This commit
1. Implements the security policies that does not require JNI. This
includes a security policy that always allow connection and a security
policy that allows connection when remote UID is the same us local UID.
2. Add security policy as an argument in our interfaces. Old interfaces
are temporarily preserved so compilation will not suddenly break when we
import the code to internal repo.
3. Pumping the security policy from the public interfaces to the code
that handles SETUP_TRANSPORT transaction.
4. Abort the transport setup when the security policy is not satisfied.
Since meaningful tests will require to be run in real Android
environment, we will implement it later. For now, this change is
manually tested with example APKs.
For security policies that need to invoke Java to check authorization,
we will implement them in later.
Some changes:
* OnTransactCb now takes a non-const ReadableParcel* so that testing
codes no longer have to rely on mutable.
* Remove GetReadableParcel() interface from binder since we only sent
one-way transaction and the output (readable) parcel is never used.
* Remove GetDataPosition() / SetDataPosition() interfaces since they are
both unused.
* Some changes that should've been made to #27257 but was somehow
missing...
Android-related binder classes are only available if
GPR_SUPPORT_BINDER_TRANSPORT is defined. Thus, BinderServerCredentials
should only work if GPR_SUPPORT_BINDER_TRANSPORT (instead of
GPR_ANDROID) is defined as well.
* Fix ReadableParcelAndroid::ReadString interface
Also uses implementation from android/binder_parcel_utils.h to read
ByteArray and string from Parcel
Test example app on device, works correctly
There was a bug found by the fuzzer where we might access wire_writer_ before
finishing SETUP_TRANSPORT (and thus constructing wire_writer_). This PR
fixes such issue by making sure that we won't proceed with any requests
until the connection is fully established.
Since binder transactions may be coming from multiple different threads,
this PRs guard some of the WireReaderImpl's member with a mutex to make
sure there's no races between threads.
Add `grpc::BinderServerCredentials()` and other related functionalities for the server to listen to binder transactions through a phony "binder port".
The APIs are temporarily placed in internal headers until the corresponding gRFC is merged.
This PR imports unit tests and end-to-end tests of binder transport from the internal repository. No further changes will be made to internal repository.
* Add folder for bindertransport and its smoke test
We will import the sources in the next few pull requests. Main purpose
of this commit is to create the folder and add dummy smoke test to make
sure nothing breaks
* regenerate projects.