LeOS-GSI/patches/LeOS-V/leos/platform_packages_modules_C.../1002-dnscheck.grapheneos.patch

406 lines
20 KiB
Diff
Raw Normal View History

2024-10-24 09:22:44 +02:00
From 83ac15c689a72695970f67ec228508b25e326cf8 Mon Sep 17 00:00:00 2001
From: harvey186 <harvey186@hotmail.com>
Date: Sat, 14 Sep 2024 13:13:58 +0200
Subject: [PATCH] dnscheck.grapheneos
Change-Id: I84a47b1ec1e359edd5cbe5d42ab32a9cc66be18a
---
.../connectivity/NetworkDiagnostics.java | 78 ++++++++++++++++---
.../com/android/cts/net/hostside/VpnTest.java | 4 +-
tests/cts/net/jni/NativeMultinetworkJni.cpp | 2 +-
.../cts/net/native/dns/NativeDnsAsyncTest.cpp | 8 +-
.../src/android/net/cts/DnsResolverTest.java | 2 +-
.../server/connectivity/DnsManagerTest.java | 44 +++++------
6 files changed, 99 insertions(+), 39 deletions(-)
diff --git a/service/src/com/android/server/connectivity/NetworkDiagnostics.java b/service/src/com/android/server/connectivity/NetworkDiagnostics.java
index 3db37e5..80585c4 100644
--- a/service/src/com/android/server/connectivity/NetworkDiagnostics.java
+++ b/service/src/com/android/server/connectivity/NetworkDiagnostics.java
@@ -30,6 +30,7 @@ import static com.android.net.module.util.NetworkStackConstants.IP_MTU;
import android.annotation.NonNull;
import android.annotation.Nullable;
import android.annotation.TargetApi;
+
import android.net.InetAddresses;
import android.net.LinkAddress;
import android.net.LinkProperties;
@@ -109,9 +110,9 @@ import javax.net.ssl.SSLSocketFactory;
public class NetworkDiagnostics {
private static final String TAG = "NetworkDiagnostics";
- private static final InetAddress TEST_DNS4 = InetAddresses.parseNumericAddress("8.8.8.8");
+ private static final InetAddress TEST_DNS4 = InetAddresses.parseNumericAddress("1.1.1.1");
private static final InetAddress TEST_DNS6 = InetAddresses.parseNumericAddress(
- "2001:4860:4860::8888");
+ "2606:4700:4700::1001");
// For brevity elsewhere.
private static final long now() {
@@ -700,10 +701,9 @@ public class NetworkDiagnostics {
// This needs to be fixed length so it can be dropped into the pre-canned packet.
final String sixRandomDigits = String.valueOf(mRandom.nextInt(900000) + 100000);
- appendDnsToMeasurementDescription(sixRandomDigits, mSocketAddress);
-
// Build a trivial DNS packet.
final byte[] dnsPacket = getDnsQueryPacket(sixRandomDigits);
+ appendDnsToMeasurementDescription(sixRandomDigits, mSocketAddress);
int count = 0;
mMeasurement.startTime = now();
@@ -737,9 +737,12 @@ public class NetworkDiagnostics {
close();
}
+ private String qnameEnding;
+
protected byte[] getDnsQueryPacket(String sixRandomDigits) {
byte[] rnd = sixRandomDigits.getBytes(StandardCharsets.US_ASCII);
- return new byte[] {
+
+ byte[] start = {
(byte) mRandom.nextInt(), (byte) mRandom.nextInt(), // [0-1] query ID
1, 0, // [2-3] flags; byte[2] = 1 for recursion desired (RD).
