Add UserHandle and BinderChannelCredentials to BinderChannelBuilder to support cross-user ondevice server.

wwtbuaa01 · wwtbuaa01 · commit 039f62746aee · 2023-05-18T10:24:46.000+08:00
diff --git a/binder/src/main/java/io/grpc/binder/BinderChannelBuilder.java b/binder/src/main/java/io/grpc/binder/BinderChannelBuilder.java
@@ -74,7 +74,6 @@ public static BinderChannelBuilder forAddress(
     return new BinderChannelBuilder(
         checkNotNull(directAddress, "directAddress"),
         null,
-        sourceContext,
         BinderChannelCredentials.forDefault(sourceContext));
   }
 
@@ -91,17 +90,16 @@ public static BinderChannelBuilder forAddress(
    * resulting builder. They will not be shut down automatically.
    *
    * @param directAddress the {@link AndroidComponentAddress} referencing the service to bind to.
-   * @param sourceContext the context to bind from (e.g. The current Activity or Application).
    * @param channelCredentials the arbitrary binder specific channel credentials to be used to
-   *     establish a binder connection.
+   *     establish a binder connection including the context to bind from (e.g. The current
+   *     Activity or Application).
    * @return a new builder
    */
   public static BinderChannelBuilder forAddress(
       AndroidComponentAddress directAddress,
-      Context sourceContext,
       BinderChannelCredentials channelCredentials) {
     return new BinderChannelBuilder(
-        checkNotNull(directAddress, "directAddress"), null, sourceContext, channelCredentials);
+        checkNotNull(directAddress, "directAddress"), null, channelCredentials);
   }
 
   /**
@@ -125,7 +123,6 @@ public static BinderChannelBuilder forTarget(String target, Context sourceContex
     return new BinderChannelBuilder(
         null,
         checkNotNull(target, "target"),
-        sourceContext,
         BinderChannelCredentials.forDefault(sourceContext));
   }
 
@@ -144,14 +141,14 @@ public static BinderChannelBuilder forTarget(String target, Context sourceContex
    * @param target A target uri which should resolve into an {@link AndroidComponentAddress}
    *     referencing the service to bind to.
    * @param channelCredentials the arbitrary binder specific channel credentials to be used to
-   *     establish a binder connection.
-   * @param sourceContext the context to bind from (e.g. The current Activity or Application).
+   *     establish a binder connection including the context to bind from (e.g. The current
+   *     Activity or Application).
    * @return a new builder
    */
   public static BinderChannelBuilder forTarget(
-      String target, Context sourceContext, BinderChannelCredentials channelCredentials) {
+      String target, BinderChannelCredentials channelCredentials) {
     return new BinderChannelBuilder(
-        null, checkNotNull(target, "target"), sourceContext, channelCredentials);
+        null, checkNotNull(target, "target"), channelCredentials);
   }
 
   /**
@@ -173,42 +170,39 @@ public static BinderChannelBuilder forTarget(String target) {
   }
 
   private final ManagedChannelImplBuilder managedChannelImplBuilder;
-  private final BinderChannelCredentials channelCredentials;
 
   private Executor mainThreadExecutor;
   private ObjectPool<ScheduledExecutorService> schedulerPool =
       SharedResourcePool.forResource(GrpcUtil.TIMER_SERVICE);
   private SecurityPolicy securityPolicy;
   private InboundParcelablePolicy inboundParcelablePolicy;
   private BindServiceFlags bindServiceFlags;
-  @Nullable private UserHandle userHandle;
+  @Nullable private UserHandle targetUserHandle;
   private boolean strictLifecycleManagement;
 
   private BinderChannelBuilder(
       @Nullable AndroidComponentAddress directAddress,
       @Nullable String target,
-      Context sourceContext,
       BinderChannelCredentials channelCredentials) {
     mainThreadExecutor =
-        ContextCompat.getMainExecutor(checkNotNull(sourceContext, "sourceContext"));
+        ContextCompat.getMainExecutor(
+            checkNotNull(channelCredentials.getSourceContext(), "sourceContext"));
     securityPolicy = SecurityPolicies.internalOnly();
     inboundParcelablePolicy = InboundParcelablePolicy.DEFAULT;
     bindServiceFlags = BindServiceFlags.DEFAULTS;
-    this.channelCredentials = channelCredentials;
 
