LocalNet: add DNS over TLS exception Test: TreeHugger Signed-off-by: Maciej Żenczykowski <maze@google.com> Change-Id: Ie780a191002f17a8b2b049271bd6c48d9af4c4fd

commit: f236e862a990cd6485a613ab49feed5a0c6a68a3 [log] [tgz]
author: Maciej Żenczykowski <maze@google.com> Wed Mar 19 21:14:24 2025 -0700
committer: Maciej Żenczykowski <maze@google.com> Wed Mar 19 21:25:17 2025 -0700
tree: 74f97f877142d2e9ae9c8e36a852678f5c496733
parent: 451f2dd39d6d84e2675fce144038899c30018dab [diff]
diff --git a/service/src/com/android/server/ConnectivityService.java b/service/src/com/android/server/ConnectivityService.java
index e27b72d..ef6a38a 100644
--- a/service/src/com/android/server/ConnectivityService.java
+++ b/service/src/com/android/server/ConnectivityService.java

@@ -10063,6 +10063,8 @@
                         IPPROTO_UDP, 53, true);
                 mBpfNetMaps.addLocalNetAccess(getIpv4MappedAddressBitLen(), iface, dnsServer,
                         IPPROTO_TCP, 53, true);
+                mBpfNetMaps.addLocalNetAccess(getIpv4MappedAddressBitLen(), iface, dnsServer,
+                        IPPROTO_TCP, 853, true);  // DNS over TLS
             }
         }
     }
@@ -10085,6 +10087,8 @@
                         IPPROTO_UDP, 53);
                 mBpfNetMaps.removeLocalNetAccess(getIpv4MappedAddressBitLen(), iface, dnsServer,
                         IPPROTO_TCP, 53);
+                mBpfNetMaps.removeLocalNetAccess(getIpv4MappedAddressBitLen(), iface, dnsServer,
+                        IPPROTO_TCP, 853);  // DNS over TLS
             }
         }
     }
commit	f236e862a990cd6485a613ab49feed5a0c6a68a3	[log] [tgz]
author	Maciej Żenczykowski <maze@google.com>	Wed Mar 19 21:14:24 2025 -0700
committer	Maciej Żenczykowski <maze@google.com>	Wed Mar 19 21:25:17 2025 -0700
tree	74f97f877142d2e9ae9c8e36a852678f5c496733
parent	451f2dd39d6d84e2675fce144038899c30018dab [diff]