diff options
| author | Remi NGUYEN VAN <reminv@google.com> | 2018-05-02 07:32:59 +0000 |
|---|---|---|
| committer | Gerrit Code Review <noreply-gerritcodereview@google.com> | 2018-05-02 07:32:59 +0000 |
| commit | 0a0f776e342f7a991d6a38c60bbf4557980e0981 (patch) | |
| tree | 021e12a62aeb8ac26942ba00fc88d7b2e39047de | |
| parent | 7b8d77eb6cb67a29b010fc91c649d95cd888a339 (diff) | |
| parent | ce84f4a1caa48d45db579df3e17109cfdcbfe49a (diff) | |
| download | netd-android-wear-p-preview-2.tar.gz | |
Merge "Enforce NETWORK_BYPASS_PRIVATE_DNS"android-wear-p-preview-2android-p-preview-3android-p-preview-2android-o-mr1-iot-release-1.0.0
| -rw-r--r-- | server/DnsProxyListener.cpp | 32 |
1 files changed, 27 insertions, 5 deletions
diff --git a/server/DnsProxyListener.cpp b/server/DnsProxyListener.cpp index 3c5b3378..62500484 100644 --- a/server/DnsProxyListener.cpp +++ b/server/DnsProxyListener.cpp @@ -38,11 +38,14 @@ #include <list> #include <vector> +#include <cutils/misc.h> #include <log/log.h> #include <netdutils/Slice.h> #include <utils/String16.h> #include <sysutils/SocketClient.h> +#include <binder/IServiceManager.h> + #include "Controllers.h" #include "Fwmark.h" #include "DnsProxyListener.h" @@ -65,6 +68,12 @@ namespace net { namespace { +// TODO: move to a separate file (with other constants from FwmarkService and NetdNativeService) +constexpr const char CONNECTIVITY_USE_RESTRICTED_NETWORKS[] = + "android.permission.CONNECTIVITY_USE_RESTRICTED_NETWORKS"; +constexpr const char NETWORK_BYPASS_PRIVATE_DNS[] = + "android.permission.NETWORK_BYPASS_PRIVATE_DNS"; + void logArguments(int argc, char** argv) { for (int i = 0; i < argc; i++) { ALOGD("argv[%i]=%s", i, argv[i]); @@ -189,13 +198,26 @@ inline bool queryingViaTls(unsigned dns_netid) { } } -void maybeFixupNetContext(android_net_context* ctx) { - if (requestingUseLocalNameservers(ctx->flags)) { - if (net::gCtls->netCtrl.getPermissionForUser(ctx->uid) != Permission::PERMISSION_SYSTEM) { - // Not permitted; clear the flag. - ctx->flags &= ~NET_CONTEXT_FLAG_USE_LOCAL_NAMESERVERS; +bool hasPermissionToBypassPrivateDns(uid_t uid) { + static_assert(AID_SYSTEM >= 0 && AID_SYSTEM < FIRST_APPLICATION_UID, + "Calls from AID_SYSTEM must not result in a permission check to avoid deadlock."); + if (uid >= 0 && uid < FIRST_APPLICATION_UID) { + return true; + } + + for (auto& permission : {CONNECTIVITY_USE_RESTRICTED_NETWORKS, NETWORK_BYPASS_PRIVATE_DNS}) { + if (checkCallingPermission(String16(permission))) { + return true; } } + return false; +} + +void maybeFixupNetContext(android_net_context* ctx) { + if (requestingUseLocalNameservers(ctx->flags) && !hasPermissionToBypassPrivateDns(ctx->uid)) { + // Not permitted; clear the flag. + ctx->flags &= ~NET_CONTEXT_FLAG_USE_LOCAL_NAMESERVERS; + } if (!requestingUseLocalNameservers(ctx->flags)) { // If we're not explicitly bypassing DNS-over-TLS servers, check whether |