callbacks and bring DnsResolver up.
		LIBNETD_RESOLV_PUBLIC bool resolv_init(const ResolverNetdCallbacks* callbacks);

		// Function that performs RDNS in local cache. The \|domain_name_size\| is the size of domain_name
		// buffer, which is recommended to NS_MAXDNAME. Function return false if hostname not found or
		// domain_name_size > NS_MAXDNAME.
		LIBNETD_RESOLV_PUBLIC bool resolv_gethostbyaddr_from_local_cache(unsigned netId, char domain_name[],
		unsigned domain_name_size,
		char* ip_address);

include/netd_resolv/resolv_stub.h

+3 −0

Original line number	Diff line number	Diff line
		@@ -37,6 +37,9 @@ extern struct ResolvStub {
		bool (*resolv_has_nameservers)(unsigned netid);

		bool (*resolv_init)(const ResolverNetdCallbacks& callbacks);

		bool (*resolv_gethostbyaddr_from_local_cache)(unsigned netId, char domain_name[],
		unsigned domain_name_size, char* ip_address);
		} RESOLV_STUB;

		int resolv_stub_init();