From a021cb77bca8c5bd78c2284c6759910b1803959e Mon Sep 17 00:00:00 2001 From: cbianchi-7 Date: Wed, 2 Nov 2022 15:32:15 -0700 Subject: [PATCH 01/13] Remove the experimental annotation for AndroidComponentAddress. --- .../src/main/java/io/grpc/binder/AndroidComponentAddress.java | 2 -- 1 file changed, 2 deletions(-) diff --git a/binder/src/main/java/io/grpc/binder/AndroidComponentAddress.java b/binder/src/main/java/io/grpc/binder/AndroidComponentAddress.java index cb4f7f794cf..a94920bf9c0 100644 --- a/binder/src/main/java/io/grpc/binder/AndroidComponentAddress.java +++ b/binder/src/main/java/io/grpc/binder/AndroidComponentAddress.java @@ -22,7 +22,6 @@ import android.content.ComponentName; import android.content.Context; import android.content.Intent; -import io.grpc.ExperimentalApi; import java.net.SocketAddress; /** @@ -41,7 +40,6 @@ * fields, namely, an action of {@link ApiConstants#ACTION_BIND}, an empty category set and null * type and data URI. */ -@ExperimentalApi("https://github.com/grpc/grpc-java/issues/8022") public class AndroidComponentAddress extends SocketAddress { // NOTE: Only temporarily non-final. private static final long serialVersionUID = 0L; From ee1d14c3cb16a26b8e550f824f75f67b1db5e010 Mon Sep 17 00:00:00 2001 From: cbianchi-7 Date: Wed, 2 Nov 2022 15:35:53 -0700 Subject: [PATCH 02/13] Removing the additional experimental annotations for apis that the interaction service depends on. --- binder/src/main/java/io/grpc/binder/BinderServerBuilder.java | 2 -- binder/src/main/java/io/grpc/binder/IBinderReceiver.java | 2 -- binder/src/main/java/io/grpc/binder/ParcelableUtils.java | 2 -- binder/src/main/java/io/grpc/binder/SecurityPolicies.java | 2 -- binder/src/main/java/io/grpc/binder/SecurityPolicy.java | 2 -- binder/src/main/java/io/grpc/binder/ServerSecurityPolicy.java | 2 -- 6 files changed, 12 deletions(-) diff --git a/binder/src/main/java/io/grpc/binder/BinderServerBuilder.java b/binder/src/main/java/io/grpc/binder/BinderServerBuilder.java index 383bd3f8e49..fcf960126fc 100644 --- a/binder/src/main/java/io/grpc/binder/BinderServerBuilder.java +++ b/binder/src/main/java/io/grpc/binder/BinderServerBuilder.java @@ -25,7 +25,6 @@ import com.google.errorprone.annotations.DoNotCall; import io.grpc.CompressorRegistry; import io.grpc.DecompressorRegistry; -import io.grpc.ExperimentalApi; import io.grpc.Server; import io.grpc.ServerBuilder; import io.grpc.ServerStreamTracer; @@ -48,7 +47,6 @@ /** * Builder for a server that services requests from an Android Service. */ -@ExperimentalApi("https://github.com/grpc/grpc-java/issues/8022") public final class BinderServerBuilder extends ForwardingServerBuilder { diff --git a/binder/src/main/java/io/grpc/binder/IBinderReceiver.java b/binder/src/main/java/io/grpc/binder/IBinderReceiver.java index bd8e1f50af9..3d40c6c2cfd 100644 --- a/binder/src/main/java/io/grpc/binder/IBinderReceiver.java +++ b/binder/src/main/java/io/grpc/binder/IBinderReceiver.java @@ -17,11 +17,9 @@ package io.grpc.binder; import android.os.IBinder; -import io.grpc.ExperimentalApi; import javax.annotation.Nullable; /** A container for at most one instance of {@link IBinder}, useful as an "out parameter". */ -@ExperimentalApi("https://github.com/grpc/grpc-java/issues/8022") public final class IBinderReceiver { @Nullable private IBinder value; diff --git a/binder/src/main/java/io/grpc/binder/ParcelableUtils.java b/binder/src/main/java/io/grpc/binder/ParcelableUtils.java index 164de7de8b8..969344ea68d 100644 --- a/binder/src/main/java/io/grpc/binder/ParcelableUtils.java +++ b/binder/src/main/java/io/grpc/binder/ParcelableUtils.java @@ -17,7 +17,6 @@ package io.grpc.binder; import android.os.Parcelable; -import io.grpc.ExperimentalApi; import io.grpc.Metadata; import io.grpc.binder.internal.MetadataHelper; @@ -26,7 +25,6 @@ * *

