Loading Android.bp +86 −105 Original line number Diff line number Diff line Loading @@ -30,6 +30,10 @@ license { ], } // Whether to enable the targets in this file that require rust toolchain. // Set to false in branches like mainline-prod where rust toolchain isn't supported. support_rust_toolchain = false cc_library_headers { name: "libnetd_resolv_headers", export_include_dirs: ["include"], Loading @@ -44,8 +48,6 @@ cc_library_headers { cc_library_headers { name: "dnsproxyd_protocol_headers", sdk_version: "29", min_sdk_version: "29", export_include_dirs: ["include/dnsproxyd_protocol"], apex_available: [ "//apex_available:platform", Loading @@ -53,12 +55,12 @@ cc_library_headers { ], } dnsresolver_aidl_interface_lateststable_version = "V10" dnsresolver_aidl_interface_lateststable_version = "V8" cc_library_static { name: "dnsresolver_aidl_interface-lateststable-ndk", name: "dnsresolver_aidl_interface-lateststable-ndk_platform", whole_static_libs: [ "dnsresolver_aidl_interface-" + dnsresolver_aidl_interface_lateststable_version + "-ndk", "dnsresolver_aidl_interface-ndk_platform", ], apex_available: [ "com.android.resolv", Loading @@ -78,16 +80,15 @@ aidl_interface { "binder/android/net/resolv/aidl/**/*.aidl", ], imports: [ "netd_event_listener_interface-V1", "netd_event_listener_interface", ], backend: { java: { apex_available: [ "//apex_available:platform", "com.android.bluetooth.updatable", "com.android.tethering", "com.android.wifi", ], min_sdk_version: "30", }, ndk: { gen_log: true, Loading @@ -106,8 +107,6 @@ aidl_interface { "6", "7", "8", "9", "10", ], dumpapi: { no_license: true, Loading @@ -116,10 +115,6 @@ aidl_interface { cc_defaults { name: "resolv_test_defaults", cflags: [ // networkCreatePhysical and networkCreateVpn were deprecated from netd_aidl_interface v6. "-Wno-error=deprecated-declarations", ], // Note that, static link liblog and libbase is a hard requirement for resolv related tests // because libbase is not compatible between Q and R for general platform build due // to its log revelant functions changing. And most of resolv related tests must be able to run Loading @@ -128,8 +123,6 @@ cc_defaults { "libbase", "liblog", ], // This field is required to make test compatible with Q devices. min_sdk_version: "29", } cc_defaults { Loading Loading @@ -193,17 +186,15 @@ cc_library { // Link most things statically to minimize our dependence on system ABIs. stl: "libc++_static", static_libs: [ "dnsresolver_aidl_interface-lateststable-ndk", "dnsresolver_aidl_interface-lateststable-ndk_platform", "libbase", "libcutils", "libnetdutils", "libdoh_ffi", "libmodules-utils-build", "libprotobuf-cpp-lite", "libstatslog_resolv", "libstatspush_compat", "libsysutils", "netd_event_listener_interface-lateststable-ndk", "netd_event_listener_interface-lateststable-ndk_platform", "server_configurable_flags", "stats_proto", ], Loading Loading @@ -267,8 +258,7 @@ cc_library_static { genrule { name: "statslog_resolv.h", tools: ["stats-log-api-gen"], cmd: "$(location stats-log-api-gen) --header $(genDir)/statslog_resolv.h --module resolv" + " --namespace android,net,stats --minApiLevel 29", cmd: "$(location stats-log-api-gen) --header $(genDir)/statslog_resolv.h --module resolv --namespace android,net,stats", out: [ "statslog_resolv.h", ], Loading @@ -277,8 +267,7 @@ genrule { genrule { name: "statslog_resolv.cpp", tools: ["stats-log-api-gen"], cmd: "$(location stats-log-api-gen) --cpp $(genDir)/statslog_resolv.cpp --module resolv" + " --namespace android,net,stats --importHeader statslog_resolv.h --minApiLevel 29", cmd: "$(location stats-log-api-gen) --cpp $(genDir)/statslog_resolv.cpp --module resolv --namespace android,net,stats --importHeader statslog_resolv.h --supportQ", out: [ "statslog_resolv.cpp", ], Loading Loading @@ -326,89 +315,81 @@ filegroup { ], } rust_ffi_static { name: "libdoh_ffi", crate_name: "doh", srcs: ["doh/doh.rs"], edition: "2018", // rust_ffi_static { // name: "libdoh_ffi", // enabled: support_rust_toolchain, // crate_name: "doh", // srcs: ["doh.rs"], // edition: "2018", rlibs: [ "libandroid_logger", "libanyhow", "libbase64_rust", "libfutures", "liblibc", "liblog_rust", "libquiche", "libring", "libtokio", "liburl", ], prefer_rlib: true, // rlibs: [ // "libandroid_logger", // "libanyhow", // "liblazy_static", // "liblibc", // "liblog_rust", // "libquiche", // "libring", // "libtokio", // "liburl", // ], // prefer_rlib: true, shared_libs: [ "libcrypto", "libssl", ], apex_available: [ "//apex_available:platform", // Needed by doh_ffi_test "com.android.resolv", ], min_sdk_version: "29", } // shared_libs: [ // "libcrypto", // "libssl", // ], rust_test { name: "doh_unit_test", crate_name: "doh", srcs: ["doh/doh.rs"], edition: "2018", test_suites: ["general-tests"], auto_gen_config: true, // Used to enable root permission for the test. // TODO: remove after 'require_root' is supported in rust_test. test_config_template: ":resolv_rust_test_config_template", rustlibs: [ "libandroid_logger", "libanyhow", "libbase64_rust", "libfutures", "liblibc", "liblog_rust", "libquiche_static", "libring", "libtokio", "liburl", ], min_sdk_version: "29", } // apex_available: [ // "//apex_available:platform", // Needed by doh_ffi_test // "com.android.resolv" // ], // min_sdk_version: "29", // } // It's required by unit tests. rust_ffi_static { name: "libdoh_ffi_for_test", crate_name: "doh", srcs: ["doh/doh.rs"], edition: "2018", // cc_test { // name: "doh_ffi_test", // enabled: support_rust_toolchain, // test_suites: [ // "general-tests", // ], // defaults: ["netd_defaults"], // srcs: ["doh_ffi_test.cpp"], // static_libs: [ // "libdoh_ffi", // "libgmock", // "liblog", // "libring-core", // ], // // These are not carried over from libdoh_ffi. // shared_libs: [ // "libcrypto", // "libssl", // ], // min_sdk_version: "29", // } rlibs: [ "libandroid_logger", "libanyhow", "libbase64_rust", "libfutures", "liblibc", "liblog_rust", "libquiche_static", "libring", "libtokio", "liburl", ], prefer_rlib: true, // TODO(b/194022174), for unit tests to run on the Android 10 platform, // libunwind must be statically linked. whole_static_libs: ["libunwind"], apex_available: [ "//apex_available:platform", // Needed by doh_ffi_test "com.android.resolv", ], min_sdk_version: "29", } // rust_test { // name: "doh_unit_test", // enabled: support_rust_toolchain, // crate_name: "doh", // srcs: ["doh.rs"], // edition: "2018", // test_suites: ["general-tests"], // auto_gen_config: true, // // Used to enable root permission for the test. // // TODO: remove after 'require_root' is supported in rust_test. // test_config_template: ":resolv_rust_test_config_template", // rustlibs: [ // "libandroid_logger", // "libanyhow", // "liblazy_static", // "liblibc", // "liblog_rust", // "libquiche", // "libring", // "libtokio", // "liburl", // ], // min_sdk_version: "29", // } Dns64Configuration.cpp +2 −1 Original line number Diff line number Diff line Loading @@ -36,6 +36,7 @@ namespace android { using android::base::StringPrintf; using android::net::NetworkDnsEventReported; using netdutils::DumpWriter; using netdutils::IPAddress; Loading Loading @@ -64,7 +65,7 @@ void Dns64Configuration::startPrefixDiscovery(unsigned netId) { // Note that capturing |cfg| in this lambda creates a copy. std::thread discovery_thread([this, cfg, netId] { setThreadName(fmt::format("Nat64Pfx_{}", netId)); setThreadName(StringPrintf("Nat64Pfx_%u", netId).c_str()); // Make a mutable copy rather than mark the whole lambda mutable. // No particular reason. Loading DnsProxyListener.cpp +28 −32 Original line number Diff line number Diff line Loading @@ -34,11 +34,13 @@ #include <algorithm> #include <vector> #include <android-base/stringprintf.h> #include <android/multinetwork.h> // ResNsendFlags #include <cutils/misc.h> // FIRST_APPLICATION_UID #include <cutils/multiuser.h> #include <netdutils/InternetAddresses.h> #include <netdutils/ResponseCode.h> #include <netdutils/Slice.h> #include <netdutils/Stopwatch.h> #include <netdutils/ThreadUtil.h> #include <private/android_filesystem_config.h> // AID_SYSTEM Loading @@ -46,7 +48,6 @@ #include <sysutils/SocketClient.h> #include "DnsResolver.h" #include "Experiments.h" #include "NetdPermissions.h" #include "OperationLimiter.h" #include "PrivateDnsConfiguration.h" Loading @@ -64,7 +65,6 @@ using aidl::android::net::metrics::INetdEventListener; using aidl::android::net::resolv::aidl::DnsHealthEventParcel; using aidl::android::net::resolv::aidl::IDnsResolverUnsolicitedEventListener; using android::net::NetworkDnsEventReported; using std::span; namespace android { Loading Loading @@ -147,11 +147,11 @@ void maybeFixupNetContext(android_net_context* ctx, pid_t pid) { void addIpAddrWithinLimit(std::vector<std::string>* ip_addrs, const sockaddr* addr, socklen_t addrlen); int extractResNsendAnswers(std::span<const uint8_t> answer, int ipType, int extractResNsendAnswers(const uint8_t* answer, size_t anslen, int ipType, std::vector<std::string>* ip_addrs) { int total_ip_addr_count = 0; ns_msg handle; if (ns_initparse(answer.data(), answer.size(), &handle) < 0) { if (ns_initparse((const uint8_t*)answer, anslen, &handle) < 0) { return 0; } int ancount = ns_msg_count(handle, ns_s_an); Loading Loading @@ -250,20 +250,21 @@ bool