Program local and TLS servers, and allow TLS-bypass
This change comprises several parts:
[1] Define a wasExplicitlyConfigured() notion on a DnsTlsServer to
indicate whether the hostname or any fingerprints have been
explicitly set. A DnsTlsServer not wasExplicitlyConfigured()
implies opportunistic mode.
[2] The locally-assigned DNS servers get set in bionic, and the TLS
servers get set in ResolverController.
[3] ResolverController::getPrivateDnsMode returns the Private DNS mode
configured for a given netid.
[4] ResolverController::getValidatedTlsServers() returns a list of
validated DnsTlsServers for a given netid.
[5] The mode and a non-empty list together instruct the qhook in
DnsProxyListener to hand a query off to the DnsTlsDispatcher.
[6] The DnsTlsDispatcher iterates over the list of DnsTlsServers,
preferring servers for which connections already exist.
[7] Enable EDNS0 for DNS-over-TLS queries (set the appropriate flag
in the android_net_context.flags field).
[8] Introduce NETID_USE_LOCAL_NAMESERVERS flag for setting the high
bit of netids in order to pass this informatin across the
app<->netd boundary.
[9] Update setNetworkForResolv and getNetworkForResolv to handle the
NETID_USE_LOCAL_NAMESERVERS flag accordingly.
[10] DnsProxyListener translates the NETID_USE_LOCAL_NAMESERVERS bit
into the NET_CONTEXT_FLAG_USE_LOCAL_NAMESERVERS flag.
Test: as follows
- built
- flashed
- booted
- ./system/netd/tests/runtests.sh passes
Bug: 34953048
Bug: 64133961
Bug: 72345192
Bug: 76103007
Merged-In: Iad6f062fcc4fd49e347a1acc2410dfa80446d9d8
Merged-In: Ib1e98506bb3bf2ae22cbd8fca62a56d11c56357b
Change-Id: Ib564c6a23c44b36755418fd1557cd86ea54dae44
(cherry picked from commit 1564d488b7904bec24f045f2ae728146023de490)
15 files changed