Loading libs/binder/RpcServer.cpp +0 −9 Original line number Diff line number Diff line Loading @@ -144,15 +144,6 @@ std::string RpcServer::getCertificate(CertificateFormat format) { return mCtx->getCertificate(format); } status_t RpcServer::addTrustedPeerCertificate(CertificateFormat format, std::string_view cert) { std::lock_guard<std::mutex> _l(mLock); // Ensure that join thread is not running or shutdown trigger is not set up. In either case, // it means there are child threads running. It is invalid to add trusted peer certificates // after join thread and/or child threads are running to avoid race condition. if (mJoinThreadRunning || mShutdownTrigger != nullptr) return INVALID_OPERATION; return mCtx->addTrustedPeerCertificate(format, cert); } static void joinRpcServer(sp<RpcServer>&& thiz) { thiz->join(); } Loading libs/binder/RpcSession.cpp +2 −13 Original line number Diff line number Diff line Loading @@ -64,23 +64,12 @@ RpcSession::~RpcSession() { sp<RpcSession> RpcSession::make() { // Default is without TLS. return make(RpcTransportCtxFactoryRaw::make(), std::nullopt, std::nullopt); return make(RpcTransportCtxFactoryRaw::make()); } sp<RpcSession> RpcSession::make(std::unique_ptr<RpcTransportCtxFactory> rpcTransportCtxFactory, std::optional<CertificateFormat> serverCertificateFormat, std::optional<std::string> serverCertificate) { sp<RpcSession> RpcSession::make(std::unique_ptr<RpcTransportCtxFactory> rpcTransportCtxFactory) { auto ctx = rpcTransportCtxFactory->newClientCtx(); if (ctx == nullptr) return nullptr; LOG_ALWAYS_FATAL_IF(serverCertificateFormat.has_value() != serverCertificate.has_value()); if (serverCertificateFormat.has_value() && serverCertificate.has_value()) { status_t status = ctx->addTrustedPeerCertificate(*serverCertificateFormat, *serverCertificate); if (status != OK) { ALOGE("Cannot add trusted server certificate: %s", statusToString(status).c_str()); return nullptr; } } return sp<RpcSession>::make(std::move(ctx)); } Loading libs/binder/RpcTransportRaw.cpp +0 −1 Original line number Diff line number Diff line Loading @@ -112,7 +112,6 @@ public: return std::make_unique<RpcTransportRaw>(std::move(fd)); } std::string getCertificate(CertificateFormat) const override { return {}; } status_t addTrustedPeerCertificate(CertificateFormat, std::string_view) override { return OK; } }; } // namespace Loading libs/binder/RpcTransportTls.cpp +9 −16 Original line number Diff line number Diff line Loading @@ -26,6 +26,7 @@ #include "FdTrigger.h" #include "RpcState.h" #include "Utils.h" #define SHOULD_LOG_TLS_DETAIL false Loading @@ -35,14 +36,6 @@ #define LOG_TLS_DETAIL(...) ALOGV(__VA_ARGS__) // for type checking #endif #define TEST_AND_RETURN(value, expr) \ do { \ if (!(expr)) { \ ALOGE("Failed to call: %s", #expr); \ return value; \ } \ } while (0) using android::base::ErrnoError; using android::base::Error; using android::base::Result; Loading Loading @@ -457,7 +450,6 @@ public: std::unique_ptr<RpcTransport> newTransport(android::base::unique_fd fd, FdTrigger* fdTrigger) const override; std::string getCertificate(CertificateFormat) const override; status_t addTrustedPeerCertificate(CertificateFormat, std::string_view cert) override; protected: virtual void preHandshake(Ssl* ssl) const = 0; Loading @@ -469,11 +461,6 @@ std::string RpcTransportCtxTls::getCertificate(CertificateFormat) const { return {}; } status_t RpcTransportCtxTls::addTrustedPeerCertificate(CertificateFormat, std::string_view) { // TODO(b/195166979): set certificate here return OK; } // Common implementation for creating server and client contexts. The child class, |Impl|, is // provided as a template argument so that this function can initialize an |Impl| object. template <typename Impl, typename> Loading Loading @@ -544,8 +531,14 @@ const char* RpcTransportCtxFactoryTls::toCString() const { return "tls"; } std::unique_ptr<RpcTransportCtxFactory> RpcTransportCtxFactoryTls::make() { return std::unique_ptr<RpcTransportCtxFactoryTls>(new RpcTransportCtxFactoryTls()); std::unique_ptr<RpcTransportCtxFactory> RpcTransportCtxFactoryTls::make( std::shared_ptr<RpcCertificateVerifier> verifier) { if (verifier == nullptr) { ALOGE("%s: Must provide a certificate verifier", __PRETTY_FUNCTION__); return nullptr; } return std::unique_ptr<RpcTransportCtxFactoryTls>( new RpcTransportCtxFactoryTls(std::move(verifier))); } } // namespace android libs/binder/Utils.h +9 −0 Original line number Diff line number Diff line Loading @@ -19,6 +19,15 @@ #include <android-base/result.h> #include <android-base/unique_fd.h> #include <log/log.h> #define TEST_AND_RETURN(value, expr) \ do { \ if (!(expr)) { \ ALOGE("Failed to call: %s", #expr); \ return value; \ } \ } while (0) namespace android { Loading Loading
