1 /*
2  * Copyright (C) 2014 The Android Open Source Project
3  * All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  *  * Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  *  * Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in
12  *    the documentation and/or other materials provided with the
13  *    distribution.
14  *
15  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
16  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
17  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
18  * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
19  * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
20  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
21  * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
22  * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
23  * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
24  * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
25  * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26  * SUCH DAMAGE.
27  */
28 
29 #pragma once
30 
31 #include <arpa/nameser.h>
32 #include <netinet/in.h>
33 
34 /*
35  * Passing NETID_UNSET as the netId causes system/netd/resolv/DnsProxyListener.cpp to
36  * fill in the appropriate default netId for the query.
37  */
38 #define NETID_UNSET 0u
39 
40 /*
41  * MARK_UNSET represents the default (i.e. unset) value for a socket mark.
42  */
43 #define MARK_UNSET 0u
44 
45 #define NET_CONTEXT_INVALID_UID ((uid_t)-1)
46 #define NET_CONTEXT_INVALID_PID ((pid_t)-1)
47 
48 /*
49  * A struct to capture context relevant to network operations.
50  *
51  * Application and DNS netids/marks can differ from one another under certain
52  * circumstances, notably when a VPN applies to the given uid's traffic but the
53  * VPN network does not have its own DNS servers explicitly provisioned.
54  *
55  * The introduction of per-UID routing means the uid is also an essential part
56  * of the evaluation context. Its proper uninitialized value is
57  * NET_CONTEXT_INVALID_UID.
58  */
59 struct android_net_context {
60     unsigned app_netid;
61     unsigned app_mark;
62     unsigned dns_netid;
63     unsigned dns_mark;
64     uid_t uid = NET_CONTEXT_INVALID_UID;
65     unsigned flags;
66     // Variable to store the pid of the application sending DNS query.
67     pid_t pid = NET_CONTEXT_INVALID_PID;
68 };
69 
70 #define NET_CONTEXT_FLAG_USE_LOCAL_NAMESERVERS 0x00000001
71 #define NET_CONTEXT_FLAG_USE_EDNS 0x00000002
72 #define NET_CONTEXT_FLAG_USE_DNS_OVER_TLS 0x00000004
73 
74 // TODO: investigate having the resolver check permissions itself, either by adding support to
75 // libbinder_ndk or by converting IPermissionController into a stable AIDL interface.
76 typedef bool (*check_calling_permission_callback)(const char* permission);
77 typedef void (*get_network_context_callback)(unsigned netid, uid_t uid,
78                                              android_net_context* netcontext);
79 typedef void (*log_callback)(const char* msg);
80 typedef int (*tagSocketCallback)(int sockFd, uint32_t tag, uid_t uid, pid_t pid);
81 
82 // The DnsResolver module invokes this callback once before starting each DNS
83 // lookup. The callback receives the android_net_context associated with the
84 // request, and the (possibly unqualified) hostname requested by the app via
85 // getaddrinfo() or gethostbyname().
86 //
87 // If the callback returns false, the DnsResolver will abort the request
88 // returning EAI_SYSTEM. If the callback returns true, the query will proceed as
89 // usual.
90 //
91 // If this callback is not present (i.e. set to nullptr), the effect is the same
92 // of returning true.
93 //
94 // This callback *will* be invoked concurrently from multiple threads. It must
95 // peform its own locking when accessing shared data structures. Furthermore,
96 // the callback must not sleep nor perform RPC requests.
97 //
98 // Be mindful that hostnames could contain sensitive user data. Do not log them
99 // and do not transmit them to third parties without explicit user
100 // authorization.
101 //
102 typedef bool (*evaluate_domain_name_callback)(
103     const android_net_context &netcontext, const char *host);
104 
105 /*
106  * Some functions needed by the resolver (e.g. checkCallingPermission()) live in
107  * libraries with no ABI stability guarantees, such as libbinder.so.
108  * As a temporary workaround, we keep these functions in netd and call them via
109  * function pointers.
110  */
111 struct ResolverNetdCallbacks {
112     check_calling_permission_callback check_calling_permission;
113     get_network_context_callback get_network_context;
114     log_callback log;
115     tagSocketCallback tagSocket;
116     evaluate_domain_name_callback evaluate_domain_name;
117 };
118 
119 #define TAG_SYSTEM_DNS 0xFFFFFF82
120 
121 #define LIBNETD_RESOLV_PUBLIC extern "C" [[gnu::visibility("default")]]
122 
123 LIBNETD_RESOLV_PUBLIC bool resolv_has_nameservers(unsigned netid);
124 
125 // Set callbacks and bring DnsResolver up.
126 LIBNETD_RESOLV_PUBLIC bool resolv_init(const ResolverNetdCallbacks* callbacks);
127 
128 // Function that performs RDNS in local cache. The |domain_name_size| is the size of domain_name
129 // buffer, which is recommended to NS_MAXDNAME. Function return false if hostname not found or
130 // domain_name_size > NS_MAXDNAME.
131 LIBNETD_RESOLV_PUBLIC bool resolv_gethostbyaddr_from_cache(unsigned netId, char domain_name[],
132                                                            size_t domain_name_size,
133                                                            const char* ip_address, int af);
134