Merge "Tag with TAG_SYSTEM_DNS for dns packets." (c6c4f15d) · Commits · e / os / android_packages_modules_DnsResolver

Android.bp

+4 −0

Original line number	Diff line number	Diff line
		@@ -207,10 +207,14 @@ cc_test {
		"libcrypto",
		"libcutils",
		"libssl",
		"libbinder_ndk",
		],
		static_libs: [
		"dnsresolver_aidl_interface-V2-cpp",
		"dnsresolver_aidl_interface-V2-ndk_platform",
		"netd_event_listener_interface-V1-ndk_platform",
		"libgmock",
		"liblog",
		"libnetd_resolv",
		"libnetd_test_dnsresponder",
		"libnetd_test_resolv_utils",

+18 −3

Original line number	Diff line number	Diff line
		@@ -30,7 +30,15 @@ bool resolv_init(const ResolverNetdCallbacks* callbacks) {
		LOG(INFO) << __func__ << ": Initializing resolver";
		resolv_set_log_severity(android::base::WARNING);

		android::net::gResNetdCallbacks = *callbacks;
		using android::net::gApiLevel;
		gApiLevel = android::base::GetUintProperty<uint64_t>("ro.build.version.sdk", 0);
		using android::net::gResNetdCallbacks;
		gResNetdCallbacks.check_calling_permission = callbacks->check_calling_permission;
		gResNetdCallbacks.get_network_context = callbacks->get_network_context;
		gResNetdCallbacks.log = callbacks->log;
		if (gApiLevel >= 30) {
		gResNetdCallbacks.tagSocket = callbacks->tagSocket;
		}
		android::net::gDnsResolv = android::net::DnsResolver::getInstance();
		return android::net::gDnsResolv->start();
		}
		@@ -41,8 +49,14 @@ namespace net {
		namespace {

		bool verifyCallbacks() {
		return gResNetdCallbacks.check_calling_permission && gResNetdCallbacks.get_network_context &&
		gResNetdCallbacks.log;
		if (!(gResNetdCallbacks.check_calling_permission && gResNetdCallbacks.get_network_context &&
		gResNetdCallbacks.log)) {
		return false;
		}
		if (gApiLevel >= 30) {
		return gResNetdCallbacks.tagSocket != nullptr;
		}
		return true;
		}

		} // namespace
		@@ -50,6 +64,7 @@ bool verifyCallbacks() {
		DnsResolver* gDnsResolv = nullptr;
		ResolverNetdCallbacks gResNetdCallbacks;
		netdutils::Log gDnsResolverLog("dnsResolver");
		uint64_t gApiLevel = 0;

		DnsResolver* DnsResolver::getInstance() {
		// Instantiated on first use.

+1 −0

Original line number	Diff line number	Diff line
		@@ -44,6 +44,7 @@ class DnsResolver {
		extern DnsResolver* gDnsResolv;
		extern ResolverNetdCallbacks gResNetdCallbacks;
		extern netdutils::Log gDnsResolverLog;
		extern uint64_t gApiLevel;

		} // namespace net
		} // namespace android

+2 −3

Original line number	Diff line number	Diff line
		@@ -39,6 +39,7 @@
		#include <netdutils/ThreadUtil.h>

		#include "private/android_filesystem_config.h" // AID_DNS
		#include "resolv_private.h"

		// NOTE: Inject CA certificate for internal testing -- do NOT enable in production builds
		#ifndef RESOLV_INJECT_CA_CERTIFICATE
		@@ -96,9 +97,7 @@ Status DnsTlsSocket::tcpConnect() {
		return Status(errno);
		}

		if (fchown(mSslFd.get(), AID_DNS, -1) == -1) {
		LOG(WARNING) << "Failed to chown socket: %s" << strerror(errno);
		}
		resolv_tag_socket(mSslFd.get(), AID_DNS);

		const socklen_t len = sizeof(mMark);
		if (setsockopt(mSslFd.get(), SOL_SOCKET, SO_MARK, &mMark, len) == -1) {

+4 −0

Original line number	Diff line number	Diff line
		@@ -81,6 +81,7 @@ typedef bool (check_calling_permission_callback)(const char permission);
		typedef void (*get_network_context_callback)(unsigned netid, uid_t uid,
		android_net_context* netcontext);
		typedef void (log_callback)(const char msg);
		typedef int (*tagSocketCallback)(int sockFd, uint32_t tag, uid_t uid);

		/*
		* Some functions needed by the resolver (e.g. checkCallingPermission()) live in
		@@ -92,8 +93,11 @@ struct ResolverNetdCallbacks {
		check_calling_permission_callback check_calling_permission;
		get_network_context_callback get_network_context;
		log_callback log;
		tagSocketCallback tagSocket;
		};

		#define TAG_SYSTEM_DNS 0xFFFFFF82

		LIBNETD_RESOLV_PUBLIC bool resolv_has_nameservers(unsigned netid);

		// Set callbacks and bring DnsResolver up.