     final class BinderChannelTransportFactoryBuilder
         implements ClientTransportFactoryBuilder {
       @Override
       public ClientTransportFactory buildClientTransportFactory() {
         return new TransportFactory(
-            sourceContext,
+            channelCredentials,
             mainThreadExecutor,
             schedulerPool,
             managedChannelImplBuilder.getOffloadExecutorPool(),
             securityPolicy,
             bindServiceFlags,
             inboundParcelablePolicy,
-            channelCredentials,
             targetUserHandle);
       }
     }
@@ -325,36 +319,35 @@ public BinderChannelBuilder idleTimeout(long value, TimeUnit unit) {
 
   /** Creates new binder transports. */
   private static final class TransportFactory implements ClientTransportFactory {
-    private final Context sourceContext;
+    private final BinderChannelCredentials channelCredentials;
     private final Executor mainThreadExecutor;
     private final ObjectPool<ScheduledExecutorService> scheduledExecutorPool;
     private final ObjectPool<? extends Executor> offloadExecutorPool;
     private final SecurityPolicy securityPolicy;
     private final InboundParcelablePolicy inboundParcelablePolicy;
     private final BindServiceFlags bindServiceFlags;
+    @Nullable private final UserHandle targetUserHandle;
 
     private ScheduledExecutorService executorService;
     private Executor offloadExecutor;
     private boolean closed;
 
     TransportFactory(
-        Context sourceContext,
+        BinderChannelCredentials channelCredentials,
         Executor mainThreadExecutor,
         ObjectPool<ScheduledExecutorService> scheduledExecutorPool,
         ObjectPool<? extends Executor> offloadExecutorPool,
         SecurityPolicy securityPolicy,
         BindServiceFlags bindServiceFlags,
         InboundParcelablePolicy inboundParcelablePolicy,
-        BinderChannelCredentials channelCredentials,
         @Nullable UserHandle targetUserHandle) {
-      this.sourceContext = sourceContext;
+      this.channelCredentials = channelCredentials;
       this.mainThreadExecutor = mainThreadExecutor;
       this.scheduledExecutorPool = scheduledExecutorPool;
       this.offloadExecutorPool = offloadExecutorPool;
       this.securityPolicy = securityPolicy;
       this.bindServiceFlags = bindServiceFlags;
       this.inboundParcelablePolicy = inboundParcelablePolicy;
-      this.channelCredentials = channelCredentials;
       this.targetUserHandle = targetUserHandle;
 
       executorService = scheduledExecutorPool.getObject();
@@ -368,7 +361,7 @@ public ConnectionClientTransport newClientTransport(
         throw new IllegalStateException("The transport factory is closed.");
       }
       return new BinderTransport.BinderClientTransport(
-          sourceContext,
+          channelCredentials,
           (AndroidComponentAddress) addr,
           bindServiceFlags,
           mainThreadExecutor,
@@ -377,7 +370,6 @@ public ConnectionClientTransport newClientTransport(
           securityPolicy,
           inboundParcelablePolicy,
           options.getEagAttributes(),
-          channelCredentials,
           targetUserHandle);
     }
 
diff --git a/binder/src/main/java/io/grpc/binder/BinderChannelCredentials.java b/binder/src/main/java/io/grpc/binder/BinderChannelCredentials.java
@@ -48,6 +48,10 @@ public ChannelCredentials withoutBearerTokens() {
     return this;
   }
 
+  public Context getSourceContext() {
+    return sourceContext;
+  }
+
   @Nullable
   public ComponentName getDevicePolicyAdminComponentName() {
     return devicePolicyAdminComponentName;
diff --git a/binder/src/main/java/io/grpc/binder/internal/BinderTransport.java b/binder/src/main/java/io/grpc/binder/internal/BinderTransport.java
@@ -569,31 +569,7 @@ public static final class BinderClientTransport extends BinderTransport
     private int latestCallId = FIRST_CALL_ID;
 
