do not drop ingress dns replies with non bypassable vpn See: aosp-master packages/modules/DnsResolver/include/netd_resolv/resolv.h 119: #define TAG_SYSTEM_DNS 0xFFFFFF82 aosp-master frameworks/base/core/java/com/android/internal/util/TrafficStatsConstants.java 43: public static final int TAG_SYSTEM_DNS = 0xFFFFFF82; aosp-master packages/modules/DnsResolver/resolv_private.h 171: if (int err = android::net::gResNetdCallbacks.tagSocket(sock, TAG_SYSTEM_DNS, uid, pid)) { Test: via new tests on aosp master & via test build with carrier Bug: 159994981 Signed-off-by: Maciej Żenczykowski <maze@google.com> Change-Id: I8765153c1d7b10970f48bd7e85780f24d2549190

commit: e2ad8628b0244fc7d2b9565369923864b9e3a751 [log] [tgz]
author: Maciej Żenczykowski <maze@google.com> Thu Jul 02 04:08:59 2020 -0700
committer: Maciej Zenczykowski <maze@google.com> Thu Jul 16 04:54:31 2020 +0000
tree: 97dcda1ebd79c607ac45deace4cd71b3468f3377
parent: 251b3ee12de52afc82d90eca99255e2a726a15d1 [diff] [blame]
diff --git a/server/main.cpp b/server/main.cpp
index 0a86b0a..4949ff6 100644
--- a/server/main.cpp
+++ b/server/main.cpp

@@ -83,6 +83,8 @@
 }
 
 int tagSocketCallback(int sockFd, uint32_t tag, uid_t uid, pid_t) {
+    // Workaround for secureVPN with VpnIsolation enabled, refer to b/159994981 for details.
+    if (tag == TAG_SYSTEM_DNS) uid = AID_DNS;
     return gCtls->trafficCtrl.tagSocket(sockFd, tag, uid, geteuid());
 }
commit	e2ad8628b0244fc7d2b9565369923864b9e3a751	[log] [tgz]
author	Maciej Żenczykowski <maze@google.com>	Thu Jul 02 04:08:59 2020 -0700
committer	Maciej Zenczykowski <maze@google.com>	Thu Jul 16 04:54:31 2020 +0000
tree	97dcda1ebd79c607ac45deace4cd71b3468f3377
parent	251b3ee12de52afc82d90eca99255e2a726a15d1 [diff] [blame]