Merge changes If0ed87ad,I6e63bc84,I0847ffe4,I1429c66f
* changes:
binder: Delete addTrustedPeerCertificate.
binder: Add RpcCertificateVerifier.
binder: Move CertificateFormat to its own header
binder: move TEST_AND_RETURN to Utils.
diff --git a/libs/binder/RpcServer.cpp b/libs/binder/RpcServer.cpp
index ad9ba96..ba723e6 100644
--- a/libs/binder/RpcServer.cpp
+++ b/libs/binder/RpcServer.cpp
@@ -144,15 +144,6 @@
return mCtx->getCertificate(format);
}
-status_t RpcServer::addTrustedPeerCertificate(CertificateFormat format, std::string_view cert) {
- std::lock_guard<std::mutex> _l(mLock);
- // Ensure that join thread is not running or shutdown trigger is not set up. In either case,
- // it means there are child threads running. It is invalid to add trusted peer certificates
- // after join thread and/or child threads are running to avoid race condition.
- if (mJoinThreadRunning || mShutdownTrigger != nullptr) return INVALID_OPERATION;
- return mCtx->addTrustedPeerCertificate(format, cert);
-}
-
static void joinRpcServer(sp<RpcServer>&& thiz) {
thiz->join();
}
diff --git a/libs/binder/RpcSession.cpp b/libs/binder/RpcSession.cpp
index c57b749..8da3fa3 100644
--- a/libs/binder/RpcSession.cpp
+++ b/libs/binder/RpcSession.cpp
@@ -64,23 +64,12 @@
sp<RpcSession> RpcSession::make() {
// Default is without TLS.
- return make(RpcTransportCtxFactoryRaw::make(), std::nullopt, std::nullopt);
+ return make(RpcTransportCtxFactoryRaw::make());
}
-sp<RpcSession> RpcSession::make(std::unique_ptr<RpcTransportCtxFactory> rpcTransportCtxFactory,
- std::optional<CertificateFormat> serverCertificateFormat,
- std::optional<std::string> serverCertificate) {
+sp<RpcSession> RpcSession::make(std::unique_ptr<RpcTransportCtxFactory> rpcTransportCtxFactory) {
auto ctx = rpcTransportCtxFactory->newClientCtx();
if (ctx == nullptr) return nullptr;
- LOG_ALWAYS_FATAL_IF(serverCertificateFormat.has_value() != serverCertificate.has_value());
- if (serverCertificateFormat.has_value() && serverCertificate.has_value()) {
- status_t status =
- ctx->addTrustedPeerCertificate(*serverCertificateFormat, *serverCertificate);
- if (status != OK) {
- ALOGE("Cannot add trusted server certificate: %s", statusToString(status).c_str());
- return nullptr;
- }
- }
return sp<RpcSession>::make(std::move(ctx));
}
diff --git a/libs/binder/RpcTransportRaw.cpp b/libs/binder/RpcTransportRaw.cpp
index 930df12..62c9530 100644
--- a/libs/binder/RpcTransportRaw.cpp
+++ b/libs/binder/RpcTransportRaw.cpp
@@ -112,7 +112,6 @@
return std::make_unique<RpcTransportRaw>(std::move(fd));
}
std::string getCertificate(CertificateFormat) const override { return {}; }
- status_t addTrustedPeerCertificate(CertificateFormat, std::string_view) override { return OK; }
};
} // namespace
diff --git a/libs/binder/RpcTransportTls.cpp b/libs/binder/RpcTransportTls.cpp
index e6cb04e..e9a494f 100644
--- a/libs/binder/RpcTransportTls.cpp
+++ b/libs/binder/RpcTransportTls.cpp
@@ -26,6 +26,7 @@
#include "FdTrigger.h"
#include "RpcState.h"
+#include "Utils.h"
#define SHOULD_LOG_TLS_DETAIL false
@@ -35,14 +36,6 @@
#define LOG_TLS_DETAIL(...) ALOGV(__VA_ARGS__) // for type checking
#endif
-#define TEST_AND_RETURN(value, expr) \
- do { \
- if (!(expr)) { \
- ALOGE("Failed to call: %s", #expr); \
- return value; \
- } \
- } while (0)
-
using android::base::ErrnoError;
using android::base::Error;
using android::base::Result;
@@ -457,7 +450,6 @@
std::unique_ptr<RpcTransport> newTransport(android::base::unique_fd fd,
FdTrigger* fdTrigger) const override;
std::string getCertificate(CertificateFormat) const override;
- status_t addTrustedPeerCertificate(CertificateFormat, std::string_view cert) override;
protected:
virtual void preHandshake(Ssl* ssl) const = 0;
@@ -469,11 +461,6 @@
return {};
}
-status_t RpcTransportCtxTls::addTrustedPeerCertificate(CertificateFormat, std::string_view) {
- // TODO(b/195166979): set certificate here
- return OK;
-}
-
// Common implementation for creating server and client contexts. The child class, |Impl|, is
// provided as a template argument so that this function can initialize an |Impl| object.
