From e5e21fd4b57fb148543135212837b13ab649cf73 Mon Sep 17 00:00:00 2001 From: Erik Kline Date: Tue, 22 May 2018 21:15:49 +0900 Subject: [PATCH] Fixup SntpClient to bypass Private DNS NTP may be necessary in order to validate Private DNS certificates, so it should be allowed to bypass Private DNS. Test: as follows - built, flashed, booted - tcpdump for port 53; adb shell am restart queries for the NTP hostname appear in the clear - runtest frameworks-net passes Bug: 64133961 Bug: 80118648 Change-Id: Id9ceb3fcaaffb48cbbd4cd381d48cae991572c9e --- core/java/android/net/Network.java | 44 ++++++++++++++++++++++++++++-- 1 file changed, 42 insertions(+), 2 deletions(-) diff --git a/core/java/android/net/Network.java b/core/java/android/net/Network.java index 15a0ee5eb2..d75d4391de 100644 --- a/core/java/android/net/Network.java +++ b/core/java/android/net/Network.java @@ -85,6 +85,21 @@ public class Network implements Parcelable { private static final long HANDLE_MAGIC = 0xcafed00dL; private static final int HANDLE_MAGIC_SIZE = 32; + // A boolean to control how getAllByName()/getByName() behaves in the face + // of Private DNS. + // + // When true, these calls will request that DNS resolution bypass any + // Private DNS that might otherwise apply. Use of this feature is restricted + // and permission checks are made by netd (attempts to bypass Private DNS + // without appropriate permission are silently turned into vanilla DNS + // requests). This only affects DNS queries made using this network object. + // + // It it not parceled to receivers because (a) it can be set or cleared at + // anytime and (b) receivers should be explicit about attempts to bypass + // Private DNS so that the intent of the code is easily determined and + // code search audits are possible. + private boolean mPrivateDnsBypass = false; + /** * @hide */ @@ -108,7 +123,7 @@ public class Network implements Parcelable { * @throws UnknownHostException if the address lookup fails. */ public InetAddress[] getAllByName(String host) throws UnknownHostException { - return InetAddress.getAllByNameOnNet(host, netId); + return InetAddress.getAllByNameOnNet(host, getNetIdForResolv()); } /** @@ -122,7 +137,32 @@ public class Network implements Parcelable { * if the address lookup fails. */ public InetAddress getByName(String host) throws UnknownHostException { - return InetAddress.getByNameOnNet(host, netId); + return InetAddress.getByNameOnNet(host, getNetIdForResolv()); + } + + /** + * Specify whether or not Private DNS should be bypassed when attempting + * to use {@link getAllByName()}/{@link getByName()} methods on the given + * instance for hostname resolution. + * + * @hide + */ + public void setPrivateDnsBypass(boolean bypass) { + mPrivateDnsBypass = bypass; + } + + /** + * Returns a netid marked with the Private DNS bypass flag. + * + * This flag must be kept in sync with the NETID_USE_LOCAL_NAMESERVERS flag + * in system/netd/include/NetdClient.h. + * + * @hide + */ + public int getNetIdForResolv() { + return mPrivateDnsBypass + ? (int) (0x80000000L | (long) netId) // Non-portable DNS resolution flag. + : netId; } /**