Loading DnsProxyListener.cpp +6 −5 Original line number Original line Diff line number Diff line Loading @@ -147,7 +147,7 @@ bool hasPermissionToBypassPrivateDns(uid_t uid) { return false; return false; } } void maybeFixupNetContext(android_net_context* ctx) { void maybeFixupNetContext(android_net_context* ctx, pid_t pid) { if (requestingUseLocalNameservers(ctx->flags) && !hasPermissionToBypassPrivateDns(ctx->uid)) { if (requestingUseLocalNameservers(ctx->flags) && !hasPermissionToBypassPrivateDns(ctx->uid)) { // Not permitted; clear the flag. // Not permitted; clear the flag. ctx->flags &= ~NET_CONTEXT_FLAG_USE_LOCAL_NAMESERVERS; ctx->flags &= ~NET_CONTEXT_FLAG_USE_LOCAL_NAMESERVERS; Loading @@ -161,6 +161,7 @@ void maybeFixupNetContext(android_net_context* ctx) { ctx->flags |= NET_CONTEXT_FLAG_USE_DNS_OVER_TLS | NET_CONTEXT_FLAG_USE_EDNS; ctx->flags |= NET_CONTEXT_FLAG_USE_DNS_OVER_TLS | NET_CONTEXT_FLAG_USE_EDNS; } } } } ctx->pid = pid; } } void addIpAddrWithinLimit(std::vector<std::string>* ip_addrs, const sockaddr* addr, void addIpAddrWithinLimit(std::vector<std::string>* ip_addrs, const sockaddr* addr, Loading Loading @@ -669,7 +670,7 @@ void DnsProxyListener::GetAddrInfoHandler::run() { addrinfo* result = nullptr; addrinfo* result = nullptr; Stopwatch s; Stopwatch s; maybeFixupNetContext(&mNetContext); maybeFixupNetContext(&mNetContext, mClient->getPid()); const uid_t uid = mClient->getUid(); const uid_t uid = mClient->getUid(); int32_t rv = 0; int32_t rv = 0; NetworkDnsEventReported event; NetworkDnsEventReported event; Loading Loading @@ -856,7 +857,7 @@ void DnsProxyListener::ResNSendHandler::run() { << mNetContext.dns_mark << " " << mNetContext.uid << " " << mNetContext.flags << "}"; << mNetContext.dns_mark << " " << mNetContext.uid << " " << mNetContext.flags << "}"; Stopwatch s; Stopwatch s; maybeFixupNetContext(&mNetContext); maybeFixupNetContext(&mNetContext, mClient->getPid()); // Decode // Decode std::vector<uint8_t> msg(MAXPACKET, 0); std::vector<uint8_t> msg(MAXPACKET, 0); Loading Loading @@ -1073,7 +1074,7 @@ void DnsProxyListener::GetHostByNameHandler::doDns64Synthesis(int32_t* rv, hoste void DnsProxyListener::GetHostByNameHandler::run() { void DnsProxyListener::GetHostByNameHandler::run() { Stopwatch s; Stopwatch s; maybeFixupNetContext(&mNetContext); maybeFixupNetContext(&mNetContext, mClient->getPid()); const uid_t uid = mClient->getUid(); const uid_t uid = mClient->getUid(); hostent* hp = nullptr; hostent* hp = nullptr; hostent hbuf; hostent hbuf; Loading Loading @@ -1236,7 +1237,7 @@ void DnsProxyListener::GetHostByAddrHandler::doDns64ReverseLookup(hostent* hbuf, void DnsProxyListener::GetHostByAddrHandler::run() { void DnsProxyListener::GetHostByAddrHandler::run() { Stopwatch s; Stopwatch s; maybeFixupNetContext(&mNetContext); maybeFixupNetContext(&mNetContext, mClient->getPid()); const uid_t uid = mClient->getUid(); const uid_t uid = mClient->getUid(); hostent* hp = nullptr; hostent* hp = nullptr; hostent hbuf; hostent hbuf; Loading DnsTlsSocket.cpp +2 −1 Original line number Original line Diff line number Diff line Loading @@ -38,6 +38,7 @@ #include <netdutils/SocketOption.h> #include <netdutils/SocketOption.h> #include <netdutils/ThreadUtil.h> #include <netdutils/ThreadUtil.h> #include "netd_resolv/resolv.h" #include "private/android_filesystem_config.h" // AID_DNS #include "private/android_filesystem_config.h" // AID_DNS #include "resolv_private.h" #include "resolv_private.h" Loading Loading @@ -95,7 +96,7 @@ Status DnsTlsSocket::tcpConnect() { return Status(errno); return Status(errno); } } resolv_tag_socket(mSslFd.get(), AID_DNS); resolv_tag_socket(mSslFd.get(), AID_DNS, NET_CONTEXT_INVALID_PID); const socklen_t len = sizeof(mMark); const socklen_t len = sizeof(mMark); if (setsockopt(mSslFd.get(), SOL_SOCKET, SO_MARK, &mMark, len) == -1) { if (setsockopt(mSslFd.get(), SOL_SOCKET, SO_MARK, &mMark, len) == -1) { Loading getaddrinfo.cpp +1 −0 Original line number Original line Diff line number Diff line Loading @@ -266,6 +266,7 @@ int getaddrinfo_numeric(const char* hostname, const char* servname, addrinfo hin .dns_netid = NETID_UNSET, .dns_netid = NETID_UNSET, .dns_mark = MARK_UNSET, .dns_mark = MARK_UNSET, .uid = NET_CONTEXT_INVALID_UID, .uid = NET_CONTEXT_INVALID_UID, .pid = NET_CONTEXT_INVALID_PID, }; }; NetworkDnsEventReported event; NetworkDnsEventReported event; return android_getaddrinfofornetcontext(hostname, servname, &hints, &netcontext, result, return android_getaddrinfofornetcontext(hostname, servname, &hints, &netcontext, result, Loading include/netd_resolv/resolv.h +15 −3 Original line number Original line Diff line number Diff line Loading @@ -30,6 +30,7 @@ #include "params.h" #include "params.h" #include <arpa/nameser.h> #include <netinet/in.h> #include <netinet/in.h> /* /* Loading @@ -43,6 +44,9 @@ */ */ #define MARK_UNSET 0u #define MARK_UNSET 0u #define NET_CONTEXT_INVALID_UID ((uid_t)-1) #define NET_CONTEXT_INVALID_PID ((pid_t)-1) /* /* * A struct to capture context relevant to network operations. * A struct to capture context relevant to network operations. * * Loading @@ -59,11 +63,12 @@ struct android_net_context { unsigned app_mark; unsigned app_mark; unsigned dns_netid; unsigned dns_netid; unsigned dns_mark; unsigned dns_mark; uid_t uid; uid_t uid = NET_CONTEXT_INVALID_UID; unsigned flags; unsigned flags; // Variable to store the pid of the application sending DNS query. pid_t pid = NET_CONTEXT_INVALID_PID; }; }; #define NET_CONTEXT_INVALID_UID ((uid_t) -1) #define NET_CONTEXT_FLAG_USE_LOCAL_NAMESERVERS 0x00000001 #define NET_CONTEXT_FLAG_USE_LOCAL_NAMESERVERS 0x00000001 #define NET_CONTEXT_FLAG_USE_EDNS 0x00000002 #define NET_CONTEXT_FLAG_USE_EDNS 0x00000002 #define NET_CONTEXT_FLAG_USE_DNS_OVER_TLS 0x00000004 #define NET_CONTEXT_FLAG_USE_DNS_OVER_TLS 0x00000004 Loading @@ -74,7 +79,7 @@ typedef bool (*check_calling_permission_callback)(const char* permission); typedef void (*get_network_context_callback)(unsigned netid, uid_t uid, typedef void (*get_network_context_callback)(unsigned netid, uid_t uid, android_net_context* netcontext); android_net_context* netcontext); typedef void (*log_callback)(const char* msg); typedef void (*log_callback)(const char* msg); typedef int (*tagSocketCallback)(int sockFd, uint32_t