Home Explore Help
Sign In
SMusatov
/
ydb
mirror of https://github.com/ydb-platform/ydb.git
1
0
Fork 0
Files
Tree: 3c75e8e78b
Branches Tags
ydb
/
contrib
/
libs
/
grpc
/
include
/
grpcpp
/
security
/
binder_security_policy.h

binder_security_policy.h 2.4 KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182 
  1. // Copyright 2021 gRPC authors.
    2. 

  2. //
    3. 

  3. // Licensed under the Apache License, Version 2.0 (the "License");
    4. 

  4. // you may not use this file except in compliance with the License.
    5. 

  5. // You may obtain a copy of the License at
    6. 

  6. //
    7. 

  7. //     http://www.apache.org/licenses/LICENSE-2.0
    8. 

  8. //
    9. 

  9. // Unless required by applicable law or agreed to in writing, software
    10. 

  10. // distributed under the License is distributed on an "AS IS" BASIS,
    11. 

  11. // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12. 

  12. // See the License for the specific language governing permissions and
    13. 

  13. // limitations under the License.
    14. 

  14. 

  15. #ifndef GRPCPP_SECURITY_BINDER_SECURITY_POLICY_H
    16. 

  16. #define GRPCPP_SECURITY_BINDER_SECURITY_POLICY_H
    17. 

  17. 

  18. #include <memory>
    19. 

  19. 

  20. #ifdef GPR_ANDROID
    21. 

  21. 

  22. #include <jni.h>
    23. 

  23. 

  24. #endif
    25. 

  25. 

  26. namespace grpc {
    27. 

  27. namespace experimental {
    28. 

  28. namespace binder {
    29. 

  29. 

  30. // EXPERIMENTAL Determinines if a connection is allowed to be
    31. 

  31. // established on Android. See https://source.android.com/security/app-sandbox
    32. 

  32. // for more info about UID.
    33. 

  33. class SecurityPolicy {
    34. 

  34.  public:
    35. 

  35.   virtual ~SecurityPolicy() = default;
    36. 

  36.   // Returns true if the UID is authorized to connect.
    37. 

  37.   // Must return the same value for the same inputs so callers can safely cache
    38. 

  38.   // the result.
    39. 

  39.   virtual bool IsAuthorized(int uid) = 0;
    40. 

  40. };
    41. 

  41. 

  42. // EXPERIMENTAL Allows all connection. Anything on the Android device will be
    43. 

  43. // able to connect, use with caution!
    44. 

  44. class UntrustedSecurityPolicy : public SecurityPolicy {
    45. 

  45.  public:
    46. 

  46.   UntrustedSecurityPolicy();
    47. 

  47.   ~UntrustedSecurityPolicy() override;
    48. 

  48.   bool IsAuthorized(int uid) override;
    49. 

  49. };
    50. 

  50. 

  51. // EXPERIMENTAL Only allows the connections from processes with the same UID. In
    52. 

  52. // most cases this means "from the same APK".
    53. 

  53. class InternalOnlySecurityPolicy : public SecurityPolicy {
    54. 

  54.  public:
    55. 

  55.   InternalOnlySecurityPolicy();
    56. 

  56.   ~InternalOnlySecurityPolicy() override;
    57. 

  57.   bool IsAuthorized(int uid) override;
    58. 

  58. };
    59. 

  59. 

  60. #ifdef GPR_ANDROID
    61. 

  61. 

  62. // EXPERIMENTAL Only allows the connections from the APK that have the same
    63. 

  63. // signature.
    64. 

  64. class SameSignatureSecurityPolicy : public SecurityPolicy {
    65. 

  65.  public:
    66. 

  66.   // `context` is required for getting PackageManager Java class
    67. 

  67.   SameSignatureSecurityPolicy(JavaVM* jvm, jobject context);
    68. 

  68.   ~SameSignatureSecurityPolicy() override;
    69. 

  69.   bool IsAuthorized(int uid) override;
    70. 

  70. 

  71.  private:
    72. 

  72.   JavaVM* jvm_;
    73. 

  73.   jobject context_;
    74. 

  74. };
    75. 

  75. 

  76. #endif
    77. 

  77. 

  78. }  // namespace binder
    79. 

  79. }  // namespace experimental
    80. 

  80. }  // namespace grpc
    81. 

  81. 

  82. #endif  // GRPCPP_SECURITY_BINDER_SECURITY_POLICY_H
    83.