xref: /aosp_15_r20/external/grpc-grpc/include/grpcpp/security/binder_security_policy.h (revision cc02d7e222339f7a4f6ba5f422e6413f4bd931f2) 
1 // Copyright 2021 gRPC authors.
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 //     http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 
15 #ifndef GRPCPP_SECURITY_BINDER_SECURITY_POLICY_H
16 #define GRPCPP_SECURITY_BINDER_SECURITY_POLICY_H
17 
18 #include <memory>
19 
20 #ifdef GPR_ANDROID
21 
22 #include <jni.h>
23 
24 #endif
25 
26 namespace grpc {
27 namespace experimental {
28 namespace binder {
29 
30 // EXPERIMENTAL Determinines if a connection is allowed to be
31 // established on Android. See https://source.android.com/security/app-sandbox
32 // for more info about UID.
33 class SecurityPolicy {
34  public:
35   virtual ~SecurityPolicy() = default;
36   // Returns true if the UID is authorized to connect.
37   // Must return the same value for the same inputs so callers can safely cache
38   // the result.
39   virtual bool IsAuthorized(int uid) = 0;
40 };
41 
42 // EXPERIMENTAL Allows all connection. Anything on the Android device will be
43 // able to connect, use with caution!
44 class UntrustedSecurityPolicy : public SecurityPolicy {
45  public:
46   UntrustedSecurityPolicy();
47   ~UntrustedSecurityPolicy() override;
48   bool IsAuthorized(int uid) override;
49 };
50 
51 // EXPERIMENTAL Only allows the connections from processes with the same UID. In
52 // most cases this means "from the same APK".
53 class InternalOnlySecurityPolicy : public SecurityPolicy {
54  public:
55   InternalOnlySecurityPolicy();
56   ~InternalOnlySecurityPolicy() override;
57   bool IsAuthorized(int uid) override;
58 };
59 
60 #ifdef GPR_ANDROID
61 
62 // EXPERIMENTAL Only allows the connections from the APK that have the same
63 // signature.
64 class SameSignatureSecurityPolicy : public SecurityPolicy {
65  public:
66   // `context` is required for getting PackageManager Java class
67   SameSignatureSecurityPolicy(JavaVM* jvm, jobject context);
68   ~SameSignatureSecurityPolicy() override;
69   bool IsAuthorized(int uid) override;
70 
71  private:
72   JavaVM* jvm_;
73   jobject context_;
74 };
75 
76 #endif
77 
78 }  // namespace binder
79 }  // namespace experimental
80 }  // namespace grpc
81 
82 #endif  // GRPCPP_SECURITY_BINDER_SECURITY_POLICY_H
83