Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / system / netd / 1564d488b7904bec24f045f2ae728146023de490^! / . / client / NetdClient.cpp
commit1564d488b7904bec24f045f2ae728146023de490[log] [tgz]
authorErik Kline <ek@google.com>Wed Mar 07 17:09:35 2018 +0900
committerErik Kline <ek@google.com>Thu Mar 29 11:57:35 2018 -0700
treec2d2318c694f5d89d07f8b33c6a4178438630490
parent05827de37e5413d165bf655bdfd13e3d49c906d1 [diff] [blame]
Program local and TLS servers, and allow TLS-bypass

This change comprises several parts:

[1] Define a wasExplicitlyConfigured() notion on a DnsTlsServer to
    indicate whether the hostname or any fingerprints have been
    explicitly set. A DnsTlsServer not wasExplicitlyConfigured()
    implies opportunistic mode.

[2] The locally-assigned DNS servers get set in bionic, and the TLS
    servers get set in ResolverController.

[3] ResolverController::getPrivateDnsMode returns the Private DNS mode
    configured for a given netid.

[4] ResolverController::getValidatedTlsServers() returns a list of
    validated DnsTlsServers for a given netid.

[5] The mode and a non-empty list together instruct the qhook in
    DnsProxyListener to hand a query off to the DnsTlsDispatcher.

[6] The DnsTlsDispatcher iterates over the list of DnsTlsServers,
    preferring servers for which connections already exist.

[7] Enable EDNS0 for DNS-over-TLS queries (set the appropriate flag
    in the android_net_context.flags field).

[8] Introduce NETID_USE_LOCAL_NAMESERVERS flag for setting the high
    bit of netids in order to pass this informatin across the
    app<->netd boundary.

[9] Update setNetworkForResolv and getNetworkForResolv to handle the
    NETID_USE_LOCAL_NAMESERVERS flag accordingly.

[10] DnsProxyListener translates the NETID_USE_LOCAL_NAMESERVERS bit
     into the NET_CONTEXT_FLAG_USE_LOCAL_NAMESERVERS flag.

Test: as follows
    - built
    - flashed
    - booted
    - ./system/netd/tests/runtests.sh passes
Bug: 34953048
Bug: 64133961
Bug: 72345192
Bug: 76103007
Change-Id: Ib564c6a23c44b36755418fd1557cd86ea54dae44

diff --git a/client/NetdClient.cpp b/client/NetdClient.cpp
index 821f488..fbbc9e7 100644
--- a/client/NetdClient.cpp
+++ b/client/NetdClient.cpp

@@ -122,6 +122,10 @@
     if (netId != NETID_UNSET) {
         return netId;
     }
+    // Special case for DNS-over-TLS bypass; b/72345192 .
+    if ((netIdForResolv & ~NETID_USE_LOCAL_NAMESERVERS) != NETID_UNSET) {
+        return netIdForResolv;
+    }
     netId = netIdForProcess;
     if (netId != NETID_UNSET) {
         return netId;
@@ -130,6 +134,9 @@
 }
 
 int setNetworkForTarget(unsigned netId, std::atomic_uint* target) {
+    const unsigned requestedNetId = netId;
+    netId &= ~NETID_USE_LOCAL_NAMESERVERS;
+
     if (netId == NETID_UNSET) {
         *target = netId;
         return 0;
@@ -148,7 +155,7 @@
     }
     int error = setNetworkForSocket(netId, socketFd);
     if (!error) {
-        *target = netId;
+        *target = (target == &netIdForResolv) ? requestedNetId : netId;
     }
     close(socketFd);
     return error;