template <typename Impl, typename>
@@ -544,8 +531,14 @@
return "tls";
}
-std::unique_ptr<RpcTransportCtxFactory> RpcTransportCtxFactoryTls::make() {
- return std::unique_ptr<RpcTransportCtxFactoryTls>(new RpcTransportCtxFactoryTls());
+std::unique_ptr<RpcTransportCtxFactory> RpcTransportCtxFactoryTls::make(
+ std::shared_ptr<RpcCertificateVerifier> verifier) {
+ if (verifier == nullptr) {
+ ALOGE("%s: Must provide a certificate verifier", __PRETTY_FUNCTION__);
+ return nullptr;
+ }
+ return std::unique_ptr<RpcTransportCtxFactoryTls>(
+ new RpcTransportCtxFactoryTls(std::move(verifier)));
}
} // namespace android
diff --git a/libs/binder/Utils.h b/libs/binder/Utils.h
index 1e383da..ff2fad8 100644
--- a/libs/binder/Utils.h
+++ b/libs/binder/Utils.h
@@ -19,6 +19,15 @@
#include <android-base/result.h>
#include <android-base/unique_fd.h>
+#include <log/log.h>
+
+#define TEST_AND_RETURN(value, expr) \
+ do { \
+ if (!(expr)) { \
+ ALOGE("Failed to call: %s", #expr); \
+ return value; \
+ } \
+ } while (0)
namespace android {
diff --git a/libs/binder/include/binder/CertificateFormat.h b/libs/binder/include/binder/CertificateFormat.h
new file mode 100644
index 0000000..4f7e71e
--- /dev/null
+++ b/libs/binder/include/binder/CertificateFormat.h
@@ -0,0 +1,28 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+// Formats for serializing TLS certificate.
+
+#pragma once
+
+namespace android {
+
+enum class CertificateFormat {
+ PEM,
+ // TODO(b/195166979): support other formats, e.g. DER
+};
+
+} // namespace android
diff --git a/libs/binder/include/binder/RpcCertificateVerifier.h b/libs/binder/include/binder/RpcCertificateVerifier.h
new file mode 100644
index 0000000..97af31c
--- /dev/null
+++ b/libs/binder/include/binder/RpcCertificateVerifier.h
@@ -0,0 +1,32 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#pragma once
+
+#include <openssl/ssl.h>
+#include <utils/Errors.h>
+
+namespace android {
+
+// An interface with a function that verifies a peer certificate. It is a wrapper over the custom
+// verify function (see SSL_CTX_set_custom_verify).
+class RpcCertificateVerifier {
+public:
+ virtual ~RpcCertificateVerifier() = default;
+ virtual status_t verify(const X509* peerCert, uint8_t* outAlert) = 0;
+};
+
+} // namespace android
diff --git a/libs/binder/include/binder/RpcServer.h b/libs/binder/include/binder/RpcServer.h
index d0e4e27..da1f79b 100644
--- a/libs/binder/include/binder/RpcServer.h
+++ b/libs/binder/include/binder/RpcServer.h
@@ -139,12 +139,6 @@
std::string getCertificate(CertificateFormat);
/**
- * See RpcTransportCtx::addTrustedPeerCertificate.
- * Thread-safe. This is only possible before the server is join()-ing.
- */
- status_t addTrustedPeerCertificate(CertificateFormat, std::string_view cert);
-
- /**
* Runs join() in a background thread. Immediately returns.
*/
void start();
diff --git a/libs/binder/include/binder/RpcSession.h b/libs/binder/include/binder/RpcSession.h
index d92af0a..a40116f 100644
--- a/libs/binder/include/binder/RpcSession.h
+++ b/libs/binder/include/binder/RpcSession.h
@@ -57,9 +57,7 @@
// Create an RpcSession with the given configuration. |serverCertificateFormat| and
// |serverCertificate| must have values or be nullopt simultaneously. If they have values, set
// server certificate.
