Add UserHandle and BinderChannelCredentials to BinderChannelBuilder to support cross-user communication through OnDeviceServer. (#10197)

Add UserHandle and BinderChannelCredentials to BinderChannelBuilder to support cross-user ondevice server.

Author: wwtbuaa01

binder/src/androidTest/java/io/grpc/binder/internal/BinderClientTransportTest.java

@@ -35,6 +35,7 @@
 import io.grpc.Status.Code;
 import io.grpc.binder.AndroidComponentAddress;
 import io.grpc.binder.BindServiceFlags;
+import io.grpc.binder.BinderChannelCredentials;
 import io.grpc.binder.BinderServerBuilder;
 import io.grpc.binder.HostServices;
 import io.grpc.binder.InboundParcelablePolicy;
@@ -146,7 +147,9 @@ public BinderClientTransportBuilder setSecurityPolicy(SecurityPolicy securityPol
     public BinderTransport.BinderClientTransport build() {
       return new BinderTransport.BinderClientTransport(
           appContext,
+          BinderChannelCredentials.forDefault(),
           serverAddress,
+          null,
           BindServiceFlags.DEFAULTS,
           ContextCompat.getMainExecutor(appContext),
           executorServicePool,

binder/src/androidTest/java/io/grpc/binder/internal/BinderTransportTest.java

@@ -24,6 +24,7 @@
 import io.grpc.ServerStreamTracer;
 import io.grpc.binder.AndroidComponentAddress;
 import io.grpc.binder.BindServiceFlags;
+import io.grpc.binder.BinderChannelCredentials;
 import io.grpc.binder.HostServices;
 import io.grpc.binder.InboundParcelablePolicy;
 import io.grpc.binder.SecurityPolicies;
@@ -95,7 +96,9 @@ protected ManagedClientTransport newClientTransport(InternalServer server) {
     AndroidComponentAddress addr = (AndroidComponentAddress) server.getListenSocketAddress();
     return new BinderTransport.BinderClientTransport(
         appContext,
+        BinderChannelCredentials.forDefault(),
         addr,
+        null,
         BindServiceFlags.DEFAULTS,
         ContextCompat.getMainExecutor(appContext),
         executorServicePool,

binder/src/main/java/io/grpc/binder/BinderChannelBuilder.java

@@ -20,6 +20,7 @@
 import static com.google.common.base.Preconditions.checkState;
 
 import android.content.Context;
+import android.os.UserHandle;
 import androidx.core.content.ContextCompat;
 import com.google.errorprone.annotations.DoNotCall;
 import io.grpc.ChannelCredentials;
@@ -71,7 +72,37 @@ public final class BinderChannelBuilder
   public static BinderChannelBuilder forAddress(
       AndroidComponentAddress directAddress, Context sourceContext) {
     return new BinderChannelBuilder(
-        checkNotNull(directAddress, "directAddress"), null, sourceContext);
+        checkNotNull(directAddress, "directAddress"),
+        null,
+        sourceContext,
+        BinderChannelCredentials.forDefault());
+  }
+
+  /**
+   * Creates a channel builder that will bind to a remote Android service with provided
+   * BinderChannelCredentials.
+   *
+   * <p>The underlying Android binding will be torn down when the channel becomes idle. This happens
+   * after 30 minutes without use by default but can be configured via {@link
+   * ManagedChannelBuilder#idleTimeout(long, TimeUnit)} or triggered manually with {@link
+   * ManagedChannel#enterIdle()}.
+   *
+   * <p>You the caller are responsible for managing the lifecycle of any channels built by the
+   * resulting builder. They will not be shut down automatically.
+   *
+   * @param directAddress the {@link AndroidComponentAddress} referencing the service to bind to.
+   * @param sourceContext the context to bind from (e.g. The current Activity or Application).
+   * @param channelCredentials the arbitrary binder specific channel credentials to be used to
+   *     establish a binder connection.
+   * @return a new builder
+   */
+  @ExperimentalApi("https://github.com/grpc/grpc-java/issues/10173")
+  public static BinderChannelBuilder forAddress(
+      AndroidComponentAddress directAddress,
+      Context sourceContext,
+      BinderChannelCredentials channelCredentials) {
+    return new BinderChannelBuilder(
+        checkNotNull(directAddress, "directAddress"), null, sourceContext, channelCredentials);
   }
 
   /**
@@ -92,7 +123,37 @@ public static BinderChannelBuilder forAddress(
    * @return a new builder
    */
   public static BinderChannelBuilder forTarget(String target, Context sourceContext) {
-    return new BinderChannelBuilder(null, checkNotNull(target, "target"), sourceContext);
+    return new BinderChannelBuilder(
+        null,
+        checkNotNull(target, "target"),
+        sourceContext,
+        BinderChannelCredentials.forDefault());
+  }
+
+  /**
+   * Creates a channel builder that will bind to a remote Android service, via a string target name
+   * which will be resolved.
+   *
+   * <p>The underlying Android binding will be torn down when the channel becomes idle. This happens
+   * after 30 minutes without use by default but can be configured via {@link
+   * ManagedChannelBuilder#idleTimeout(long, TimeUnit)} or triggered manually with {@link
+   * ManagedChannel#enterIdle()}.
+   *
+   * <p>You the caller are responsible for managing the lifecycle of any channels built by the
+   * resulting builder. They will not be shut down automatically.
+   *
+   * @param target A target uri which should resolve into an {@link AndroidComponentAddress}
+   *     referencing the service to bind to.
+   * @param sourceContext the context to bind from (e.g. The current Activity or Application).
+   * @param channelCredentials the arbitrary binder specific channel credentials to be used to
+   *     establish a binder connection.
+   * @return a new builder
+   */
+  @ExperimentalApi("https://github.com/grpc/grpc-java/issues/10173")
+  public static BinderChannelBuilder forTarget(
+      String target, Context sourceContext, BinderChannelCredentials channelCredentials) {
+    return new BinderChannelBuilder(
+        null, checkNotNull(target, "target"), sourceContext, channelCredentials);
   }
 
