mirror of https://github.com/grpc/grpc.git
Expose experimental binder transport API (#27632)
* Expose experimental binder transport API New headers are added `grpcpp/create_channel_binder.h `: interfaces for creating client channel `grpcpp/security/binder_credentials.h`: interfaces for binder server credentials `grpcpp/security/binder_security_policy.h`: interfaces for binder security policy, which is used by both server and client. Individual security policies are merged into this single header. Users can now depend on the `grpc++_binder` target to use the headers listed above. * Regenerate projectspull/27890/head
Ming-Chuan
3 years ago
committed by
GitHub
parent
6f4f920398
commit
e0f793b3d3
24 changed files with 209 additions and 396 deletions
@ -0,0 +1,77 @@ |
||||
// Copyright 2021 gRPC authors.
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
//
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
#ifndef GRPCPP_CREATE_CHANNEL_BINDER_H |
||||
#define GRPCPP_CREATE_CHANNEL_BINDER_H |
||||
|
||||
#include <grpc/support/port_platform.h> |
||||
|
||||
#ifdef GPR_ANDROID |
||||
|
||||
#include <jni.h> |
||||
|
||||
#include <memory> |
||||
|
||||
#include "absl/strings/string_view.h" |
||||
|
||||
#include <grpcpp/channel.h> |
||||
#include <grpcpp/security/binder_security_policy.h> |
||||
#include <grpcpp/support/channel_arguments.h> |
||||
|
||||
namespace grpc { |
||||
namespace experimental { |
||||
|
||||
/// EXPERIMENTAL Create a new \a Channel based on binder transport. The package
|
||||
/// name and class name will be used identify the specific application component
|
||||
/// to connect to.
|
||||
///
|
||||
/// \param jni_env Pointer to a JNIEnv structure
|
||||
/// \param context The context that we will use to invoke \a bindService See
|
||||
/// https://developer.android.com/reference/android/content/Context#bindService(android.content.Intent,%20android.content.ServiceConnection,%20int)
|
||||
/// for detail.
|
||||
/// \param package_name Package name of the component to be connected to
|
||||
/// \param class_name Class name of the component to be connected to
|
||||
/// \param security_policy Used for checking if remote component is allowed to
|
||||
/// connect
|
||||
std::shared_ptr<grpc::Channel> CreateBinderChannel( |
||||
void* jni_env, jobject context, absl::string_view package_name, |
||||
absl::string_view class_name, |
||||
std::shared_ptr<grpc::experimental::binder::SecurityPolicy> |
||||
security_policy); |
||||
|
||||
/// EXPERIMENTAL Create a new \a Channel based on binder transport. The package
|
||||
/// name and class name will be used identify the specific application component
|
||||
/// to connect to.
|
||||
///
|
||||
/// \param jni_env Pointer to a JNIEnv structure
|
||||
/// \param context The context that we will use to invoke \a bindService See
|
||||
/// https://developer.android.com/reference/android/content/Context#bindService(android.content.Intent,%20android.content.ServiceConnection,%20int)
|
||||
/// for detail.
|
||||
/// \param package_name Package name of the component to be connected to
|
||||
/// \param class_name Class name of the component to be connected to
|
||||
/// \param security_policy Used for checking if remote component is allowed to
|
||||
/// connect
|
||||
/// \param args Options for channel creation.
|
||||
std::shared_ptr<grpc::Channel> CreateCustomBinderChannel( |
||||
void* jni_env_void, jobject application, absl::string_view package_name, |
||||
absl::string_view class_name, |
||||
std::shared_ptr<grpc::experimental::binder::SecurityPolicy> security_policy, |
||||
const ChannelArguments& args); |
||||
|
||||
} // namespace experimental
|
||||
} // namespace grpc
|
||||
|
||||
#endif |
||||
|
||||
#endif // GRPCPP_CREATE_CHANNEL_BINDER_H
|
||||
@ -0,0 +1,58 @@ |
||||
// Copyright 2021 gRPC authors.
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
//
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
#ifndef GRPCPP_SECURITY_BINDER_SECURITY_POLICY_H |
||||
#define GRPCPP_SECURITY_BINDER_SECURITY_POLICY_H |
||||
|
||||
#include <memory> |
||||
|
||||
namespace grpc { |
||||
namespace experimental { |
||||
namespace binder { |
||||
|
||||
// EXPERIMENTAL Determinines if a connection is allowed to be
|
||||
// established on Android. See https://source.android.com/security/app-sandbox
|
||||
// for more info about UID.
|
||||
class SecurityPolicy { |
||||
public: |
||||
virtual ~SecurityPolicy() = default; |
||||
// Returns true if the UID is authorized to connect.
|
||||
// Must return the same value for the same inputs so callers can safely cache
|
||||
// the result.
|
||||
virtual bool IsAuthorized(int uid) = 0; |
||||
}; |
||||
|
||||
// EXPERIMENTAL Allows all connection. Anything on the Android device will be
|
||||
// able to connect, use with caution!
