Merge "binder_rpc_session: wait longer to shutdown"
diff --git a/cmds/cmd/cmd.cpp b/cmds/cmd/cmd.cpp
index be2c702..8f1c01a 100644
--- a/cmds/cmd/cmd.cpp
+++ b/cmds/cmd/cmd.cpp
@@ -52,7 +52,7 @@
}
struct SecurityContext_Delete {
- void operator()(security_context_t p) const {
+ void operator()(char* p) const {
freecon(p);
}
};
@@ -108,7 +108,7 @@
}
if (is_selinux_enabled() && seLinuxContext.size() > 0) {
String8 seLinuxContext8(seLinuxContext);
- security_context_t tmp = nullptr;
+ char* tmp = nullptr;
getfilecon(fullPath.string(), &tmp);
Unique_SecurityContext context(tmp);
if (checkWrite) {
diff --git a/libs/binder/Android.bp b/libs/binder/Android.bp
index 9bca1f3..6cb45ca 100644
--- a/libs/binder/Android.bp
+++ b/libs/binder/Android.bp
@@ -256,13 +256,16 @@
export_header_lib_headers: [
"libbinder_headers",
],
+ export_shared_lib_headers: [
+ "libssl",
+ ],
export_include_dirs: ["include_tls"],
static_libs: [
"libbase",
],
srcs: [
"RpcTransportTls.cpp",
- "RpcCertificateUtils.cpp",
+ "RpcTlsUtils.cpp",
],
}
diff --git a/libs/binder/FdTrigger.cpp b/libs/binder/FdTrigger.cpp
index ecf13dc..49f83ff 100644
--- a/libs/binder/FdTrigger.cpp
+++ b/libs/binder/FdTrigger.cpp
@@ -53,7 +53,7 @@
continue;
}
if (pfd[1].revents & POLLHUP) {
- return -ECANCELED;
+ return DEAD_OBJECT;
}
return pfd[0].revents & event ? OK : DEAD_OBJECT;
}
diff --git a/libs/binder/RpcState.cpp b/libs/binder/RpcState.cpp
index 11a083a..dcba837 100644
--- a/libs/binder/RpcState.cpp
+++ b/libs/binder/RpcState.cpp
@@ -323,6 +323,7 @@
status != OK) {
LOG_RPC_DETAIL("Failed to read %s (%zu bytes) on RpcTransport %p, error: %s", what, size,
connection->rpcTransport.get(), statusToString(status).c_str());
+ (void)session->shutdownAndWait(false);
return status;
}
@@ -531,8 +532,8 @@
const sp<RpcSession>& session, Parcel* reply) {
RpcWireHeader command;
while (true) {
- if (status_t status =
- rpcRec(connection, session, "command header", &command, sizeof(command));
+ if (status_t status = rpcRec(connection, session, "command header (for reply)", &command,
+ sizeof(command));
status != OK)
return status;
@@ -601,7 +602,8 @@
LOG_RPC_DETAIL("getAndExecuteCommand on RpcTransport %p", connection->rpcTransport.get());
RpcWireHeader command;
- if (status_t status = rpcRec(connection, session, "command header", &command, sizeof(command));
+ if (status_t status = rpcRec(connection, session, "command header (for server)", &command,
+ sizeof(command));
status != OK)
return status;
diff --git a/libs/binder/RpcCertificateUtils.cpp b/libs/binder/RpcTlsUtils.cpp
similarity index 96%
rename from libs/binder/RpcCertificateUtils.cpp
rename to libs/binder/RpcTlsUtils.cpp
index d91736c..483cc7c 100644
--- a/libs/binder/RpcCertificateUtils.cpp
+++ b/libs/binder/RpcTlsUtils.cpp
@@ -14,10 +14,10 @@
* limitations under the License.
