From bccbd009edf909747a47cdfaa4cbd34343fb13b1 Mon Sep 17 00:00:00 2001 From: Ben Schwartz Date: Mon, 2 Oct 2017 13:27:13 -0400 Subject: [PATCH] Add a global setting to disable DNS over TLS Bug: 63449024 Test: Manual. Appears to work. Change-Id: Ib3b58bfff5951240a2e02f18c362efa96635ef4f --- core/java/android/provider/Settings.java | 7 +++++++ .../src/android/provider/SettingsBackupTest.java | 10 +++++++--- packages/SettingsLib/res/values/strings.xml | 6 ++++++ .../com/android/server/NetworkManagementService.java | 3 ++- 4 files changed, 22 insertions(+), 4 deletions(-) diff --git a/core/java/android/provider/Settings.java b/core/java/android/provider/Settings.java index c3b84b7be753c..74bb618976b75 100755 --- a/core/java/android/provider/Settings.java +++ b/core/java/android/provider/Settings.java @@ -9016,6 +9016,13 @@ public final class Settings { */ public static final String DEFAULT_DNS_SERVER = "default_dns_server"; + /** + * Whether to disable DNS over TLS (boolean) + * + * @hide + */ + public static final String DNS_TLS_DISABLED = "dns_tls_disabled"; + /** {@hide} */ public static final String BLUETOOTH_HEADSET_PRIORITY_PREFIX = "bluetooth_headset_priority_"; diff --git a/core/tests/coretests/src/android/provider/SettingsBackupTest.java b/core/tests/coretests/src/android/provider/SettingsBackupTest.java index d875ed4e5ec55..1a0c7df2d428b 100644 --- a/core/tests/coretests/src/android/provider/SettingsBackupTest.java +++ b/core/tests/coretests/src/android/provider/SettingsBackupTest.java @@ -17,9 +17,11 @@ package android.provider; import static com.google.android.collect.Sets.newHashSet; + import static org.hamcrest.MatcherAssert.assertThat; import static org.hamcrest.Matchers.empty; import static org.hamcrest.Matchers.is; + import static java.lang.reflect.Modifier.isFinal; import static java.lang.reflect.Modifier.isPublic; import static java.lang.reflect.Modifier.isStatic; @@ -28,14 +30,15 @@ import android.platform.test.annotations.Presubmit; import android.support.test.filters.SmallTest; import android.support.test.runner.AndroidJUnit4; +import org.junit.Test; +import org.junit.runner.RunWith; + import java.lang.reflect.Field; import java.util.HashSet; import java.util.Set; -import org.junit.Test; -import org.junit.runner.RunWith; - /** Tests that ensure appropriate settings are backed up. */ +@Presubmit @RunWith(AndroidJUnit4.class) @SmallTest public class SettingsBackupTest { @@ -175,6 +178,7 @@ public class SettingsBackupTest { Settings.Global.DNS_RESOLVER_MIN_SAMPLES, Settings.Global.DNS_RESOLVER_SAMPLE_VALIDITY_SECONDS, Settings.Global.DNS_RESOLVER_SUCCESS_THRESHOLD_PERCENT, + Settings.Global.DNS_TLS_DISABLED, Settings.Global.DOCK_SOUNDS_ENABLED_WHEN_ACCESSIBILITY, Settings.Global.DOWNLOAD_MAX_BYTES_OVER_MOBILE, Settings.Global.DOWNLOAD_RECOMMENDED_MAX_BYTES_OVER_MOBILE, diff --git a/packages/SettingsLib/res/values/strings.xml b/packages/SettingsLib/res/values/strings.xml index 8f7a3dd0f2c75..04a61d3e3a2ac 100644 --- a/packages/SettingsLib/res/values/strings.xml +++ b/packages/SettingsLib/res/values/strings.xml @@ -473,6 +473,12 @@ Streaming: %1$s + + DNS over TLS + + If enabled, attempt DNS over TLS on port 853. + Show options for wireless display certification diff --git a/services/core/java/com/android/server/NetworkManagementService.java b/services/core/java/com/android/server/NetworkManagementService.java index 355e94956e6e3..b1d6f7353bdb4 100644 --- a/services/core/java/com/android/server/NetworkManagementService.java +++ b/services/core/java/com/android/server/NetworkManagementService.java @@ -1980,7 +1980,8 @@ public class NetworkManagementService extends INetworkManagementService.Stub final String[] domainStrs = domains == null ? new String[0] : domains.split(" "); final int[] params = { sampleValidity, successThreshold, minSamples, maxSamples }; - final boolean useTls = false; + final boolean useTls = Settings.Global.getInt(resolver, + Settings.Global.DNS_TLS_DISABLED, 0) == 0; final String tlsHostname = ""; final String[] tlsFingerprints = new String[0]; try {