Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f55aba57 authored by Ken Chen's avatar Ken Chen
Browse files

Call evaluate_domain_name() in GetHostByAddrHandler 

Start from Android U, evaluate_domain_name can report whether UID can
send DNS on a specified network or not. The function needs to be called
by the GetHostByAddr, like what has been done in GetHostByName,
GetAddrInfo, and ResNSend.

Bug: 263219497
Test: resolv_integration_tests
Change-Id: I4668463e0c3acaa825ce81c9d902e83fbb5d687b
parent 4c80818e

DnsProxyListener.cpp

+16 −2
Original line number Diff line number Diff line
@@ -59,6 +59,7 @@ 
#include "resolv_private.h"

#include "stats.h"  // RCODE_TIMEOUT

#include "stats.pb.h"

#include "util.h"



using aidl::android::net::metrics::INetdEventListener;

using aidl::android::net::resolv::aidl::DnsHealthEventParcel;
@@ -678,6 +679,9 @@ DnsProxyListener::GetAddrInfoHandler::GetAddrInfoHandler(SocketClient* c, std::s 
      mHints(std::move(hints)),

      mNetContext(netcontext) {}



// Before U, the Netd callback is implemented by OEM to evaluate if a DNS query for the provided

// hostname is allowed. On U+, the Netd callback also checks if the user is allowed to send DNS on

// the specified network.

static bool evaluate_domain_name(const android_net_context& netcontext, const char* host) {

    if (!gResNetdCallbacks.evaluate_domain_name) return true;

    return gResNetdCallbacks.evaluate_domain_name(netcontext, host);
@@ -1404,8 +1408,18 @@ void DnsProxyListener::GetHostByAddrHandler::run() { 
    NetworkDnsEventReported event;

    initDnsEvent(&event, mNetContext);

    if (queryLimiter.start(uid)) {

        // From Android U, evaluate_domain_name() is not only for OEM customization, but also tells

        // DNS resolver whether the UID can send DNS on the specified network. The function needs

        // to be called even when there is no domain name to evaluate (GetHostByAddr). This is

        // applied on U+ only so that the behavior won’t change on T- OEM devices.

        // TODO: pass the actual name into evaluate_domain_name, e.g., 238.26.217.172.in-addr.arpa

        //       when the lookup address is 172.217.26.238.

        if (isAtLeastU() && !evaluate_domain_name(mNetContext, nullptr)) {

            rv = EAI_SYSTEM;

        } else {

            rv = resolv_gethostbyaddr(&mAddress, mAddressLen, mAddressFamily, &hbuf, tmpbuf,

                                      sizeof tmpbuf, &mNetContext, &hp, &event);

        }

        queryLimiter.finish(uid);

    } else {

        rv = EAI_MEMORY;

util.h

+5 −0
Original line number Diff line number Diff line
@@ -66,3 +66,8 @@ inline bool isDoHEnabled() { 
    static bool isAtLeastT = android::modules::sdklevel::IsAtLeastT();

    return android::net::Experiments::getInstance()->getFlag("doh", isAtLeastT ? 1 : 0);

}



inline bool isAtLeastU() {

    const static bool isAtLeastU = android::modules::sdklevel::IsAtLeastU();

    return isAtLeastU;

}
 
 No newline at end of file