*/
-#define LOG_TAG "RpcCertificateUtils"
+#define LOG_TAG "RpcTlsUtils"
#include <log/log.h>
-#include <binder/RpcCertificateUtils.h>
+#include <binder/RpcTlsUtils.h>
#include "Utils.h"
diff --git a/libs/binder/RpcTransportTls.cpp b/libs/binder/RpcTransportTls.cpp
index 23088ad..f8cd71d 100644
--- a/libs/binder/RpcTransportTls.cpp
+++ b/libs/binder/RpcTransportTls.cpp
@@ -22,7 +22,7 @@
#include <openssl/bn.h>
#include <openssl/ssl.h>
-#include <binder/RpcCertificateUtils.h>
+#include <binder/RpcTlsUtils.h>
#include <binder/RpcTransportTls.h>
#include "FdTrigger.h"
@@ -44,8 +44,6 @@
namespace android {
namespace {
-constexpr const int kCertValidDays = 30;
-
// Implement BIO for socket that ignores SIGPIPE.
int socketNew(BIO* bio) {
BIO_set_data(bio, reinterpret_cast<void*>(-1));
@@ -100,49 +98,6 @@
return ret;
}
-bssl::UniquePtr<EVP_PKEY> makeKeyPairForSelfSignedCert() {
- bssl::UniquePtr<EC_KEY> ec_key(EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
- if (ec_key == nullptr || !EC_KEY_generate_key(ec_key.get())) {
- ALOGE("Failed to generate key pair.");
- return nullptr;
- }
- bssl::UniquePtr<EVP_PKEY> evp_pkey(EVP_PKEY_new());
- // Use set1 instead of assign to avoid leaking ec_key when assign fails. set1 increments
- // the refcount of the ec_key, so it is okay to release it at the end of this function.
- if (evp_pkey == nullptr || !EVP_PKEY_set1_EC_KEY(evp_pkey.get(), ec_key.get())) {
- ALOGE("Failed to assign key pair.");
- return nullptr;
- }
- return evp_pkey;
-}
-
-bssl::UniquePtr<X509> makeSelfSignedCert(EVP_PKEY* evp_pkey, const int valid_days) {
- bssl::UniquePtr<X509> x509(X509_new());
- bssl::UniquePtr<BIGNUM> serial(BN_new());
- bssl::UniquePtr<BIGNUM> serialLimit(BN_new());
- TEST_AND_RETURN(nullptr, BN_lshift(serialLimit.get(), BN_value_one(), 128));
- TEST_AND_RETURN(nullptr, BN_rand_range(serial.get(), serialLimit.get()));
- TEST_AND_RETURN(nullptr, BN_to_ASN1_INTEGER(serial.get(), X509_get_serialNumber(x509.get())));
- TEST_AND_RETURN(nullptr, X509_gmtime_adj(X509_getm_notBefore(x509.get()), 0));
- TEST_AND_RETURN(nullptr,
- X509_gmtime_adj(X509_getm_notAfter(x509.get()), 60 * 60 * 24 * valid_days));
-
- X509_NAME* subject = X509_get_subject_name(x509.get());
- TEST_AND_RETURN(nullptr,
- X509_NAME_add_entry_by_txt(subject, "O", MBSTRING_ASC,
- reinterpret_cast<const uint8_t*>("Android"), -1, -1,
- 0));
- TEST_AND_RETURN(nullptr,
- X509_NAME_add_entry_by_txt(subject, "CN", MBSTRING_ASC,
- reinterpret_cast<const uint8_t*>("BinderRPC"), -1,
- -1, 0));
- TEST_AND_RETURN(nullptr, X509_set_issuer_name(x509.get(), subject));
-
- TEST_AND_RETURN(nullptr, X509_set_pubkey(x509.get(), evp_pkey));
- TEST_AND_RETURN(nullptr, X509_sign(x509.get(), evp_pkey, EVP_sha256()));
- return x509;
-}
-
[[maybe_unused]] void sslDebugLog(const SSL* ssl, int type, int value) {
switch (type) {
case SSL_CB_HANDSHAKE_START:
@@ -241,7 +196,7 @@
status_t handlePoll(int event, android::base::borrowed_fd fd, FdTrigger* fdTrigger,
const char* fnString) {
status_t ret = fdTrigger->triggerablePoll(fd, event);
- if (ret != OK && ret != DEAD_OBJECT && ret != -ECANCELED) {
+ if (ret != OK && ret != DEAD_OBJECT) {
ALOGE("triggerablePoll error while poll()-ing after %s(): %s", fnString,
statusToString(ret).c_str());
}
@@ -348,7 +303,7 @@
// Before doing any I/O, check trigger once. This ensures the trigger is checked at least
// once. The trigger is also checked via triggerablePoll() after every SSL_write().
- if (fdTrigger->isTriggered()) return -ECANCELED;
+ if (fdTrigger->isTriggered()) return DEAD_OBJECT;
while (buffer < end) {
size_t todo = std::min<size_t>(end - buffer, std::numeric_limits<int>::max());
@@ -379,7 +334,7 @@
// Before doing any I/O, check trigger once. This ensures the trigger is checked at least
// once. The trigger is also checked via triggerablePoll() after every SSL_write().