simpleStrtoul(const char* input, IntegralType* output, int base = 10) { return true; } bool setQueryId(span<uint8_t> msg, uint16_t query_id) { if ((size_t)msg.size() < sizeof(HEADER)) { bool setQueryId(uint8_t* msg, size_t msgLen, uint16_t query_id) { if (msgLen < sizeof(HEADER)) { errno = EINVAL; return false; } auto hp = reinterpret_cast<HEADER*>(msg.data()); auto hp = reinterpret_cast<HEADER*>(msg); hp->id = htons(query_id); return true; } bool parseQuery(span<const uint8_t> msg, uint16_t* query_id, int* rr_type, std::string* rr_name) { bool parseQuery(const uint8_t* msg, size_t msgLen, uint16_t* query_id, int* rr_type, std::string* rr_name) { ns_msg handle; ns_rr rr; if (ns_initparse(msg.data(), msg.size(), &handle) < 0 || if (ns_initparse((const uint8_t*)msg, msgLen, &handle) < 0 || ns_parserr(&handle, ns_s_qd, 0, &rr) < 0) { return false; } Loading Loading @@ -305,8 +306,8 @@ void initDnsEvent(NetworkDnsEventReported* event, const android_net_context& net // Return 0 if the event should not be logged. // Otherwise, return subsampling_denom uint32_t getDnsEventSubsamplingRate(int netid, int returnCode, bool isMdns) { uint32_t subsampling_denom = resolv_cache_get_subsampling_denom(netid, returnCode, isMdns); uint32_t getDnsEventSubsamplingRate(int netid, int returnCode) { uint32_t subsampling_denom = resolv_cache_get_subsampling_denom(netid, returnCode); if (subsampling_denom == 0) return 0; // Sample the event with a chance of 1 / denom. return (arc4random_uniform(subsampling_denom) == 0) ? subsampling_denom : 0; Loading @@ -333,12 +334,7 @@ void maybeLogQuery(int eventType, const android_net_context& netContext, void reportDnsEvent(int eventType, const android_net_context& netContext, int latencyUs, int returnCode, NetworkDnsEventReported& event, const std::string& query_name, const std::vector<std::string>& ip_addrs = {}, int total_ip_addr_count = 0) { uint32_t rate = (query_name.ends_with(".local") && android::net::Experiments::getInstance()->getFlag("mdns_resolution", 1)) ? getDnsEventSubsamplingRate(netContext.dns_netid, returnCode, true) : getDnsEventSubsamplingRate(netContext.dns_netid, returnCode, false); if (rate) { if (uint32_t rate = getDnsEventSubsamplingRate(netContext.dns_netid, returnCode)) { const std::string& dnsQueryStats = event.dns_query_events().SerializeAsString(); stats::BytesField dnsQueryBytesField{dnsQueryStats.c_str(), dnsQueryStats.size()}; event.set_return_code(static_cast<ReturnCode>(returnCode)); Loading Loading @@ -564,7 +560,7 @@ bool getDns64Prefix(unsigned netId, netdutils::IPPrefix* prefix) { std::string makeThreadName(unsigned netId, uint32_t uid) { // The maximum of netId and app_id are 5-digit numbers. return fmt::format("Dns_{}_{}", netId, multiuser_get_app_id(uid)); return android::base::StringPrintf("Dns_%u_%u", netId, multiuser_get_app_id(uid)); } } // namespace Loading Loading @@ -926,8 +922,8 @@ void DnsProxyListener::ResNSendHandler::run() { uint16_t original_query_id = 0; // TODO: Handle the case which is msg contains more than one query if (!parseQuery({msg.data(), msgLen}, &original_query_id, &rr_type, &rr_name) || !setQueryId({msg.data(), msgLen}, arc4random_uniform(65536))) { if (!parseQuery(msg.data(), msgLen, &original_query_id, &rr_type, &rr_name) || !setQueryId(msg.data(), msgLen, arc4random_uniform(65536))) { // If the query couldn't be parsed, block the request. LOG(WARNING) << "ResNSendHandler::run: resnsend: from UID " << uid << ", invalid query"; sendBE32(mClient, -EINVAL); Loading @@ -937,21 +933,21 @@ void DnsProxyListener::ResNSendHandler::run() { // Send DNS query std::vector<uint8_t> ansBuf(MAXPACKET, 0); int rcode = ns_r_noerror; int ansLen = -1; int nsendAns = -1; NetworkDnsEventReported event; initDnsEvent(&event, mNetContext); if (queryLimiter.start(uid)) { if (evaluate_domain_name(mNetContext, rr_name.c_str())) { ansLen = resolv_res_nsend(&mNetContext, {msg.data(), msgLen}, ansBuf, &rcode, static_cast<ResNsendFlags>(mFlags), &event); nsendAns = resolv_res_nsend(&mNetContext, msg.data(), msgLen, ansBuf.data(), MAXPACKET, &rcode, static_cast<ResNsendFlags>(mFlags), &event); } else { ansLen = -EAI_SYSTEM; nsendAns = -EAI_SYSTEM; } queryLimiter.finish(uid); } else { LOG(WARNING) << "ResNSendHandler::run: resnsend: from UID " << uid << ", max concurrent queries reached"; ansLen = -EBUSY; nsendAns = -EBUSY; } const int32_t latencyUs = saturate_cast<int32_t>(s.timeTakenUs()); Loading @@ -960,14 +956,14 @@ void DnsProxyListener::ResNSendHandler::run() { event.set_res_nsend_flags(static_cast<ResNsendFlags>(mFlags)); // Fail, send -errno if (ansLen < 0) { if (!sendBE32(mClient, ansLen)) { if (nsendAns < 0) { if (!sendBE32(mClient, nsendAns)) { PLOG(WARNING) << "ResNSendHandler::run: resnsend: failed to send errno to uid " << uid << " pid " << mClient->getPid(); } if (rr_type == ns_t_a || rr_type == ns_t_aaaa) { reportDnsEvent(INetdEventListener::EVENT_RES_NSEND, mNetContext, latencyUs, resNSendToAiError(ansLen, rcode), event, rr_name); resNSendToAiError(nsendAns, rcode), event, rr_name); } return; } Loading @@ -980,8 +976,8 @@ void DnsProxyListener::ResNSendHandler::run() { } // Restore query id and send answer if (!setQueryId({ansBuf.data(), ansLen}, original_query_id) || !sendLenAndData(mClient, ansLen, ansBuf.data())) { if (!setQueryId(ansBuf.data(), nsendAns, original_query_id) || !sendLenAndData(mClient, nsendAns, ansBuf.data())) { PLOG(WARNING) << "ResNSendHandler::run: resnsend: failed to send answer to uid " << uid << " pid " << mClient->getPid(); return; Loading @@ -990,9 +986,9 @@ void DnsProxyListener::ResNSendHandler::run() { if (rr_type == ns_t_a || rr_type == ns_t_aaaa) { std::vector<std::string> ip_addrs; const int total_ip_addr_count = extractResNsendAnswers({ansBuf.data(), ansLen}, rr_type, &ip_addrs); extractResNsendAnswers((uint8_t*)ansBuf.data(), nsendAns, rr_type, &ip_addrs); reportDnsEvent(INetdEventListener::EVENT_RES_NSEND, mNetContext, latencyUs, resNSendToAiError(ansLen, rcode), event, rr_name, ip_addrs, resNSendToAiError(nsendAns, rcode), event, rr_name, ip_addrs, total_ip_addr_count); } } Loading DnsResolver.cpp +1 −4 Original line number Diff line number Diff line Loading @@ -31,9 +31,7 @@ bool resolv_init(const ResolverNetdCallbacks* callbacks) { android::base::SetDefaultTag("libnetd_resolv"); LOG(INFO) << __func__ << ": Initializing resolver"; // TODO(b/170539625): restore log level to WARNING after clarifying flaky tests. const bool isDebug = isUserDebugBuild(); resolv_set_log_severity(isDebug ? android::base::DEBUG : android::base::WARNING); doh_init_logger(isDebug ? LOG_LEVEL_DEBUG : LOG_LEVEL_WARN); resolv_set_log_severity(isUserDebugBuild() ? android::base::DEBUG : android::base::WARNING); using android::net::gApiLevel; gApiLevel = getApiLevel(); using android::net::gResNetdCallbacks; Loading Loading @@ -83,7 +81,6 @@ DnsResolver::DnsResolver() { auto& dnsTlsDispatcher = DnsTlsDispatcher::getInstance(); auto& privateDnsConfiguration = PrivateDnsConfiguration::getInstance(); privateDnsConfiguration.setObserver(&dnsTlsDispatcher); if (isDoHEnabled()) privateDnsConfiguration.initDoh(); } bool DnsResolver::start() { Loading DnsResolverService.cpp +5 −12 Original line number Diff line number Diff line Loading @@ -22,6 +22,7 @@ #include <vector> #include <BinderUtil.h> #include <android-base/stringprintf.h> #include <android-base/strings.h> #include <android/binder_manager.h> #include <android/binder_process.h> Loading @@ -35,9 +36,9 @@ #include "ResolverEventReporter.h" #include "resolv_cache.h" using aidl::android::net::ResolverOptionsParcel; using aidl::android::net::ResolverParamsParcel; using android::base::Join; using android::base::StringPrintf; using android::netdutils::DumpWriter; using android::netdutils::IPPrefix; Loading Loading @@ -180,8 +181,8 @@ binder_status_t DnsResolverService::dump(int fd, const char** args, uint32_t num } } auto err = fmt::format("UID {} / PID {} does not have any of the following permissions: {}", uid, pid, Join(permissions, ',')); auto err = StringPrintf("UID %d / PID %d does not have any of the following permissions: %s", uid, pid, Join(permissions, ',').c_str()); return ::ndk::ScopedAStatus(AStatus_fromExceptionCodeWithMessage(EX_SECURITY, err.c_str())); } Loading @@ -195,7 +196,7 @@ binder_status_t DnsResolverService::dump(int fd, const char** args, uint32_t num uid_t uid = AIBinder_getCallingUid(); // CAUTION: caCertificate should NOT be used except for internal testing. if (resolverParams.caCertificate.size() != 0 && uid != AID_ROOT) { auto err = fmt::format("UID {} is not authorized to set a non-empty CA certificate", uid); auto err = StringPrintf("UID %d is not authorized to set a non-empty CA certificate", uid); return ::ndk::ScopedAStatus(AStatus_fromExceptionCodeWithMessage(EX_SECURITY, err.c_str())); } Loading Loading @@ -306,13 +307,5 @@ binder_status_t DnsResolverService::dump(int fd, const char** args, uint32_t num return statusFromErrcode(res); } ::ndk::ScopedAStatus DnsResolverService::setResolverOptions(int32_t netId, const ResolverOptionsParcel& options) { // Locking happens in res_cache.cpp functions. ENFORCE_NETWORK_STACK_PERMISSIONS(); return statusFromErrcode(resolv_set_options(netId, options)); } } // namespace net } // namespace android Loading
