Gitiles
Code Review Sign In
review.blissroms.org / platform_packages_modules_DnsResolver / c3239859e01a2570808aded1ddb9ef2e63168622
commitc3239859e01a2570808aded1ddb9ef2e63168622[log] [tgz]
authorKen Chen <cken@google.com>Fri Jul 24 17:30:16 2020 +0800
committerKen Chen <cken@google.com>Mon Aug 24 21:49:40 2020 +0800
tree70d04dcf67a466b2bb97bac4f7d0ef909a18e5af
parent957333d2a99861bc9e01a96605a6de1f4ea4cabd [diff]
Check security context in CA certificate injection

For binder clients trying to inject CA certificates, DNS resolver not
only checks its uid, but also security context. The purpose of these is
to reduce the possibility of certificate injection being misused except
for tests.

Bug: 162055050
Test: atest
      resolv_integration_test:ResolverTest#PermissionCheckOnCertificateInjection
Change-Id: I75bcf852d147b72c9045ec15ed3cb9684579fe3c
1 file changed
tree: 70d04dcf67a466b2bb97bac4f7d0ef909a18e5af
  1. aidl_api/
  2. apex/
  3. binder/
  4. include/
  5. tests/
  6. .clang-format ⇨ ../../../build/soong/scripts/system-clang-format
  7. .editorconfig
  8. Android.bp
  9. Dns64Configuration.cpp
  10. Dns64Configuration.h
  11. DnsProxyListener.cpp
  12. DnsProxyListener.h
  13. DnsQueryLog.cpp
  14. DnsQueryLog.h
  15. DnsQueryLogTest.cpp
  16. DnsResolver.cpp
  17. DnsResolver.h
  18. DnsResolverService.cpp
  19. DnsResolverService.h
  20. DnsStats.cpp
  21. DnsStats.h
  22. DnsStatsTest.cpp
  23. DnsTlsDispatcher.cpp
  24. DnsTlsDispatcher.h
  25. DnsTlsQueryMap.cpp
  26. DnsTlsQueryMap.h
  27. DnsTlsServer.cpp
  28. DnsTlsServer.h
  29. DnsTlsSessionCache.cpp
  30. DnsTlsSessionCache.h
  31. DnsTlsSocket.cpp
  32. DnsTlsSocket.h
  33. DnsTlsSocketFactory.h
  34. DnsTlsTransport.cpp
  35. DnsTlsTransport.h
  36. Experiments.cpp
  37. Experiments.h
  38. ExperimentsTest.cpp
  39. getaddrinfo.cpp
  40. getaddrinfo.h
  41. gethnamaddr.cpp
  42. gethnamaddr.h
  43. hostent.h
  44. IDnsTlsSocket.h
  45. IDnsTlsSocketFactory.h
  46. IDnsTlsSocketObserver.h
  47. libnetd_resolv.map.txt
  48. LockedQueue.h
  49. NOTICE
  50. OWNERS
  51. params.h
  52. PREUPLOAD.cfg
  53. PrivateDnsConfiguration.cpp
  54. PrivateDnsConfiguration.h
  55. README-DoT.md
  56. README.md
  57. res_cache.cpp
  58. res_comp.cpp
  59. res_comp.h
  60. res_debug.cpp
  61. res_debug.h
  62. res_init.cpp
  63. res_init.h
  64. res_mkquery.cpp
  65. res_query.cpp
  66. res_send.cpp
  67. res_send.h
  68. res_stats.cpp
  69. resolv_cache.h
  70. resolv_cache_unit_test.cpp
  71. resolv_callback_unit_test.cpp
  72. resolv_private.h
  73. resolv_test_config_template.xml
  74. resolv_tls_unit_test.cpp
  75. resolv_unit_test.cpp
  76. ResolverController.cpp
  77. ResolverController.h
  78. ResolverEventReporter.cpp
  79. ResolverEventReporter.h
  80. ResolverStats.h
  81. sethostent.cpp
  82. stats.h
  83. stats.proto
  84. TEST_MAPPING
  85. util.cpp
  86. util.h
README.md

Logging

This code uses LOG(X) for logging. Log levels are VERBOSE,DEBUG,INFO,WARNING and ERROR. The default setting is WARNING and logs relate to WARNING and ERROR will be shown. If you want to enable the DEBUG level logs, using following command. adb shell service call dnsresolver 10 i32 1 VERBOSE 0 DEBUG 1 INFO 2 WARNING 3 ERROR 4 Verbose resolver logs could contain PII -- do NOT enable in production builds.