- if (fdTrigger->isTriggered()) return -ECANCELED;
+ if (fdTrigger->isTriggered()) return DEAD_OBJECT;
while (buffer < end) {
size_t todo = std::min<size_t>(end - buffer, std::numeric_limits<int>::max());
@@ -437,7 +392,7 @@
template <typename Impl,
typename = std::enable_if_t<std::is_base_of_v<RpcTransportCtxTls, Impl>>>
static std::unique_ptr<RpcTransportCtxTls> create(
- std::shared_ptr<RpcCertificateVerifier> verifier);
+ std::shared_ptr<RpcCertificateVerifier> verifier, RpcAuth* auth);
std::unique_ptr<RpcTransport> newTransport(android::base::unique_fd fd,
FdTrigger* fdTrigger) const override;
std::vector<uint8_t> getCertificate(RpcCertificateFormat) const override;
@@ -460,17 +415,13 @@
LOG_ALWAYS_FATAL_IF(outAlert == nullptr);
const char* logPrefix = SSL_is_server(ssl) ? "Server" : "Client";
- bssl::UniquePtr<X509> peerCert(SSL_get_peer_certificate(ssl)); // Does not set error queue
- LOG_ALWAYS_FATAL_IF(peerCert == nullptr,
- "%s: libssl should not ask to verify non-existing cert", logPrefix);
-
auto ctx = SSL_get_SSL_CTX(ssl); // Does not set error queue
LOG_ALWAYS_FATAL_IF(ctx == nullptr);
// void* -> RpcTransportCtxTls*
auto rpcTransportCtxTls = reinterpret_cast<RpcTransportCtxTls*>(SSL_CTX_get_app_data(ctx));
LOG_ALWAYS_FATAL_IF(rpcTransportCtxTls == nullptr);
- status_t verifyStatus = rpcTransportCtxTls->mCertVerifier->verify(peerCert.get(), outAlert);
+ status_t verifyStatus = rpcTransportCtxTls->mCertVerifier->verify(ssl, outAlert);
if (verifyStatus == OK) {
return ssl_verify_ok;
}
@@ -483,16 +434,15 @@
// provided as a template argument so that this function can initialize an |Impl| object.
template <typename Impl, typename>
std::unique_ptr<RpcTransportCtxTls> RpcTransportCtxTls::create(
- std::shared_ptr<RpcCertificateVerifier> verifier) {
+ std::shared_ptr<RpcCertificateVerifier> verifier, RpcAuth* auth) {
bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
TEST_AND_RETURN(nullptr, ctx != nullptr);
- auto evp_pkey = makeKeyPairForSelfSignedCert();
- TEST_AND_RETURN(nullptr, evp_pkey != nullptr);
- auto cert = makeSelfSignedCert(evp_pkey.get(), kCertValidDays);
- TEST_AND_RETURN(nullptr, cert != nullptr);
- TEST_AND_RETURN(nullptr, SSL_CTX_use_PrivateKey(ctx.get(), evp_pkey.get()));
- TEST_AND_RETURN(nullptr, SSL_CTX_use_certificate(ctx.get(), cert.get()));
+ if (status_t authStatus = auth->configure(ctx.get()); authStatus != OK) {
+ ALOGE("%s: Failed to configure auth info: %s", __PRETTY_FUNCTION__,
+ statusToString(authStatus).c_str());
+ return nullptr;
+ };
// Enable two-way authentication by setting SSL_VERIFY_FAIL_IF_NO_PEER_CERT on server.
// Client ignores SSL_VERIFY_FAIL_IF_NO_PEER_CERT flag.
