Codebase Browser
chromium
Go to App

chromium/third_party/grpc/src/src/core/ext/transport/binder/security_policy/binder_security_policy.cc 

// Copyright 2021 gRPC authors.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

#include <grpc/support/port_platform.h>

#ifndef GRPC_NO_BINDER

#include <grpcpp/security/binder_security_policy.h>

#ifdef GPR_ANDROID

#include <jni.h>
#include <unistd.h>

#include <grpc/support/log.h>

#include "src/core/ext/transport/binder/client/jni_utils.h"
#include "src/core/lib/gprpp/crash.h"

#endif

namespace grpc {
namespace experimental {
namespace binder {

UntrustedSecurityPolicy::UntrustedSecurityPolicy() = default;

UntrustedSecurityPolicy::~UntrustedSecurityPolicy() = default;

bool UntrustedSecurityPolicy::IsAuthorized(int) { return true; };

InternalOnlySecurityPolicy::InternalOnlySecurityPolicy() = default;

InternalOnlySecurityPolicy::~InternalOnlySecurityPolicy() = default;

#ifdef GPR_ANDROID
bool InternalOnlySecurityPolicy::IsAuthorized(int uid) {
  return static_cast<uid_t>(uid) == getuid();
}
#else
bool InternalOnlySecurityPolicy::IsAuthorized(int) { return false; }
#endif

#ifdef GPR_ANDROID

namespace {
JNIEnv* GetEnv(JavaVM* vm) {
  if (vm == nullptr) return nullptr;

  JNIEnv* result = nullptr;
  jint attach = vm->AttachCurrentThread(&result, nullptr);

  GPR_ASSERT(JNI_OK == attach);
  GPR_ASSERT(nullptr != result);
  return result;
}
}  // namespace

SameSignatureSecurityPolicy::SameSignatureSecurityPolicy(JavaVM* jvm,
                                                         jobject context)
    : jvm_(jvm) {
  GPR_ASSERT(jvm != nullptr);
  GPR_ASSERT(context != nullptr);

  JNIEnv* env = GetEnv(jvm_);

  // Make sure the context is still valid when IsAuthorized() is called
  context_ = env->NewGlobalRef(context);
  GPR_ASSERT(context_ != nullptr);
}

SameSignatureSecurityPolicy::~SameSignatureSecurityPolicy() {
  JNIEnv* env = GetEnv(jvm_);
  env->DeleteLocalRef(context_);
}

bool SameSignatureSecurityPolicy::IsAuthorized(int uid) {
  JNIEnv* env = GetEnv(jvm_);
  bool result = grpc_binder::IsSignatureMatch(env, context_, getuid(), uid);
  if (result) {
    gpr_log(GPR_INFO, "uid %d and uid %d passed SameSignature check", getuid(),
            uid);
  } else {
    gpr_log(GPR_ERROR, "uid %d and uid %d failed SameSignature check", getuid(),
            uid);
  }
  return result;
}

#endif

}  // namespace binder
}  // namespace experimental
}  // namespace grpc
#endif