Gitiles
Code Review Sign In
review.blissroms.org / platform_packages_modules_DnsResolver / b9a10a82912cb33f05d44f0d0d2744edf5bc2d25
commitb9a10a82912cb33f05d44f0d0d2744edf5bc2d25[log] [tgz]
authorLuke Huang <huangluke@google.com>Thu May 28 10:40:22 2020 +0000
committerLuke Huang <huangluke@google.com>Fri May 29 16:44:46 2020 +0000
treebcb4c9061e235a0f77712ad52b5edcabda5ce527
parent638d7e4e02367ba25eecefb9f7fc05b4d740e459 [diff]
Fix the side channel attack by using aysnc DnsResolver API with FLAG_NO_CACHE_STORE

Before this CL, FLAG_NO_CACHE_STORE could be used to perform side
channel attack. Because this flag ensures the result is never
added to the cache, but will return a cached response if one exists.
So make FLAG_NO_CACHE_STORE imply FLAG_NO_CACHE_LOOKUP to block the
possibility of side channel attacking.

Bug: 150371903
Test: atest
Merged-In: I37391ffe315b90c0cdfd86888c6bf68b2b89f601

Change-Id: I94d8544d85c615ee985d70e9aeb8f368f100cf9b
(cherry picked from commit 9931b28c98218dac4fa50288b4deb10da85073f1)
3 files changed
tree: bcb4c9061e235a0f77712ad52b5edcabda5ce527
  1. aidl_api/
  2. apex/
  3. binder/
  4. include/
  5. tests/
  6. .clang-format ⇨ ../../../build/soong/scripts/system-clang-format
  7. .editorconfig
  8. Android.bp
  9. Dns64Configuration.cpp
  10. Dns64Configuration.h
  11. DnsProxyListener.cpp
  12. DnsProxyListener.h
  13. DnsQueryLog.cpp
  14. DnsQueryLog.h
  15. DnsQueryLogTest.cpp
  16. DnsResolver.cpp
  17. DnsResolver.h
  18. DnsResolverService.cpp
  19. DnsResolverService.h
  20. DnsStats.cpp
  21. DnsStats.h
  22. DnsStatsTest.cpp
  23. DnsTlsDispatcher.cpp
  24. DnsTlsDispatcher.h
  25. DnsTlsQueryMap.cpp
  26. DnsTlsQueryMap.h
  27. DnsTlsServer.cpp
  28. DnsTlsServer.h
  29. DnsTlsSessionCache.cpp
  30. DnsTlsSessionCache.h
  31. DnsTlsSocket.cpp
  32. DnsTlsSocket.h
  33. DnsTlsSocketFactory.h
  34. DnsTlsTransport.cpp
  35. DnsTlsTransport.h
  36. Experiments.cpp
  37. Experiments.h
  38. ExperimentsTest.cpp
  39. getaddrinfo.cpp
  40. getaddrinfo.h
  41. gethnamaddr.cpp
  42. gethnamaddr.h
  43. hostent.h
  44. IDnsTlsSocket.h
  45. IDnsTlsSocketFactory.h
  46. IDnsTlsSocketObserver.h
  47. libnetd_resolv.map.txt
  48. LockedQueue.h
  49. NOTICE
  50. OWNERS
  51. params.h
  52. PREUPLOAD.cfg
  53. PrivateDnsConfiguration.cpp
  54. PrivateDnsConfiguration.h
  55. README-DoT.md
  56. README.md
  57. res_cache.cpp
  58. res_comp.cpp
  59. res_comp.h
  60. res_debug.cpp
  61. res_debug.h
  62. res_init.cpp
  63. res_init.h
  64. res_mkquery.cpp
  65. res_query.cpp
  66. res_send.cpp
  67. res_send.h
  68. res_stats.cpp
  69. resolv_cache.h
  70. resolv_cache_unit_test.cpp
  71. resolv_callback_unit_test.cpp
  72. resolv_private.h
  73. resolv_test_config_template.xml
  74. resolv_tls_unit_test.cpp
  75. resolv_unit_test.cpp
  76. ResolverController.cpp
  77. ResolverController.h
  78. ResolverEventReporter.cpp
  79. ResolverEventReporter.h
  80. ResolverStats.h
  81. sethostent.cpp
  82. stats.h
  83. stats.proto
  84. TEST_MAPPING
  85. util.cpp
  86. util.h
README.md

Logging

This code uses LOG(X) for logging. Log levels are VERBOSE,DEBUG,INFO,WARNING and ERROR. The default setting is WARNING and logs relate to WARNING and ERROR will be shown. If you want to enable the DEBUG level logs, using following command. adb shell service call dnsresolver 10 i32 1 VERBOSE 0 DEBUG 1 INFO 2 WARNING 3 ERROR 4 Verbose resolver logs could contain PII -- do NOT enable in production builds.