1 /* 2 * Copyright 2020 The gRPC Authors 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package io.grpc.binder; 18 19 import com.google.common.collect.ImmutableMap; 20 import io.grpc.Status; 21 import java.util.HashMap; 22 import java.util.Map; 23 import javax.annotation.CheckReturnValue; 24 25 /** 26 * A security policy for a gRPC server. 27 * 28 * Contains a default policy, and optional policies for each server. 29 */ 30 public final class ServerSecurityPolicy { 31 32 private final SecurityPolicy defaultPolicy; 33 private final ImmutableMap<String, SecurityPolicy> perServicePolicies; 34 ServerSecurityPolicy()35 ServerSecurityPolicy() { 36 this(ImmutableMap.of()); 37 } 38 ServerSecurityPolicy(ImmutableMap<String, SecurityPolicy> perServicePolicies)39 private ServerSecurityPolicy(ImmutableMap<String, SecurityPolicy> perServicePolicies) { 40 this.defaultPolicy = SecurityPolicies.internalOnly(); 41 this.perServicePolicies = perServicePolicies; 42 } 43 44 /** 45 * Return whether the given Android UID is authorized to access a particular service. 46 * 47 * <b>IMPORTANT</b>: This method may block for extended periods of time. 48 * 49 * @param uid The Android UID to authenticate. 50 * @param serviceName The name of the gRPC service being called. 51 */ 52 @CheckReturnValue checkAuthorizationForService(int uid, String serviceName)53 public Status checkAuthorizationForService(int uid, String serviceName) { 54 return perServicePolicies.getOrDefault(serviceName, defaultPolicy).checkAuthorization(uid); 55 } 56 newBuilder()57 public static Builder newBuilder() { 58 return new Builder(); 59 } 60 61 /** Builder for an AndroidServiceSecurityPolicy. */ 62 public static final class Builder { 63 private final Map<String, SecurityPolicy> grpcServicePolicies; 64 Builder()65 private Builder() { 66 grpcServicePolicies = new HashMap<>(); 67 } 68 69 /** 70 * Specify a policy specific to a particular gRPC service. 71 * 72 * @param serviceName The fully qualified name of the gRPC service (from the proto). 73 * @param policy The security policy to apply to the service. 74 */ servicePolicy(String serviceName, SecurityPolicy policy)75 public Builder servicePolicy(String serviceName, SecurityPolicy policy) { 76 grpcServicePolicies.put(serviceName, policy); 77 return this; 78 } 79 build()80 public ServerSecurityPolicy build() { 81 return new ServerSecurityPolicy(ImmutableMap.copyOf(grpcServicePolicies)); 82 } 83 } 84 } 85