File: stub_resolver_config_reader.h

package info (click to toggle)
chromium 139.0.7258.127-1
  • links: PTS, VCS
  • area: main
  • in suites:
  • size: 6,122,068 kB
  • sloc: cpp: 35,100,771; ansic: 7,163,530; javascript: 4,103,002; python: 1,436,920; asm: 946,517; xml: 746,709; pascal: 187,653; perl: 88,691; sh: 88,436; objc: 79,953; sql: 51,488; cs: 44,583; fortran: 24,137; makefile: 22,147; tcl: 15,277; php: 13,980; yacc: 8,984; ruby: 7,485; awk: 3,720; lisp: 3,096; lex: 1,327; ada: 727; jsp: 228; sed: 36
file content (155 lines) | stat: -rw-r--r-- 6,194 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
 
// Copyright 2020 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef CHROME_BROWSER_NET_STUB_RESOLVER_CONFIG_READER_H_
#define CHROME_BROWSER_NET_STUB_RESOLVER_CONFIG_READER_H_

#include <memory>
#include <optional>
#include <string>

#include "base/memory/raw_ptr.h"
#include "base/memory/weak_ptr.h"
#include "base/sequence_checker.h"
#include "base/time/time.h"
#include "base/timer/timer.h"
#include "build/build_config.h"
#include "chrome/browser/net/dns_over_https_config_source.h"
#include "components/prefs/pref_change_registrar.h"
#include "services/network/public/mojom/host_resolver.mojom-forward.h"

class PrefRegistrySimple;
class PrefService;
class SecureDnsConfig;

// Retriever for Chrome configuration for the built-in DNS stub resolver.
class StubResolverConfigReader {
 public:
  static constexpr base::TimeDelta kParentalControlsCheckDelay =
      base::Seconds(2);

  // |local_state| must outlive the created reader.
  explicit StubResolverConfigReader(PrefService* local_state,
                                    bool set_up_pref_defaults = true);

  StubResolverConfigReader(const StubResolverConfigReader&) = delete;
  StubResolverConfigReader& operator=(const StubResolverConfigReader&) = delete;

  virtual ~StubResolverConfigReader();

  static void RegisterPrefs(PrefRegistrySimple* registry);

  // Returns the current secure DNS resolver configuration.
  //
  // Initial checks for parental controls (which cause DoH to be disabled) may
  // be deferred for performance if called early during startup, if the
  // configuration is otherwise in AUTOMATIC mode. If this is undesirable, e.g.
  // because this is being called to populate the config UI, set
  // |force_check_parental_controls_for_automatic_mode| to force always waiting
  // for the parental controls check. If forcing the check when it had
  // previously been deferred, and the check discovers that DoH should be
  // disabled, the network service will be updated to disable DoH and ensure the
  // service behavior matches the config returned by this method.
  SecureDnsConfig GetSecureDnsConfiguration(
      bool force_check_parental_controls_for_automatic_mode);

  bool GetInsecureStubResolverEnabled();

  // Updates the network service with the current configuration.
  void UpdateNetworkService(bool record_metrics);

  // Returns true if there are any active machine level policies, if the
  // machine is domain joined (Windows), or any device or profile owner apps are
  // installed (Android). This special logic is used to disable DoH by default
  // for Desktop platforms and Android. ChromeOS is handled by the enterprise
  // policy field "default_for_enterprise_users".
  virtual bool ShouldDisableDohForManaged();

  // Returns true if there are parental controls detected on the device.
  virtual bool ShouldDisableDohForParentalControls();

#if BUILDFLAG(IS_ANDROID)
  // Updates the android owned state and network service if the device/prfile is
  // owned.
  void OnAndroidOwnedStateCheckComplete(bool has_profile_owner,
                                        bool has_device_owner);
#endif

  void OverrideParentalControlsForTesting(bool parental_controls_override) {
    parental_controls_testing_override_ = parental_controls_override;
  }

  // Overrides the default implementation for the class which monitors
  // DNS-over-HTTPS config changes. If `doh_source` is a null pointer, it clears
  // the override and resets to the default behaviour.
  void SetOverrideDnsOverHttpsConfigSource(
      std::unique_ptr<DnsOverHttpsConfigSource> doh_source);

#if BUILDFLAG(IS_WIN)
  // Set flag for testing Zero Trust DNS scenario
  static void SetZTDNSEnabledForTesting(bool is_ztdns_enabled_for_testing) {
    is_ztdns_enabled_for_testing_ = is_ztdns_enabled_for_testing;
  }

  static bool IsZTDNSEnabledForTesting() {
    return is_ztdns_enabled_for_testing_;
  }
#endif

 private:
  void OnParentalControlsDelayTimer();

  // Updates network service if |update_network_service| or if necessary due to
  // first read of parental controls.
  SecureDnsConfig GetAndUpdateConfiguration(
      bool force_check_parental_controls_for_automatic_mode,
      bool record_metrics,
      bool update_network_service);

  // Returns the current config source for DNS-over-HTTPS settings. If
  // `SetOverrideDnsOverHttpsConfigSource` was called with a non-null value, it
  // returns the override config source; otherwise it returns the default
  // implementation.
  const DnsOverHttpsConfigSource* GetDnsOverHttpsConfigSource() const;

  bool GetHappyEyeballsV3Enabled() const;

  const raw_ptr<PrefService> local_state_;

  // Timer for deferred running of parental controls checks. Underling API calls
  // may be slow and run off-thread. Calling for the result is delayed to avoid
  // blocking during startup.
  base::OneShotTimer parental_controls_delay_timer_;
  // Whether or not parental controls have already been checked, either due to
  // expiration of the delay timer or because of a forced check.
  bool parental_controls_checked_ = false;

  std::optional<bool> parental_controls_testing_override_;

  std::unique_ptr<DnsOverHttpsConfigSource> default_doh_source_;
  std::unique_ptr<DnsOverHttpsConfigSource> override_doh_source_;

  // This object lives on the UI thread, but it's possible for it to be created
  // before BrowserMainLoop::CreateThreads() is called which would cause a
  // DCHECK for the UI thread to fail (as the UI thread hasn't been
  // named yet). Using a sequence checker works around this.
  SEQUENCE_CHECKER(sequence_checker_);

  PrefChangeRegistrar pref_change_registrar_;

#if BUILDFLAG(IS_ANDROID)
  // Whether or not an Android device or profile is owned.
  // A nullopt indicates this value has not been determined yet.
  std::optional<bool> android_has_owner_ = std::nullopt;
#endif

#if BUILDFLAG(IS_WIN)
  // Flag used for testing Zero Trust DNS scenario.
  static bool is_ztdns_enabled_for_testing_;
#endif

  base::WeakPtrFactory<StubResolverConfigReader> weak_factory_{this};
};

#endif  // CHROME_BROWSER_NET_STUB_RESOLVER_CONFIG_READER_H_