0, 1, // [4-5] QDCOUNT (number of queries)
@@ -748,20 +751,77 @@ public class NetworkDiagnostics {
0, 0, // [10-11] ARCOUNT (number of additional records)
17, rnd[0], rnd[1], rnd[2], rnd[3], rnd[4], rnd[5],
'-', 'a', 'n', 'd', 'r', 'o', 'i', 'd', '-', 'd', 's',
- 6, 'm', 'e', 't', 'r', 'i', 'c',
- 7, 'g', 's', 't', 'a', 't', 'i', 'c',
- 3, 'c', 'o', 'm',
+ };
+
+ final String qnameEnding;
+ qnameEnding = "dnscheck.grapheneos.org";
+
+ this.qnameEnding = qnameEnding;
+ byte[] middle = getQnameFragment(qnameEnding);
+
+ byte[] end = {
0, // null terminator of FQDN (root TLD)
0, (byte) mQueryType, // QTYPE
0, 1 // QCLASS, set to 1 = IN (Internet)
};
+
+ return concatByteArrays(start, middle, end);
+ }
+
+ private byte[] concatByteArrays(byte[]... arrs) {
+ int len = 0;
+ for (byte[] arr : arrs) {
+ if (Integer.MAX_VALUE - len < arr.length) {
+ // overflow
+ throw new IllegalArgumentException();
+ }
+ len += arr.length;
+ }
+ byte[] res = new byte[len];
+ int off = 0;
+ for (byte[] arr : arrs) {
+ int l = arr.length;
+ System.arraycopy(arr, 0, res, off, l);
+ off += l;
+ }
+ return res;
+ }
+
+ protected byte[] getQnameFragment(String hostnameFragment) {
+ String[] strArr = hostnameFragment.split("\\.");
+ int len = strArr.length;
+ byte[][] arr = new byte[len][];
+ for (int i = 0; i < len; ++i) {
+ arr[i] = getQnameLabel(strArr[i]);
+ }
+ return concatByteArrays(arr);
+ }
+
+ private byte[] getQnameLabel(String s) {
+ final int l = s.length();
+ if (l > 0b11_1111 /* 63 */) {
+ // should be a 6 bit number
+ throw new IllegalArgumentException(s);
+ }
+
+ byte[] res = new byte[1 + l];
+ res[0] = (byte) l;
+
+ for (int i = 0; i < l; ++i) {
+ int ch = s.charAt(i);
+ if (ch > 0x7f) {
+ throw new IllegalArgumentException(s);
+ }
+ res[1 + i] = (byte) ch;
+ }
+ return res;
}
protected void appendDnsToMeasurementDescription(
String sixRandomDigits, SocketAddress sockAddr) {
mMeasurement.description += " src{" + socketAddressToString(sockAddr) + "}"
+ " qtype{" + mQueryType + "}"
- + " qname{" + sixRandomDigits + "-android-ds.metric.gstatic.com}";
+ + " qname{" + sixRandomDigits + "-android-ds." + qnameEnding + "}";
}
}
diff --git a/tests/cts/hostside/app/src/com/android/cts/net/hostside/VpnTest.java b/tests/cts/hostside/app/src/com/android/cts/net/hostside/VpnTest.java
index 6134194..8a0eff8 100755
--- a/tests/cts/hostside/app/src/com/android/cts/net/hostside/VpnTest.java
+++ b/tests/cts/hostside/app/src/com/android/cts/net/hostside/VpnTest.java
@@ -834,7 +834,7 @@ public class VpnTest {
String privateDnsHostname;
if (strictMode) {
- privateDnsHostname = "vpncts-nx.metric.gstatic.com";
+ privateDnsHostname = "vpncts-nx.dnscheck.grapheneos.org";
Settings.Global.putString(cr, PRIVATE_DNS_SPECIFIER_SETTING, privateDnsHostname);
Settings.Global.putString(cr, PRIVATE_DNS_MODE_SETTING,
PRIVATE_DNS_MODE_PROVIDER_HOSTNAME);
@@ -845,7 +845,7 @@ public class VpnTest {
expectPrivateDnsHostname(privateDnsHostname);
- String randomName = "vpncts-" + new Random().nextInt(1000000000) + "-ds.metric.gstatic.com";
+ String randomName = "vpncts-" + new Random().nextInt(1000000000) + "-ds.dnscheck.grapheneos.org";
if (strictMode) {
// Strict mode private DNS is enabled. DNS lookups should fail, because the private DNS
// server name is invalid.