libs/binder/RpcServer.cpp +0 −9 Original line number Diff line number Diff line Loading @@ -144,15 +144,6 @@ std::string RpcServer::getCertificate(CertificateFormat format) { return mCtx->getCertificate(format); } status_t RpcServer::addTrustedPeerCertificate(CertificateFormat format, std::string_view cert) { std::lock_guard<std::mutex> _l(mLock); // Ensure that join thread is not running or shutdown trigger is not set up. In either case, // it means there are child threads running. It is invalid to add trusted peer certificates // after join thread and/or child threads are running to avoid race condition. if (mJoinThreadRunning || mShutdownTrigger != nullptr) return INVALID_OPERATION; return mCtx->addTrustedPeerCertificate(format, cert); } static void joinRpcServer(sp<RpcServer>&& thiz) { thiz->join(); } Loading
libs/binder/RpcSession.cpp +2 −13 Original line number Diff line number Diff line Loading @@ -64,23 +64,12 @@ RpcSession::~RpcSession() { sp<RpcSession> RpcSession::make() { // Default is without TLS. return make(RpcTransportCtxFactoryRaw::make(), std::nullopt, std::nullopt); return make(RpcTransportCtxFactoryRaw::make()); } sp<RpcSession> RpcSession::make(std::unique_ptr<RpcTransportCtxFactory> rpcTransportCtxFactory, std::optional<CertificateFormat> serverCertificateFormat, std::optional<std::string> serverCertificate) { sp<RpcSession> RpcSession::make(std::unique_ptr<RpcTransportCtxFactory> rpcTransportCtxFactory) { auto ctx = rpcTransportCtxFactory->newClientCtx(); if (ctx == nullptr) return nullptr; LOG_ALWAYS_FATAL_IF(serverCertificateFormat.has_value() != serverCertificate.has_value()); if (serverCertificateFormat.has_value() && serverCertificate.has_value()) { status_t status = ctx->addTrustedPeerCertificate(*serverCertificateFormat, *serverCertificate); if (status != OK) { ALOGE("Cannot add trusted server certificate: %s", statusToString(status).c_str()); return nullptr; } } return sp<RpcSession>::make(std::move(ctx)); } Loading
libs/binder/RpcTransportRaw.cpp +0 −1 Original line number Diff line number Diff line Loading @@ -112,7 +112,6 @@ public: return std::make_unique<RpcTransportRaw>(std::move(fd)); } std::string getCertificate(CertificateFormat) const override { return {}; } status_t addTrustedPeerCertificate(CertificateFormat, std::string_view) override { return OK; } }; } // namespace Loading
libs/binder/RpcTransportTls.cpp +9 −16 Original line number Diff line number Diff line Loading @@ -26,6 +26,7 @@ #include "FdTrigger.h" #include "RpcState.h" #include "Utils.h" #define SHOULD_LOG_TLS_DETAIL false Loading @@ -35,14 +36,6 @@ #define LOG_TLS_DETAIL(...) ALOGV(__VA_ARGS__) // for type checking #endif #define TEST_AND_RETURN(value, expr) \ do { \ if (!(expr)) { \ ALOGE("Failed to call: %s", #expr); \ return value; \ } \ } while (0) using android::base::ErrnoError; using android::base::Error; using android::base::Result; Loading Loading @@ -457,7 +450,6 @@ public: std::unique_ptr<RpcTransport> newTransport(android::base::unique_fd fd, FdTrigger* fdTrigger) const override; std::string getCertificate(CertificateFormat) const override; status_t addTrustedPeerCertificate(CertificateFormat, std::string_view cert) override; protected: virtual void preHandshake(Ssl* ssl) const = 0; Loading @@ -469,11 +461,6 @@ std::string RpcTransportCtxTls::getCertificate(CertificateFormat) const { return {}; } status_t RpcTransportCtxTls::addTrustedPeerCertificate(CertificateFormat, std::string_view) { // TODO(b/195166979): set certificate here return OK; } // Common implementation for creating server and client contexts. The child class, |Impl|, is // provided as a template argument so that this function can initialize an |Impl| object. template <typename Impl, typename> Loading Loading @@ -544,8 +531,14 @@ const char* RpcTransportCtxFactoryTls::toCString() const { return "tls"; } std::unique_ptr<RpcTransportCtxFactory> RpcTransportCtxFactoryTls::make() { return std::unique_ptr<RpcTransportCtxFactoryTls>(new RpcTransportCtxFactoryTls()); std::unique_ptr<RpcTransportCtxFactory> RpcTransportCtxFactoryTls::make( std::shared_ptr<RpcCertificateVerifier> verifier) { if (verifier == nullptr) { ALOGE("%s: Must provide a certificate verifier", __PRETTY_FUNCTION__); return nullptr; } return std::unique_ptr<RpcTransportCtxFactoryTls>( new RpcTransportCtxFactoryTls(std::move(verifier))); } } // namespace android
libs/binder/Utils.h +9 −0 Original line number Diff line number Diff line Loading @@ -19,6 +19,15 @@ #include <android-base/result.h> #include <android-base/unique_fd.h> #include <log/log.h> #define TEST_AND_RETURN(value, expr) \ do { \ if (!(expr)) { \ ALOGE("Failed to call: %s", #expr); \ return value; \ } \ } while (0) namespace android { Loading