This class models the same pattern as the {@code ProtoLiteUtils} class. */ -@ExperimentalApi("https://github.com/grpc/grpc-java/issues/8022") public final class ParcelableUtils { private ParcelableUtils() {} diff --git a/binder/src/main/java/io/grpc/binder/SecurityPolicies.java b/binder/src/main/java/io/grpc/binder/SecurityPolicies.java index 653ae90bd77..06e75fa54c8 100644 --- a/binder/src/main/java/io/grpc/binder/SecurityPolicies.java +++ b/binder/src/main/java/io/grpc/binder/SecurityPolicies.java @@ -32,7 +32,6 @@ import com.google.common.collect.ImmutableSet; import com.google.common.hash.Hashing; import com.google.errorprone.annotations.CheckReturnValue; -import io.grpc.ExperimentalApi; import io.grpc.Status; import java.util.ArrayList; import java.util.Arrays; @@ -42,7 +41,6 @@ /** Static factory methods for creating standard security policies. */ @CheckReturnValue -@ExperimentalApi("https://github.com/grpc/grpc-java/issues/8022") public final class SecurityPolicies { private static final int MY_UID = Process.myUid(); diff --git a/binder/src/main/java/io/grpc/binder/SecurityPolicy.java b/binder/src/main/java/io/grpc/binder/SecurityPolicy.java index d13f3a863fd..6b0fb40310a 100644 --- a/binder/src/main/java/io/grpc/binder/SecurityPolicy.java +++ b/binder/src/main/java/io/grpc/binder/SecurityPolicy.java @@ -16,7 +16,6 @@ package io.grpc.binder; -import io.grpc.ExperimentalApi; import io.grpc.Status; import javax.annotation.CheckReturnValue; @@ -37,7 +36,6 @@ * re-installation of the applications involved. */ @CheckReturnValue -@ExperimentalApi("https://github.com/grpc/grpc-java/issues/8022") public abstract class SecurityPolicy { protected SecurityPolicy() {} diff --git a/binder/src/main/java/io/grpc/binder/ServerSecurityPolicy.java b/binder/src/main/java/io/grpc/binder/ServerSecurityPolicy.java index 46a124e1f47..d91a487a57c 100644 --- a/binder/src/main/java/io/grpc/binder/ServerSecurityPolicy.java +++ b/binder/src/main/java/io/grpc/binder/ServerSecurityPolicy.java @@ -17,7 +17,6 @@ package io.grpc.binder; import com.google.common.collect.ImmutableMap; -import io.grpc.ExperimentalApi; import io.grpc.Status; import java.util.HashMap; import java.util.Map; @@ -28,7 +27,6 @@ * * Contains a default policy, and optional policies for each server. */ -@ExperimentalApi("https://github.com/grpc/grpc-java/issues/8022") public final class ServerSecurityPolicy { private final SecurityPolicy defaultPolicy; From a0fc9780afa0a28ad8900550efbe7aa91b5afdde Mon Sep 17 00:00:00 2001 From: cbianchi-7 Date: Thu, 3 Nov 2022 10:08:01 -0700 Subject: [PATCH 03/13] Updating the public APIs on SecurityPolicies with experimental annotation and leaving the internalOnly() without. --- .../main/java/io/grpc/binder/SecurityPolicies.java | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/binder/src/main/java/io/grpc/binder/SecurityPolicies.java b/binder/src/main/java/io/grpc/binder/SecurityPolicies.java index 06e75fa54c8..a8946663fe2 100644 --- a/binder/src/main/java/io/grpc/binder/SecurityPolicies.java +++ b/binder/src/main/java/io/grpc/binder/SecurityPolicies.java @@ -32,6 +32,7 @@ import com.google.common.collect.ImmutableSet; import com.google.common.hash.Hashing; import com.google.errorprone.annotations.CheckReturnValue; +import io.grpc.ExperimentalApi; import io.grpc.Status; import java.util.ArrayList; import java.util.Arrays; @@ -48,6 +49,7 @@ public final class SecurityPolicies { private SecurityPolicies() {} + @ExperimentalApi("https://github.com/grpc/grpc-java/issues/8022") public static ServerSecurityPolicy serverInternalOnly() { return new ServerSecurityPolicy(); } @@ -64,6 +66,7 @@ public Status checkAuthorization(int uid) { }; } + @ExperimentalApi("https://github.com/grpc/grpc-java/issues/8022") public static SecurityPolicy permissionDenied(String description) { Status denied = Status.PERMISSION_DENIED.withDescription(description); return new SecurityPolicy() { @@ -82,6 +85,7 @@ public Status checkAuthorization(int uid) { * @param requiredSignature the allowed signature of the allowed package. * @throws NullPointerException if any of the inputs are {@code null}. */ + @ExperimentalApi("https://github.com/grpc/grpc-java/issues/8022") public static SecurityPolicy hasSignature( PackageManager