Disable internal DNS resolver when Android P using private DNS

Bug: 842456
Change-Id: I8f0c17cd50c75987c051e62344ac5e907e1b1133
Reviewed-on: https://chromium-review.googlesource.com/1065463Reviewed-by: Misha Efimov <mef@chromium.org>
Commit-Queue: Paul Jensen <pauljensen@chromium.org>
Cr-Commit-Position: refs/heads/master@{#562584}

net/android/java/src/org/chromium/net/AndroidNetworkLibrary.java

@@ -23,6 +23,7 @@ import android.security.NetworkSecurityPolicy;
 import android.telephony.TelephonyManager;
 import android.util.Log;
 
+import org.chromium.base.BuildInfo;
 import org.chromium.base.ContextUtils;
 import org.chromium.base.VisibleForTesting;
 import org.chromium.base.annotations.CalledByNative;
@@ -281,6 +282,10 @@ class AndroidNetworkLibrary {
         }
     }
 
+    /**
+     * Returns list of IP addresses of DNS servers.
+     * If private DNS is active, then returns a 1x1 array.
+     */
     @TargetApi(Build.VERSION_CODES.M)
     @CalledByNative
     private static byte[][] getDnsServers() {
@@ -298,6 +303,19 @@ class AndroidNetworkLibrary {
         if (linkProperties == null) {
             return new byte[0][0];
         }
+        if (BuildInfo.isAtLeastP()) {
+            // TODO(pauljensen): When Android P SDK is available, remove reflection.
+            try {
+                if (((Boolean) linkProperties.getClass()
+                                    .getMethod("isPrivateDnsActive")
+                                    .invoke(linkProperties))
+                                .booleanValue()) {
+                    return new byte[1][1];
+                }
+            } catch (Exception e) {
+                Log.e(TAG, "Can not call LinkProperties.isPrivateDnsActive():", e);
+            }
+        }
         List<InetAddress> dnsServersList = linkProperties.getDnsServers();
         byte[][] dnsServers = new byte[dnsServersList.size()][];
         for (int i = 0; i < dnsServersList.size(); i++) {

net/android/network_library.cc

@@ -123,12 +123,17 @@ std::string GetWifiSSID() {
           base::android::AttachCurrentThread()));
 }
 
-void GetDnsServers(std::vector<IPEndPoint>* dns_servers) {
+internal::ConfigParsePosixResult GetDnsServers(
+    std::vector<IPEndPoint>* dns_servers) {
   JNIEnv* env = AttachCurrentThread();
   std::vector<std::string> dns_servers_strings;
   base::android::JavaArrayOfByteArrayToStringVector(
       env, Java_AndroidNetworkLibrary_getDnsServers(env).obj(),
       &dns_servers_strings);
+  if (dns_servers_strings.size() == 0)
+    return internal::CONFIG_PARSE_POSIX_NO_NAMESERVERS;
+  if (dns_servers_strings.size() == 1 && dns_servers_strings[0].size() == 1)
+    return internal::CONFIG_PARSE_POSIX_PRIVATE_DNS_ACTIVE;
   for (const std::string& dns_address_string : dns_servers_strings) {
     IPAddress dns_address(
         reinterpret_cast<const uint8_t*>(dns_address_string.c_str()),
@@ -136,6 +141,7 @@ void GetDnsServers(std::vector<IPEndPoint>* dns_servers) {
     IPEndPoint dns_server(dns_address, dns_protocol::kDefaultPort);
     dns_servers->push_back(dns_server);
   }
+  return internal::CONFIG_PARSE_POSIX_OK;
 }
 
 void TagSocket(SocketDescriptor socket, uid_t uid, int32_t tag) {

net/android/network_library.h

@@ -17,6 +17,7 @@
 #include "net/base/ip_endpoint.h"
 #include "net/base/mime_util.h"
 #include "net/base/net_export.h"
+#include "net/dns/dns_config_service_posix.h"
 #include "net/socket/socket_descriptor.h"
 
 namespace net {
@@ -86,7 +87,11 @@ NET_EXPORT_PRIVATE std::string GetWifiSSID();
 
