From 6226cb4ce2f41a15a976ace2a58408916cfca5b3 Mon Sep 17 00:00:00 2001 From: Romain Hunault Date: Wed, 2 Mar 2022 13:17:40 +0000 Subject: [PATCH 1/5] Setup automatic update with aosp --- .gitlab-ci.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 .gitlab-ci.yml diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100644 index 00000000..37e068b1 --- /dev/null +++ b/.gitlab-ci.yml @@ -0,0 +1,18 @@ +stages: + - update-from-upstream + +include: + - project: 'e/templates' + ref: master + file: '/gitlab-ci/.gitlab-ci-import-updates-from-upstream.yml' + +s: + script: + - 'which xmlstarlet || ( apt-get update -y && apt-get install xmlstarlet -y )' + - git remote add aosp $AOSP_URL + - git fetch aosp + - git checkout $CI_COMMIT_REF_NAME + - git merge $(curl -s https://gitlab.e.foundation/e/os/android/-/raw/$CI_COMMIT_REF_NAME/default.xml | xmlstarlet sel -T -t -m '/manifest/remote[@name="aosp"]/@revision' -v . | awk -F '/' '{print $NF}') + - git push + variables: + AOSP_URL: https://android.googlesource.com/platform/packages/modules/DnsResolver/ -- GitLab From 1372e00925f4792d48a058ff06e16788acedd2b8 Mon Sep 17 00:00:00 2001 From: Alexandre Roux Date: Wed, 2 Mar 2022 13:00:25 +0000 Subject: [PATCH 2/5] dnsresolver: use dns blocker app to filter trackers [TheScarastic] : Adapt for android r --- getaddrinfo.cpp | 64 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 64 insertions(+) diff --git a/getaddrinfo.cpp b/getaddrinfo.cpp index 23e7e44d..ebde1ae0 100644 --- a/getaddrinfo.cpp +++ b/getaddrinfo.cpp @@ -3,6 +3,7 @@ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. + * Copyright (C) 2021 ECORP * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -319,6 +320,63 @@ int validateHints(const addrinfo* _Nonnull hints) { } // namespace +int shouldBlockRequest(const char* hostname, int uid){ + int sock; + struct sockaddr_in server; + char message[1000], server_reply[2000]; + + //Create socket + sock = socket(AF_INET, SOCK_STREAM | SOCK_CLOEXEC, IPPROTO_TCP); + if (sock == -1) { + LOG(DEBUG) << "Socket: Could not create socket"; + } + LOG(DEBUG) << "Socket: created"; + + server.sin_addr.s_addr = inet_addr("127.0.0.1"); + server.sin_family = AF_INET; + server.sin_port = htons( 8888 ); + + //Connect to remote server + if (connect(sock, (struct sockaddr *)&server, sizeof(server)) < 0) { + LOG(DEBUG) << "Socket: connect failed. Error"; + close(sock); + return -1; + } + + LOG(DEBUG) << "Socket: Connected"; + + //keep communicating with server + snprintf(message, sizeof(message), "%s,%d", hostname, uid); + + //Send some data + if(send(sock, message, strlen(message), 0) < 0) { + LOG(DEBUG) << "Socket: Send failed"; + close(sock); + return 0; + } + shutdown(sock, SHUT_WR); + //Receive a reply from the server + if (recv(sock, server_reply, 2000, 0) < 0) { + LOG(DEBUG) << "Socket:recv failed"; + close(sock); + return 0; + } + + LOG(DEBUG) << "Socket: Server reply : " << server_reply; + if (strncmp(server_reply, "pass", 4) == 0) { + LOG(DEBUG) << "Socket: Shouldn't block"; + close(sock); + return 0; + } else { + LOG(DEBUG) << "Socket: should block"; + close(sock); + return 1; + } + close(sock); + return 0; + +} + int android_getaddrinfofornetcontext(const char* hostname, const char* servname, const addrinfo* hints, const android_net_context* netcontext, addrinfo** res, NetworkDnsEventReported* event) { @@ -412,6 +470,12 @@ int resolv_getaddrinfo(const char* _Nonnull hostname, const char* servname, cons if (hostname == nullptr && servname == nullptr) return EAI_NONAME; if (hostname == nullptr) return EAI_NODATA; + if (shouldBlockRequest(hostname, netcontext->uid)) { + char* dest = new char[10]; + strncpy(dest, "localhost", strlen("localhost")); + hostname = dest; + } + // servname is allowed to be nullptr // hints is allowed to be nullptr assert(res != nullptr); -- GitLab From f602938578a9d4964e1b8b1a3df20567bd5d9ecc Mon Sep 17 00:00:00 2001 From: TheScarastic Date: Fri, 4 Mar 2022 06:59:24 +0000 Subject: [PATCH 3/5] dnsresolver: Adapt for Unix socket --- getaddrinfo.cpp | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/getaddrinfo.cpp b/getaddrinfo.cpp index ebde1ae0..5cf22af7 100644 --- a/getaddrinfo.cpp +++ b/getaddrinfo.cpp @@ -321,23 +321,26 @@ int validateHints(const addrinfo* _Nonnull hints) { } // namespace int shouldBlockRequest(const char* hostname, int uid){ - int sock; - struct sockaddr_in server; + int sock, len; + struct sockaddr_un server; char message[1000], server_reply[2000]; //Create socket - sock = socket(AF_INET, SOCK_STREAM | SOCK_CLOEXEC, IPPROTO_TCP); - if (sock == -1) { + sock = socket(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0); + if (sock == -1) { LOG(DEBUG) << "Socket: Could not create socket"; } LOG(DEBUG) << "Socket: created"; - server.sin_addr.s_addr = inet_addr("127.0.0.1"); - server.sin_family = AF_INET; - server.sin_port = htons( 8888 ); + char const* name = "foundation.e.privacy"; + int nameLen = strlen(name); + server.sun_path[0] = '\0'; /* abstract namespace */ + strncpy(server.sun_path + 1, name, nameLen); + server.sun_family = AF_UNIX; + len = 1 + nameLen + offsetof(struct sockaddr_un, sun_path); //Connect to remote server - if (connect(sock, (struct sockaddr *)&server, sizeof(server)) < 0) { + if (connect(sock, (struct sockaddr *)&server, len) < 0) { LOG(DEBUG) << "Socket: connect failed. Error"; close(sock); return -1; -- GitLab From e394df7ace2b8dd2e74110ec90d6738b571cbaf4 Mon Sep 17 00:00:00 2001 From: TheScarastic Date: Wed, 27 Apr 2022 13:35:11 +0530 Subject: [PATCH 4/5] DnsResolver: Change socket name --- getaddrinfo.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/getaddrinfo.cpp b/getaddrinfo.cpp index 5cf22af7..6053bc3b 100644 --- a/getaddrinfo.cpp +++ b/getaddrinfo.cpp @@ -332,7 +332,7 @@ int shouldBlockRequest(const char* hostname, int uid){ } LOG(DEBUG) << "Socket: created"; - char const* name = "foundation.e.privacy"; + char const* name = "foundation.e.advancedprivacy"; int nameLen = strlen(name); server.sun_path[0] = '\0'; /* abstract namespace */ strncpy(server.sun_path + 1, name, nameLen); -- GitLab From 1f22186ef1ed553461d8a98d091a887007cbccd9 Mon Sep 17 00:00:00 2001 From: merothh Date: Thu, 19 May 2022 15:09:05 +0530 Subject: [PATCH 5/5] shouldBlockRequest: Don't block if socket connect fails * On (re)boot: 05-19 13:27:49.303 605 987 I netd : DnsResolverService::setResolverConfiguration(100, [192.168.1.1], [], 1800, 25, 8, 64, 0, 0, [], []) -> (-22) (0.6ms) 05-19 13:27:49.303 605 987 I netd : setResolverConfiguration() -> ServiceSpecificException(22, "Invalid argument") <1.35ms> 05-19 13:27:49.304 1574 1698 E DnsManager: Error setting DNS configuration: android.os.ServiceSpecificException: Invalid argument (code 22) ..which subsequently leads to connectivity check probes failing. * Thanks to Alexandre for the hint --- getaddrinfo.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/getaddrinfo.cpp b/getaddrinfo.cpp index 6053bc3b..e59bb068 100644 --- a/getaddrinfo.cpp +++ b/getaddrinfo.cpp @@ -343,7 +343,7 @@ int shouldBlockRequest(const char* hostname, int uid){ if (connect(sock, (struct sockaddr *)&server, len) < 0) { LOG(DEBUG) << "Socket: connect failed. Error"; close(sock); - return -1; + return 0; } LOG(DEBUG) << "Socket: Connected"; -- GitLab