     public BinderClientTransport(
-        Context sourceContext,
-        AndroidComponentAddress targetAddress,
-        BindServiceFlags bindServiceFlags,
-        Executor mainThreadExecutor,
-        ObjectPool<ScheduledExecutorService> executorServicePool,
-        ObjectPool<? extends Executor> offloadExecutorPool,
-        SecurityPolicy securityPolicy,
-        InboundParcelablePolicy inboundParcelablePolicy,
-        Attributes eagAttrs) {
-      this(
-          sourceContext,
-          targetAddress,
-          bindServiceFlags,
-          mainThreadExecutor,
-          executorServicePool,
-          offloadExecutorPool,
-          securityPolicy,
-          inboundParcelablePolicy,
-          eagAttrs,
-          BinderChannelCredentials.forDefault(sourceContext),
-          null);
-    }
-
-    public BinderClientTransport(
-        Context sourceContext,
+        BinderChannelCredentials channelCredentials,
         AndroidComponentAddress targetAddress,
         BindServiceFlags bindServiceFlags,
         Executor mainThreadExecutor,
@@ -602,12 +578,12 @@ public BinderClientTransport(
         SecurityPolicy securityPolicy,
         InboundParcelablePolicy inboundParcelablePolicy,
         Attributes eagAttrs,
-        BinderChannelCredentials channelCredentials,
         @Nullable UserHandle targetUserHandle) {
       super(
           executorServicePool,
-          buildClientAttributes(eagAttrs, sourceContext, targetAddress, inboundParcelablePolicy),
-          buildLogId(sourceContext, targetAddress));
+          buildClientAttributes(
+              eagAttrs, channelCredentials.getSourceContext(), targetAddress, inboundParcelablePolicy),
+          buildLogId(channelCredentials.getSourceContext(), targetAddress));
       this.offloadExecutorPool = offloadExecutorPool;
       this.securityPolicy = securityPolicy;
       this.offloadExecutor = offloadExecutorPool.getObject();
@@ -617,10 +593,9 @@ public BinderClientTransport(
       serviceBinding =
           new ServiceBinding(
               mainThreadExecutor,
-              sourceContext,
+              channelCredentials,
               targetAddress.asBindIntent(),
               bindServiceFlags.toInteger(),
-              channelCredentials,
               targetUserHandle,
               this);
     }
diff --git a/binder/src/main/java/io/grpc/binder/internal/ServiceBinding.java b/binder/src/main/java/io/grpc/binder/internal/ServiceBinding.java
@@ -82,10 +82,9 @@ private enum State {
   @AnyThread
   ServiceBinding(
       Executor mainThreadExecutor,
-      Context sourceContext,
+      BinderChannelCredentials channelCredentials,
       Intent bindIntent,
       int bindFlags,
-      BinderChannelCredentials channelCredentials,
       @Nullable UserHandle targetUserHandle,
       Observer observer) {
     // We need to synchronize here ensure other threads see all
@@ -94,9 +93,9 @@ private enum State {
       this.bindIntent = bindIntent;
       this.bindFlags = bindFlags;
       this.observer = observer;
-      this.sourceContext = sourceContext;
-      this.mainThreadExecutor = mainThreadExecutor;
       this.channelCredentials = channelCredentials;
+      this.sourceContext = channelCredentials.getSourceContext();
+      this.mainThreadExecutor = mainThreadExecutor;
       this.targetUserHandle = targetUserHandle;
       state = State.NOT_BINDING;
       reportedState = State.NOT_BINDING;
@@ -130,9 +129,9 @@ public synchronized void bind() {
       state = State.BINDING;
       Status bindResult =
           bindInternal(
-              sourceContext, bindIntent, this, bindFlags, channelCredentials, targetUserHandle);
+              sourceContext, channelCredentials, bindIntent, this, bindFlags, targetUserHandle);
       if (!bindResult.isOk()) {
-        handleBindServiceFailure(sourceContext, this);
+        handleBindServiceFailure(channelCredentials.getSourceContext(), this);
         state = State.UNBOUND;
         mainThreadExecutor.execute(() -> notifyUnbound(bindResult));
       }
@@ -141,10 +140,10 @@ public synchronized void bind() {
 
