diff options
author | Ken Chen <cken@google.com> | 2023-01-16 19:00:43 +0800 |
---|---|---|
committer | Ken Chen <cken@google.com> | 2023-01-16 21:17:39 +0800 |
commit | fd22f385a7817bc55a1bac4e022e7c00716095bf (patch) | |
tree | e25e99fb7a8e972add3355dcef95f3def21bd932 | |
parent | 6d9f3eee8d22abebedd99e1f0b008ff958bfefb4 (diff) | |
download | netd-fd22f385a7817bc55a1bac4e022e7c00716095bf.tar.gz |
Allow DNS lookup in no default network casemain-16k-with-phones
Before aosp/2368708, DNS lookup of "localhost" is allowed when apps
don't select a network and there is no default network. It is because
the "localhost" exists in etc/hosts. The etc/hosts lookups take
precedence over routing decisions. After aosp/2368708, the same DNS
lookup is blocked by evaluateDomainNameCallback. It is because
app_netid in network context is 0, and there is no corresponding
Network object in netd.
DNS lookup can be allowed in this case because DNS packets will not be
sent out of the device if the hostname is not listed in the etc/hosts.
Bug: 265503240
Bug: 263219497
Test: atest com.android.server.connectivity.VpnTest
Change-Id: Iff760770706cce23cf25661593dcc67d0b0685e9
-rw-r--r-- | server/NetworkController.cpp | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/server/NetworkController.cpp b/server/NetworkController.cpp index 082eaf84..3e38d48e 100644 --- a/server/NetworkController.cpp +++ b/server/NetworkController.cpp @@ -825,7 +825,10 @@ int NetworkController::setNetworkAllowlist( bool NetworkController::isUidAllowed(unsigned netId, uid_t uid) const { const ScopedRLock lock(mRWLock); Network* network = getNetworkLocked(netId); - if (network && network->isUidAllowed(uid)) { + // Exempt when no netId is specified and there is no default network, so that apps or tests can + // do DNS lookups for hostnames in etc/hosts. + if ((network && network->isUidAllowed(uid)) || + (netId == NETID_UNSET && mDefaultNetId == NETID_UNSET)) { return true; } return false; |