| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are many functions that limit the app's network access, such as
doze mode, battery saver, etc. Before this commit, the DNS resolver had
no relevant information, it would send data and rely on the BPF program
in Kernel to block the sending. This has two problems: (1) Waste of CPU
resources. (2) Private DNS should be but is not restricted by those
features.
In this commit, the DNS resolver calls a function in a new added library
to know whether apps are blocked by network restriction rules. If so, it
returns failures early for both plaintext and encrypted queries.
Bug: 288340533
Test: Auto test TBD
Test: Manually test
1. Install a test app that keeps sending DNS in background.
2. Force enable doze mode by adb commands.
3. Check that DNS query results of the test app is failed.
4. Add the test app into white list.
5. Check that DNS query results of the test app is successful.
Change-Id: I58b0f5e5ff0494f8d190ef601b984a96b2673911
|
| |
|
|
|
|
|
|
|
| |
DoH has been enabled on Q onwards since last year, and the
performance is good. Delete the flag.
Bug: 277698541
Test: atest
Change-Id: Ie7f8ecdbe64f209da95646e33af8e165595452ad
|
| |
|
|
|
|
|
|
|
|
|
| |
Start from Android U, evaluate_domain_name can report whether UID can
send DNS on a specified network or not. The function needs to be called
by the GetHostByAddr, like what has been done in GetHostByName,
GetAddrInfo, and ResNSend.
Bug: 263219497
Test: resolv_integration_tests
Change-Id: I4668463e0c3acaa825ce81c9d902e83fbb5d687b
|
| |
|
|
|
|
| |
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I363e16095ed7a32eb65c68759307d88806ac0f29
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. Set DNS default logging level to INFO.
2. Adjust logging level on some traces.
Output:
[Success]
resolv : GetAddrInfoHandler::run: {100 983140 100 983140 1021 0}
resolv : res_nmkquery: (QUERY, IN, A)
resolv : res_nsend: used send_dg 97 terrno: 0
resolv : doQuery: rcode=0, ancount=4
[Cache hit]
resolv : GetAddrInfoHandler::run: {100 786532 100 983140 0 0}
resolv : res_nmkquery: (QUERY, IN, AAAA)
resolv : resolv_cache_lookup: FOUND IN CACHE entry=0xb4000075f51973d0
resolv : doQuery: rcode=0, ancount=1
[Error - NXDOMAIN]
resolv : GetAddrInfoHandler::run: {100 786532 100 983140 0 0}
resolv : res_nmkquery: (QUERY, IN, AAAA)
resolv : res_nsend: used send_dg 104 terrno: 0
resolv : doQuery: rcode=3, ancount=0
[Timeout]
resolv : GetAddrInfoHandler::run: {30 983070 30 983070 0 0}
resolv : res_nmkquery: (QUERY, IN, A)
resolv : res_nsend: used send_dg 0 terrno: 110
resolv : res_nsend: used send_dg 0 terrno: 110
resolv : doQuery: rcode=255, ancount=0
...
Bug: N/A
Test: m; adb logcat
Change-Id: I2a0ea2b416264d59382ef121d6d7755f8c7ffdf7
|
| |
|
|
|
|
|
|
|
| |
To accommodate go/android-userdebug-policy, set DnsResolver default log
level to warning in usesrdebug build.
Test: atest
Bug: 215325766
Change-Id: Ib710a427a4897e4955da2d4055b57bc5d65077ad
|
| |
|
|
|
|
|
|
|
|
| |
Turn the feature default on for Android T again but make it
able to be disabled by the flag.
Bug: 200763585
Bug: 155855709
Test: cd packages/modules/DnsResolver && atest
Change-Id: I3c1e52069ed2b2ba7008890227ae377f7520260f
|
| |
|
|
|
|
|
| |
Bug: 200763585
Bug: 155855709
Test: cd packages/modules/DnsResolver && atest
Change-Id: Iecd7bdd926c6651ae66d20e0946c10662659e5da
|
| |
|
|
|
|
|
|
| |
DnsResolver doesn't need to check SDK level more than once.
Bug: 200763585
Test: built dnsresolver passed
Change-Id: I7e113a9b4d941dbe278fbeaa84953ac12a778de0
|
| |
|
|
|
|
|
| |
Bug: 200763585
Bug: 155855709
Test: atest
Change-Id: I1a99889891ef7212aa618198c4840488d23a35d9
|
| |
|
|
|
|
| |
Test: TH
Bug: 155855709
Change-Id: Ie2536938a4f01e24cffcbec9794990fc4d4e2d6c
|
| |
|
|
|
|
|
|
|
| |
Log the validation state whenever it's changed, and output the
result to dumpsys.
Bug: 79727473
Test: cd packages/modules/DnsResolver && atest
Change-Id: I3afe28f546562228e1a0dfc2a8a55de5b5f08a7e
|
| |
|
|
|
|
|
|
|
| |
To debug flaky test, set DnsResolver default log level to debug in
usesrdebug build.
Test: atest
Bug: 174783023
Change-Id: I6ee298d2951cb3df9d0ae24aee61caba0c20119c
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
To be compatible with VPN isolation feature, DnsResolver has
different behavior fchown'ing when query socket.
sdk version >= (R+), fchown to apps' uid, otherwise fchown to AID_DNS
Make relevant tests compatible with it.
Test: atest
Bug: 161509097
Change-Id: I1c0bb4b9f35eaae32977a51c2d0a968092095cd0
|
| |
|
|
|
|
|
|
|
|
|
| |
update experiment flags everytime when a resolver network is created or
destroyed.
Bug: 135717624
Bug: 151698212
Test: atest
Change-Id: I5375e78831c5994af74b9ecaca991f18db03eca6
|
| |
|
|
|
|
|
|
|
|
|
| |
A utility used for getting the integer from the experiment flag.
No functionality change.
Bug: 120182528
Bug: 141218721
Test: manually setting the device_config works, e.g.
adb shell device_config put netd_native dot_connect_timeout_ms 3000
Change-Id: Ib4bb39b0465de86c3db0151f0b3c3a66f5a83de8
|
|
|
The struct addrinfo is designed to store multi-addresses and it
might cause memory leaks if improperly used. IPSockAddr is safer
and is extensible. It also helps simplify the struct resolv_cache_info,
where nameservers and nscount is no longer necessary.
Bug: 130686826
Test: atest --include-subdirs packages/modules/DnsResolver
Change-Id: I3243f2f79c94ebe3d03503914d25b5863da20c09
|
