binder: RpcServer / RpcSession add API for certs.

using base::ScopeGuard;

using base::unique_fd;

RpcServer::RpcServer(std::unique_ptr<RpcTransportCtxFactory> rpcTransportCtxFactory)

      : mRpcTransportCtxFactory(std::move(rpcTransportCtxFactory)) {}

RpcServer::RpcServer(std::unique_ptr<RpcTransportCtx> ctx) : mCtx(std::move(ctx)) {}

RpcServer::~RpcServer() {

    (void)shutdown();

}

    // Default is without TLS.

    if (rpcTransportCtxFactory == nullptr)

        rpcTransportCtxFactory = RpcTransportCtxFactoryRaw::make();

    return sp<RpcServer>::make(std::move(rpcTransportCtxFactory));

    auto ctx = rpcTransportCtxFactory->newServerCtx();

    if (ctx == nullptr) return nullptr;

    return sp<RpcServer>::make(std::move(ctx));

}

void RpcServer::iUnderstandThisCodeIsExperimentalAndIWillNotUseItInProduction() {

    return ret;

}

std::string RpcServer::getCertificate(CertificateFormat format) {

    std::lock_guard<std::mutex> _l(mLock);

    return mCtx->getCertificate(format);

}

status_t RpcServer::addTrustedPeerCertificate(CertificateFormat format, std::string_view cert) {

    std::lock_guard<std::mutex> _l(mLock);

    // Ensure that join thread is not running or shutdown trigger is not set up. In either case,

    // it means there are child threads running. It is invalid to add trusted peer certificates

    // after join thread and/or child threads are running to avoid race condition.

    if (mJoinThreadRunning || mShutdownTrigger != nullptr) return INVALID_OPERATION;

    return mCtx->addTrustedPeerCertificate(format, cert);

}

static void joinRpcServer(sp<RpcServer>&& thiz) {

    thiz->join();

}

        mJoinThreadRunning = true;

        mShutdownTrigger = FdTrigger::make();

        LOG_ALWAYS_FATAL_IF(mShutdownTrigger == nullptr, "Cannot create join signaler");

        mCtx = mRpcTransportCtxFactory->newServerCtx();

        LOG_ALWAYS_FATAL_IF(mCtx == nullptr, "Unable to create RpcTransportCtx with %s sockets",

                            mRpcTransportCtxFactory->toCString());

    }

    status_t status;

    LOG_RPC_DETAIL("Finished waiting on shutdown.");

    mShutdownTrigger = nullptr;

    mCtx = nullptr;

    return true;

}

using base::unique_fd;

RpcSession::RpcSession(std::unique_ptr<RpcTransportCtxFactory> rpcTransportCtxFactory)

      : mRpcTransportCtxFactory(std::move(rpcTransportCtxFactory)) {

RpcSession::RpcSession(std::unique_ptr<RpcTransportCtx> ctx) : mCtx(std::move(ctx)) {

    LOG_RPC_DETAIL("RpcSession created %p", this);

    mState = std::make_unique<RpcState>();

                        "Should not be able to destroy a session with servers in use.");

}

sp<RpcSession> RpcSession::make(std::unique_ptr<RpcTransportCtxFactory> rpcTransportCtxFactory) {

sp<RpcSession> RpcSession::make() {

    // Default is without TLS.

    if (rpcTransportCtxFactory == nullptr)

        rpcTransportCtxFactory = RpcTransportCtxFactoryRaw::make();

    return sp<RpcSession>::make(std::move(rpcTransportCtxFactory));

    return make(RpcTransportCtxFactoryRaw::make(), std::nullopt, std::nullopt);

}

sp<RpcSession> RpcSession::make(std::unique_ptr<RpcTransportCtxFactory> rpcTransportCtxFactory,

                                std::optional<CertificateFormat> serverCertificateFormat,

                                std::optional<std::string> serverCertificate) {

    auto ctx = rpcTransportCtxFactory->newClientCtx();

    if (ctx == nullptr) return nullptr;

    LOG_ALWAYS_FATAL_IF(serverCertificateFormat.has_value() != serverCertificate.has_value());

    if (serverCertificateFormat.has_value() && serverCertificate.has_value()) {

        status_t status =

                ctx->addTrustedPeerCertificate(*serverCertificateFormat, *serverCertificate);

        if (status != OK) {

            ALOGE("Cannot add trusted server certificate: %s", statusToString(status).c_str());

            return nullptr;

        }

    }

    return sp<RpcSession>::make(std::move(ctx));

}

void RpcSession::setMaxThreads(size_t threads) {

        return -savedErrno;

    }

    auto ctx = mRpcTransportCtxFactory->newClientCtx();

    if (ctx == nullptr) {

        ALOGE("Unable to create RpcTransportCtx for null debugging client");

        return NO_MEMORY;

    }

    auto server = ctx->newTransport(std::move(serverFd), mShutdownTrigger.get());

    auto server = mCtx->newTransport(std::move(serverFd), mShutdownTrigger.get());

    if (server == nullptr) {

        ALOGE("Unable to set up RpcTransport");

        return UNKNOWN_ERROR;

status_t RpcSession::initAndAddConnection(unique_fd fd, const RpcAddress& sessionId,

