1 /*
2 * Copyright (C) 2019 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #define LOG_TAG "dns_responder_client"
18
19 #include "dns_responder_client_ndk.h"
20
21 #include <android/binder_manager.h>
22 #include "NetdClient.h"
23
24 #define TEST_NETID 30
25
26 // TODO: move this somewhere shared.
27 static const char* ANDROID_DNS_MODE = "ANDROID_DNS_MODE";
28
29 using aidl::android::net::IDnsResolver;
30 using aidl::android::net::INetd;
31 using aidl::android::net::ResolverOptionsParcel;
32 using aidl::android::net::ResolverParamsParcel;
33 using android::net::ResolverStats;
34
SetupMappings(unsigned numHosts,const std::vector<std::string> & domains,std::vector<Mapping> * mappings)35 void DnsResponderClient::SetupMappings(unsigned numHosts, const std::vector<std::string>& domains,
36 std::vector<Mapping>* mappings) {
37 mappings->resize(numHosts * domains.size());
38 auto mappingsIt = mappings->begin();
39 for (unsigned i = 0; i < numHosts; ++i) {
40 for (const auto& domain : domains) {
41 mappingsIt->host = fmt::format("host{}", i);
42 mappingsIt->entry = fmt::format("{}.{}.", mappingsIt->host, domain);
43 mappingsIt->ip4 = fmt::format("192.0.2.{}", i % 253 + 1);
44 mappingsIt->ip6 = fmt::format("2001:db8::{:x}", i % 65534 + 1);
45 ++mappingsIt;
46 }
47 }
48 }
49
50 // TODO: Use SetResolverConfiguration() with ResolverParamsParcel struct directly.
51 // DEPRECATED: Use SetResolverConfiguration() in new code
makeResolverParamsParcel(int netId,const std::vector<int> & params,const std::vector<std::string> & servers,const std::vector<std::string> & domains,const std::string & tlsHostname,const std::vector<std::string> & tlsServers,const std::string & caCert)52 ResolverParamsParcel DnsResponderClient::makeResolverParamsParcel(
53 int netId, const std::vector<int>& params, const std::vector<std::string>& servers,
54 const std::vector<std::string>& domains, const std::string& tlsHostname,
55 const std::vector<std::string>& tlsServers, const std::string& caCert) {
56 ResolverParamsParcel paramsParcel;
57
58 paramsParcel.netId = netId;
59 paramsParcel.sampleValiditySeconds = params[IDnsResolver::RESOLVER_PARAMS_SAMPLE_VALIDITY];
60 paramsParcel.successThreshold = params[IDnsResolver::RESOLVER_PARAMS_SUCCESS_THRESHOLD];
61 paramsParcel.minSamples = params[IDnsResolver::RESOLVER_PARAMS_MIN_SAMPLES];
62 paramsParcel.maxSamples = params[IDnsResolver::RESOLVER_PARAMS_MAX_SAMPLES];
63 if (params.size() > IDnsResolver::RESOLVER_PARAMS_BASE_TIMEOUT_MSEC) {
64 paramsParcel.baseTimeoutMsec = params[IDnsResolver::RESOLVER_PARAMS_BASE_TIMEOUT_MSEC];
65 } else {
66 paramsParcel.baseTimeoutMsec = 0;
67 }
68 if (params.size() > IDnsResolver::RESOLVER_PARAMS_RETRY_COUNT) {
69 paramsParcel.retryCount = params[IDnsResolver::RESOLVER_PARAMS_RETRY_COUNT];
70 } else {
71 paramsParcel.retryCount = 0;
72 }
73 paramsParcel.servers = servers;
74 paramsParcel.domains = domains;
75 paramsParcel.tlsName = tlsHostname;
76 paramsParcel.tlsServers = tlsServers;
77 paramsParcel.tlsFingerprints = {};
78 paramsParcel.caCertificate = caCert;
79 paramsParcel.resolverOptions = ResolverOptionsParcel{}; // optional, must be explicitly set.
80
81 // Note, do not remove this otherwise the ResolverTest#ConnectTlsServerTimeout won't pass in M4
82 // module.
83 // TODO: remove after 2020-01 rolls out.