@@ -542,11 +492,13 @@
} // namespace
std::unique_ptr<RpcTransportCtx> RpcTransportCtxFactoryTls::newServerCtx() const {
- return android::RpcTransportCtxTls::create<RpcTransportCtxTlsServer>(mCertVerifier);
+ return android::RpcTransportCtxTls::create<RpcTransportCtxTlsServer>(mCertVerifier,
+ mAuth.get());
}
std::unique_ptr<RpcTransportCtx> RpcTransportCtxFactoryTls::newClientCtx() const {
- return android::RpcTransportCtxTls::create<RpcTransportCtxTlsClient>(mCertVerifier);
+ return android::RpcTransportCtxTls::create<RpcTransportCtxTlsClient>(mCertVerifier,
+ mAuth.get());
}
const char* RpcTransportCtxFactoryTls::toCString() const {
@@ -554,13 +506,17 @@
}
std::unique_ptr<RpcTransportCtxFactory> RpcTransportCtxFactoryTls::make(
- std::shared_ptr<RpcCertificateVerifier> verifier) {
+ std::shared_ptr<RpcCertificateVerifier> verifier, std::unique_ptr<RpcAuth> auth) {
if (verifier == nullptr) {
ALOGE("%s: Must provide a certificate verifier", __PRETTY_FUNCTION__);
return nullptr;
}
+ if (auth == nullptr) {
+ ALOGE("%s: Must provide an auth provider", __PRETTY_FUNCTION__);
+ return nullptr;
+ }
return std::unique_ptr<RpcTransportCtxFactoryTls>(
- new RpcTransportCtxFactoryTls(std::move(verifier)));
+ new RpcTransportCtxFactoryTls(std::move(verifier), std::move(auth)));
}
} // namespace android
diff --git a/libs/binder/include_tls/binder/RpcAuth.h b/libs/binder/include_tls/binder/RpcAuth.h
new file mode 100644
index 0000000..4c2f296
--- /dev/null
+++ b/libs/binder/include_tls/binder/RpcAuth.h
@@ -0,0 +1,46 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#pragma once
+
+#include <openssl/ssl.h>
+#include <utils/Errors.h>
+
+namespace android {
+
+// An interface with a function that configures the SSL_CTX object with authentication information,
+// including certificates and private keys.
+class RpcAuth {
+public:
+ virtual ~RpcAuth() = default;
+
+ // The keys and certificates to provide is up to the implementation. Multiple calls to
+ // |configure()| may configure |ctx| with the same keys / certificates, or generate a
+ // different key / certificate every time |configure()| is called.
+ //
+ // It is guaranteed that, when a context object (RpcTransportCtx) is created,
+ // libbinder_tls calls |configure()| on server RpcAuth exactly once.
+ //
+ // The implementation may use the following function to set the private
+ // keys and certificates:
+ // - SSL_CTX_use_PrivateKey
+ // - SSL_CTX_use_certificate
+ // - SSL_CTX_set*_chain
+ // - SSL_CTX_add0_chain_cert
+ virtual status_t configure(SSL_CTX* ctx) = 0;
+};
+
+} // namespace android
diff --git a/libs/binder/include/binder/RpcCertificateVerifier.h b/libs/binder/include_tls/binder/RpcCertificateVerifier.h
similarity index 64%
rename from libs/binder/include/binder/RpcCertificateVerifier.h
rename to libs/binder/include_tls/binder/RpcCertificateVerifier.h
index 97af31c..800e375 100644
--- a/libs/binder/include/binder/RpcCertificateVerifier.h
+++ b/libs/binder/include_tls/binder/RpcCertificateVerifier.h
@@ -26,7 +26,18 @@
class RpcCertificateVerifier {
public:
virtual ~RpcCertificateVerifier() = default;
- virtual status_t verify(const X509* peerCert, uint8_t* outAlert) = 0;
+
+ // The implementation may use the following function to get
+ // the peer certificate and chain:
+ // - SSL_get_peer_certificate
+ // - SSL_get_peer_cert_chain
+ // - SSL_get_peer_full_cert_chain
+ //
+ // The implementation should return OK on success or error codes on error. For example:
+ // - PERMISSION_DENIED for rejected certificates
+ // - NO_INIT for not presenting a certificate when requested
+ // - UNKNOWN_ERROR for other errors
+ virtual status_t verify(const SSL* ssl, uint8_t* outAlert) = 0;
};
} // namespace android
diff --git a/libs/binder/include_tls/binder/RpcCertificateUtils.h b/libs/binder/include_tls/binder/RpcTlsUtils.h
similarity index 100%
rename from libs/binder/include_tls/binder/RpcCertificateUtils.h
rename to libs/binder/include_tls/binder/RpcTlsUtils.h
diff --git a/libs/binder/include_tls/binder/RpcTransportTls.h b/libs/binder/include_tls/binder/RpcTransportTls.h
index f26a3e9..8a11125 100644
--- a/libs/binder/include_tls/binder/RpcTransportTls.h
+++ b/libs/binder/include_tls/binder/RpcTransportTls.h
@@ -18,6 +18,7 @@
#pragma once
+#include <binder/RpcAuth.h>
#include <binder/RpcCertificateVerifier.h>
#include <binder/RpcTransport.h>
@@ -26,17 +27,20 @@
// RpcTransportCtxFactory with TLS enabled with self-signed certificate.
