commit 5f02720c880de23c053d6054fe8a3165f23ed749
author Lorenzo Colitti <lorenzo@google.com> Tue May 01 16:19:01 2018 +0900
committer Lorenzo Colitti <lorenzo@google.com> Wed May 09 01:04:05 2018 +0900
tree ffd987f278962975c51d4af222d53dc4825be72c
parent 1d509bc8785ef00cc57426ee79076623008da105

fchown DNS lookup sockets to AID_DNS.

Currently DNS lookups are all sent as UID 0. In N we added an
AID_DNS user, but we never used it. A separate UID allows us to
account for and route DNS traffic differently from other UID 0
traffic such as kernel-originated traffic.

Bug: 70673901
Test: DNS lookups continue to work
Test: netd_{unit,integration}_test pass
Change-Id: Ife3ca7df45de51b92437d2cfe627fb4703b672fb

libc/dns/resolv/res_send.c

diff --git a/libc/dns/resolv/res_send.c b/libc/dns/resolv/res_send.c
index 3b94fcf..18bb752 100644
--- a/libc/dns/resolv/res_send.c
+++ b/libc/dns/resolv/res_send.c
@@ -100,6 +100,7 @@
 #ifdef ANDROID_CHANGES
 #include "resolv_netid.h"
 #include "resolv_private.h"
+#include "private/android_filesystem_config.h"
 #else
 #include <resolv.h>
 #endif
@@ -820,6 +821,7 @@
 				return (-1);
 			}
 		}
+		fchown(statp->_vcsock, AID_DNS, -1);
 		if (statp->_mark != MARK_UNSET) {
 			if (setsockopt(statp->_vcsock, SOL_SOCKET,
 				    SO_MARK, &statp->_mark, sizeof(statp->_mark)) < 0) {
@@ -1122,6 +1124,7 @@
 			}
 		}
 
+		fchown(EXT(statp).nssocks[ns], AID_DNS, -1);
 		if (statp->_mark != MARK_UNSET) {
 			if (setsockopt(EXT(statp).nssocks[ns], SOL_SOCKET,
 					SO_MARK, &(statp->_mark), sizeof(statp->_mark)) < 0) {