- static sp<RpcSession> make(std::unique_ptr<RpcTransportCtxFactory> rpcTransportCtxFactory,
- std::optional<CertificateFormat> serverCertificateFormat,
- std::optional<std::string> serverCertificate);
+ static sp<RpcSession> make(std::unique_ptr<RpcTransportCtxFactory> rpcTransportCtxFactory);
/**
* Set the maximum number of threads allowed to be made (for things like callbacks).
diff --git a/libs/binder/include/binder/RpcTransport.h b/libs/binder/include/binder/RpcTransport.h
index 8d08b34..da132a1 100644
--- a/libs/binder/include/binder/RpcTransport.h
+++ b/libs/binder/include/binder/RpcTransport.h
@@ -25,15 +25,12 @@
#include <android-base/unique_fd.h>
#include <utils/Errors.h>
+#include <binder/CertificateFormat.h>
+
namespace android {
class FdTrigger;
-enum class CertificateFormat {
- PEM,
- // TODO(b/195166979): support other formats, e.g. DER
-};
-
// Represents a socket connection.
// No thread-safety is guaranteed for these APIs.
class RpcTransport {
@@ -78,18 +75,6 @@
// - For TLS, this returns the certificate. See RpcTransportTls for details.
[[nodiscard]] virtual std::string getCertificate(CertificateFormat format) const = 0;
- // Add a trusted peer certificate. Peers presenting this certificate are accepted.
- //
- // Caller must ensure that newTransport() are called after all trusted peer certificates
- // are added. Otherwise, RpcTransport-s created before may not trust peer certificates
- // added later.
- //
- // Implementation details:
- // - For raw sockets, this always returns OK.
- // - For TLS, this adds trusted peer certificate. See RpcTransportTls for details.
- [[nodiscard]] virtual status_t addTrustedPeerCertificate(CertificateFormat format,
- std::string_view cert) = 0;
-
protected:
RpcTransportCtx() = default;
};
diff --git a/libs/binder/include_tls/binder/RpcTransportTls.h b/libs/binder/include_tls/binder/RpcTransportTls.h
index 531aaa9..f26a3e9 100644
--- a/libs/binder/include_tls/binder/RpcTransportTls.h
+++ b/libs/binder/include_tls/binder/RpcTransportTls.h
@@ -18,6 +18,7 @@
#pragma once
+#include <binder/RpcCertificateVerifier.h>
#include <binder/RpcTransport.h>
namespace android {
@@ -25,14 +26,17 @@
// RpcTransportCtxFactory with TLS enabled with self-signed certificate.
class RpcTransportCtxFactoryTls : public RpcTransportCtxFactory {
public:
- static std::unique_ptr<RpcTransportCtxFactory> make();
+ static std::unique_ptr<RpcTransportCtxFactory> make(std::shared_ptr<RpcCertificateVerifier>);
std::unique_ptr<RpcTransportCtx> newServerCtx() const override;
std::unique_ptr<RpcTransportCtx> newClientCtx() const override;
const char* toCString() const override;
private:
- RpcTransportCtxFactoryTls() = default;
+ RpcTransportCtxFactoryTls(std::shared_ptr<RpcCertificateVerifier> verifier)
+ : mCertVerifier(std::move(verifier)){};
+
+ std::shared_ptr<RpcCertificateVerifier> mCertVerifier;
};
} // namespace android
diff --git a/libs/binder/tests/Android.bp b/libs/binder/tests/Android.bp
index 13ea827..a9bc15d 100644
--- a/libs/binder/tests/Android.bp
+++ b/libs/binder/tests/Android.bp
@@ -150,6 +150,7 @@
srcs: [
"binderRpcTest.cpp",
+ "RpcCertificateVerifierSimple.cpp",
],
shared_libs: [
"libbinder",
diff --git a/libs/binder/tests/RpcCertificateVerifierSimple.cpp b/libs/binder/tests/RpcCertificateVerifierSimple.cpp
new file mode 100644
index 0000000..68e7c65
--- /dev/null
+++ b/libs/binder/tests/RpcCertificateVerifierSimple.cpp
@@ -0,0 +1,28 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#define LOG_TAG "RpcCertificateVerifierSimple"
+#include <log/log.h>
+
+#include "RpcCertificateVerifierSimple.h"
+
+namespace android {
+
+status_t RpcCertificateVerifierSimple::verify(const X509*, uint8_t*) {
+ // TODO(b/195166979): implement this
+ return OK;
+}
+
+} // namespace android
diff --git a/libs/binder/tests/RpcCertificateVerifierSimple.h b/libs/binder/tests/RpcCertificateVerifierSimple.h
new file mode 100644
index 0000000..aff5c7c
--- /dev/null
+++ b/libs/binder/tests/RpcCertificateVerifierSimple.h
@@ -0,0 +1,29 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#pragma once
+
+#include <binder/RpcCertificateVerifier.h>
+
+namespace android {
+
+// A simple certificate verifier for testing.