class RpcTransportCtxFactoryTls : public RpcTransportCtxFactory {
public:
- static std::unique_ptr<RpcTransportCtxFactory> make(std::shared_ptr<RpcCertificateVerifier>);
+ static std::unique_ptr<RpcTransportCtxFactory> make(std::shared_ptr<RpcCertificateVerifier>,
+ std::unique_ptr<RpcAuth>);
std::unique_ptr<RpcTransportCtx> newServerCtx() const override;
std::unique_ptr<RpcTransportCtx> newClientCtx() const override;
const char* toCString() const override;
private:
- RpcTransportCtxFactoryTls(std::shared_ptr<RpcCertificateVerifier> verifier)
- : mCertVerifier(std::move(verifier)){};
+ RpcTransportCtxFactoryTls(std::shared_ptr<RpcCertificateVerifier> verifier,
+ std::unique_ptr<RpcAuth> auth)
+ : mCertVerifier(std::move(verifier)), mAuth(std::move(auth)){};
std::shared_ptr<RpcCertificateVerifier> mCertVerifier;
+ std::unique_ptr<RpcAuth> mAuth;
};
} // namespace android
diff --git a/libs/binder/rust/src/parcel/file_descriptor.rs b/libs/binder/rust/src/parcel/file_descriptor.rs
index 179b7c8..f71a686 100644
--- a/libs/binder/rust/src/parcel/file_descriptor.rs
+++ b/libs/binder/rust/src/parcel/file_descriptor.rs
@@ -23,7 +23,7 @@
use crate::sys;
use std::fs::File;
-use std::os::unix::io::{AsRawFd, FromRawFd, RawFd};
+use std::os::unix::io::{AsRawFd, FromRawFd, IntoRawFd, RawFd};
/// Rust version of the Java class android.os.ParcelFileDescriptor
#[derive(Debug)]
@@ -54,6 +54,12 @@
}
}
+impl IntoRawFd for ParcelFileDescriptor {
+ fn into_raw_fd(self) -> RawFd {
+ self.0.into_raw_fd()
+ }
+}
+
impl Serialize for ParcelFileDescriptor {
fn serialize(&self, parcel: &mut Parcel) -> Result<()> {
let fd = self.0.as_raw_fd();
diff --git a/libs/binder/tests/Android.bp b/libs/binder/tests/Android.bp
index 1968058..6f3c6e2 100644
--- a/libs/binder/tests/Android.bp
+++ b/libs/binder/tests/Android.bp
@@ -153,6 +153,7 @@
srcs: [
"binderRpcTest.cpp",
+ "RpcAuthTesting.cpp",
"RpcCertificateVerifierSimple.cpp",
],
shared_libs: [
diff --git a/libs/binder/tests/RpcAuthTesting.cpp b/libs/binder/tests/RpcAuthTesting.cpp
new file mode 100644
index 0000000..76f7bce
--- /dev/null
+++ b/libs/binder/tests/RpcAuthTesting.cpp
@@ -0,0 +1,73 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include "RpcAuthTesting.h"
+#include "../Utils.h" // for TEST_AND_RETURN
+
+namespace android {
+
+bssl::UniquePtr<EVP_PKEY> makeKeyPairForSelfSignedCert() {
+ bssl::UniquePtr<EC_KEY> ec_key(EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
+ if (ec_key == nullptr || !EC_KEY_generate_key(ec_key.get())) {
+ ALOGE("Failed to generate key pair.");
+ return nullptr;
+ }
+ bssl::UniquePtr<EVP_PKEY> pkey(EVP_PKEY_new());
+ // Use set1 instead of assign to avoid leaking ec_key when assign fails. set1 increments
+ // the refcount of the ec_key, so it is okay to release it at the end of this function.