Android.bp +86 −105 Original line number Diff line number Diff line Loading @@ -30,6 +30,10 @@ license { ], } // Whether to enable the targets in this file that require rust toolchain. // Set to false in branches like mainline-prod where rust toolchain isn't supported. support_rust_toolchain = false cc_library_headers { name: "libnetd_resolv_headers", export_include_dirs: ["include"], Loading @@ -44,8 +48,6 @@ cc_library_headers { cc_library_headers { name: "dnsproxyd_protocol_headers", sdk_version: "29", min_sdk_version: "29", export_include_dirs: ["include/dnsproxyd_protocol"], apex_available: [ "//apex_available:platform", Loading @@ -53,12 +55,12 @@ cc_library_headers { ], } dnsresolver_aidl_interface_lateststable_version = "V10" dnsresolver_aidl_interface_lateststable_version = "V8" cc_library_static { name: "dnsresolver_aidl_interface-lateststable-ndk", name: "dnsresolver_aidl_interface-lateststable-ndk_platform", whole_static_libs: [ "dnsresolver_aidl_interface-" + dnsresolver_aidl_interface_lateststable_version + "-ndk", "dnsresolver_aidl_interface-ndk_platform", ], apex_available: [ "com.android.resolv", Loading @@ -78,16 +80,15 @@ aidl_interface { "binder/android/net/resolv/aidl/**/*.aidl", ], imports: [ "netd_event_listener_interface-V1", "netd_event_listener_interface", ], backend: { java: { apex_available: [ "//apex_available:platform", "com.android.bluetooth.updatable", "com.android.tethering", "com.android.wifi", ], min_sdk_version: "30", }, ndk: { gen_log: true, Loading @@ -106,8 +107,6 @@ aidl_interface { "6", "7", "8", "9", "10", ], dumpapi: { no_license: true, Loading @@ -116,10 +115,6 @@ aidl_interface { cc_defaults { name: "resolv_test_defaults", cflags: [ // networkCreatePhysical and networkCreateVpn were deprecated from netd_aidl_interface v6. "-Wno-error=deprecated-declarations", ], // Note that, static link liblog and libbase is a hard requirement for resolv related tests // because libbase is not compatible between Q and R for general platform build due // to its log revelant functions changing. And most of resolv related tests must be able to run Loading @@ -128,8 +123,6 @@ cc_defaults { "libbase", "liblog", ], // This field is required to make test compatible with Q devices. min_sdk_version: "29", } cc_defaults { Loading Loading @@ -193,17 +186,15 @@ cc_library { // Link most things statically to minimize our dependence on system ABIs. stl: "libc++_static", static_libs: [ "dnsresolver_aidl_interface-lateststable-ndk", "dnsresolver_aidl_interface-lateststable-ndk_platform", "libbase", "libcutils", "libnetdutils", "libdoh_ffi", "libmodules-utils-build", "libprotobuf-cpp-lite", "libstatslog_resolv", "libstatspush_compat", "libsysutils", "netd_event_listener_interface-lateststable-ndk", "netd_event_listener_interface-lateststable-ndk_platform", "server_configurable_flags", "stats_proto", ], Loading Loading @@ -267,8 +258,7 @@ cc_library_static { genrule { name: "statslog_resolv.h", tools: ["stats-log-api-gen"], cmd: "$(location stats-log-api-gen) --header $(genDir)/statslog_resolv.h --module resolv" + " --namespace android,net,stats --minApiLevel 29", cmd: "$(location stats-log-api-gen) --header $(genDir)/statslog_resolv.h --module resolv --namespace android,net,stats", out: [ "statslog_resolv.h", ], Loading @@ -277,8 +267,7 @@ genrule { genrule { name: "statslog_resolv.cpp", tools: ["stats-log-api-gen"], cmd: "$(location stats-log-api-gen) --cpp $(genDir)/statslog_resolv.cpp --module resolv" + " --namespace android,net,stats --importHeader statslog_resolv.h --minApiLevel 29", cmd: "$(location stats-log-api-gen) --cpp $(genDir)/statslog_resolv.cpp --module resolv --namespace android,net,stats --importHeader statslog_resolv.h --supportQ", out: [ "statslog_resolv.cpp", ], Loading Loading @@ -326,89 +315,81 @@ filegroup { ], } rust_ffi_static { name: "libdoh_ffi", crate_name: "doh", srcs: ["doh/doh.rs"], edition: "2018", // rust_ffi_static { // name: "libdoh_ffi", // enabled: support_rust_toolchain, // crate_name: "doh", // srcs: ["doh.rs"], // edition: "2018", rlibs: [ "libandroid_logger", "libanyhow", "libbase64_rust", "libfutures", "liblibc", "liblog_rust", "libquiche", "libring", "libtokio", "liburl", ], prefer_rlib: true, // rlibs: [ // "libandroid_logger", // "libanyhow", // "liblazy_static", // "liblibc", // "liblog_rust", // "libquiche", // "libring", // "libtokio", // "liburl", // ], // prefer_rlib: true, shared_libs: [ "libcrypto", "libssl", ], apex_available: [ "//apex_available:platform", // Needed by doh_ffi_test "com.android.resolv", ], min_sdk_version: "29", } // shared_libs: [ // "libcrypto", // "libssl", // ], rust_test { name: "doh_unit_test", crate_name: "doh", srcs: ["doh/doh.rs"], edition: "2018", test_suites: ["general-tests"], auto_gen_config: true, // Used to enable root permission for the test. // TODO: remove after 'require_root' is supported in rust_test. test_config_template: ":resolv_rust_test_config_template", rustlibs: [ "libandroid_logger", "libanyhow", "libbase64_rust", "libfutures", "liblibc", "liblog_rust", "libquiche_static", "libring", "libtokio", "liburl", ], min_sdk_version: "29", } // apex_available: [ // "//apex_available:platform", // Needed by doh_ffi_test // "com.android.resolv" // ], // min_sdk_version: "29", // } // It's required by unit tests. rust_ffi_static { name: "libdoh_ffi_for_test", crate_name: "doh", srcs: ["doh/doh.rs"], edition: "2018", // cc_test { // name: "doh_ffi_test", // enabled: support_rust_toolchain, // test_suites: [ // "general-tests", // ], // defaults: ["netd_defaults"], // srcs: ["doh_ffi_test.cpp"], // static_libs: [ // "libdoh_ffi", // "libgmock", // "liblog", // "libring-core", // ], // // These are not carried over from libdoh_ffi. // shared_libs: [ // "libcrypto", // "libssl", // ], // min_sdk_version: "29", // } rlibs: [ "libandroid_logger", "libanyhow", "libbase64_rust", "libfutures", "liblibc", "liblog_rust", "libquiche_static", "libring", "libtokio", "liburl", ], prefer_rlib: true, // TODO(b/194022174), for unit tests to run on the Android 10 platform, // libunwind must be statically linked. whole_static_libs: ["libunwind"], apex_available: [ "//apex_available:platform", // Needed by doh_ffi_test "com.android.resolv", ], min_sdk_version: "29", } // rust_test { // name: "doh_unit_test", // enabled: support_rust_toolchain, // crate_name: "doh", // srcs: ["doh.rs"], // edition: "2018", // test_suites: ["general-tests"], // auto_gen_config: true, // // Used to enable root permission for the test. // // TODO: remove after 'require_root' is supported in rust_test. // test_config_template: ":resolv_rust_test_config_template", // rustlibs: [ // "libandroid_logger", // "libanyhow", // "liblazy_static", // "liblibc", // "liblog_rust", // "libquiche", // "libring", // "libtokio", // "liburl", // ], // min_sdk_version: "29", // }
Dns64Configuration.cpp +2 −1 Original line number Diff line number Diff line Loading @@ -36,6 +36,7 @@ namespace android { using android::base::StringPrintf; using android::net::NetworkDnsEventReported; using netdutils::DumpWriter; using netdutils::IPAddress; Loading Loading @@ -64,7 +65,7 @@ void Dns64Configuration::startPrefixDiscovery(unsigned netId) { // Note that capturing |cfg| in this lambda creates a copy. std::thread discovery_thread([this, cfg, netId] { setThreadName(fmt::format("Nat64Pfx_{}", netId)); setThreadName(StringPrintf("Nat64Pfx_%u", netId).c_str()); // Make a mutable copy rather than mark the whole lambda mutable. // No particular reason. Loading
DnsProxyListener.cpp +28 −32 Original line number Diff line number Diff line Loading @@ -34,11 +34,13 @@ #include <algorithm> #include <vector> #include <android-base/stringprintf.h> #include <android/multinetwork.h> // ResNsendFlags #include <cutils/misc.h> // FIRST_APPLICATION_UID #include <cutils/multiuser.h> #include <netdutils/InternetAddresses.h> #include <netdutils/ResponseCode.h> #include <netdutils/Slice.h> #include <netdutils/Stopwatch.h> #include <netdutils/ThreadUtil.h> #include <private/android_filesystem_config.h> // AID_SYSTEM Loading @@ -46,7 +48,6 @@ #include <sysutils/SocketClient.h> #include "DnsResolver.h" #include "Experiments.h" #include "NetdPermissions.h" #include "OperationLimiter.h" #include "PrivateDnsConfiguration.h" Loading @@ -64,7 +65,6 @@ using aidl::android::net::metrics::INetdEventListener; using aidl::android::net::resolv::aidl::DnsHealthEventParcel; using aidl::android::net::resolv::aidl::IDnsResolverUnsolicitedEventListener; using android::net::NetworkDnsEventReported; using std::span; namespace android { Loading Loading @@ -147,11 +147,11 @@ void maybeFixupNetContext(android_net_context* ctx, pid_t pid) { void addIpAddrWithinLimit(std::vector<std::string>* ip_addrs, const sockaddr* addr, socklen_t addrlen); int extractResNsendAnswers(std::span<const uint8_t> answer, int ipType, int extractResNsendAnswers(const uint8_t* answer, size_t anslen, int ipType, std::vector<std::string>* ip_addrs) { int total_ip_addr_count = 0; ns_msg handle; if (ns_initparse(answer.data(), answer.size(), &handle) < 0) { if (ns_initparse((const uint8_t*)answer, anslen, &handle) < 0) { return 0; } int ancount = ns_msg_count(handle, ns_s_an); Loading Loading @@ -250,20 +250,21 @@ bool