84 paramsParcel.tlsConnectTimeoutMs = 1000;
85
86 return paramsParcel;
87 }
88
GetResolverInfo(aidl::android::net::IDnsResolver * dnsResolverService,unsigned netId,std::vector<std::string> * servers,std::vector<std::string> * domains,std::vector<std::string> * tlsServers,res_params * params,std::vector<ResolverStats> * stats,int * waitForPendingReqTimeoutCount)89 bool DnsResponderClient::GetResolverInfo(aidl::android::net::IDnsResolver* dnsResolverService,
90 unsigned netId, std::vector<std::string>* servers,
91 std::vector<std::string>* domains,
92 std::vector<std::string>* tlsServers, res_params* params,
93 std::vector<ResolverStats>* stats,
94 int* waitForPendingReqTimeoutCount) {
95 using aidl::android::net::IDnsResolver;
96 std::vector<int32_t> params32;
97 std::vector<int32_t> stats32;
98 std::vector<int32_t> waitForPendingReqTimeoutCount32{0};
99 auto rv = dnsResolverService->getResolverInfo(netId, servers, domains, tlsServers, ¶ms32,
100 &stats32, &waitForPendingReqTimeoutCount32);
101
102 if (!rv.isOk() || params32.size() != static_cast<size_t>(IDnsResolver::RESOLVER_PARAMS_COUNT)) {
103 return false;
104 }
105 *params = res_params{
106 .sample_validity =
107 static_cast<uint16_t>(params32[IDnsResolver::RESOLVER_PARAMS_SAMPLE_VALIDITY]),
108 .success_threshold =
109 static_cast<uint8_t>(params32[IDnsResolver::RESOLVER_PARAMS_SUCCESS_THRESHOLD]),
110 .min_samples =
111 static_cast<uint8_t>(params32[IDnsResolver::RESOLVER_PARAMS_MIN_SAMPLES]),
112 .max_samples =
113 static_cast<uint8_t>(params32[IDnsResolver::RESOLVER_PARAMS_MAX_SAMPLES]),
114 .base_timeout_msec = params32[IDnsResolver::RESOLVER_PARAMS_BASE_TIMEOUT_MSEC],
115 .retry_count = params32[IDnsResolver::RESOLVER_PARAMS_RETRY_COUNT],
116 };
117 *waitForPendingReqTimeoutCount = waitForPendingReqTimeoutCount32[0];
118 return ResolverStats::decodeAll(stats32, stats);
119 }
120
SetResolversForNetwork(const std::vector<std::string> & servers,const std::vector<std::string> & domains,const std::vector<int> & params)121 bool DnsResponderClient::SetResolversForNetwork(const std::vector<std::string>& servers,
122 const std::vector<std::string>& domains,
123 const std::vector<int>& params) {
124 const auto& resolverParams =
125 makeResolverParamsParcel(TEST_NETID, params, servers, domains, "", {}, "");
126 const auto rv = mDnsResolvSrv->setResolverConfiguration(resolverParams);
127 return rv.isOk();
128 }
129
SetResolversWithTls(const std::vector<std::string> & servers,const std::vector<std::string> & domains,const std::vector<int> & params,const std::vector<std::string> & tlsServers,const std::string & name)130 bool DnsResponderClient::SetResolversWithTls(const std::vector<std::string>& servers,
131 const std::vector<std::string>& domains,
132 const std::vector<int>& params,
133 const std::vector<std::string>& tlsServers,
134 const std::string& name) {
135 const auto& resolverParams = makeResolverParamsParcel(TEST_NETID, params, servers, domains,
136 name, tlsServers, kCaCert);
137 const auto rv = mDnsResolvSrv->setResolverConfiguration(resolverParams);
138 if (!rv.isOk()) LOG(ERROR) << "SetResolversWithTls() -> " << rv.getMessage();
139 return rv.isOk();
140 }
141
SetResolversFromParcel(const ResolverParamsParcel & resolverParams)142 bool DnsResponderClient::SetResolversFromParcel(const ResolverParamsParcel& resolverParams) {
143 const auto rv = mDnsResolvSrv->setResolverConfiguration(resolverParams);
144 if (!rv.isOk()) LOG(ERROR) << "SetResolversFromParcel() -> " << rv.getMessage();
145 return rv.isOk();
146 }
147
GetDefaultResolverParamsParcel()148 ResolverParamsParcel DnsResponderClient::GetDefaultResolverParamsParcel() {
149 return makeResolverParamsParcel(TEST_NETID, kDefaultParams, kDefaultServers,
150 kDefaultSearchDomains, {} /* tlsHostname */, kDefaultServers,
151 kCaCert);
152 }
153
SetupDNSServers(unsigned numServers,const std::vector<Mapping> & mappings,std::vector<std::unique_ptr<test::DNSResponder>> * dns,std::vector<std::string> * servers)154 void DnsResponderClient::SetupDNSServers(unsigned numServers, const std::vector<Mapping>& mappings,
155 std::vector<std::unique_ptr<test::DNSResponder>>* dns,
156 std::vector<std::string>* servers) {
157 const char* listenSrv = "53";
158 dns->resize(numServers);
159 servers->resize(numServers);
160 for (unsigned i = 0; i < numServers; ++i) {
161 auto& server = (*servers)[i];
162 auto& d = (*dns)[i];
163 server = fmt::format("127.0.0.{}", i + 100);
164 d = std::make_unique<test::DNSResponder>(server, listenSrv, ns_rcode::ns_r_servfail);
165 for (const auto& mapping : mappings) {
166 d->addMapping(mapping.entry.c_str(), ns_type::ns_t_a, mapping.ip4.c_str());
167 d->addMapping(mapping.entry.c_str(), ns_type::ns_t_aaaa, mapping.ip6.c_str());
168 }
169 d->startServer();
170 }
171 }
172
SetupOemNetwork(int oemNetId)173 int DnsResponderClient::SetupOemNetwork(int oemNetId) {
174 mNetdSrv->networkDestroy(oemNetId);
175 mDnsResolvSrv->destroyNetworkCache(oemNetId);
176
177 ::ndk::ScopedAStatus ret;
178 if (DnsResponderClient::isRemoteVersionSupported(mNetdSrv, 6)) {
179 const auto& config = DnsResponderClient::makeNativeNetworkConfig(
180 oemNetId, NativeNetworkType::PHYSICAL, INetd::PERMISSION_NONE, /*secure=*/false);
181 ret = mNetdSrv->networkCreate(config);
182 } else {
183 // Only for presubmit tests that run mainline module (and its tests) on R or earlier images.
