diff options
author | Remi NGUYEN VAN <reminv@google.com> | 2018-04-25 17:43:52 +0900 |
---|---|---|
committer | Remi NGUYEN VAN <reminv@google.com> | 2018-05-02 16:58:53 +0900 |
commit | a779b902d4134cfa97523a139693fd5f1a67f2d8 (patch) | |
tree | bb4c757f54c0c226f494a475676b20ba81f5676d | |
parent | ac62cbd5217ccda2364d5cf942db41f699637fe9 (diff) | |
download | netd-a779b902d4134cfa97523a139693fd5f1a67f2d8.tar.gz |
Enforce NETWORK_BYPASS_PRIVATE_DNS
Change permission check from PERMISSION_SYSTEM to
NETWORK_BYPASS_PRIVATE_DNS or CONNECTIVITY_USE_RESTRICTED_NETWORKS.
Bug: b/78494660
Test: manual: captive portal login & MMS sending works
(cherry-picked from aosp I3f3b4d35eb1bd0a3c8f567055ba481dbb2ad3df7)
Merged-In: I32b6c91eeef55ce694f99018bc7ea4af352d28cc
Merged-In: Ice21316ff06261bf957d6eb720d49633eaf00486
Change-Id: Ib9bcf618bb674da6837408b3e7e5f885ffcda5c7
-rw-r--r-- | server/DnsProxyListener.cpp | 32 |
1 files changed, 27 insertions, 5 deletions
diff --git a/server/DnsProxyListener.cpp b/server/DnsProxyListener.cpp index 18ffe1cb..dd7b4e2b 100644 --- a/server/DnsProxyListener.cpp +++ b/server/DnsProxyListener.cpp @@ -39,10 +39,13 @@ #include <vector> #include <cutils/log.h> +#include <cutils/misc.h> #include <netdutils/Slice.h> #include <utils/String16.h> #include <sysutils/SocketClient.h> +#include <binder/IServiceManager.h> + #include "Controllers.h" #include "Fwmark.h" #include "DnsProxyListener.h" @@ -65,6 +68,12 @@ namespace net { namespace { +// TODO: move to a separate file (with other constants from FwmarkService and NetdNativeService) +constexpr const char CONNECTIVITY_USE_RESTRICTED_NETWORKS[] = + "android.permission.CONNECTIVITY_USE_RESTRICTED_NETWORKS"; +constexpr const char NETWORK_BYPASS_PRIVATE_DNS[] = + "android.permission.NETWORK_BYPASS_PRIVATE_DNS"; + void logArguments(int argc, char** argv) { for (int i = 0; i < argc; i++) { ALOGD("argv[%i]=%s", i, argv[i]); @@ -189,13 +198,26 @@ inline bool queryingViaTls(unsigned dns_netid) { } } -void maybeFixupNetContext(android_net_context* ctx) { - if (requestingUseLocalNameservers(ctx->flags)) { - if (net::gCtls->netCtrl.getPermissionForUser(ctx->uid) != Permission::PERMISSION_SYSTEM) { - // Not permitted; clear the flag. - ctx->flags &= ~NET_CONTEXT_FLAG_USE_LOCAL_NAMESERVERS; +bool hasPermissionToBypassPrivateDns(uid_t uid) { + static_assert(AID_SYSTEM >= 0 && AID_SYSTEM < FIRST_APPLICATION_UID, + "Calls from AID_SYSTEM must not result in a permission check to avoid deadlock."); + if (uid >= 0 && uid < FIRST_APPLICATION_UID) { + return true; + } + + for (auto& permission : {CONNECTIVITY_USE_RESTRICTED_NETWORKS, NETWORK_BYPASS_PRIVATE_DNS}) { + if (checkCallingPermission(String16(permission))) { + return true; } } + return false; +} + +void maybeFixupNetContext(android_net_context* ctx) { + if (requestingUseLocalNameservers(ctx->flags) && !hasPermissionToBypassPrivateDns(ctx->uid)) { + // Not permitted; clear the flag. + ctx->flags &= ~NET_CONTEXT_FLAG_USE_LOCAL_NAMESERVERS; + } if (!requestingUseLocalNameservers(ctx->flags)) { // If we're not explicitly bypassing DNS-over-TLS servers, check whether |