simpleStrtoul(const char* input, IntegralType* output, int base = 10) { return true; } bool setQueryId(span<uint8_t> msg, uint16_t query_id) { if ((size_t)msg.size() < sizeof(HEADER)) { bool setQueryId(uint8_t* msg, size_t msgLen, uint16_t query_id) { if (msgLen < sizeof(HEADER)) { errno = EINVAL; return false; } auto hp = reinterpret_cast<HEADER*>(msg.data()); auto hp = reinterpret_cast<HEADER*>(msg); hp->id = htons(query_id); return true; } bool parseQuery(span<const uint8_t> msg, uint16_t* query_id, int* rr_type, std::string* rr_name) { bool parseQuery(const uint8_t* msg, size_t msgLen, uint16_t* query_id, int* rr_type, std::string* rr_name) { ns_msg handle; ns_rr rr; if (ns_initparse(msg.data(), msg.size(), &handle) < 0 || if (ns_initparse((const uint8_t*)msg, msgLen, &handle) < 0 || ns_parserr(&handle, ns_s_qd, 0, &rr) < 0) { return false; } Loading Loading @@ -305,8 +306,8 @@ void initDnsEvent(NetworkDnsEventReported* event, const android_net_context& net // Return 0 if the event should not be logged. // Otherwise, return subsampling_denom uint32_t getDnsEventSubsamplingRate(int netid, int returnCode, bool isMdns) { uint32_t subsampling_denom = resolv_cache_get_subsampling_denom(netid, returnCode, isMdns); uint32_t getDnsEventSubsamplingRate(int netid, int returnCode) { uint32_t subsampling_denom = resolv_cache_get_subsampling_denom(netid, returnCode); if (subsampling_denom == 0) return 0; // Sample the event with a chance of 1 / denom. return (arc4random_uniform(subsampling_denom) == 0) ? subsampling_denom : 0; Loading @@ -333,12 +334,7 @@ void maybeLogQuery(int eventType, const android_net_context& netContext, void reportDnsEvent(int eventType, const android_net_context& netContext, int latencyUs, int returnCode, NetworkDnsEventReported& event, const std::string& query_name, const std::vector<std::string>& ip_addrs = {}, int total_ip_addr_count = 0) { uint32_t rate = (query_name.ends_with(".local") && android::net::Experiments::getInstance()->getFlag("mdns_resolution", 1)) ? getDnsEventSubsamplingRate(netContext.dns_netid, returnCode, true) : getDnsEventSubsamplingRate(netContext.dns_netid, returnCode, false); if (rate) { if (uint32_t rate = getDnsEventSubsamplingRate(netContext.dns_netid, returnCode)) { const std::string& dnsQueryStats = event.dns_query_events().SerializeAsString(); stats::BytesField dnsQueryBytesField{dnsQueryStats.c_str(), dnsQueryStats.size()}; event.set_return_code(static_cast<ReturnCode>(returnCode)); Loading Loading @@ -564,7 +560,7 @@ bool getDns64Prefix(unsigned netId, netdutils::IPPrefix* prefix) { std::string makeThreadName(unsigned netId, uint32_t uid) { // The maximum of netId and app_id are 5-digit numbers. return fmt::format("Dns_{}_{}", netId, multiuser_get_app_id(uid)); return android::base::StringPrintf("Dns_%u_%u", netId, multiuser_get_app_id(uid)); } } // namespace Loading Loading @@ -926,8 +922,8 @@ void DnsProxyListener::ResNSendHandler::run() { uint16_t original_query_id = 0; // TODO: Handle the case which is msg contains more than one query if (!parseQuery({msg.data(), msgLen}, &original_query_id, &rr_type, &rr_name) || !setQueryId({msg.data(), msgLen}, arc4random_uniform(65536))) { if (!parseQuery(msg.data(), msgLen, &original_query_id, &rr_type, &rr_name) || !setQueryId(msg.data(), msgLen, arc4random_uniform(65536))) { // If the query couldn't be parsed, block the request. LOG(WARNING) << "ResNSendHandler::run: resnsend: from UID " << uid << ", invalid query"; sendBE32(mClient, -EINVAL); Loading @@ -937,21 +933,21 @@ void DnsProxyListener::ResNSendHandler::run() { // Send DNS query std::vector<uint8_t> ansBuf(MAXPACKET, 0); int rcode = ns_r_noerror; int ansLen = -1; int nsendAns = -1; NetworkDnsEventReported event; initDnsEvent(&event, mNetContext); if (queryLimiter.start(uid)) { if (evaluate_domain_name(mNetContext, rr_name.c_str())) { ansLen = resolv_res_nsend(&mNetContext, {msg.data(), msgLen}, ansBuf, &rcode, static_cast<ResNsendFlags>(mFlags), &event); nsendAns = resolv_res_nsend(&mNetContext, msg.data(), msgLen, ansBuf.data(), MAXPACKET, &rcode, static_cast<ResNsendFlags>(mFlags), &event); } else { ansLen = -EAI_SYSTEM; nsendAns = -EAI_SYSTEM; } queryLimiter.finish(uid); } else { LOG(WARNING) << "ResNSendHandler::run: resnsend: from UID " << uid << ", max concurrent queries reached"; ansLen = -EBUSY; nsendAns = -EBUSY; } const int32_t latencyUs = saturate_cast<int32_t>(s.timeTakenUs()); Loading @@ -960,14 +956,14 @@ void DnsProxyListener::ResNSendHandler::run() { event.set_res_nsend_flags(static_cast<ResNsendFlags>(mFlags)); // Fail, send -errno if (ansLen < 0) { if (!sendBE32(mClient, ansLen)) { if (nsendAns < 0) { if (!sendBE32(mClient, nsendAns)) { PLOG(WARNING) << "ResNSendHandler::run: resnsend: failed to send errno to uid " << uid << " pid " << mClient->getPid(); } if (rr_type == ns_t_a || rr_type == ns_t_aaaa) { reportDnsEvent(INetdEventListener::EVENT_RES_NSEND, mNetContext, latencyUs, resNSendToAiError(ansLen, rcode), event, rr_name); resNSendToAiError(nsendAns, rcode), event, rr_name); } return; } Loading @@ -980,8 +976,8 @@ void DnsProxyListener::ResNSendHandler::run() { } // Restore query id and send answer if (!setQueryId({ansBuf.data(), ansLen}, original_query_id) || !sendLenAndData(mClient, ansLen, ansBuf.data())) { if (!setQueryId(ansBuf.data(), nsendAns, original_query_id) || !sendLenAndData(mClient, nsendAns, ansBuf.data())) { PLOG(WARNING) << "ResNSendHandler::run: resnsend: failed to send answer to uid " << uid << " pid " << mClient->getPid(); return; Loading @@ -990,9 +986,9 @@ void DnsProxyListener::ResNSendHandler::run() { if (rr_type == ns_t_a || rr_type == ns_t_aaaa) { std::vector<std::string> ip_addrs; const int total_ip_addr_count = extractResNsendAnswers({ansBuf.data(), ansLen}, rr_type, &ip_addrs); extractResNsendAnswers((uint8_t*)ansBuf.data(), nsendAns, rr_type, &ip_addrs); reportDnsEvent(INetdEventListener::EVENT_RES_NSEND, mNetContext, latencyUs, resNSendToAiError(ansLen, rcode), event, rr_name, ip_addrs, resNSendToAiError(nsendAns, rcode), event, rr_name, ip_addrs, total_ip_addr_count); } } Loading
DnsResolver.cpp +1 −4 Original line number Diff line number Diff line Loading @@ -31,9 +31,7 @@ bool resolv_init(const ResolverNetdCallbacks* callbacks) { android::base::SetDefaultTag("libnetd_resolv"); LOG(INFO) << __func__ << ": Initializing resolver"; // TODO(b/170539625): restore log level to WARNING after clarifying flaky tests. const bool isDebug = isUserDebugBuild(); resolv_set_log_severity(isDebug ? android::base::DEBUG : android::base::WARNING); doh_init_logger(isDebug ? LOG_LEVEL_DEBUG : LOG_LEVEL_WARN); resolv_set_log_severity(isUserDebugBuild() ? android::base::DEBUG : android::base::WARNING); using android::net::gApiLevel; gApiLevel = getApiLevel(); using android::net::gResNetdCallbacks; Loading Loading @@ -83,7 +81,6 @@ DnsResolver::DnsResolver() { auto& dnsTlsDispatcher = DnsTlsDispatcher::getInstance(); auto& privateDnsConfiguration = PrivateDnsConfiguration::getInstance(); privateDnsConfiguration.setObserver(&dnsTlsDispatcher); if (isDoHEnabled()) privateDnsConfiguration.initDoh(); } bool DnsResolver::start() { Loading
DnsResolverService.cpp +5 −12 Original line number Diff line number Diff line Loading @@ -22,6 +22,7 @@ #include <vector> #include <BinderUtil.h> #include <android-base/stringprintf.h> #include <android-base/strings.h> #include <android/binder_manager.h> #include <android/binder_process.h> Loading @@ -35,9 +36,9 @@ #include "ResolverEventReporter.h" #include "resolv_cache.h" using aidl::android::net::ResolverOptionsParcel; using aidl::android::net::ResolverParamsParcel; using android::base::Join; using android::base::StringPrintf; using android::netdutils::DumpWriter; using android::netdutils::IPPrefix; Loading Loading @@ -180,8 +181,8 @@ binder_status_t DnsResolverService::dump(int fd, const char** args, uint32_t num } } auto err = fmt::format("UID {} / PID {} does not have any of the following permissions: {}", uid, pid, Join(permissions, ',')); auto err = StringPrintf("UID %d / PID %d does not have any of the following permissions: %s", uid, pid, Join(permissions, ',').c_str()); return ::ndk::ScopedAStatus(AStatus_fromExceptionCodeWithMessage(EX_SECURITY, err.c_str())); } Loading @@ -195,7 +196,7 @@ binder_status_t DnsResolverService::dump(int fd, const char** args, uint32_t num uid_t uid = AIBinder_getCallingUid(); // CAUTION: caCertificate should NOT be used except for internal testing. if (resolverParams.caCertificate.size() != 0 && uid != AID_ROOT) { auto err = fmt::format("UID {} is not authorized to set a non-empty CA certificate", uid); auto err = StringPrintf("UID %d is not authorized to set a non-empty CA certificate", uid); return ::ndk::ScopedAStatus(AStatus_fromExceptionCodeWithMessage(EX_SECURITY, err.c_str())); } Loading Loading @@ -306,13 +307,5 @@ binder_status_t DnsResolverService::dump(int fd, const char** args, uint32_t num return statusFromErrcode(res); } ::ndk::ScopedAStatus DnsResolverService::setResolverOptions(int32_t netId, const ResolverOptionsParcel& options) { // Locking happens in res_cache.cpp functions. ENFORCE_NETWORK_STACK_PERMISSIONS(); return statusFromErrcode(resolv_set_options(netId, options)); } } // namespace net } // namespace android