+ if (pkey == nullptr || !EVP_PKEY_set1_EC_KEY(pkey.get(), ec_key.get())) {
+ ALOGE("Failed to assign key pair.");
+ return nullptr;
+ }
+ return pkey;
+}
+
+bssl::UniquePtr<X509> makeSelfSignedCert(EVP_PKEY* pkey, const uint32_t validSeconds) {
+ bssl::UniquePtr<X509> x509(X509_new());
+ bssl::UniquePtr<BIGNUM> serial(BN_new());
+ bssl::UniquePtr<BIGNUM> serialLimit(BN_new());
+ TEST_AND_RETURN(nullptr, BN_lshift(serialLimit.get(), BN_value_one(), 128));
+ TEST_AND_RETURN(nullptr, BN_rand_range(serial.get(), serialLimit.get()));
+ TEST_AND_RETURN(nullptr, BN_to_ASN1_INTEGER(serial.get(), X509_get_serialNumber(x509.get())));
+ TEST_AND_RETURN(nullptr, X509_gmtime_adj(X509_getm_notBefore(x509.get()), 0));
+ TEST_AND_RETURN(nullptr, X509_gmtime_adj(X509_getm_notAfter(x509.get()), validSeconds));
+
+ X509_NAME* subject = X509_get_subject_name(x509.get());
+ TEST_AND_RETURN(nullptr,
+ X509_NAME_add_entry_by_txt(subject, "O", MBSTRING_ASC,
+ reinterpret_cast<const uint8_t*>("Android"), -1, -1,
+ 0));
+ TEST_AND_RETURN(nullptr,
+ X509_NAME_add_entry_by_txt(subject, "CN", MBSTRING_ASC,
+ reinterpret_cast<const uint8_t*>("BinderRPC"), -1,
+ -1, 0));
+ TEST_AND_RETURN(nullptr, X509_set_issuer_name(x509.get(), subject));
+
+ TEST_AND_RETURN(nullptr, X509_set_pubkey(x509.get(), pkey));
+ TEST_AND_RETURN(nullptr, X509_sign(x509.get(), pkey, EVP_sha256()));
+ return x509;
+}
+
+status_t RpcAuthSelfSigned::configure(SSL_CTX* ctx) {
+ auto pkey = makeKeyPairForSelfSignedCert();
+ TEST_AND_RETURN(UNKNOWN_ERROR, pkey != nullptr);
+ auto cert = makeSelfSignedCert(pkey.get(), mValidSeconds);
+ TEST_AND_RETURN(UNKNOWN_ERROR, cert != nullptr);
+ TEST_AND_RETURN(INVALID_OPERATION, SSL_CTX_use_PrivateKey(ctx, pkey.get()));
+ TEST_AND_RETURN(INVALID_OPERATION, SSL_CTX_use_certificate(ctx, cert.get()));
+ return OK;
+}
+
+} // namespace android
diff --git a/libs/binder/tests/RpcAuthTesting.h b/libs/binder/tests/RpcAuthTesting.h
new file mode 100644
index 0000000..fdc731d
--- /dev/null
+++ b/libs/binder/tests/RpcAuthTesting.h
@@ -0,0 +1,38 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#pragma once
+
+#include <binder/RpcAuth.h>
+
+namespace android {
+
+constexpr const uint32_t kCertValidSeconds = 30 * (60 * 60 * 24); // 30 days
+bssl::UniquePtr<EVP_PKEY> makeKeyPairForSelfSignedCert();
+bssl::UniquePtr<X509> makeSelfSignedCert(EVP_PKEY* pKey, uint32_t validSeconds);
+
+// An implementation of RpcAuth that generates a key pair and a self-signed
+// certificate every time configure() is called.