tag, uid_t uid); typedef int (*tagSocketCallback)(int sockFd, uint32_t tag, uid_t uid, pid_t pid); /* /* * Some functions needed by the resolver (e.g. checkCallingPermission()) live in * Some functions needed by the resolver (e.g. checkCallingPermission()) live in Loading @@ -95,3 +100,10 @@ LIBNETD_RESOLV_PUBLIC bool resolv_has_nameservers(unsigned netid); // Set callbacks and bring DnsResolver up. // Set callbacks and bring DnsResolver up. LIBNETD_RESOLV_PUBLIC bool resolv_init(const ResolverNetdCallbacks* callbacks); LIBNETD_RESOLV_PUBLIC bool resolv_init(const ResolverNetdCallbacks* callbacks); // Function that performs RDNS in local cache. The |domain_name_size| is the size of domain_name // buffer, which is recommended to NS_MAXDNAME. Function return false if hostname not found or // domain_name_size > NS_MAXDNAME. LIBNETD_RESOLV_PUBLIC bool resolv_gethostbyaddr_from_local_cache(unsigned netId, char domain_name[], unsigned domain_name_size, char* ip_address); include/netd_resolv/resolv_stub.h +3 −0 Original line number Original line Diff line number Diff line Loading @@ -37,6 +37,9 @@ extern struct ResolvStub { bool (*resolv_has_nameservers)(unsigned netid); bool (*resolv_has_nameservers)(unsigned netid); bool (*resolv_init)(const ResolverNetdCallbacks& callbacks); bool (*resolv_init)(const ResolverNetdCallbacks& callbacks); bool (*resolv_gethostbyaddr_from_local_cache)(unsigned netId, char domain_name[], unsigned domain_name_size, char* ip_address); } RESOLV_STUB; } RESOLV_STUB; int resolv_stub_init(); int resolv_stub_init(); Loading Loading
DnsProxyListener.cpp +6 −5 Original line number Original line Diff line number Diff line Loading @@ -147,7 +147,7 @@ bool hasPermissionToBypassPrivateDns(uid_t uid) { return false; return false; } } void maybeFixupNetContext(android_net_context* ctx) { void maybeFixupNetContext(android_net_context* ctx, pid_t pid) { if (requestingUseLocalNameservers(ctx->flags) && !hasPermissionToBypassPrivateDns(ctx->uid)) { if (requestingUseLocalNameservers(ctx->flags) && !hasPermissionToBypassPrivateDns(ctx->uid)) { // Not permitted; clear the flag. // Not permitted; clear the flag. ctx->flags &= ~NET_CONTEXT_FLAG_USE_LOCAL_NAMESERVERS; ctx->flags &= ~NET_CONTEXT_FLAG_USE_LOCAL_NAMESERVERS; Loading @@ -161,6 +161,7 @@ void maybeFixupNetContext(android_net_context* ctx) { ctx->flags |= NET_CONTEXT_FLAG_USE_DNS_OVER_TLS | NET_CONTEXT_FLAG_USE_EDNS; ctx->flags |= NET_CONTEXT_FLAG_USE_DNS_OVER_TLS | NET_CONTEXT_FLAG_USE_EDNS; } } } } ctx->pid = pid; } } void addIpAddrWithinLimit(std::vector<std::string>* ip_addrs, const sockaddr* addr, void addIpAddrWithinLimit(std::vector<std::string>* ip_addrs, const sockaddr* addr, Loading Loading @@ -669,7 +670,7 @@ void DnsProxyListener::GetAddrInfoHandler::run() { addrinfo* result = nullptr; addrinfo* result = nullptr; Stopwatch s; Stopwatch s; maybeFixupNetContext(&mNetContext); maybeFixupNetContext(&mNetContext, mClient->getPid()); const uid_t uid = mClient->getUid(); const uid_t uid = mClient->getUid(); int32_t rv = 0; int32_t rv = 0; NetworkDnsEventReported event; NetworkDnsEventReported event; Loading Loading @@ -856,7 +857,7 @@ void DnsProxyListener::ResNSendHandler::run() { << mNetContext.dns_mark << " " << mNetContext.uid << " " << mNetContext.flags << "}"; << mNetContext.dns_mark << " " << mNetContext.uid << " " << mNetContext.flags << "}"; Stopwatch s; Stopwatch s; maybeFixupNetContext(&mNetContext); maybeFixupNetContext(&mNetContext, mClient->getPid()); // Decode // Decode std::vector<uint8_t> msg(MAXPACKET, 0); std::vector<uint8_t> msg(MAXPACKET, 0); Loading Loading @@ -1073,7 +1074,7 @@ void DnsProxyListener::GetHostByNameHandler::doDns64Synthesis(int32_t* rv, hoste void DnsProxyListener::GetHostByNameHandler::run() { void DnsProxyListener::GetHostByNameHandler::run() { Stopwatch s; Stopwatch s; maybeFixupNetContext(&mNetContext); maybeFixupNetContext(&mNetContext, mClient->getPid()); const uid_t uid = mClient->getUid(); const uid_t uid = mClient->getUid(); hostent* hp = nullptr; hostent* hp = nullptr; hostent hbuf; hostent hbuf; Loading Loading @@ -1236,7 +1237,7 @@ void DnsProxyListener::GetHostByAddrHandler::doDns64ReverseLookup(hostent* hbuf, void DnsProxyListener::GetHostByAddrHandler::run() { void DnsProxyListener::GetHostByAddrHandler::run() { Stopwatch s; Stopwatch s; maybeFixupNetContext(&mNetContext); maybeFixupNetContext(&mNetContext, mClient->getPid()); const uid_t uid = mClient->getUid(); const uid_t uid = mClient->getUid(); hostent* hp = nullptr; hostent* hp = nullptr; hostent hbuf; hostent hbuf; Loading
DnsTlsSocket.cpp +2 −1 Original line number Original line Diff line number Diff line Loading @@ -38,6 +38,7 @@ #include <netdutils/SocketOption.h> #include <netdutils/SocketOption.h> #include <netdutils/ThreadUtil.h> #include <netdutils/ThreadUtil.h> #include "netd_resolv/resolv.h" #include "private/android_filesystem_config.h" // AID_DNS #include "private/android_filesystem_config.h" // AID_DNS #include "resolv_private.h" #include "resolv_private.h" Loading Loading @@ -95,7 +96,7 @@ Status DnsTlsSocket::tcpConnect() { return Status(errno); return Status(errno); } } resolv_tag_socket(mSslFd.get(), AID_DNS); resolv_tag_socket(mSslFd.get(), AID_DNS, NET_CONTEXT_INVALID_PID); const socklen_t len = sizeof(mMark); const socklen_t len = sizeof(mMark); if (setsockopt(mSslFd.get(), SOL_SOCKET, SO_MARK, &mMark, len) == -1) { if (setsockopt(mSslFd.get(), SOL_SOCKET, SO_MARK, &mMark, len) == -1) { Loading
getaddrinfo.cpp +1 −0 Original line number Original line Diff line number Diff line Loading @@ -266,6 +266,7 @@ int getaddrinfo_numeric(const char* hostname, const char* servname, addrinfo hin .dns_netid = NETID_UNSET, .dns_netid = NETID_UNSET, .dns_mark = MARK_UNSET, .dns_mark = MARK_UNSET, .uid = NET_CONTEXT_INVALID_UID, .uid = NET_CONTEXT_INVALID_UID, .pid = NET_CONTEXT_INVALID_PID, }; }; NetworkDnsEventReported event; NetworkDnsEventReported event; return android_getaddrinfofornetcontext(hostname, servname, &hints, &netcontext, result, return android_getaddrinfofornetcontext(hostname, servname, &hints, &netcontext, result, Loading
