binder: Add getCertificate / addTrustedPeerCerticate. (588d59c6) · Commits · e / os / android_frameworks_native-old

libs/binder/RpcTransportRaw.cpp

+3 −0

Original line number	Diff line number	Diff line
		@@ -111,7 +111,10 @@ public:
		std::unique_ptr<RpcTransport> newTransport(android::base::unique_fd fd, FdTrigger*) const {
		return std::make_unique<RpcTransportRaw>(std::move(fd));
		}
		std::string getCertificate(CertificateFormat) const override { return {}; }
		status_t addTrustedPeerCertificate(CertificateFormat, std::string_view) override { return OK; }
		};

		} // namespace

		std::unique_ptr<RpcTransportCtx> RpcTransportCtxFactoryRaw::newServerCtx() const {

libs/binder/RpcTransportTls.cpp

+12 −0

Original line number	Diff line number	Diff line
		@@ -456,12 +456,24 @@ public:
		static std::unique_ptr<RpcTransportCtxTls> create();
		std::unique_ptr<RpcTransport> newTransport(android::base::unique_fd fd,
		FdTrigger* fdTrigger) const override;
		std::string getCertificate(CertificateFormat) const override;
		status_t addTrustedPeerCertificate(CertificateFormat, std::string_view cert) override;

		protected:
		virtual void preHandshake(Ssl* ssl) const = 0;
		bssl::UniquePtr<SSL_CTX> mCtx;
		};

		std::string RpcTransportCtxTls::getCertificate(CertificateFormat) const {
		// TODO(b/195166979): return certificate here
		return {};
		}

		status_t RpcTransportCtxTls::addTrustedPeerCertificate(CertificateFormat, std::string_view) {
		// TODO(b/195166979): set certificate here
		return OK;
		}

		// Common implementation for creating server and client contexts. The child class, \|Impl\|, is
		// provided as a template argument so that this function can initialize an \|Impl\| object.
		template <typename Impl, typename>

libs/binder/include/binder/RpcTransport.h

+28 −1

Original line number	Diff line number	Diff line
		@@ -29,7 +29,13 @@ namespace android {

		class FdTrigger;

		enum class CertificateFormat {
		PEM,
		// TODO(b/195166979): support other formats, e.g. DER
		};

		// Represents a socket connection.
		// No thread-safety is guaranteed for these APIs.
		class RpcTransport {
		public:
		virtual ~RpcTransport() = default;
		@@ -53,22 +59,43 @@ protected:
		};

		// Represents the context that generates the socket connection.
		// All APIs are thread-safe. See RpcTransportCtxRaw and RpcTransportCtxTls for details.
		class RpcTransportCtx {
		public:
		virtual ~RpcTransportCtx() = default;

		// Create a new RpcTransport object.
		//
		// Implemenion details: for TLS, this function may incur I/O. \|fdTrigger\| may be used
		// Implementation details: for TLS, this function may incur I/O. \|fdTrigger\| may be used
		// to interrupt I/O. This function blocks until handshake is finished.
		[[nodiscard]] virtual std::unique_ptr<RpcTransport> newTransport(
		android::base::unique_fd fd, FdTrigger *fdTrigger) const = 0;

		// Return the preconfigured certificate of this context.
		//
		// Implementation details:
		// - For raw sockets, this always returns empty string.
		// - For TLS, this returns the certificate. See RpcTransportTls for details.
		[[nodiscard]] virtual std::string getCertificate(CertificateFormat format) const = 0;

		// Add a trusted peer certificate. Peers presenting this certificate are accepted.
		//
		// Caller must ensure that newTransport() are called after all trusted peer certificates
		// are added. Otherwise, RpcTransport-s created before may not trust peer certificates
		// added later.
		//
		// Implementation details:
		// - For raw sockets, this always returns OK.
		// - For TLS, this adds trusted peer certificate. See RpcTransportTls for details.
		[[nodiscard]] virtual status_t addTrustedPeerCertificate(CertificateFormat format,
		std::string_view cert) = 0;

		protected:
		RpcTransportCtx() = default;
		};

		// A factory class that generates RpcTransportCtx.
		// All APIs are thread-safe.
		class RpcTransportCtxFactory {
		public:
		virtual ~RpcTransportCtxFactory() = default;