Loading tests/resolv_private_dns_test.cpp +57 −0 Original line number Diff line number Diff line Loading @@ -528,6 +528,63 @@ TEST_P(TransportParameterizedTest, MdnsGetAddrInfo_fallback) { } } TEST_P(TransportParameterizedTest, BlockDnsQueryWithUidRule) { SKIP_IF_BEFORE_T; constexpr char ptr_name[] = "v4v6.example.com."; // PTR record for IPv6 address 2001:db8::102:304 constexpr char ptr_addr_v6[] = "4.0.3.0.2.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa."; const DnsRecord r = {ptr_addr_v6, ns_type::ns_t_ptr, ptr_name}; dns.addMapping(r.host_name, r.type, r.addr); dot_backend.addMapping(r.host_name, r.type, r.addr); doh_backend.addMapping(r.host_name, r.type, r.addr); const auto parcel = DnsResponderClient::GetDefaultResolverParamsParcel(); ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel)); if (testParamHasDoh()) EXPECT_TRUE(WaitForDohValidationSuccess(test::kDefaultListenAddr)); if (testParamHasDot()) EXPECT_TRUE(WaitForDotValidationSuccess(test::kDefaultListenAddr)); // This waiting time is expected to avoid that the DoH validation event interferes other tests. if (!testParamHasDoh()) waitForDohValidationFailed(); // Have the test independent of the number of sent queries in private DNS validation, because // the DnsResolver can send either 1 or 2 queries in DoT validation. if (testParamHasDoh()) { doh.clearQueries(); } if (testParamHasDot()) { EXPECT_TRUE(dot.waitForQueries(1)); dot.clearQueries(); } dns.clearQueries(); // Block TEST_UID's network access ScopeBlockedUIDRule scopeBlockUidRule(mDnsClient.netdService(), TEST_UID); // getaddrinfo should fail const addrinfo hints = {.ai_socktype = SOCK_DGRAM}; EXPECT_FALSE(safe_getaddrinfo(kQueryHostname, nullptr, &hints)); // gethostbyname should fail EXPECT_FALSE(gethostbyname(kQueryHostname)); // gethostbyaddr should fail in6_addr v6addr; inet_pton(AF_INET6, "2001:db8::102:304", &v6addr); EXPECT_FALSE(gethostbyaddr(&v6addr, sizeof(v6addr), AF_INET6)); // resNetworkQuery should fail int fd = resNetworkQuery(TEST_NETID, kQueryHostname, ns_c_in, ns_t_aaaa, 0); EXPECT_TRUE(fd != -1); uint8_t buf[MAXPACKET] = {}; int rcode; EXPECT_EQ(-ECONNREFUSED, getAsyncResponse(fd, &rcode, buf, MAXPACKET)); expectQueries(0 /* dns */, 0 /* dot */, 0 /* doh */); } class PrivateDnsDohTest : public BasePrivateDnsTest { protected: void SetUp() override { Loading tests/resolv_test_utils.h +8 −0 Original line number Diff line number Diff line Loading @@ -32,6 +32,7 @@ #include <netdutils/InternetAddresses.h> #include "dns_responder/dns_responder.h" #include "util.h" class ScopeBlockedUIDRule { using INetd = aidl::android::net::INetd; Loading Loading @@ -402,3 +403,10 @@ android::netdutils::ScopedAddrinfo safe_getaddrinfo(const char* node, const char void SetMdnsRoute(); void RemoveMdnsRoute(); #define SKIP_IF_BEFORE_T \ do { \ if (!isAtLeastT()) { \ GTEST_SKIP() << "Skipping test because SDK version is less than T."; \ } \ } while (0) Loading
tests/resolv_private_dns_test.cpp +57 −0 Original line number Diff line number Diff line Loading @@ -528,6 +528,63 @@ TEST_P(TransportParameterizedTest, MdnsGetAddrInfo_fallback) { } } TEST_P(TransportParameterizedTest, BlockDnsQueryWithUidRule) { SKIP_IF_BEFORE_T; constexpr char ptr_name[] = "v4v6.example.com."; // PTR record for IPv6 address 2001:db8::102:304 constexpr char ptr_addr_v6[] = "4.0.3.0.2.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa."; const DnsRecord r = {ptr_addr_v6, ns_type::ns_t_ptr, ptr_name}; dns.addMapping(r.host_name, r.type, r.addr); dot_backend.addMapping(r.host_name, r.type, r.addr); doh_backend.addMapping(r.host_name, r.type, r.addr); const auto parcel = DnsResponderClient::GetDefaultResolverParamsParcel(); ASSERT_TRUE(mDnsClient.SetResolversFromParcel(parcel)); if (testParamHasDoh()) EXPECT_TRUE(WaitForDohValidationSuccess(test::kDefaultListenAddr)); if (testParamHasDot()) EXPECT_TRUE(WaitForDotValidationSuccess(test::kDefaultListenAddr)); // This waiting time is expected to avoid that the DoH validation event interferes other tests. if (!testParamHasDoh()) waitForDohValidationFailed(); // Have the test independent of the number of sent queries in private DNS validation, because // the DnsResolver can send either 1 or 2 queries in DoT validation. if (testParamHasDoh()) { doh.clearQueries(); } if (testParamHasDot()) { EXPECT_TRUE(dot.waitForQueries(1)); dot.clearQueries(); } dns.clearQueries(); // Block TEST_UID's network access ScopeBlockedUIDRule scopeBlockUidRule(mDnsClient.netdService(), TEST_UID); // getaddrinfo should fail const addrinfo hints = {.ai_socktype = SOCK_DGRAM}; EXPECT_FALSE(safe_getaddrinfo(kQueryHostname, nullptr, &hints)); // gethostbyname should fail EXPECT_FALSE(gethostbyname(kQueryHostname)); // gethostbyaddr should fail in6_addr v6addr; inet_pton(AF_INET6, "2001:db8::102:304", &v6addr); EXPECT_FALSE(gethostbyaddr(&v6addr, sizeof(v6addr), AF_INET6)); // resNetworkQuery should fail int fd = resNetworkQuery(TEST_NETID, kQueryHostname, ns_c_in, ns_t_aaaa, 0); EXPECT_TRUE(fd != -1); uint8_t buf[MAXPACKET] = {}; int rcode; EXPECT_EQ(-ECONNREFUSED, getAsyncResponse(fd, &rcode, buf, MAXPACKET)); expectQueries(0 /* dns */, 0 /* dot */, 0 /* doh */); } class PrivateDnsDohTest : public BasePrivateDnsTest { protected: void SetUp() override { Loading
tests/resolv_test_utils.h +8 −0 Original line number Diff line number Diff line Loading @@ -32,6 +32,7 @@ #include <netdutils/InternetAddresses.h> #include "dns_responder/dns_responder.h" #include "util.h" class ScopeBlockedUIDRule { using INetd = aidl::android::net::INetd; Loading Loading @@ -402,3 +403,10 @@ android::netdutils::ScopedAddrinfo safe_getaddrinfo(const char* node, const char void SetMdnsRoute(); void RemoveMdnsRoute(); #define SKIP_IF_BEFORE_T \ do { \ if (!isAtLeastT()) { \ GTEST_SKIP() << "Skipping test because SDK version is less than T."; \ } \ } while (0)
