GRPC C++  1.66.0
binder_security_policy.h
Go to the documentation of this file.
1 // Copyright 2021 gRPC authors.
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 
15 #ifndef GRPCPP_SECURITY_BINDER_SECURITY_POLICY_H
16 #define GRPCPP_SECURITY_BINDER_SECURITY_POLICY_H
17 
18 #include <memory>
19 
20 #ifdef GPR_ANDROID
21 
22 #include <jni.h>
23 
24 #endif
25 
26 namespace grpc {
27 namespace experimental {
28 namespace binder {
29 
30 // EXPERIMENTAL Determinines if a connection is allowed to be
31 // established on Android. See https://source.android.com/security/app-sandbox
32 // for more info about UID.
33 class SecurityPolicy {
34  public:
35  virtual ~SecurityPolicy() = default;
36  // Returns true if the UID is authorized to connect.
37  // Must return the same value for the same inputs so callers can safely cache
38  // the result.
39  virtual bool IsAuthorized(int uid) = 0;
40 };
41 
42 // EXPERIMENTAL Allows all connection. Anything on the Android device will be
43 // able to connect, use with caution!
44 class UntrustedSecurityPolicy : public SecurityPolicy {
45  public:
46  UntrustedSecurityPolicy();
47  ~UntrustedSecurityPolicy() override;
48  bool IsAuthorized(int uid) override;
49 };
50 
51 // EXPERIMENTAL Only allows the connections from processes with the same UID. In
52 // most cases this means "from the same APK".
53 class InternalOnlySecurityPolicy : public SecurityPolicy {
54  public:
55  InternalOnlySecurityPolicy();
56  ~InternalOnlySecurityPolicy() override;
57  bool IsAuthorized(int uid) override;
58 };
59 
60 #ifdef GPR_ANDROID
61 
62 // EXPERIMENTAL Only allows the connections from the APK that have the same
63 // signature.
64 class SameSignatureSecurityPolicy : public SecurityPolicy {
65  public:
66  // `context` is required for getting PackageManager Java class
67  SameSignatureSecurityPolicy(JavaVM* jvm, jobject context);
68  ~SameSignatureSecurityPolicy() override;
69  bool IsAuthorized(int uid) override;
70 
71  private:
72  JavaVM* jvm_;
73  jobject context_;
74 };
75 
76 #endif
77 
78 } // namespace binder
79 } // namespace experimental
80 } // namespace grpc
81 
82 #endif // GRPCPP_SECURITY_BINDER_SECURITY_POLICY_H
grpc
An Alarm posts the user-provided tag to its associated completion queue or invokes the user-provided ...
Definition: alarm.h:33
grpc::experimental::binder::UntrustedSecurityPolicy::UntrustedSecurityPolicy
UntrustedSecurityPolicy()
grpc::experimental::binder::SecurityPolicy::IsAuthorized
virtual bool IsAuthorized(int uid)=0
grpc::experimental::binder::InternalOnlySecurityPolicy
Definition: binder_security_policy.h:53
grpc::experimental::binder::InternalOnlySecurityPolicy::InternalOnlySecurityPolicy
InternalOnlySecurityPolicy()
grpc::experimental::binder::UntrustedSecurityPolicy::~UntrustedSecurityPolicy
~UntrustedSecurityPolicy() override
grpc::experimental::binder::InternalOnlySecurityPolicy::~InternalOnlySecurityPolicy
~InternalOnlySecurityPolicy() override
grpc::experimental::binder::UntrustedSecurityPolicy::IsAuthorized
bool IsAuthorized(int uid) override
grpc::experimental::binder::SecurityPolicy::~SecurityPolicy
virtual ~SecurityPolicy()=default
grpc::experimental::binder::UntrustedSecurityPolicy
Definition: binder_security_policy.h:44
grpc::experimental::binder::SecurityPolicy
Definition: binder_security_policy.h:33
grpc::experimental::binder::InternalOnlySecurityPolicy::IsAuthorized
bool IsAuthorized(int uid) override
Generated on Thu Aug 22 2024 20:29:48 for GRPC C++ by   doxygen 1.8.17