   private static Status bindInternal(
       Context context,
+      BinderChannelCredentials channelCredentials,
       Intent bindIntent,
       ServiceConnection conn,
       int flags,
-      BinderChannelCredentials channelCredentials,
       @Nullable UserHandle targetUserHandle) {
     String methodName = "bindService";
     try {
@@ -161,7 +160,7 @@ private static Status bindInternal(
         if (channelCredentials.getDevicePolicyAdminComponentName() != null) {
           methodName = "DevicePolicyManager.bindDeviceAdminServiceAsUser";
           DevicePolicyManager devicePolicyManager =
-              context.getSystemService(DevicePolicyManager.class);
+              (DevicePolicyManager) context.getSystemService(Context.DEVICE_POLICY_SERVICE);
           if (!devicePolicyManager.bindDeviceAdminServiceAsUser(
               channelCredentials.getDevicePolicyAdminComponentName(),
               bindIntent,
diff --git a/binder/src/test/java/io/grpc/binder/internal/ServiceBindingTest.java b/binder/src/test/java/io/grpc/binder/internal/ServiceBindingTest.java
@@ -29,12 +29,16 @@
 import android.content.Context;
 import android.content.Intent;
 import android.os.IBinder;
+import android.os.Parcel;
+import android.os.UserHandle;
 import androidx.core.content.ContextCompat;
 import androidx.test.core.app.ApplicationProvider;
 import io.grpc.Status;
 import io.grpc.Status.Code;
 import io.grpc.binder.BinderChannelCredentials;
 import io.grpc.binder.internal.Bindable.Observer;
+import java.util.Arrays;
+import javax.annotation.Nullable;
 import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
@@ -260,9 +264,10 @@ public void testCallsAfterUnbindDontCrash() throws Exception {
   }
 
   @Test
+  @Config(sdk = 30)
   public void testBindWithTargetUserHandle() throws Exception {
     binding =
-        newBuilder().setTargetUserHandle(UserHandle.getUserHandleForUid(/* userId= */ 0)).build();
+        newBuilder().setTargetUserHandle(generateUserHandle(/* userId= */ 0)).build();
     shadowOf(getMainLooper()).idle();
 
     binding.bind();
@@ -276,13 +281,15 @@ public void testBindWithTargetUserHandle() throws Exception {
   }
 
   @Test
+  @Config(sdk = 30)
   public void testBindWithDeviceAdmin() throws Exception {
     String deviceAdminClassName = "DevicePolicyAdmin";
     ComponentName adminComponent = new ComponentName(appContext, deviceAdminClassName);
     allowBindDeviceAdminForUser(appContext, adminComponent, /* userId= */ 0);
     binding =
         newBuilder()
             .setTargetUserHandle(UserHandle.getUserHandleForUid(/* userId= */ 0))
+            .setTargetUserHandle(generateUserHandle(/* userId= */ 0))
             .setChannelCredentials(
                 BinderChannelCredentials.forDevicePolicyAdmin(appContext, adminComponent))
             .build();
@@ -316,6 +323,20 @@ private static void allowBindDeviceAdminForUser(Context context, ComponentName a
     devicePolicyManager.setDeviceOwner(admin);
     devicePolicyManager.setBindDeviceAdminTargetUsers(
         Arrays.asList(UserHandle.getUserHandleForUid(userId)));
+        shadowOf((DevicePolicyManager) context.getSystemService(Context.DEVICE_POLICY_SERVICE));
+    devicePolicyManager.setDeviceOwner(admin);
+    devicePolicyManager.setBindDeviceAdminTargetUsers(
+        Arrays.asList(generateUserHandle(userId)));
+  }
+
+  /** Generate UserHandles the hard way. */
+  private static UserHandle generateUserHandle(int userId) {
+    Parcel userParcel = Parcel.obtain();
+    userParcel.writeInt(userId);
+    userParcel.setDataPosition(0);
+    UserHandle userHandle = new UserHandle(userParcel);
+    userParcel.recycle();
+    return userHandle;
   }
 
   private class TestObserver implements Bindable.Observer {
@@ -344,7 +365,6 @@ public void onUnbound(Status reason) {
   }
 
   private static class ServiceBindingBuilder {
-    private Context sourceContext;
     private Observer observer;
     private Intent bindIntent = new Intent();
     private int bindServiceFlags;
@@ -390,8 +410,8 @@ public ServiceBindingBuilder setChannelCredentials(
 
     public ServiceBinding build() {
       return new ServiceBinding(
-          ContextCompat.getMainExecutor(sourceContext),
-          sourceContext,
+          ContextCompat.getMainExecutor(channelCredentials.getSourceContext()),
+          channelCredentials,
           bindIntent,
           bindServiceFlags,
           channelCredentials,