184 #pragma clang diagnostic push
185 #pragma clang diagnostic ignored "-Wdeprecated-declarations"
186 ret = mNetdSrv->networkCreatePhysical(oemNetId, INetd::PERMISSION_NONE);
187 #pragma clang diagnostic pop
188 }
189 if (!ret.isOk()) {
190 fprintf(stderr, "Creating physical network %d failed, %s\n", oemNetId, ret.getMessage());
191 return -1;
192 }
193 ret = mDnsResolvSrv->createNetworkCache(oemNetId);
194 if (!ret.isOk()) {
195 fprintf(stderr, "Creating network cache %d failed, %s\n", oemNetId, ret.getMessage());
196 return -1;
197 }
198 setNetworkForProcess(oemNetId);
199 if ((unsigned)oemNetId != getNetworkForProcess()) {
200 return -1;
201 }
202 return 0;
203 }
204
TearDownOemNetwork(int oemNetId)205 int DnsResponderClient::TearDownOemNetwork(int oemNetId) {
206 if (auto status = mNetdSrv->networkDestroy(oemNetId); !status.isOk()) {
207 fprintf(stderr, "Removing network %d failed, %s\n", oemNetId, status.getMessage());
208 return -1;
209 }
210 if (auto status = mDnsResolvSrv->destroyNetworkCache(oemNetId); !status.isOk()) {
211 fprintf(stderr, "Removing network cache %d failed, %s\n", oemNetId, status.getMessage());
212 return -1;
213 }
214 return 0;
215 }
216
SetUp()217 void DnsResponderClient::SetUp() {
218 // binder setup
219 ndk::SpAIBinder netdBinder = ndk::SpAIBinder(AServiceManager_getService("netd"));
220 mNetdSrv = INetd::fromBinder(netdBinder);
221 if (mNetdSrv.get() == nullptr) {
222 LOG(FATAL) << "Can't connect to service 'netd'. Missing root privileges? uid=" << getuid();
223 }
224
225 ndk::SpAIBinder resolvBinder = ndk::SpAIBinder(AServiceManager_getService("dnsresolver"));
226 mDnsResolvSrv = IDnsResolver::fromBinder(resolvBinder);
227 if (mDnsResolvSrv.get() == nullptr) {
228 LOG(FATAL) << "Can't connect to service 'dnsresolver'. Missing root privileges? uid="
229 << getuid();
230 }
231
232 // Ensure resolutions go via proxy.
233 setenv(ANDROID_DNS_MODE, "", 1);
234 SetupOemNetwork(TEST_NETID);
235 }
236
TearDown()237 void DnsResponderClient::TearDown() {
238 TearDownOemNetwork(TEST_NETID);
239 }
240
makeNativeNetworkConfig(int netId,NativeNetworkType networkType,int permission,bool secure)241 NativeNetworkConfig DnsResponderClient::makeNativeNetworkConfig(int netId,
242 NativeNetworkType networkType,
243 int permission, bool secure) {
244 NativeNetworkConfig config = {};
245 config.netId = netId;
246 config.networkType = networkType;
247 config.permission = permission;
248 config.secure = secure;
249 // The vpnType doesn't matter in AOSP. Just pick a well defined one from INetd.
250 config.vpnType = NativeVpnType::PLATFORM;
251 return config;
252 }
253