diff --git a/tests/cts/net/jni/NativeMultinetworkJni.cpp b/tests/cts/net/jni/NativeMultinetworkJni.cpp
index f2214a3..d971cbf 100644
--- a/tests/cts/net/jni/NativeMultinetworkJni.cpp
+++ b/tests/cts/net/jni/NativeMultinetworkJni.cpp
@@ -81,7 +81,7 @@
static const int MAXPACKET = 8 * 1024;
static const int TIMEOUT_MS = 15000;
static const char kHostname[] = "connectivitycheck.android.com";
-static const char kNxDomainName[] = "test1-nx.metric.gstatic.com";
+static const char kNxDomainName[] = "test1-nx.dnscheck.grapheneos.org";
static const char kGoogleName[] = "www.google.com";
int makeQuery(const char* name, int qtype, uint8_t* buf, size_t buflen) {
diff --git a/tests/cts/net/native/dns/NativeDnsAsyncTest.cpp b/tests/cts/net/native/dns/NativeDnsAsyncTest.cpp
index 68bd227..9d676ba 100644
--- a/tests/cts/net/native/dns/NativeDnsAsyncTest.cpp
+++ b/tests/cts/net/native/dns/NativeDnsAsyncTest.cpp
@@ -167,13 +167,13 @@ TEST_F(NativeDnsAsyncTest, Async_Send) {
TEST_F(NativeDnsAsyncTest, Async_NXDOMAIN) {
uint8_t buf[MAXPACKET] = {};
- int len = res_mkquery(ns_o_query, "test1-nx.metric.gstatic.com",
+ int len = res_mkquery(ns_o_query, "test1-nx.dnscheck.grapheneos.org",
ns_c_in, ns_t_a, nullptr, 0, nullptr, buf, sizeof(buf));
EXPECT_GT(len, 0);
int fd1 = android_res_nsend(NETWORK_UNSPECIFIED, buf, len, ANDROID_RESOLV_NO_CACHE_LOOKUP);
EXPECT_GE(fd1, 0);
- len = res_mkquery(ns_o_query, "test2-nx.metric.gstatic.com",
+ len = res_mkquery(ns_o_query, "test2-nx.dnscheck.grapheneos.org",
ns_c_in, ns_t_a, nullptr, 0, nullptr, buf, sizeof(buf));
EXPECT_GT(len, 0);
int fd2 = android_res_nsend(NETWORK_UNSPECIFIED, buf, len, ANDROID_RESOLV_NO_CACHE_LOOKUP);
@@ -183,11 +183,11 @@ TEST_F(NativeDnsAsyncTest, Async_NXDOMAIN) {
expectAnswersValid(fd1, AF_INET, ns_r_nxdomain);
fd1 = android_res_nquery(
- NETWORK_UNSPECIFIED, "test3-nx.metric.gstatic.com",
+ NETWORK_UNSPECIFIED, "test3-nx.dnscheck.grapheneos.org",
ns_c_in, ns_t_aaaa, ANDROID_RESOLV_NO_CACHE_LOOKUP);
EXPECT_GE(fd1, 0);
fd2 = android_res_nquery(
- NETWORK_UNSPECIFIED, "test4-nx.metric.gstatic.com",
+ NETWORK_UNSPECIFIED, "test4-nx.dnscheck.grapheneos.org",
ns_c_in, ns_t_aaaa, ANDROID_RESOLV_NO_CACHE_LOOKUP);
EXPECT_GE(fd2, 0);
expectAnswersValid(fd2, AF_INET6, ns_r_nxdomain);
diff --git a/tests/cts/net/src/android/net/cts/DnsResolverTest.java b/tests/cts/net/src/android/net/cts/DnsResolverTest.java
index 752891f..63e9c04 100644
--- a/tests/cts/net/src/android/net/cts/DnsResolverTest.java
+++ b/tests/cts/net/src/android/net/cts/DnsResolverTest.java
@@ -95,7 +95,7 @@ public class DnsResolverTest {
};
static final String TEST_DOMAIN = "www.google.com";
- static final String TEST_NX_DOMAIN = "test1-nx.metric.gstatic.com";
+ static final String TEST_NX_DOMAIN = "test1-nx.dnscheck.grapheneos.org";
static final String INVALID_PRIVATE_DNS_SERVER = "invalid.google";