 // Gets the DNS servers and puts them in |dns_servers|.
 // Only callable on Marshmallow and newer releases.
-NET_EXPORT_PRIVATE void GetDnsServers(std::vector<IPEndPoint>* dns_servers);
+// Returns CONFIG_PARSE_POSIX_OK upon success,
+// CONFIG_PARSE_POSIX_NO_NAMESERVERS if no DNS servers found, or
+// CONFIG_PARSE_POSIX_PRIVATE_DNS_ACTIVE if private DNS active.
+NET_EXPORT_PRIVATE internal::ConfigParsePosixResult GetDnsServers(
+    std::vector<IPEndPoint>* dns_servers);
 
 // Apply TrafficStats tag |tag| and UID |uid| to |socket|. Future network
 // traffic used by |socket| will be attributed to |uid| and |tag|.

net/dns/dns_config_service_posix.cc

@@ -143,9 +143,9 @@ bool IsVpnPresent() {
 
 ConfigParsePosixResult ReadDnsConfig(DnsConfig* dns_config) {
   base::ScopedBlockingCall scoped_blocking_call(base::BlockingType::MAY_BLOCK);
+  dns_config->unhandled_options = false;
 #if !defined(OS_ANDROID)
   ConfigParsePosixResult result;
-  dns_config->unhandled_options = false;
 // TODO(fuchsia): Use res_ninit() when it's implemented on Fuchsia.
 #if defined(OS_OPENBSD) || defined(OS_FUCHSIA)
   // Note: res_ninit in glibc always returns 0 and sets RES_INIT.
@@ -189,23 +189,11 @@ ConfigParsePosixResult ReadDnsConfig(DnsConfig* dns_config) {
   dns_config->timeout = base::TimeDelta::FromMilliseconds(kDnsDefaultTimeoutMs);
   return result;
 #else  // defined(OS_ANDROID)
-// Theoretically, this is bad. __system_property_get is not a supported API
-// (but it's currently visible to anyone using Bionic), and the properties
-// are implementation details that may disappear in future Android releases.
-// Practically, libcutils provides property_get, which is a public API, and the
-// DNS code (and its clients) are already robust against failing to get the DNS
-// config for whatever reason, so the properties can disappear and the world
-// won't end.
-// TODO(juliatuttle): Depend on libcutils, then switch this (and other uses of
-//                    __system_property_get) to property_get.
   dns_config->nameservers.clear();
 
   if (base::android::BuildInfo::GetInstance()->sdk_int() >=
       base::android::SDK_VERSION_MARSHMALLOW) {
-    net::android::GetDnsServers(&dns_config->nameservers);
-    if (dns_config->nameservers.empty())
-      return CONFIG_PARSE_POSIX_NO_NAMESERVERS;
-    return CONFIG_PARSE_POSIX_OK;
+    return net::android::GetDnsServers(&dns_config->nameservers);
   }
 
   if (IsVpnPresent()) {
@@ -213,6 +201,9 @@ ConfigParsePosixResult ReadDnsConfig(DnsConfig* dns_config) {
     return CONFIG_PARSE_POSIX_UNHANDLED_OPTIONS;
   }
 
+  // NOTE(pauljensen): __system_property_get and the net.dns1/2 properties are
+  // not supported APIs, but they're only read on pre-Marshmallow Android which
+  // was released years ago and isn't changing.
   char property_value[PROP_VALUE_MAX];
   __system_property_get("net.dns1", property_value);
   std::string dns1_string = property_value;

net/dns/dns_config_service_posix.h

@@ -63,6 +63,7 @@ enum ConfigParsePosixResult {
   CONFIG_PARSE_POSIX_MISSING_OPTIONS,
   CONFIG_PARSE_POSIX_UNHANDLED_OPTIONS,
   CONFIG_PARSE_POSIX_NO_DNSINFO,
+  CONFIG_PARSE_POSIX_PRIVATE_DNS_ACTIVE,
   CONFIG_PARSE_POSIX_MAX  // Bounding values for enumeration.
 };