|
||||
class UntrustedSecurityPolicy : public SecurityPolicy { |
||||
public: |
||||
UntrustedSecurityPolicy(); |
||||
~UntrustedSecurityPolicy() override; |
||||
bool IsAuthorized(int uid) override; |
||||
}; |
||||
|
||||
// EXPERIMENTAL Only allows the connections from processes with the same UID. In
|
||||
// most cases this means "from the same APK".
|
||||
class InternalOnlySecurityPolicy : public SecurityPolicy { |
||||
public: |
||||
InternalOnlySecurityPolicy(); |
||||
~InternalOnlySecurityPolicy() override; |
||||
bool IsAuthorized(int uid) override; |
||||
}; |
||||
|
||||
} // namespace binder
|
||||
} // namespace experimental
|
||||
} // namespace grpc
|
||||
|
||||
#endif // GRPCPP_SECURITY_BINDER_SECURITY_POLICY_H
|
||||
@ -1,57 +0,0 @@ |
||||
// Copyright 2021 gRPC authors.
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
//
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
#ifndef GRPC_CORE_EXT_TRANSPORT_BINDER_CLIENT_CHANNEL_CREATE_H |
||||
#define GRPC_CORE_EXT_TRANSPORT_BINDER_CLIENT_CHANNEL_CREATE_H |
||||
|
||||
#include <grpc/support/port_platform.h> |
||||
|
||||
#include "src/core/ext/transport/binder/security_policy/security_policy.h" |
||||
|
||||
#ifdef GPR_ANDROID |
||||
|
||||
#include <jni.h> |
||||
|
||||
#include "absl/strings/string_view.h" |
||||
|
||||
#include <grpc/impl/codegen/grpc_types.h> |
||||
#include <grpcpp/channel.h> |
||||
#include <grpcpp/support/channel_arguments.h> |
||||
|
||||
namespace grpc { |
||||
namespace experimental { |
||||
|
||||
// Need to be invoked after BindToOnDeviceServerService
|
||||
// Create a new Channel from server package name and service class name
|
||||
std::shared_ptr<grpc::Channel> CreateBinderChannel( |
||||
void* jni_env_void, jobject application, absl::string_view package_name, |
||||
absl::string_view class_name, |
||||
std::shared_ptr<grpc::experimental::binder::SecurityPolicy> |
||||
security_policy); |
||||
|
||||
// Need to be invoked after BindToOnDeviceServerService
|
||||
// Create a new Channel from server package name and service class name and with
|
||||
// custom channel arguments.
|
||||
std::shared_ptr<grpc::Channel> CreateCustomBinderChannel( |
||||
void* jni_env_void, jobject application, absl::string_view package_name, |
||||
absl::string_view class_name, |
||||
std::shared_ptr<grpc::experimental::binder::SecurityPolicy> security_policy, |
||||
const ChannelArguments& args); |
||||
|
||||
} // namespace experimental
|
||||
} // namespace grpc
|
||||
|
||||
#endif |
||||
|
||||
#endif // GRPC_CORE_EXT_TRANSPORT_BINDER_CLIENT_CHANNEL_CREATE_H
|
||||
@ -1,31 +0,0 @@ |
||||
// Copyright 2021 gRPC authors.
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
//
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
#include <grpc/support/port_platform.h> |
||||
|
||||
#include "src/core/ext/transport/binder/security_policy/untrusted_security_policy.h" |
||||
|
||||
namespace grpc { |
||||
namespace experimental { |
||||
namespace binder { |
||||
|
||||
UntrustedSecurityPolicy::UntrustedSecurityPolicy() = default; |
||||
|
||||
UntrustedSecurityPolicy::~UntrustedSecurityPolicy() = default; |
||||
|
||||
bool UntrustedSecurityPolicy::IsAuthorized(int) { return true; }; |
||||
|
||||
} // namespace binder
|
||||
} // namespace experimental
|
||||
} // namespace grpc
|
||||
@ -1,38 +0,0 @@ |
||||
// Copyright 2021 gRPC authors.
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
//
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
#ifndef GRPC_CORE_EXT_TRANSPORT_BINDER_SECURITY_POLICY_UNTRUSTED_SECURITY_POLICY_H |
||||
#define GRPC_CORE_EXT_TRANSPORT_BINDER_SECURITY_POLICY_UNTRUSTED_SECURITY_POLICY_H |
||||
|
||||
#include <grpc/support/port_platform.h> |
||||
|
||||
#include "src/core/ext/transport/binder/security_policy/security_policy.h" |
||||
|
||||
namespace grpc { |
||||
namespace experimental { |
||||
namespace binder { |
||||
|
||||
// Allows all connection
|
||||
class UntrustedSecurityPolicy : public SecurityPolicy { |
||||
public: |
||||
UntrustedSecurityPolicy(); |
||||
~UntrustedSecurityPolicy() override; |
||||
bool IsAuthorized(int uid) override; |
||||
}; |
||||
|
||||
} // namespace binder
|
||||
} // namespace experimental
|
||||
} // namespace grpc
|
||||
|
||||
#endif // GRPC_CORE_EXT_TRANSPORT_BINDER_SECURITY_POLICY_UNTRUSTED_SECURITY_POLICY_H
|
||||
Loading…
Reference in new issue