Merge PrivateDnsConfiguration and qhook into libnetd_resolv
PrivateDnsConfiguration handles the operations which adds, validates,
and removes private DNS servers. It will be hidden inside the library
after this change.
PrivateDnsConfiguration and DnsTlsDispatcher will be constructed along
with netd starts. Their instances are now moved to the library. Netd
can use public functions to update private DNS servers. In addition,
qhook() is no longer needed for TLS query.
This change comprises:
[1] Provide APIs for netd to add and delete private DNS servers as
well as get status.
[2] Provide a way for netd to register callback which will be invoked
whenever private DNS servers validation finishes. This is used for
onPrivateDnsValidationEvent().
[3] Remove qhook in android_net_context, since DnsTls* have been moved
to libnetd_resolv library. Also, qhook and rhook are removed in the
library.
[4] The visibility of DnsTls* symbols are hidden, while they have been
visible for a while.
Bug: 113628807
Test: as follows
- built, flashed, booted
- system/netd/tests/runtests.sh
- DNS-over-TLS in live network passed
Change-Id: I235004e4019d88d0d162d7ebd452148cd14cfd39
diff --git a/include/netd_resolv/PrivateDnsConfiguration.h b/include/netd_resolv/PrivateDnsConfiguration.h
new file mode 100644
index 0000000..cee0205
--- /dev/null
+++ b/include/netd_resolv/PrivateDnsConfiguration.h
@@ -0,0 +1,78 @@
+/*
+ * Copyright (C) 2018 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef NETD_RESOLV_PRIVATEDNSCONFIGURATION_H
+#define NETD_RESOLV_PRIVATEDNSCONFIGURATION_H
+
+#include <list>
+#include <map>
+#include <vector>
+
+#include <android-base/thread_annotations.h>
+
+#include "DnsTlsServer.h"
+#include "resolv.h"
+
+namespace android {
+namespace net {
+
+struct PrivateDnsStatus {
+ PrivateDnsMode mode;
+ std::list<DnsTlsServer> validatedServers;
+};
+
+class PrivateDnsConfiguration {
+ public:
+ int set(int32_t netId, uint32_t mark, const std::vector<std::string>& servers,
+ const std::string& name, const std::set<std::vector<uint8_t>>& fingerprints);
+
+ PrivateDnsStatus getStatus(unsigned netId);
+
+ // Externally used for netd.
+ void getStatus(unsigned netId, ExternalPrivateDnsStatus* status);
+
+ int getPrivateDnsModeAndStatus(unsigned netId);
+ void clear(unsigned netId);
+ void setCallback(private_dns_validated_callback callback);
+
+ private:
+ typedef std::map<DnsTlsServer, Validation, AddressComparator> PrivateDnsTracker;
+
+ void validatePrivateDnsProvider(const DnsTlsServer& server, PrivateDnsTracker& tracker,
+ unsigned netId, uint32_t mark) REQUIRES(mPrivateDnsLock);
+
+ bool recordPrivateDnsValidation(const DnsTlsServer& server, unsigned netId, bool success);
+
+ // Start validation for newly added servers as well as any servers that have
+ // landed in Validation::fail state. Note that servers that have failed
+ // multiple validation attempts but for which there is still a validating
+ // thread running are marked as being Validation::in_process.
+ bool needsValidation(const PrivateDnsTracker& tracker, const DnsTlsServer& server);
+
+ std::mutex mPrivateDnsLock;
+ std::map<unsigned, PrivateDnsMode> mPrivateDnsModes GUARDED_BY(mPrivateDnsLock);
+ // Structure for tracking the validation status of servers on a specific netId.
+ // Using the AddressComparator ensures at most one entry per IP address.
+ std::map<unsigned, PrivateDnsTracker> mPrivateDnsTransports GUARDED_BY(mPrivateDnsLock);
+ private_dns_validated_callback mCallback = nullptr;
+};
+
+extern PrivateDnsConfiguration gPrivateDnsConfiguration;
+
+} // namespace net
+} // namespace android
+
+#endif /* NETD_RESOLV_PRIVATEDNSCONFIGURATION_H */