diff options
| author | Chalard Jean <jchalard@google.com> | 2019-05-10 09:39:17 +0000 |
|---|---|---|
| committer | Gerrit Code Review <noreply-gerritcodereview@google.com> | 2019-05-10 09:39:17 +0000 |
| commit | 479697e4afb605a39b1404b549b2b8fb8574612e (patch) | |
| tree | 08f54d33445c5be7c3114125aceab140174100ae /src | |
| parent | ffa16b2cd5a9fe56d127269269ec632e3185a3c5 (diff) | |
| parent | 6d39cb7df4a1ec84878a11d4f169fc77bbe9c28d (diff) | |
Merge "Support strict mode private DNS on VPNs that provide Internet."
Diffstat (limited to 'src')
| -rw-r--r-- | src/com/android/server/connectivity/NetworkMonitor.java | 20 |
1 files changed, 17 insertions, 3 deletions
diff --git a/src/com/android/server/connectivity/NetworkMonitor.java b/src/com/android/server/connectivity/NetworkMonitor.java index 7bdf396..8e9350d 100644 --- a/src/com/android/server/connectivity/NetworkMonitor.java +++ b/src/com/android/server/connectivity/NetworkMonitor.java @@ -520,6 +520,9 @@ public class NetworkMonitor extends StateMachine { return NetworkMonitorUtils.isValidationRequired(mNetworkCapabilities); } + private boolean isPrivateDnsValidationRequired() { + return NetworkMonitorUtils.isPrivateDnsValidationRequired(mNetworkCapabilities); + } private void notifyNetworkTested(int result, @Nullable String redirectUrl) { try { @@ -607,7 +610,7 @@ public class NetworkMonitor extends StateMachine { return HANDLED; case CMD_PRIVATE_DNS_SETTINGS_CHANGED: { final PrivateDnsConfig cfg = (PrivateDnsConfig) message.obj; - if (!isValidationRequired() || cfg == null || !cfg.inStrictMode()) { + if (!isPrivateDnsValidationRequired() || cfg == null || !cfg.inStrictMode()) { // No DNS resolution required. // // We don't force any validation in opportunistic mode @@ -843,9 +846,20 @@ public class NetworkMonitor extends StateMachine { // the network so don't bother validating here. Furthermore sending HTTP // packets over the network may be undesirable, for example an extremely // expensive metered network, or unwanted leaking of the User Agent string. + // + // On networks that need to support private DNS in strict mode (e.g., VPNs, but + // not networks that don't provide Internet access), we still need to perform + // private DNS server resolution. if (!isValidationRequired()) { - validationLog("Network would not satisfy default request, not validating"); - transitionTo(mValidatedState); + if (isPrivateDnsValidationRequired()) { + validationLog("Network would not satisfy default request, " + + "resolving private DNS"); + transitionTo(mEvaluatingPrivateDnsState); + } else { + validationLog("Network would not satisfy default request, " + + "not validating"); + transitionTo(mValidatedState); + } return HANDLED; } mEvaluateAttempts++; |