packageManager, String packageName, Signature requiredSignature) { return oneOfSignatures( @@ -97,6 +101,7 @@ public static SecurityPolicy hasSignature( * @throws NullPointerException if any of the inputs are {@code null}. * @throws IllegalArgumentException if {@code requiredSignatureSha256Hash} is not of length 32. */ + @ExperimentalApi("https://github.com/grpc/grpc-java/issues/8022") public static SecurityPolicy hasSignatureSha256Hash( PackageManager packageManager, String packageName, byte[] requiredSignatureSha256Hash) { return oneOfSignatureSha256Hash( @@ -112,6 +117,7 @@ public static SecurityPolicy hasSignatureSha256Hash( * @throws NullPointerException if any of the inputs are {@code null}. * @throws IllegalArgumentException if {@code requiredSignatures} is empty. */ + @ExperimentalApi("https://github.com/grpc/grpc-java/issues/8022") public static SecurityPolicy oneOfSignatures( PackageManager packageManager, String packageName, @@ -147,6 +153,7 @@ public Status checkAuthorization(int uid) { * @throws IllegalArgumentException if {@code requiredSignatureSha256Hashes} is empty, or if any * of the {@code requiredSignatureSha256Hashes} are not of length 32. */ + @ExperimentalApi("https://github.com/grpc/grpc-java/issues/8022") public static SecurityPolicy oneOfSignatureSha256Hash( PackageManager packageManager, String packageName, @@ -178,6 +185,7 @@ public Status checkAuthorization(int uid) { * Creates {@link SecurityPolicy} which checks if the app is a device owner app. See * {@link DevicePolicyManager}. */ + @ExperimentalApi("https://github.com/grpc/grpc-java/issues/8022") public static SecurityPolicy isDeviceOwner(Context applicationContext) { DevicePolicyManager devicePolicyManager = (DevicePolicyManager) applicationContext.getSystemService(Context.DEVICE_POLICY_SERVICE); @@ -192,6 +200,7 @@ public static SecurityPolicy isDeviceOwner(Context applicationContext) { * Creates {@link SecurityPolicy} which checks if the app is a profile owner app. See * {@link DevicePolicyManager}. */ + @ExperimentalApi("https://github.com/grpc/grpc-java/issues/8022") public static SecurityPolicy isProfileOwner(Context applicationContext) { DevicePolicyManager devicePolicyManager = (DevicePolicyManager) applicationContext.getSystemService(Context.DEVICE_POLICY_SERVICE); @@ -206,6 +215,7 @@ public static SecurityPolicy isProfileOwner(Context applicationContext) { * Creates {@link SecurityPolicy} which checks if the app is a profile owner app on an * organization-owned device. See {@link DevicePolicyManager}. */ + @ExperimentalApi("https://github.com/grpc/grpc-java/issues/8022") public static SecurityPolicy isProfileOwnerOnOrganizationOwnedDevice(Context applicationContext) { DevicePolicyManager devicePolicyManager = (DevicePolicyManager) applicationContext.getSystemService(Context.DEVICE_POLICY_SERVICE); @@ -331,6 +341,7 @@ private static boolean checkPackageSignature( * @throws NullPointerException if any of the inputs are {@code null}. * @throws IllegalArgumentException if {@code securityPolicies} is empty. */ + @ExperimentalApi("https://github.com/grpc/grpc-java/issues/8022") public static SecurityPolicy allOf(SecurityPolicy... securityPolicies) { Preconditions.checkNotNull(securityPolicies, "securityPolicies"); Preconditions.checkArgument(securityPolicies.length > 0, "securityPolicies must not be empty"); @@ -370,6 +381,7 @@ public Status checkAuthorization(int uid) { * @throws NullPointerException if any of the inputs are {@code null}. * @throws IllegalArgumentException if {@code securityPolicies} is empty. */ + @ExperimentalApi("https://github.com/grpc/grpc-java/issues/8022") public static SecurityPolicy anyOf(SecurityPolicy... securityPolicies) { Preconditions.checkNotNull(securityPolicies, "securityPolicies"); Preconditions.checkArgument(securityPolicies.length > 0, "securityPolicies must not be empty"); @@ -416,6 +428,7 @@ public Status checkAuthorization(int uid) { * @throws NullPointerException if any of the inputs are {@code null} * @throws IllegalArgumentException if {@code permissions} is empty */ + @ExperimentalApi("https://github.com/grpc/grpc-java/issues/8022") public static SecurityPolicy hasPermissions( PackageManager packageManager, ImmutableSet permissions) { Preconditions.checkNotNull(packageManager, "packageManager"); From 724cab77452da0769440269d7823d22b02c15395 Mon Sep 17 00:00:00 2001 From: cbianchi-7 Date: Thu, 3 Nov 2022 11:50:42 -0700 Subject: [PATCH 04/13] Marking enableStats() and enableTracing() as experimental. --- binder/src/main/java/io/grpc/binder/BinderServerBuilder.java | 3 +++ 1 file changed, 3 insertions(+) diff --git a/binder/src/main/java/io/grpc/binder/BinderServerBuilder.java b/binder/src/main/java/io/grpc/binder/BinderServerBuilder.java index fcf960126fc..7837d519c8b 100644 --- a/binder/src/main/java/io/grpc/binder/BinderServerBuilder.java +++ b/binder/src/main/java/io/grpc/binder/BinderServerBuilder.java @@ -25,6 +25,7 @@ import com.google.errorprone.annotations.DoNotCall; import io.grpc.CompressorRegistry; import io.grpc.DecompressorRegistry; +import io.grpc.ExperimentalApi; import io.grpc.Server; import io.grpc.ServerBuilder; import io.grpc.ServerStreamTracer; @@ -115,12 +116,14 @@ protected ServerBuilder delegate() { } /** Enable stats collection using census. */ + @ExperimentalApi("https://github.com/grpc/grpc-java/issues/8022") public BinderServerBuilder enableStats() { serverImplBuilder.setStatsEnabled(true); return this; } /** Enable tracing using census. */ + @ExperimentalApi("https://github.com/grpc/grpc-java/issues/8022") public BinderServerBuilder enableTracing() { serverImplBuilder.setTracingEnabled(true); return this; From c163f1c1a6683aae7239c658f0aeb60d765be55b Mon Sep 17 00:00:00 2001 From: cbianchi-7 Date: Fri, 4 Nov 2022 11:05:45 -0700 Subject: [PATCH 05/13] Marking the IBinder volatile, and adding experimental annotation to inboundParcelablePolicy per PR discussions. --- binder/src/main/java/io/grpc/binder/BinderServerBuilder.java | 1 + binder/src/main/java/io/grpc/binder/IBinderReceiver.java | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/binder/src/main/java/io/grpc/binder/BinderServerBuilder.java b/binder/src/main/java/io/grpc/binder/BinderServerBuilder.java index 7837d519c8b..81cc52a0217 100644 --- a/binder/src/main/java/io/grpc/binder/BinderServerBuilder.java +++ b/binder/src/main/java/io/grpc/binder/BinderServerBuilder.java @@ -158,6 +158,7 @@ public BinderServerBuilder securityPolicy(ServerSecurityPolicy securityPolicy) { } /** Sets the policy for inbound parcelable objects. */ + @ExperimentalApi("https://github.com/grpc/grpc-java/issues/8022") public BinderServerBuilder inboundParcelablePolicy( InboundParcelablePolicy inboundParcelablePolicy) { this.inboundParcelablePolicy = checkNotNull(inboundParcelablePolicy, "inboundParcelablePolicy"); diff --git a/binder/src/main/java/io/grpc/binder/IBinderReceiver.java b/binder/src/main/java/io/grpc/binder/IBinderReceiver.java index 3d40c6c2cfd..67b75a04335 100644 --- a/binder/src/main/java/io/grpc/binder/IBinderReceiver.java +++ b/binder/src/main/java/io/grpc/binder/IBinderReceiver.java @@ -21,7 +21,7 @@ /** A container for at most one instance of {@link IBinder}, useful as an "out parameter". */ public final class IBinderReceiver { - @Nullable private IBinder value; + @Nullable private volatile IBinder value; /** Constructs a new, initially empty, container. */ public IBinderReceiver() {} From 095259b927532a828db651649a51a99988b2a360 Mon Sep 17 00:00:00 2001 From: cbianchi-7 Date: Mon, 7 Nov 2022 09:21:30 -0800 Subject: [PATCH 06/13] Removing setting the compression defaults. Related to 236232634. --- .../src/main/java/io/grpc/binder/BinderServerBuilder.java | 7 ------- 1 file changed, 7 deletions(-) diff --git a/binder/src/main/java/io/grpc/binder/BinderServerBuilder.java b/binder/src/main/java/io/grpc/binder/BinderServerBuilder.java index 81cc52a0217..361e10102e7 100644 --- a/binder/src/main/java/io/grpc/binder/BinderServerBuilder.java +++ b/binder/src/main/java/io/grpc/binder/BinderServerBuilder.java @@ -23,8 +23,6 @@ import android.os.IBinder; import com.google.common.base.Supplier; import com.google.errorprone.annotations.DoNotCall; -import io.grpc.CompressorRegistry; -import io.grpc.DecompressorRegistry; import io.grpc.ExperimentalApi; import io.grpc.Server; import io.grpc.ServerBuilder; @@ -98,11 +96,6 @@ private BinderServerBuilder( return server; }); - // Disable compression by default, since there's little benefit when all communication is - // on-device, and it means sending supported-encoding headers with every call. - decompressorRegistry(DecompressorRegistry.emptyInstance()); - compressorRegistry(CompressorRegistry.newEmptyInstance()); - // Disable stats and tracing by default. serverImplBuilder.setStatsEnabled(false); serverImplBuilder.setTracingEnabled(false); From ff5e64c34e0136110e0f2d1be4025b205144169c Mon Sep 17 00:00:00 2001 From: cbianchi-7 Date: Mon, 7 Nov 2022 10:11:14 -0800 Subject: [PATCH 07/13] Removing the synchronized from the get and set due to the volatile class. --- binder/src/main/java/io/grpc/binder/IBinderReceiver.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/binder/src/main/java/io/grpc/binder/IBinderReceiver.java b/binder/src/main/java/io/grpc/binder/IBinderReceiver.java index 67b75a04335..16cc651f12b 100644 --- a/binder/src/main/java/io/grpc/binder/IBinderReceiver.java +++ b/binder/src/main/java/io/grpc/binder/IBinderReceiver.java @@ -28,11 +28,11 @@ public IBinderReceiver() {} /** Returns the contents of this container or null if it is empty. */ @Nullable - public synchronized IBinder get() { + public IBinder get() { return value; } - public synchronized void set(IBinder value) { + public void set(IBinder value) { this.value = value; } } From 7a283dd60ef62c0f684e7850b29c7ce4d09be4d4 Mon Sep 17 00:00:00 2001 From: cbianchi-7 Date: Wed, 9 Nov 2022 10:00:19 -0800 Subject: [PATCH 08/13] Final AndroidComponentAddress and removing experimental annotation from several policies. --- .../main/java/io/grpc/binder/AndroidComponentAddress.java | 6 +++++- binder/src/main/java/io/grpc/binder/SecurityPolicies.java | 6 ------ 2 files changed, 5 insertions(+), 7 deletions(-) diff --git a/binder/src/main/java/io/grpc/binder/AndroidComponentAddress.java b/binder/src/main/java/io/grpc/binder/AndroidComponentAddress.java index a94920bf9c0..8a70f28021f 100644 --- a/binder/src/main/java/io/grpc/binder/AndroidComponentAddress.java +++ b/binder/src/main/java/io/grpc/binder/AndroidComponentAddress.java @@ -40,7 +40,7 @@ * fields, namely, an action of {@link ApiConstants#ACTION_BIND}, an empty category set and null * type and data URI. */ -public class AndroidComponentAddress extends SocketAddress { // NOTE: Only temporarily non-final. +public final class AndroidComponentAddress extends SocketAddress { private static final long serialVersionUID = 0L; private final Intent bindIntent; // An "explicit" Intent. In other words, getComponent() != null. @@ -101,6 +101,10 @@ public static AndroidComponentAddress forComponent(ComponentName component) { new Intent(ApiConstants.ACTION_BIND).setComponent(component)); } + /** + * Returns the Authority which is the package name of the target app. + * See {@link android.content.ComponentName}. + */ public String getAuthority() { return getComponent().getPackageName(); } diff --git a/binder/src/main/java/io/grpc/binder/SecurityPolicies.java b/binder/src/main/java/io/grpc/binder/SecurityPolicies.java index a8946663fe2..2babd4ec7b4 100644 --- a/binder/src/main/java/io/grpc/binder/SecurityPolicies.java +++ b/binder/src/main/java/io/grpc/binder/SecurityPolicies.java @@ -185,7 +185,6 @@ public Status checkAuthorization(int uid) { * Creates {@link SecurityPolicy} which checks if the app is a device owner app. See * {@link DevicePolicyManager}. */ - @ExperimentalApi("https://github.com/grpc/grpc-java/issues/8022") public static SecurityPolicy isDeviceOwner(Context applicationContext) { DevicePolicyManager devicePolicyManager = (DevicePolicyManager) applicationContext.getSystemService(Context.DEVICE_POLICY_SERVICE); @@ -200,7 +199,6 @@ public static SecurityPolicy isDeviceOwner(Context applicationContext) { * Creates {@link SecurityPolicy} which checks if the app is a profile owner app. See * {@link DevicePolicyManager}. */ - @ExperimentalApi("https://github.com/grpc/grpc-java/issues/8022") public static SecurityPolicy isProfileOwner(Context applicationContext) { DevicePolicyManager devicePolicyManager = (DevicePolicyManager) applicationContext.getSystemService(Context.DEVICE_POLICY_SERVICE); @@ -215,7 +213,6 @@ public static SecurityPolicy isProfileOwner(Context applicationContext) { * Creates {@link SecurityPolicy} which checks if the app is a profile owner app on an * organization-owned device. See {@link DevicePolicyManager}. */ - @ExperimentalApi("https://github.com/grpc/grpc-java/issues/8022") public static SecurityPolicy isProfileOwnerOnOrganizationOwnedDevice(Context applicationContext) { DevicePolicyManager devicePolicyManager = (DevicePolicyManager) applicationContext.getSystemService(Context.DEVICE_POLICY_SERVICE); @@ -341,7 +338,6 @@ private static boolean checkPackageSignature( * @throws NullPointerException if any of the inputs are {@code null}. * @throws IllegalArgumentException if {@code securityPolicies} is empty. */ - @ExperimentalApi("https://github.com/grpc/grpc-java/issues/8022") public static SecurityPolicy allOf(SecurityPolicy... securityPolicies) { Preconditions.checkNotNull(securityPolicies, "securityPolicies"); Preconditions.checkArgument(securityPolicies.length > 0, "securityPolicies must not be empty"); @@ -381,7 +377,6 @@ public Status checkAuthorization(int uid) { * @throws NullPointerException if any of the inputs are {@code null}. * @throws IllegalArgumentException if {@code securityPolicies} is empty. */ - @ExperimentalApi("https://github.com/grpc/grpc-java/issues/8022") public static SecurityPolicy anyOf(SecurityPolicy... securityPolicies) { Preconditions.checkNotNull(securityPolicies, "securityPolicies"); Preconditions.checkArgument(securityPolicies.length > 0, "securityPolicies must not be empty"); @@ -428,7 +423,6 @@ public Status checkAuthorization(int uid) { * @throws NullPointerException if any of the inputs are {@code null} * @throws IllegalArgumentException if {@code permissions} is empty */ - @ExperimentalApi("https://github.com/grpc/grpc-java/issues/8022") public static SecurityPolicy hasPermissions( PackageManager packageManager, ImmutableSet permissions) { Preconditions.checkNotNull(packageManager, "packageManager"); From f1f3ee50a1217c126c78ea6bf1f5685fa36bda58 Mon Sep 17 00:00:00 2001 From: cbianchi-7 Date: Tue, 15 Nov 2022 17:25:28 -0800 Subject: [PATCH 09/13] Additional SecurityPolicies and BinderServerBuilder documentation. Package check in AndroidComponentAddress. BinderInternal class to expose IBinderReceiver methods. --- .../io/grpc/binder/AndroidComponentAddress.java | 1 + .../main/java/io/grpc/binder/BinderInternal.java | 16 ++++++++++++++++ .../java/io/grpc/binder/BinderServerBuilder.java | 10 +++++----- .../java/io/grpc/binder/IBinderReceiver.java | 2 +- .../java/io/grpc/binder/SecurityPolicies.java | 3 +++ 5 files changed, 26 insertions(+), 6 deletions(-) create mode 100644 binder/src/main/java/io/grpc/binder/BinderInternal.java diff --git a/binder/src/main/java/io/grpc/binder/AndroidComponentAddress.java b/binder/src/main/java/io/grpc/binder/AndroidComponentAddress.java index 8a70f28021f..fce79492f93 100644 --- a/binder/src/main/java/io/grpc/binder/AndroidComponentAddress.java +++ b/binder/src/main/java/io/grpc/binder/AndroidComponentAddress.java @@ -47,6 +47,7 @@ public final class AndroidComponentAddress extends SocketAddress { protected AndroidComponentAddress(Intent bindIntent) { checkArgument(bindIntent.getComponent() != null, "Missing required component"); + checkArgument(bindIntent.getPackage() != null, "Missing required package"); this.bindIntent = bindIntent; } diff --git a/binder/src/main/java/io/grpc/binder/BinderInternal.java b/binder/src/main/java/io/grpc/binder/BinderInternal.java new file mode 100644 index 00000000000..13c40668437 --- /dev/null +++ b/binder/src/main/java/io/grpc/binder/BinderInternal.java @@ -0,0 +1,16 @@ +package io.grpc.binder; + +import android.os.IBinder; + +/** + * Helper class to expose IBinderReceiver methods for legacy internal builders. + */ +public class BinderInternal { + + /** + * Set the receiver's {@link IBinder} using {@link IBinderReceiver#set(IBinder)}. + */ + static void setIBinder(IBinderReceiver receiver, IBinder binder) { + receiver.set(binder); + } +} diff --git a/binder/src/main/java/io/grpc/binder/BinderServerBuilder.java b/binder/src/main/java/io/grpc/binder/BinderServerBuilder.java index 361e10102e7..c741e37e96e 100644 --- a/binder/src/main/java/io/grpc/binder/BinderServerBuilder.java +++ b/binder/src/main/java/io/grpc/binder/BinderServerBuilder.java @@ -92,14 +92,11 @@ private BinderServerBuilder( streamTracerFactories, securityPolicy, inboundParcelablePolicy); - binderReceiver.set(server.getHostBinder()); + // binderReceiver.set(server.getHostBinder()); + BinderInternal.setIBinder(binderReceiver, server.getHostBinder()); return server; }); - // Disable stats and tracing by default. - serverImplBuilder.setStatsEnabled(false); - serverImplBuilder.setTracingEnabled(false); - BinderTransportSecurity.installAuthInterceptor(this); } @@ -158,6 +155,9 @@ public BinderServerBuilder inboundParcelablePolicy( return this; } + /** + * Always fails. TLS is not supported in BinderServer. + */ @Override public BinderServerBuilder useTransportSecurity(File certChain, File privateKey) { throw new UnsupportedOperationException("TLS not supported in BinderServer"); diff --git a/binder/src/main/java/io/grpc/binder/IBinderReceiver.java b/binder/src/main/java/io/grpc/binder/IBinderReceiver.java index 16cc651f12b..adf4a0d3d8e 100644 --- a/binder/src/main/java/io/grpc/binder/IBinderReceiver.java +++ b/binder/src/main/java/io/grpc/binder/IBinderReceiver.java @@ -32,7 +32,7 @@ public IBinder get() { return value; } - public void set(IBinder value) { + protected void set(IBinder value) { this.value = value; } } diff --git a/binder/src/main/java/io/grpc/binder/SecurityPolicies.java b/binder/src/main/java/io/grpc/binder/SecurityPolicies.java index 2babd4ec7b4..1260bb5c607 100644 --- a/binder/src/main/java/io/grpc/binder/SecurityPolicies.java +++ b/binder/src/main/java/io/grpc/binder/SecurityPolicies.java @@ -49,6 +49,9 @@ public final class SecurityPolicies { private SecurityPolicies() {} + /** + * Creates a default {@link SecurityPolicy}. + */ @ExperimentalApi("https://github.com/grpc/grpc-java/issues/8022") public static ServerSecurityPolicy serverInternalOnly() { return new ServerSecurityPolicy(); From e92f90c884f8b3e77806f4d8eb12fcc620b2ecf6 Mon Sep 17 00:00:00 2001 From: cbianchi-7 Date: Tue, 15 Nov 2022 17:29:24 -0800 Subject: [PATCH 10/13] Documentation for internalOnly(). --- binder/src/main/java/io/grpc/binder/SecurityPolicies.java | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/binder/src/main/java/io/grpc/binder/SecurityPolicies.java b/binder/src/main/java/io/grpc/binder/SecurityPolicies.java index 1260bb5c607..920863b6f99 100644 --- a/binder/src/main/java/io/grpc/binder/SecurityPolicies.java +++ b/binder/src/main/java/io/grpc/binder/SecurityPolicies.java @@ -49,14 +49,14 @@ public final class SecurityPolicies { private SecurityPolicies() {} - /** - * Creates a default {@link SecurityPolicy}. - */ @ExperimentalApi("https://github.com/grpc/grpc-java/issues/8022") public static ServerSecurityPolicy serverInternalOnly() { return new ServerSecurityPolicy(); } + /** + * Creates a default {@link SecurityPolicy} that checks authorization based on UID. + */ public static SecurityPolicy internalOnly() { return new SecurityPolicy() { @Override From 5313582a857c2314f42512ee9c2046f203b6d5f1 Mon Sep 17 00:00:00 2001 From: cbianchi-7 Date: Tue, 15 Nov 2022 17:39:23 -0800 Subject: [PATCH 11/13] Re-adding stats and tracing disabling by default due to discussed GMM case. --- binder/src/main/java/io/grpc/binder/BinderServerBuilder.java | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/binder/src/main/java/io/grpc/binder/BinderServerBuilder.java b/binder/src/main/java/io/grpc/binder/BinderServerBuilder.java index c741e37e96e..4d4c71b6e72 100644 --- a/binder/src/main/java/io/grpc/binder/BinderServerBuilder.java +++ b/binder/src/main/java/io/grpc/binder/BinderServerBuilder.java @@ -92,11 +92,14 @@ private BinderServerBuilder( streamTracerFactories, securityPolicy, inboundParcelablePolicy); - // binderReceiver.set(server.getHostBinder()); BinderInternal.setIBinder(binderReceiver, server.getHostBinder()); return server; }); + // Disable stats and tracing by default. + serverImplBuilder.setStatsEnabled(false); + serverImplBuilder.setTracingEnabled(false); + BinderTransportSecurity.installAuthInterceptor(this); } From 1c9806eb3ba88c8309347469c02138500c0fcec3 Mon Sep 17 00:00:00 2001 From: cbianchi-7 Date: Tue, 29 Nov 2022 09:14:20 -0800 Subject: [PATCH 12/13] Marking SecurityPolicies API as non-experimental, and resolving existing discussion. --- .../src/main/java/io/grpc/binder/AndroidComponentAddress.java | 1 - binder/src/main/java/io/grpc/binder/BinderServerBuilder.java | 2 +- binder/src/main/java/io/grpc/binder/SecurityPolicies.java | 1 - 3 files changed, 1 insertion(+), 3 deletions(-) diff --git a/binder/src/main/java/io/grpc/binder/AndroidComponentAddress.java b/binder/src/main/java/io/grpc/binder/AndroidComponentAddress.java index fce79492f93..8a70f28021f 100644 --- a/binder/src/main/java/io/grpc/binder/AndroidComponentAddress.java +++ b/binder/src/main/java/io/grpc/binder/AndroidComponentAddress.java @@ -47,7 +47,6 @@ public final class AndroidComponentAddress extends SocketAddress { protected AndroidComponentAddress(Intent bindIntent) { checkArgument(bindIntent.getComponent() != null, "Missing required component"); - checkArgument(bindIntent.getPackage() != null, "Missing required package"); this.bindIntent = bindIntent; } diff --git a/binder/src/main/java/io/grpc/binder/BinderServerBuilder.java b/binder/src/main/java/io/grpc/binder/BinderServerBuilder.java index 4d4c71b6e72..20e67d45a6b 100644 --- a/binder/src/main/java/io/grpc/binder/BinderServerBuilder.java +++ b/binder/src/main/java/io/grpc/binder/BinderServerBuilder.java @@ -99,7 +99,7 @@ private BinderServerBuilder( // Disable stats and tracing by default. serverImplBuilder.setStatsEnabled(false); serverImplBuilder.setTracingEnabled(false); - + BinderTransportSecurity.installAuthInterceptor(this); } diff --git a/binder/src/main/java/io/grpc/binder/SecurityPolicies.java b/binder/src/main/java/io/grpc/binder/SecurityPolicies.java index 920863b6f99..6af47b726f5 100644 --- a/binder/src/main/java/io/grpc/binder/SecurityPolicies.java +++ b/binder/src/main/java/io/grpc/binder/SecurityPolicies.java @@ -156,7 +156,6 @@ public Status checkAuthorization(int uid) { * @throws IllegalArgumentException if {@code requiredSignatureSha256Hashes} is empty, or if any * of the {@code requiredSignatureSha256Hashes} are not of length 32. */ - @ExperimentalApi("https://github.com/grpc/grpc-java/issues/8022") public static SecurityPolicy oneOfSignatureSha256Hash( PackageManager packageManager, String packageName, From 6630c75258f52b5add42b8a3a78df7b4dae5fdd4 Mon Sep 17 00:00:00 2001 From: Eric Anderson Date: Tue, 29 Nov 2022 09:59:55 -0800 Subject: [PATCH 13/13] Add missing copyright and `@Internal` annotation --- .../java/io/grpc/binder/BinderInternal.java | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/binder/src/main/java/io/grpc/binder/BinderInternal.java b/binder/src/main/java/io/grpc/binder/BinderInternal.java index 13c40668437..ba7d78b2888 100644 --- a/binder/src/main/java/io/grpc/binder/BinderInternal.java +++ b/binder/src/main/java/io/grpc/binder/BinderInternal.java @@ -1,10 +1,28 @@ +/* + * Copyright 2022 The gRPC Authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + package io.grpc.binder; import android.os.IBinder; +import io.grpc.Internal; /** * Helper class to expose IBinderReceiver methods for legacy internal builders. */ +@Internal public class BinderInternal { /**