binder_security_policy.cc
Go to the documentation of this file.
1 // Copyright 2021 gRPC authors.
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 
15 #include <grpc/support/port_platform.h>
16 
17 #ifndef GRPC_NO_BINDER
18 
19 #include <grpcpp/security/binder_security_policy.h>
20 
21 #ifdef GPR_ANDROID
22 
23 #include <jni.h>
24 #include <unistd.h>
25 
26 #include <grpc/support/log.h>
27 
28 #include "src/core/ext/transport/binder/client/jni_utils.h"
29 
30 #endif
31 
32 namespace grpc {
33 namespace experimental {
34 namespace binder {
35 
36 UntrustedSecurityPolicy::UntrustedSecurityPolicy() = default;
37 
38 UntrustedSecurityPolicy::~UntrustedSecurityPolicy() = default;
39 
40 bool UntrustedSecurityPolicy::IsAuthorized(int) { return true; };
41 
42 InternalOnlySecurityPolicy::InternalOnlySecurityPolicy() = default;
43 
44 InternalOnlySecurityPolicy::~InternalOnlySecurityPolicy() = default;
45 
46 #ifdef GPR_ANDROID
47 bool InternalOnlySecurityPolicy::IsAuthorized(int uid) {
48  return static_cast<uid_t>(uid) == getuid();
49 }
50 #else
51 bool InternalOnlySecurityPolicy::IsAuthorized(int) { return false; }
52 #endif
53 
54 #ifdef GPR_ANDROID
55 
56 namespace {
57 JNIEnv* GetEnv(JavaVM* vm) {
58  if (vm == nullptr) return nullptr;
59 
60  JNIEnv* result = nullptr;
61  jint attach = vm->AttachCurrentThread(&result, nullptr);
62 
63  GPR_ASSERT(JNI_OK == attach);
64  GPR_ASSERT(nullptr != result);
65  return result;
66 }
67 } // namespace
68 
69 SameSignatureSecurityPolicy::SameSignatureSecurityPolicy(JavaVM* jvm,
70  jobject context)
71  : jvm_(jvm) {
72  GPR_ASSERT(jvm != nullptr);
73  GPR_ASSERT(context != nullptr);
74 
75  JNIEnv* env = GetEnv(jvm_);
76 
77  // Make sure the context is still valid when IsAuthorized() is called
78  context_ = env->NewGlobalRef(context);
79  GPR_ASSERT(context_ != nullptr);
80 }
81 
82 SameSignatureSecurityPolicy::~SameSignatureSecurityPolicy() {
83  JNIEnv* env = GetEnv(jvm_);
84  env->DeleteLocalRef(context_);
85 }
86 
87 bool SameSignatureSecurityPolicy::IsAuthorized(int uid) {
88  JNIEnv* env = GetEnv(jvm_);
89  bool result = grpc_binder::IsSignatureMatch(env, context_, getuid(), uid);
90  if (result) {
91  gpr_log(GPR_INFO, "uid %d and uid %d passed SameSignature check", getuid(),
92  uid);
93  } else {
94  gpr_log(GPR_ERROR, "uid %d and uid %d failed SameSignature check", getuid(),
95  uid);
96  }
97  return result;
98 }
99 
100 #endif
101 
102 } // namespace binder
103 } // namespace experimental
104 } // namespace grpc
105 #endif
_gevent_test_main.result
result
Definition: _gevent_test_main.py:96
GPR_INFO
#define GPR_INFO
Definition: include/grpc/impl/codegen/log.h:56
log.h
grpc
Definition: grpcpp/alarm.h:33
jni_utils.h
grpc::experimental::binder::InternalOnlySecurityPolicy::InternalOnlySecurityPolicy
InternalOnlySecurityPolicy()
binder_security_policy.h
GPR_ASSERT
#define GPR_ASSERT(x)
Definition: include/grpc/impl/codegen/log.h:94
context_
ScopedContext * context_
Definition: filter_fuzzer.cc:559
gpr_log
GPRAPI void gpr_log(const char *file, int line, gpr_log_severity severity, const char *format,...) GPR_PRINT_FORMAT_CHECK(4
grpc::experimental::binder::InternalOnlySecurityPolicy::IsAuthorized
bool IsAuthorized(int uid) override
Definition: binder_security_policy.cc:51
GPR_ERROR
#define GPR_ERROR
Definition: include/grpc/impl/codegen/log.h:57
grpc::experimental::binder::UntrustedSecurityPolicy::IsAuthorized
bool IsAuthorized(int uid) override
Definition: binder_security_policy.cc:40
testing::internal::posix::GetEnv
const char * GetEnv(const char *name)
Definition: bloaty/third_party/googletest/googletest/include/gtest/internal/gtest-port.h:2053
grpc::experimental::binder::UntrustedSecurityPolicy::UntrustedSecurityPolicy
UntrustedSecurityPolicy()
env
Definition: env.py:1
grpc::experimental::binder::UntrustedSecurityPolicy::~UntrustedSecurityPolicy
~UntrustedSecurityPolicy() override
context
grpc::ClientContext context
Definition: istio_echo_server_lib.cc:61
grpc::experimental::binder::InternalOnlySecurityPolicy::~InternalOnlySecurityPolicy
~InternalOnlySecurityPolicy() override
port_platform.h

grpc
Author(s):
autogenerated on Fri May 16 2025 02:57:48