+class RpcAuthSelfSigned : public RpcAuth {
+public:
+ RpcAuthSelfSigned(uint32_t validSeconds = kCertValidSeconds) : mValidSeconds(validSeconds) {}
+ status_t configure(SSL_CTX* ctx) override;
+
+private:
+ const uint32_t mValidSeconds;
+};
+
+} // namespace android
diff --git a/libs/binder/tests/RpcCertificateVerifierSimple.cpp b/libs/binder/tests/RpcCertificateVerifierSimple.cpp
index 4694d1b..1f74adc 100644
--- a/libs/binder/tests/RpcCertificateVerifierSimple.cpp
+++ b/libs/binder/tests/RpcCertificateVerifierSimple.cpp
@@ -16,16 +16,21 @@
#define LOG_TAG "RpcCertificateVerifierSimple"
#include <log/log.h>
-#include <binder/RpcCertificateUtils.h>
+#include <binder/RpcTlsUtils.h>
#include "RpcCertificateVerifierSimple.h"
namespace android {
-status_t RpcCertificateVerifierSimple::verify(const X509* peerCert, uint8_t* outAlert) {
+status_t RpcCertificateVerifierSimple::verify(const SSL* ssl, uint8_t* outAlert) {
+ const char* logPrefix = SSL_is_server(ssl) ? "Server" : "Client";
+ bssl::UniquePtr<X509> peerCert(SSL_get_peer_certificate(ssl)); // Does not set error queue
+ LOG_ALWAYS_FATAL_IF(peerCert == nullptr,
+ "%s: libssl should not ask to verify non-existing cert", logPrefix);
+
std::lock_guard<std::mutex> lock(mMutex);
for (const auto& trustedCert : mTrustedPeerCertificates) {
- if (0 == X509_cmp(trustedCert.get(), peerCert)) {
+ if (0 == X509_cmp(trustedCert.get(), peerCert.get())) {
return OK;
}
}
diff --git a/libs/binder/tests/RpcCertificateVerifierSimple.h b/libs/binder/tests/RpcCertificateVerifierSimple.h
index 1f2e531..bdb2426 100644
--- a/libs/binder/tests/RpcCertificateVerifierSimple.h
+++ b/libs/binder/tests/RpcCertificateVerifierSimple.h
@@ -35,7 +35,7 @@
// certificate being added.
class RpcCertificateVerifierSimple : public RpcCertificateVerifier {
public:
- status_t verify(const X509*, uint8_t*) override;
+ status_t verify(const SSL*, uint8_t*) override;
// Add a trusted peer certificate. Peers presenting this certificate are accepted.
//
diff --git a/libs/binder/tests/binderRpcTest.cpp b/libs/binder/tests/binderRpcTest.cpp
index 6bcf102..2fd1a2a 100644
--- a/libs/binder/tests/binderRpcTest.cpp
+++ b/libs/binder/tests/binderRpcTest.cpp
@@ -48,8 +48,9 @@
#include "../FdTrigger.h"
#include "../RpcSocketAddress.h" // for testing preconnected clients
-#include "../RpcState.h" // for debugging
-#include "../vm_sockets.h" // for VMADDR_*
+#include "../RpcState.h" // for debugging
+#include "../vm_sockets.h" // for VMADDR_*
+#include "RpcAuthTesting.h"
#include "RpcCertificateVerifierSimple.h"
using namespace std::chrono_literals;
@@ -71,7 +72,8 @@
}
static inline std::unique_ptr<RpcTransportCtxFactory> newFactory(
- RpcSecurity rpcSecurity, std::shared_ptr<RpcCertificateVerifier> verifier = nullptr) {
+ RpcSecurity rpcSecurity, std::shared_ptr<RpcCertificateVerifier> verifier = nullptr,
+ std::unique_ptr<RpcAuth> auth = nullptr) {
switch (rpcSecurity) {
case RpcSecurity::RAW:
return RpcTransportCtxFactoryRaw::make();
@@ -79,7 +81,10 @@
if (verifier == nullptr) {
verifier = std::make_shared<RpcCertificateVerifierSimple>();
}
- return RpcTransportCtxFactoryTls::make(std::move(verifier));
+ if (auth == nullptr) {
+ auth = std::make_unique<RpcAuthSelfSigned>();
+ }
+ return RpcTransportCtxFactoryTls::make(std::move(verifier), std::move(auth));
}
default:
LOG_ALWAYS_FATAL("Unknown RpcSecurity %d", rpcSecurity);
@@ -1036,6 +1041,14 @@
for (auto& t : threads) t.join();
}
+static void saturateThreadPool(size_t threadCount, const sp<IBinderRpcTest>& iface) {
+ std::vector<std::thread> threads;
+ for (size_t i = 0; i < threadCount; i++) {
+ threads.push_back(std::thread([&] { EXPECT_OK(iface->sleepMs(500)); }));
+ }
+ for (auto& t : threads) t.join();
+}
+
TEST_P(BinderRpc, OnewayStressTest) {
constexpr size_t kNumClientThreads = 10;
constexpr size_t kNumServerThreads = 10;
@@ -1049,13 +1062,12 @@
for (size_t j = 0; j < kNumCalls; j++) {
EXPECT_OK(proc.rootIface->sendString("a"));
}
-
- // check threads are not stuck
- EXPECT_OK(proc.rootIface->sleepMs(250));
}));
}
for (auto& t : threads) t.join();
+
+ saturateThreadPool(kNumServerThreads, proc.rootIface);
}
TEST_P(BinderRpc, OnewayCallDoesNotWait) {
@@ -1082,26 +1094,23 @@
EXPECT_OK(proc.rootIface->lock());
- for (size_t i = 0; i < kNumSleeps; i++) {
- // these should be processed serially
+ size_t epochMsBefore = epochMillis();
+
+ // all these *Async commands should be queued on the server sequentially,
+ // even though there are multiple threads.
