android: warn if MagicDNS will conflict with Android Private DNS

1 year ago · 99bbd6d425
parent e6fc832494
commit 99bbd6d425
2 changed files with 35 additions and 1 deletions
--- a/android/src/main/java/com/tailscale/ipn/App.kt
+++ b/android/src/main/java/com/tailscale/ipn/App.kt
@ -181,6 +181,13 @@ class App : UninitializedApp(), libtailscale.AppContext {
              sb.append(searchDomains)
            }

+            if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.P) {
+              val isUsingStrictPrivateDNS =
+                  linkProperties?.privateDnsServerName?.isNotEmpty() == true
+              Log.d(TAG, "Strict Private DNS active: $isUsingStrictPrivateDNS")
+              notifyPrivateDNSEnabled(isUsingStrictPrivateDNS)
+            }
+
            if (dns.updateDNSFromNetwork(sb.toString())) {
              Libtailscale.onDNSConfigChanged(linkProperties?.interfaceName)
            }
@ -355,6 +362,7 @@ open class UninitializedApp : Application() {

    const val STATUS_NOTIFICATION_ID = 1
    const val STATUS_EXIT_NODE_FAILURE_NOTIFICATION_ID = 2
+    const val STATUS_PRIVATE_DNS_INCOMPATIBILITY_NOTIFICATION_ID = 3
    const val STATUS_CHANNEL_ID = "tailscale-status"

    // Key for shared preference that tracks whether or not we're able to start
@ -518,7 +526,8 @@ open class UninitializedApp : Application() {
  }

  fun disallowedPackageNames(): List<String> {
-    val mdmDisallowed = MDMSettings.excludedPackages.flow.value.value?.split(",")?.map { it.trim() } ?: emptyList()
+    val mdmDisallowed =
+        MDMSettings.excludedPackages.flow.value.value?.split(",")?.map { it.trim() } ?: emptyList()
    if (mdmDisallowed.isNotEmpty()) {
      Log.d(TAG, "Excluded application packages were set via MDM: $mdmDisallowed")
      return builtInDisallowedPackageNames + mdmDisallowed
@ -542,4 +551,27 @@ open class UninitializedApp : Application() {
          // Google Chromecast https://github.com/tailscale/tailscale/issues/3636
          "com.google.android.apps.chromecast.app",
      )
+
+  fun notifyPrivateDNSEnabled(enabled: Boolean) {
+    if (!enabled) {
+      notificationManager.cancel(STATUS_PRIVATE_DNS_INCOMPATIBILITY_NOTIFICATION_ID)
+      return
+    }
+
+    val notification =
+        NotificationCompat.Builder(this, HealthNotifier.HEALTH_CHANNEL_ID)
+            .setSmallIcon(R.drawable.warning_rounded)
+            .setContentTitle(getString(R.string.magicdns_unavailable))
+            .setStyle(
+                NotificationCompat.BigTextStyle()
+                    .bigText(getString(R.string.magicdns_privatedns_explainer)))
+            .setSilent(false)
+            .setPriority(NotificationCompat.PRIORITY_MAX)
+            .build()
+
+    if (ActivityCompat.checkSelfPermission(this, Manifest.permission.POST_NOTIFICATIONS) ==
+        PackageManager.PERMISSION_GRANTED) {
+      notificationManager.notify(STATUS_PRIVATE_DNS_INCOMPATIBILITY_NOTIFICATION_ID, notification)
+    }
+  }
 }
--- a/android/src/main/res/values/strings.xml
+++ b/android/src/main/res/values/strings.xml
@ -292,4 +292,6 @@
    <string name="health_warnings">Health warnings</string>
    <string name="no_issues_found">No issues found</string>
    <string name="tailscale_is_operating_normally">Tailscale is operating normally.</string>
+    <string name="magicdns_unavailable">MagicDNS unavailable</string>
+    <string name="magicdns_privatedns_explainer">Tailscale MagicDNS won\'t work because Android\'s Private DNS overrides it. To access tailnet resources using their *.ts.net name, disable Private DNS or set it to Automatic mode in the Android network settings.</string>
 </resources>