Pass all relevant resolver info to netd
Test: runtest frameworks-net passes
Test: manual testing of opportunistic and strict mode works
Bug: 34953048
Bug: 64133961
Bug: 72345192
Merged-In: I96f7747b8f0bb38d95579b688b4c2d068f1229cf
Merged-In: Ia4d896c4cc33c02f0c46d5d4c760cc33b13dff0b
Change-Id: Ia4f1905e1fa60e7a468c2246fb809191d2ba796b
(cherry picked from commit e5dac904d361a349f1cfc48500a678d22e3a7316)
diff --git a/core/java/android/os/INetworkManagementService.aidl b/core/java/android/os/INetworkManagementService.aidl
index a5e1934..2437ed1 100644
--- a/core/java/android/os/INetworkManagementService.aidl
+++ b/core/java/android/os/INetworkManagementService.aidl
@@ -340,7 +340,7 @@
* Configure name servers, search paths, and resolver parameters for the given network.
*/
void setDnsConfigurationForNetwork(int netId, in String[] servers, in String[] domains,
- in int[] params, boolean useTls, String tlsHostname);
+ in int[] params, String tlsHostname, in String[] tlsServers);
void setFirewallEnabled(boolean enabled);
boolean isFirewallEnabled();
diff --git a/services/core/java/com/android/server/ConnectivityService.java b/services/core/java/com/android/server/ConnectivityService.java
index 088f366..5e99189 100644
--- a/services/core/java/com/android/server/ConnectivityService.java
+++ b/services/core/java/com/android/server/ConnectivityService.java
@@ -4581,17 +4581,17 @@
return nai.network.netId;
}
- private void handleRegisterNetworkAgent(NetworkAgentInfo na) {
+ private void handleRegisterNetworkAgent(NetworkAgentInfo nai) {
if (VDBG) log("Got NetworkAgent Messenger");
- mNetworkAgentInfos.put(na.messenger, na);
+ mNetworkAgentInfos.put(nai.messenger, nai);
synchronized (mNetworkForNetId) {
- mNetworkForNetId.put(na.network.netId, na);
+ mNetworkForNetId.put(nai.network.netId, nai);
}
- na.asyncChannel.connect(mContext, mTrackerHandler, na.messenger);
- NetworkInfo networkInfo = na.networkInfo;
- na.networkInfo = null;
- updateNetworkInfo(na, networkInfo);
- updateUids(na, null, na.networkCapabilities);
+ nai.asyncChannel.connect(mContext, mTrackerHandler, nai.messenger);
+ NetworkInfo networkInfo = nai.networkInfo;
+ nai.networkInfo = null;
+ updateNetworkInfo(nai, networkInfo);
+ updateUids(nai, null, nai.networkCapabilities);
}
private void updateLinkProperties(NetworkAgentInfo networkAgent, LinkProperties oldLp) {
diff --git a/services/core/java/com/android/server/NetworkManagementService.java b/services/core/java/com/android/server/NetworkManagementService.java
index af4c1a0..b0a7443 100644
--- a/services/core/java/com/android/server/NetworkManagementService.java
+++ b/services/core/java/com/android/server/NetworkManagementService.java
@@ -1944,13 +1944,13 @@
@Override
public void setDnsConfigurationForNetwork(int netId, String[] servers, String[] domains,
- int[] params, boolean useTls, String tlsHostname) {
+ int[] params, String tlsHostname, String[] tlsServers) {
mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG);
final String[] tlsFingerprints = new String[0];
try {
mNetdService.setResolverConfiguration(
- netId, servers, domains, params, useTls, tlsHostname, tlsFingerprints);
+ netId, servers, domains, params, tlsHostname, tlsServers, tlsFingerprints);
} catch (RemoteException e) {
throw new RuntimeException(e);
}
diff --git a/services/core/java/com/android/server/connectivity/DnsManager.java b/services/core/java/com/android/server/connectivity/DnsManager.java
index 557828a..36f5a6c 100644
--- a/services/core/java/com/android/server/connectivity/DnsManager.java
+++ b/services/core/java/com/android/server/connectivity/DnsManager.java
@@ -192,6 +192,12 @@
public void setDnsConfigurationForNetwork(
int netId, LinkProperties lp, boolean isDefaultNetwork) {
+ final String[] assignedServers = NetworkUtils.makeStrings(lp.getDnsServers());
+ final String[] domainStrs = getDomainStrings(lp.getDomains());
+
+ updateParametersSettings();
+ final int[] params = { mSampleValidity, mSuccessThreshold, mMinSamples, mMaxSamples };
+
// We only use the PrivateDnsConfig data pushed to this class instance