static final String GOOGLE_PRIVATE_DNS_SERVER = "dns.google";
static final byte[] TEST_BLOB = new byte[]{
diff --git a/tests/unit/java/com/android/server/connectivity/DnsManagerTest.java b/tests/unit/java/com/android/server/connectivity/DnsManagerTest.java
index ea3d2dd..1757b2e 100644
--- a/tests/unit/java/com/android/server/connectivity/DnsManagerTest.java
+++ b/tests/unit/java/com/android/server/connectivity/DnsManagerTest.java
@@ -142,8 +142,8 @@ public class DnsManagerTest {
mDnsManager.getPrivateDnsConfig());
LinkProperties lp = new LinkProperties();
lp.setInterfaceName(TEST_IFACENAME);
- lp.addDnsServer(InetAddress.getByName("3.3.3.3"));
- lp.addDnsServer(InetAddress.getByName("4.4.4.4"));
+ lp.addDnsServer(InetAddress.getByName("9.9.9.9"));
+ lp.addDnsServer(InetAddress.getByName("9.9.9.9"));
// Send a validation event that is tracked on the alternate netId
final NetworkCapabilities nc = new NetworkCapabilities();
@@ -156,7 +156,7 @@ public class DnsManagerTest {
mDnsManager.flushVmDnsCache();
mDnsManager.updatePrivateDnsValidation(
new DnsManager.PrivateDnsValidationUpdate(TEST_NETID_ALTERNATE,
- InetAddress.parseNumericAddress("4.4.4.4"), "",
+ InetAddress.parseNumericAddress("9.9.9.9"), "",
VALIDATION_RESULT_SUCCESS));
LinkProperties fixedLp = new LinkProperties(lp);
mDnsManager.updatePrivateDnsStatus(TEST_NETID, fixedLp);
@@ -166,7 +166,7 @@ public class DnsManagerTest {
mDnsManager.updatePrivateDnsStatus(TEST_NETID_ALTERNATE, fixedLp);
assertTrue(fixedLp.isPrivateDnsActive());
assertNull(fixedLp.getPrivateDnsServerName());
- assertEquals(Arrays.asList(InetAddress.getByName("4.4.4.4")),
+ assertEquals(Arrays.asList(InetAddress.getByName("9.9.9.9")),
fixedLp.getValidatedPrivateDnsServers());
// Set up addresses for strict mode and switch to it.
@@ -181,7 +181,7 @@ public class DnsManagerTest {
ConnectivitySettingsManager.setPrivateDnsHostname(mCtx, "strictmode.com");
mDnsManager.updatePrivateDns(new Network(TEST_NETID),
new PrivateDnsConfig("strictmode.com", new InetAddress[] {
- InetAddress.parseNumericAddress("6.6.6.6"),
+ InetAddress.parseNumericAddress("9.9.9.9"),
InetAddress.parseNumericAddress("2001:db8:66:66::1")
}));
mDnsManager.updateCapabilitiesForNetwork(TEST_NETID, nc);
@@ -196,11 +196,11 @@ public class DnsManagerTest {
// Validate one.
mDnsManager.updatePrivateDnsValidation(
new DnsManager.PrivateDnsValidationUpdate(TEST_NETID,
- InetAddress.parseNumericAddress("6.6.6.6"), "strictmode.com",
+ InetAddress.parseNumericAddress("9.9.9.9"), "strictmode.com",
VALIDATION_RESULT_SUCCESS));
fixedLp = new LinkProperties(lp);
mDnsManager.updatePrivateDnsStatus(TEST_NETID, fixedLp);
- assertEquals(Arrays.asList(InetAddress.parseNumericAddress("6.6.6.6")),
+ assertEquals(Arrays.asList(InetAddress.parseNumericAddress("9.9.9.9")),
fixedLp.getValidatedPrivateDnsServers());
// Validate the 2nd one.