include/netd_resolv/resolv.h +15 −3 Original line number Original line Diff line number Diff line Loading @@ -30,6 +30,7 @@ #include "params.h" #include "params.h" #include <arpa/nameser.h> #include <netinet/in.h> #include <netinet/in.h> /* /* Loading @@ -43,6 +44,9 @@ */ */ #define MARK_UNSET 0u #define MARK_UNSET 0u #define NET_CONTEXT_INVALID_UID ((uid_t)-1) #define NET_CONTEXT_INVALID_PID ((pid_t)-1) /* /* * A struct to capture context relevant to network operations. * A struct to capture context relevant to network operations. * * Loading @@ -59,11 +63,12 @@ struct android_net_context { unsigned app_mark; unsigned app_mark; unsigned dns_netid; unsigned dns_netid; unsigned dns_mark; unsigned dns_mark; uid_t uid; uid_t uid = NET_CONTEXT_INVALID_UID; unsigned flags; unsigned flags; // Variable to store the pid of the application sending DNS query. pid_t pid = NET_CONTEXT_INVALID_PID; }; }; #define NET_CONTEXT_INVALID_UID ((uid_t) -1) #define NET_CONTEXT_FLAG_USE_LOCAL_NAMESERVERS 0x00000001 #define NET_CONTEXT_FLAG_USE_LOCAL_NAMESERVERS 0x00000001 #define NET_CONTEXT_FLAG_USE_EDNS 0x00000002 #define NET_CONTEXT_FLAG_USE_EDNS 0x00000002 #define NET_CONTEXT_FLAG_USE_DNS_OVER_TLS 0x00000004 #define NET_CONTEXT_FLAG_USE_DNS_OVER_TLS 0x00000004 Loading @@ -74,7 +79,7 @@ typedef bool (*check_calling_permission_callback)(const char* permission); typedef void (*get_network_context_callback)(unsigned netid, uid_t uid, typedef void (*get_network_context_callback)(unsigned netid, uid_t uid, android_net_context* netcontext); android_net_context* netcontext); typedef void (*log_callback)(const char* msg); typedef void (*log_callback)(const char* msg); typedef int (*tagSocketCallback)(int sockFd, uint32_t tag, uid_t uid); typedef int (*tagSocketCallback)(int sockFd, uint32_t tag, uid_t uid, pid_t pid); /* /* * Some functions needed by the resolver (e.g. checkCallingPermission()) live in * Some functions needed by the resolver (e.g. checkCallingPermission()) live in Loading @@ -95,3 +100,10 @@ LIBNETD_RESOLV_PUBLIC bool resolv_has_nameservers(unsigned netid); // Set callbacks and bring DnsResolver up. // Set callbacks and bring DnsResolver up. LIBNETD_RESOLV_PUBLIC bool resolv_init(const ResolverNetdCallbacks* callbacks); LIBNETD_RESOLV_PUBLIC bool resolv_init(const ResolverNetdCallbacks* callbacks); // Function that performs RDNS in local cache. The |domain_name_size| is the size of domain_name // buffer, which is recommended to NS_MAXDNAME. Function return false if hostname not found or // domain_name_size > NS_MAXDNAME. LIBNETD_RESOLV_PUBLIC bool resolv_gethostbyaddr_from_local_cache(unsigned netId, char domain_name[], unsigned domain_name_size, char* ip_address);
include/netd_resolv/resolv_stub.h +3 −0 Original line number Original line Diff line number Diff line Loading @@ -37,6 +37,9 @@ extern struct ResolvStub { bool (*resolv_has_nameservers)(unsigned netid); bool (*resolv_has_nameservers)(unsigned netid); bool (*resolv_init)(const ResolverNetdCallbacks& callbacks); bool (*resolv_init)(const ResolverNetdCallbacks& callbacks); bool (*resolv_gethostbyaddr_from_local_cache)(unsigned netId, char domain_name[], unsigned domain_name_size, char* ip_address); } RESOLV_STUB; } RESOLV_STUB; int resolv_stub_init(); int resolv_stub_init(); Loading