+ for (size_t i = 0; i + 1 < kNumSleeps; i++) {
proc.rootIface->sleepMsAsync(kSleepMs);
}
- // should also be processesed serially
EXPECT_OK(proc.rootIface->unlockInMsAsync(kSleepMs));
- size_t epochMsBefore = epochMillis();
+ // this can only return once the final async call has unlocked
EXPECT_OK(proc.rootIface->lockUnlock());
+
size_t epochMsAfter = epochMillis();
EXPECT_GT(epochMsAfter, epochMsBefore + kSleepMs * kNumSleeps);
- // pending oneway transactions hold ref, make sure we read data on all
- // sockets
- std::vector<std::thread> threads;
- for (size_t i = 0; i < 1 + kNumExtraServerThreads; i++) {
- threads.push_back(std::thread([&] { EXPECT_OK(proc.rootIface->sleepMs(250)); }));
- }
- for (auto& t : threads) t.join();
+ saturateThreadPool(1 + kNumExtraServerThreads, proc.rootIface);
}
TEST_P(BinderRpc, OnewayCallExhaustion) {
@@ -1794,9 +1803,9 @@
}
status = serverTransport->interruptableWriteFully(fdTrigger, msg2.data(), msg2.size());
- if (status != -ECANCELED)
+ if (status != DEAD_OBJECT)
return AssertionFailure() << "When FdTrigger is shut down, interruptableWriteFully "
- "should return -ECANCELLED, but it is "
+ "should return DEAD_OBJECT, but it is "
<< statusToString(status);
return AssertionSuccess();
};
@@ -1830,7 +1839,7 @@
}
writeCv.notify_all();
// After this line, server thread unblocks and attempts to write the second message, but
- // shutdown is triggered, so write should failed with -ECANCELLED. See |serverPostConnect|.
+ // shutdown is triggered, so write should failed with DEAD_OBJECT. See |serverPostConnect|.
// On the client side, second read fails with DEAD_OBJECT
ASSERT_FALSE(client.readMessage(msg2));
}
diff --git a/libs/binder/tests/rpc_fuzzer/Android.bp b/libs/binder/tests/rpc_fuzzer/Android.bp
index 9323bd5..be55eba 100644
--- a/libs/binder/tests/rpc_fuzzer/Android.bp
+++ b/libs/binder/tests/rpc_fuzzer/Android.bp
@@ -14,6 +14,7 @@
fuzz_config: {
cc: ["smoreland@google.com"],
},
+ dictionary: "binder_rpc_fuzzer.dict",
srcs: [
"main.cpp",
diff --git a/libs/binder/tests/rpc_fuzzer/binder_rpc_fuzzer.dict b/libs/binder/tests/rpc_fuzzer/binder_rpc_fuzzer.dict
new file mode 100644
index 0000000..b110a02
--- /dev/null
+++ b/libs/binder/tests/rpc_fuzzer/binder_rpc_fuzzer.dict
@@ -0,0 +1,2 @@
+# connection okay header
+"cci"
diff --git a/libs/binder/tests/rpc_fuzzer/main.cpp b/libs/binder/tests/rpc_fuzzer/main.cpp
index 1ab97c6..c848798 100644
--- a/libs/binder/tests/rpc_fuzzer/main.cpp
+++ b/libs/binder/tests/rpc_fuzzer/main.cpp
@@ -87,8 +87,7 @@
size_t idx = provider.ConsumeIntegralInRange<size_t>(0, connections.size() - 1);
if (provider.ConsumeBool()) {
- std::vector<uint8_t> writeData = provider.ConsumeBytes<uint8_t>(
- provider.ConsumeIntegralInRange<size_t>(0, provider.remaining_bytes()));
+ std::string writeData = provider.ConsumeRandomLengthString();
ssize_t size = TEMP_FAILURE_RETRY(send(connections.at(idx).get(), writeData.data(),
writeData.size(), MSG_NOSIGNAL));
CHECK(errno == EPIPE || size == writeData.size())