Merge "Support strict mode private DNS on VPNs that provide Internet." am:... (59ef57bb) · Commits · e / os / android_packages_modules_NetworkStack

src/com/android/server/connectivity/NetworkMonitor.java

+17 −3

Original line number	Original line	Diff line number	Diff line
	@@ -520,6 +520,9 @@ public class NetworkMonitor extends StateMachine {
	return NetworkMonitorUtils.isValidationRequired(mNetworkCapabilities);		return NetworkMonitorUtils.isValidationRequired(mNetworkCapabilities);
	}		}

			private boolean isPrivateDnsValidationRequired() {
			return NetworkMonitorUtils.isPrivateDnsValidationRequired(mNetworkCapabilities);
			}

	private void notifyNetworkTested(int result, @Nullable String redirectUrl) {		private void notifyNetworkTested(int result, @Nullable String redirectUrl) {
	try {		try {
	@@ -607,7 +610,7 @@ public class NetworkMonitor extends StateMachine {
	return HANDLED;		return HANDLED;
	case CMD_PRIVATE_DNS_SETTINGS_CHANGED: {		case CMD_PRIVATE_DNS_SETTINGS_CHANGED: {
	final PrivateDnsConfig cfg = (PrivateDnsConfig) message.obj;		final PrivateDnsConfig cfg = (PrivateDnsConfig) message.obj;
	if (!isValidationRequired() \|\| cfg == null \|\| !cfg.inStrictMode()) {		if (!isPrivateDnsValidationRequired() \|\| cfg == null \|\| !cfg.inStrictMode()) {
	// No DNS resolution required.		// No DNS resolution required.
	//		//
	// We don't force any validation in opportunistic mode		// We don't force any validation in opportunistic mode
	@@ -843,9 +846,20 @@ public class NetworkMonitor extends StateMachine {
	// the network so don't bother validating here. Furthermore sending HTTP		// the network so don't bother validating here. Furthermore sending HTTP
	// packets over the network may be undesirable, for example an extremely		// packets over the network may be undesirable, for example an extremely
	// expensive metered network, or unwanted leaking of the User Agent string.		// expensive metered network, or unwanted leaking of the User Agent string.
			//
			// On networks that need to support private DNS in strict mode (e.g., VPNs, but
			// not networks that don't provide Internet access), we still need to perform
			// private DNS server resolution.
	if (!isValidationRequired()) {		if (!isValidationRequired()) {
	validationLog("Network would not satisfy default request, not validating");		if (isPrivateDnsValidationRequired()) {
			validationLog("Network would not satisfy default request, "
			+ "resolving private DNS");
			transitionTo(mEvaluatingPrivateDnsState);
			} else {
			validationLog("Network would not satisfy default request, "
			+ "not validating");
	transitionTo(mValidatedState);		transitionTo(mValidatedState);
			}
	return HANDLED;		return HANDLED;
	}		}
	mEvaluateAttempts++;		mEvaluateAttempts++;