// from ConnectivityService because it works in coordination with
// NetworkMonitor to decide which networks need validation and runs the
@@ -204,23 +210,20 @@
final boolean useTls = (privateDnsCfg != null) && privateDnsCfg.useTls;
final boolean strictMode = (privateDnsCfg != null) && privateDnsCfg.inStrictMode();
final String tlsHostname = strictMode ? privateDnsCfg.hostname : "";
-
- final String[] serverStrs = NetworkUtils.makeStrings(
- strictMode ? Arrays.stream(privateDnsCfg.ips)
- .filter((ip) -> lp.isReachable(ip))
- .collect(Collectors.toList())
- : lp.getDnsServers());
- final String[] domainStrs = getDomainStrings(lp.getDomains());
-
- updateParametersSettings();
- final int[] params = { mSampleValidity, mSuccessThreshold, mMinSamples, mMaxSamples };
+ final String[] tlsServers =
+ strictMode ? NetworkUtils.makeStrings(
+ Arrays.stream(privateDnsCfg.ips)
+ .filter((ip) -> lp.isReachable(ip))
+ .collect(Collectors.toList()))
+ : useTls ? assignedServers // Opportunistic
+ : new String[0]; // Off
Slog.d(TAG, String.format("setDnsConfigurationForNetwork(%d, %s, %s, %s, %s, %s)",
- netId, Arrays.toString(serverStrs), Arrays.toString(domainStrs),
- Arrays.toString(params), useTls, tlsHostname));
+ netId, Arrays.toString(assignedServers), Arrays.toString(domainStrs),
+ Arrays.toString(params), tlsHostname, Arrays.toString(tlsServers)));
try {
mNMS.setDnsConfigurationForNetwork(
- netId, serverStrs, domainStrs, params, useTls, tlsHostname);
+ netId, assignedServers, domainStrs, params, tlsHostname, tlsServers);
} catch (Exception e) {
Slog.e(TAG, "Error setting DNS configuration: " + e);
return;
diff --git a/tests/net/java/com/android/server/ConnectivityServiceTest.java b/tests/net/java/com/android/server/ConnectivityServiceTest.java
index 207e24a..163dd2a 100644
--- a/tests/net/java/com/android/server/ConnectivityServiceTest.java
+++ b/tests/net/java/com/android/server/ConnectivityServiceTest.java
@@ -63,6 +63,7 @@
import static org.mockito.Matchers.anyString;
import static org.mockito.Mockito.any;
import static org.mockito.Mockito.atLeastOnce;
+import static org.mockito.Mockito.eq;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.never;
import static org.mockito.Mockito.reset;
@@ -133,6 +134,7 @@
import com.android.internal.util.test.FakeSettingsProvider;
import com.android.server.connectivity.ConnectivityConstants;
import com.android.server.connectivity.DefaultNetworkMetrics;
+import com.android.server.connectivity.DnsManager;
import com.android.server.connectivity.IpConnectivityMetrics;
import com.android.server.connectivity.MockableSystemProperties;
import com.android.server.connectivity.NetworkAgentInfo;
@@ -749,6 +751,7 @@
// NetworkMonitor implementation allowing overriding of Internet connectivity probe result.
private class WrappedNetworkMonitor extends NetworkMonitor {
+ public Handler connectivityHandler;
// HTTP response code fed back to NetworkMonitor for Internet connectivity probe.
public int gen204ProbeResult = 500;
public String gen204ProbeRedirectUrl = null;
@@ -758,6 +761,7 @@
IpConnectivityLog log) {
super(context, handler, networkAgentInfo, defaultRequest, log,
NetworkMonitor.NetworkMonitorSettings.DEFAULT);
+ connectivityHandler = handler;
}
@Override
@@ -3668,18 +3672,29 @@
@Test
public void testBasicDnsConfigurationPushed() throws Exception {
+ final String IFNAME = "test_rmnet_data0";
+ final String[] EMPTY_TLS_SERVERS = new String[0];
mCellNetworkAgent = new MockNetworkAgent(TRANSPORT_CELLULAR);
waitForIdle();
verify(mNetworkManagementService, never()).setDnsConfigurationForNetwork(
- anyInt(), any(), any(), any(), anyBoolean(), anyString());
+ anyInt(), any(), any(), any(), anyString(), eq(EMPTY_TLS_SERVERS));
final LinkProperties cellLp = new LinkProperties();
- cellLp.setInterfaceName("test_rmnet_data0");
+ cellLp.setInterfaceName(IFNAME);
+ // Add IPv4 and IPv6 default routes, because DNS-over-TLS code does
+ // "is-reachable" testing in order to not program netd with unreachable
+ // nameservers that it might try repeated to validate.