+class RpcCertificateVerifierSimple : public RpcCertificateVerifier {
+public:
+ status_t verify(const X509*, uint8_t*) override;
+};
+
+} // namespace android
diff --git a/libs/binder/tests/binderRpcTest.cpp b/libs/binder/tests/binderRpcTest.cpp
index 7c405d3..dbf8899 100644
--- a/libs/binder/tests/binderRpcTest.cpp
+++ b/libs/binder/tests/binderRpcTest.cpp
@@ -46,6 +46,7 @@
#include "../RpcSocketAddress.h" // for testing preconnected clients
#include "../RpcState.h" // for debugging
#include "../vm_sockets.h" // for VMADDR_*
+#include "RpcCertificateVerifierSimple.h"
using namespace std::chrono_literals;
@@ -61,12 +62,18 @@
return {RpcSecurity::RAW, RpcSecurity::TLS};
}
-static inline std::unique_ptr<RpcTransportCtxFactory> newFactory(RpcSecurity rpcSecurity) {
+static inline std::unique_ptr<RpcTransportCtxFactory> newFactory(
+ RpcSecurity rpcSecurity, std::shared_ptr<RpcCertificateVerifier> verifier = nullptr) {
switch (rpcSecurity) {
case RpcSecurity::RAW:
return RpcTransportCtxFactoryRaw::make();
- case RpcSecurity::TLS:
- return RpcTransportCtxFactoryTls::make();
+ case RpcSecurity::TLS: {
+ // TODO(b/198833574): exchange keys and set proper verifier
+ if (verifier == nullptr) {
+ verifier = std::make_shared<RpcCertificateVerifierSimple>();
+ }
+ return RpcTransportCtxFactoryTls::make(std::move(verifier));
+ }
default:
LOG_ALWAYS_FATAL("Unknown RpcSecurity %d", rpcSecurity);
}
@@ -522,8 +529,7 @@
status_t status;
for (size_t i = 0; i < options.numSessions; i++) {
- sp<RpcSession> session =
- RpcSession::make(newFactory(rpcSecurity), std::nullopt, std::nullopt);
+ sp<RpcSession> session = RpcSession::make(newFactory(rpcSecurity));
session->setMaxThreads(options.numIncomingConnections);
switch (socketType) {
@@ -1208,8 +1214,7 @@
}
server->start();
- sp<RpcSession> session =
- RpcSession::make(RpcTransportCtxFactoryRaw::make(), std::nullopt, std::nullopt);
+ sp<RpcSession> session = RpcSession::make(RpcTransportCtxFactoryRaw::make());
status_t status = session->setupVsockClient(VMADDR_CID_LOCAL, vsockPort);
while (!server->shutdown()) usleep(10000);
ALOGE("Detected vsock loopback supported: %s", statusToString(status).c_str());
diff --git a/libs/binder/tests/parcel_fuzzer/random_parcel.cpp b/libs/binder/tests/parcel_fuzzer/random_parcel.cpp
index 7fd9f6b..8bf04cc 100644
--- a/libs/binder/tests/parcel_fuzzer/random_parcel.cpp
+++ b/libs/binder/tests/parcel_fuzzer/random_parcel.cpp
@@ -36,8 +36,7 @@
void fillRandomParcel(Parcel* p, FuzzedDataProvider&& provider) {
if (provider.ConsumeBool()) {
- auto session =
- RpcSession::make(RpcTransportCtxFactoryRaw::make(), std::nullopt, std::nullopt);
+ auto session = RpcSession::make(RpcTransportCtxFactoryRaw::make());
CHECK_EQ(OK, session->addNullDebuggingClient());
p->markForRpc(session);
fillRandomParcelData(p, std::move(provider));