mDnsManager.updatePrivateDnsValidation(
@@ -211,7 +211,7 @@ public class DnsManagerTest {
mDnsManager.updatePrivateDnsStatus(TEST_NETID, fixedLp);
assertEquals(Arrays.asList(
InetAddress.parseNumericAddress("2001:db8:66:66::1"),
- InetAddress.parseNumericAddress("6.6.6.6")),
+ InetAddress.parseNumericAddress("9.9.9.9")),
fixedLp.getValidatedPrivateDnsServers());
}
@@ -220,7 +220,7 @@ public class DnsManagerTest {
// The PrivateDnsConfig map is empty, so no validation events will
// be tracked.
LinkProperties lp = new LinkProperties();
- lp.addDnsServer(InetAddress.getByName("3.3.3.3"));
+ lp.addDnsServer(InetAddress.getByName("9.9.9.9"));
final NetworkCapabilities nc = new NetworkCapabilities();
nc.setTransportTypes(TEST_TRANSPORT_TYPES);
mDnsManager.updateCapabilitiesForNetwork(TEST_NETID, nc);
@@ -228,7 +228,7 @@ public class DnsManagerTest {
mDnsManager.flushVmDnsCache();
mDnsManager.updatePrivateDnsValidation(
new DnsManager.PrivateDnsValidationUpdate(TEST_NETID,
- InetAddress.parseNumericAddress("3.3.3.3"), "",
+ InetAddress.parseNumericAddress("9.9.9.9"), "",
VALIDATION_RESULT_SUCCESS));
mDnsManager.updatePrivateDnsStatus(TEST_NETID, lp);
assertFalse(lp.isPrivateDnsActive());
@@ -242,7 +242,7 @@ public class DnsManagerTest {
mDnsManager.flushVmDnsCache();
mDnsManager.updatePrivateDnsValidation(
new DnsManager.PrivateDnsValidationUpdate(TEST_NETID_UNTRACKED,
- InetAddress.parseNumericAddress("3.3.3.3"), "",
+ InetAddress.parseNumericAddress("9.9.9.9"), "",
VALIDATION_RESULT_SUCCESS));
mDnsManager.updatePrivateDnsStatus(TEST_NETID, lp);
assertFalse(lp.isPrivateDnsActive());
@@ -251,7 +251,7 @@ public class DnsManagerTest {
// Validation event has untracked ipAddress
mDnsManager.updatePrivateDnsValidation(
new DnsManager.PrivateDnsValidationUpdate(TEST_NETID,
- InetAddress.parseNumericAddress("4.4.4.4"), "",
+ InetAddress.parseNumericAddress("9.9.9.9"), "",
VALIDATION_RESULT_SUCCESS));
mDnsManager.updatePrivateDnsStatus(TEST_NETID, lp);
assertFalse(lp.isPrivateDnsActive());
@@ -260,7 +260,7 @@ public class DnsManagerTest {
// Validation event has untracked hostname
mDnsManager.updatePrivateDnsValidation(
new DnsManager.PrivateDnsValidationUpdate(TEST_NETID,
- InetAddress.parseNumericAddress("3.3.3.3"), "hostname",
+ InetAddress.parseNumericAddress("9.9.9.9"), "hostname",
VALIDATION_RESULT_SUCCESS));
mDnsManager.updatePrivateDnsStatus(TEST_NETID, lp);
assertFalse(lp.isPrivateDnsActive());
@@ -269,7 +269,7 @@ public class DnsManagerTest {
// Validation event failed
mDnsManager.updatePrivateDnsValidation(
new DnsManager.PrivateDnsValidationUpdate(TEST_NETID,
- InetAddress.parseNumericAddress("3.3.3.3"), "",
+ InetAddress.parseNumericAddress("9.9.9.9"), "",
VALIDATION_RESULT_FAILURE));
mDnsManager.updatePrivateDnsStatus(TEST_NETID, lp);