                                          bool incoming) {

    LOG_ALWAYS_FATAL_IF(mShutdownTrigger == nullptr);

    auto ctx = mRpcTransportCtxFactory->newClientCtx();

    if (ctx == nullptr) {

        ALOGE("Unable to create client RpcTransportCtx with %s sockets",

              mRpcTransportCtxFactory->toCString());

        return NO_MEMORY;

    }

    auto server = ctx->newTransport(std::move(fd), mShutdownTrigger.get());

    auto server = mCtx->newTransport(std::move(fd), mShutdownTrigger.get());

    if (server == nullptr) {

        ALOGE("Unable to set up RpcTransport in %s context", mRpcTransportCtxFactory->toCString());

        ALOGE("%s: Unable to set up RpcTransport", __PRETTY_FUNCTION__);

        return UNKNOWN_ERROR;

    }

    return false;

}

std::string RpcSession::getCertificate(CertificateFormat format) {

    return mCtx->getCertificate(format);

}

status_t RpcSession::ExclusiveConnection::find(const sp<RpcSession>& session, ConnectionUse use,

                                               ExclusiveConnection* connection) {

    connection->mSession = session;

    void setRootObjectWeak(const wp<IBinder>& binder);

    sp<IBinder> getRootObject();

    /**

     * See RpcTransportCtx::getCertificate

     */

    std::string getCertificate(CertificateFormat);

    /**

     * See RpcTransportCtx::addTrustedPeerCertificate.

     * Thread-safe. This is only possible before the server is join()-ing.

     */

    status_t addTrustedPeerCertificate(CertificateFormat, std::string_view cert);

    /**

     * Runs join() in a background thread. Immediately returns.

     */

private:

    friend sp<RpcServer>;

    explicit RpcServer(std::unique_ptr<RpcTransportCtxFactory> rpcTransportCtxFactory);

    explicit RpcServer(std::unique_ptr<RpcTransportCtx> ctx);

    void onSessionAllIncomingThreadsEnded(const sp<RpcSession>& session) override;

    void onSessionIncomingThreadEnded() override;

    static void establishConnection(sp<RpcServer>&& server, base::unique_fd clientFd);

    status_t setupSocketServer(const RpcSocketAddress& address);

    const std::unique_ptr<RpcTransportCtxFactory> mRpcTransportCtxFactory;

    const std::unique_ptr<RpcTransportCtx> mCtx;

    bool mAgreedExperimental = false;

    size_t mMaxThreads = 1;

    std::optional<uint32_t> mProtocolVersion;

    std::map<RpcAddress, sp<RpcSession>> mSessions;

    std::unique_ptr<FdTrigger> mShutdownTrigger;

    std::condition_variable mShutdownCv;

    std::unique_ptr<RpcTransportCtx> mCtx;

};

} // namespace android

 */

class RpcSession final : public virtual RefBase {

public:

    static sp<RpcSession> make(

            std::unique_ptr<RpcTransportCtxFactory> rpcTransportCtxFactory = nullptr);

    // Create an RpcSession with default configuration (raw sockets).

    static sp<RpcSession> make();

    // Create an RpcSession with the given configuration. |serverCertificateFormat| and

    // |serverCertificate| must have values or be nullopt simultaneously. If they have values, set

    // server certificate.

    static sp<RpcSession> make(std::unique_ptr<RpcTransportCtxFactory> rpcTransportCtxFactory,

                               std::optional<CertificateFormat> serverCertificateFormat,

                               std::optional<std::string> serverCertificate);

    /**

     * Set the maximum number of threads allowed to be made (for things like callbacks).

     */

    status_t getRemoteMaxThreads(size_t* maxThreads);

    /**

     * See RpcTransportCtx::getCertificate

     */

    std::string getCertificate(CertificateFormat);

    /**

     * Shuts down the service.

     *

    friend sp<RpcSession>;

    friend RpcServer;

    friend RpcState;

    explicit RpcSession(std::unique_ptr<RpcTransportCtxFactory> rpcTransportCtxFactory);

    explicit RpcSession(std::unique_ptr<RpcTransportCtx> ctx);

    class EventListener : public virtual RefBase {

    public:

        bool mReentrant = false;

    };

    const std::unique_ptr<RpcTransportCtxFactory> mRpcTransportCtxFactory;

    const std::unique_ptr<RpcTransportCtx> mCtx;

    // On the other side of a session, for each of mOutgoingConnections here, there should

    // be one of mIncomingConnections on the other side (and vice versa).

        status_t status;

        for (size_t i = 0; i < options.numSessions; i++) {

            sp<RpcSession> session = RpcSession::make(newFactory(rpcSecurity));

            sp<RpcSession> session =

                    RpcSession::make(newFactory(rpcSecurity), std::nullopt, std::nullopt);

            session->setMaxThreads(options.numIncomingConnections);

            switch (socketType) {

    }

    server->start();

    sp<RpcSession> session = RpcSession::make(RpcTransportCtxFactoryRaw::make());

    sp<RpcSession> session =

            RpcSession::make(RpcTransportCtxFactoryRaw::make(), std::nullopt, std::nullopt);

    status_t status = session->setupVsockClient(VMADDR_CID_LOCAL, vsockPort);

    while (!server->shutdown()) usleep(10000);

    ALOGE("Detected vsock loopback supported: %s", statusToString(status).c_str());