+ cellLp.addLinkAddress(new LinkAddress("192.0.2.4/24"));
+ cellLp.addRoute(new RouteInfo((IpPrefix) null, InetAddress.getByName("192.0.2.4"), IFNAME));
+ cellLp.addLinkAddress(new LinkAddress("2001:db8:1::1/64"));
+ cellLp.addRoute(
+ new RouteInfo((IpPrefix) null, InetAddress.getByName("2001:db8:1::1"), IFNAME));
mCellNetworkAgent.sendLinkProperties(cellLp);
mCellNetworkAgent.connect(false);
waitForIdle();
verify(mNetworkManagementService, times(1)).setDnsConfigurationForNetwork(
- anyInt(), mStringArrayCaptor.capture(), any(), any(), anyBoolean(), anyString());
+ anyInt(), mStringArrayCaptor.capture(), any(), any(),
+ anyString(), eq(EMPTY_TLS_SERVERS));
// CS tells netd about the empty DNS config for this network.
assertEmpty(mStringArrayCaptor.getValue());
reset(mNetworkManagementService);
@@ -3688,7 +3703,8 @@
mCellNetworkAgent.sendLinkProperties(cellLp);
waitForIdle();
verify(mNetworkManagementService, times(1)).setDnsConfigurationForNetwork(
- anyInt(), mStringArrayCaptor.capture(), any(), any(), anyBoolean(), anyString());
+ anyInt(), mStringArrayCaptor.capture(), any(), any(),
+ anyString(), eq(EMPTY_TLS_SERVERS));
assertEquals(1, mStringArrayCaptor.getValue().length);
assertTrue(ArrayUtils.contains(mStringArrayCaptor.getValue(), "2001:db8::1"));
reset(mNetworkManagementService);
@@ -3697,7 +3713,26 @@
mCellNetworkAgent.sendLinkProperties(cellLp);
waitForIdle();
verify(mNetworkManagementService, times(1)).setDnsConfigurationForNetwork(
- anyInt(), mStringArrayCaptor.capture(), any(), any(), anyBoolean(), anyString());
+ anyInt(), mStringArrayCaptor.capture(), any(), any(),
+ anyString(), eq(EMPTY_TLS_SERVERS));
+ assertEquals(2, mStringArrayCaptor.getValue().length);
+ assertTrue(ArrayUtils.containsAll(mStringArrayCaptor.getValue(),
+ new String[]{"2001:db8::1", "192.0.2.1"}));
+ reset(mNetworkManagementService);
+
+ final String TLS_SPECIFIER = "tls.example.com";
+ final String TLS_SERVER6 = "2001:db8:53::53";
+ final InetAddress[] TLS_IPS = new InetAddress[]{ InetAddress.getByName(TLS_SERVER6) };
+ final String[] TLS_SERVERS = new String[]{ TLS_SERVER6 };
+ final Handler h = mCellNetworkAgent.getWrappedNetworkMonitor().connectivityHandler;
+ h.sendMessage(h.obtainMessage(
+ NetworkMonitor.EVENT_PRIVATE_DNS_CONFIG_RESOLVED, 0,
+ mCellNetworkAgent.getNetwork().netId,
+ new DnsManager.PrivateDnsConfig(TLS_SPECIFIER, TLS_IPS)));
+ waitForIdle();
+ verify(mNetworkManagementService, times(1)).setDnsConfigurationForNetwork(
+ anyInt(), mStringArrayCaptor.capture(), any(), any(),
+ eq(TLS_SPECIFIER), eq(TLS_SERVERS));
assertEquals(2, mStringArrayCaptor.getValue().length);
assertTrue(ArrayUtils.containsAll(mStringArrayCaptor.getValue(),
new String[]{"2001:db8::1", "192.0.2.1"}));