assertFalse(lp.isPrivateDnsActive());
@@ -279,7 +279,7 @@ public class DnsManagerTest {
mDnsManager.removeNetwork(new Network(TEST_NETID));
mDnsManager.updatePrivateDnsValidation(
new DnsManager.PrivateDnsValidationUpdate(TEST_NETID,
- InetAddress.parseNumericAddress("3.3.3.3"), "", VALIDATION_RESULT_SUCCESS));
+ InetAddress.parseNumericAddress("9.9.9.9"), "", VALIDATION_RESULT_SUCCESS));
mDnsManager.updatePrivateDnsStatus(TEST_NETID, lp);
assertFalse(lp.isPrivateDnsActive());
assertNull(lp.getPrivateDnsServerName());
@@ -293,7 +293,7 @@ public class DnsManagerTest {
mDnsManager.flushVmDnsCache();
mDnsManager.updatePrivateDnsValidation(
new DnsManager.PrivateDnsValidationUpdate(TEST_NETID,
- InetAddress.parseNumericAddress("3.3.3.3"), "",
+ InetAddress.parseNumericAddress("9.9.9.9"), "",
VALIDATION_RESULT_SUCCESS));
mDnsManager.updatePrivateDnsStatus(TEST_NETID, lp);
assertFalse(lp.isPrivateDnsActive());
@@ -331,8 +331,8 @@ public class DnsManagerTest {
mDnsManager.getPrivateDnsConfig());
final LinkProperties lp = new LinkProperties();
lp.setInterfaceName(TEST_IFACENAME);
- lp.addDnsServer(InetAddress.getByName("3.3.3.3"));
- lp.addDnsServer(InetAddress.getByName("4.4.4.4"));
+ lp.addDnsServer(InetAddress.getByName("9.9.9.9"));
+ lp.addDnsServer(InetAddress.getByName("9.9.9.9"));
final NetworkCapabilities nc = new NetworkCapabilities();
nc.setTransportTypes(TEST_TRANSPORT_TYPES);
mDnsManager.updateCapabilitiesForNetwork(TEST_NETID, nc);
@@ -345,10 +345,10 @@ public class DnsManagerTest {
expectedParams.successThreshold = TEST_DEFAULT_SUCCESS_THRESHOLD_PERCENT;
expectedParams.minSamples = TEST_DEFAULT_MIN_SAMPLES;
expectedParams.maxSamples = TEST_DEFAULT_MAX_SAMPLES;
- expectedParams.servers = new String[]{"3.3.3.3", "4.4.4.4"};
+ expectedParams.servers = new String[]{"9.9.9.9", "9.9.9.9"};
expectedParams.domains = new String[]{};
expectedParams.tlsName = "";
- expectedParams.tlsServers = new String[]{"3.3.3.3", "4.4.4.4"};
+ expectedParams.tlsServers = new String[]{"9.9.9.9", "9.9.9.9"};
expectedParams.transportTypes = TEST_TRANSPORT_TYPES;
expectedParams.resolverOptions = null;
expectedParams.meteredNetwork = true;
@@ -379,9 +379,9 @@ public class DnsManagerTest {
@Test
public void testGetPrivateDnsConfigForNetwork() throws Exception {
final Network network = new Network(TEST_NETID);
- final InetAddress dnsAddr = InetAddressUtils.parseNumericAddress("3.3.3.3");
+ final InetAddress dnsAddr = InetAddressUtils.parseNumericAddress("9.9.9.9");
final InetAddress[] tlsAddrs = new InetAddress[]{
- InetAddressUtils.parseNumericAddress("6.6.6.6"),
+ InetAddressUtils.parseNumericAddress("9.9.9.9"),
InetAddressUtils.parseNumericAddress("2001:db8:66:66::1")
};
final String tlsName = "strictmode.com";
--
2.34.1