   /**
@@ -121,12 +182,14 @@ public static BinderChannelBuilder forTarget(String target) {
   private SecurityPolicy securityPolicy;
   private InboundParcelablePolicy inboundParcelablePolicy;
   private BindServiceFlags bindServiceFlags;
+  @Nullable private UserHandle targetUserHandle;
   private boolean strictLifecycleManagement;
 
   private BinderChannelBuilder(
       @Nullable AndroidComponentAddress directAddress,
       @Nullable String target,
-      Context sourceContext) {
+      Context sourceContext,
+      BinderChannelCredentials channelCredentials) {
     mainThreadExecutor =
         ContextCompat.getMainExecutor(checkNotNull(sourceContext, "sourceContext"));
     securityPolicy = SecurityPolicies.internalOnly();
@@ -139,10 +202,12 @@ final class BinderChannelTransportFactoryBuilder
       public ClientTransportFactory buildClientTransportFactory() {
         return new TransportFactory(
             sourceContext,
+            channelCredentials,
             mainThreadExecutor,
             schedulerPool,
             managedChannelImplBuilder.getOffloadExecutorPool(),
             securityPolicy,
+            targetUserHandle,
             bindServiceFlags,
             inboundParcelablePolicy);
       }
@@ -216,6 +281,23 @@ public BinderChannelBuilder securityPolicy(SecurityPolicy securityPolicy) {
     return this;
   }
 
+/**
+   * Provides the target {@UserHandle} of the remote Android service.
+   *
+   * <p>When targetUserHandle is set, Context.bindServiceAsUser will used and additional Android
+   * permissions will be required. If your usage does not require cross-user communications, please
+   * do not set this field. It is the caller's responsibility to make sure that it holds the
+   * corresponding permissions.
+   *
+   * @param targetUserHandle the target user to bind into.
+   * @return this
+   */
+  @ExperimentalApi("https://github.com/grpc/grpc-java/issues/10173")
+  public BinderChannelBuilder bindAsUser(UserHandle targetUserHandle) {
+    this.targetUserHandle = targetUserHandle;
+    return this;
+  }
+
   /** Sets the policy for inbound parcelable objects. */
   public BinderChannelBuilder inboundParcelablePolicy(
       InboundParcelablePolicy inboundParcelablePolicy) {
@@ -245,30 +327,36 @@ public BinderChannelBuilder idleTimeout(long value, TimeUnit unit) {
   /** Creates new binder transports. */
   private static final class TransportFactory implements ClientTransportFactory {
     private final Context sourceContext;
+    private final BinderChannelCredentials channelCredentials;
     private final Executor mainThreadExecutor;
     private final ObjectPool<ScheduledExecutorService> scheduledExecutorPool;
     private final ObjectPool<? extends Executor> offloadExecutorPool;
     private final SecurityPolicy securityPolicy;
-    private final InboundParcelablePolicy inboundParcelablePolicy;
+    @Nullable private final UserHandle targetUserHandle;
     private final BindServiceFlags bindServiceFlags;
+    private final InboundParcelablePolicy inboundParcelablePolicy;
 
     private ScheduledExecutorService executorService;
     private Executor offloadExecutor;
     private boolean closed;
 
     TransportFactory(
         Context sourceContext,
+        BinderChannelCredentials channelCredentials,
         Executor mainThreadExecutor,
         ObjectPool<ScheduledExecutorService> scheduledExecutorPool,
         ObjectPool<? extends Executor> offloadExecutorPool,
         SecurityPolicy securityPolicy,
+        @Nullable UserHandle targetUserHandle,
         BindServiceFlags bindServiceFlags,
         InboundParcelablePolicy inboundParcelablePolicy) {
       this.sourceContext = sourceContext;
+      this.channelCredentials = channelCredentials;
       this.mainThreadExecutor = mainThreadExecutor;
       this.scheduledExecutorPool = scheduledExecutorPool;
       this.offloadExecutorPool = offloadExecutorPool;
       this.securityPolicy = securityPolicy;
+      this.targetUserHandle = targetUserHandle;
       this.bindServiceFlags = bindServiceFlags;
       this.inboundParcelablePolicy = inboundParcelablePolicy;
 
@@ -284,7 +372,9 @@ public ConnectionClientTransport newClientTransport(
       }
       return new BinderTransport.BinderClientTransport(
           sourceContext,
+          channelCredentials,
           (AndroidComponentAddress) addr,
+          targetUserHandle,
           bindServiceFlags,
           mainThreadExecutor,
           scheduledExecutorPool,

binder/src/main/java/io/grpc/binder/BinderChannelCredentials.java

@@ -0,0 +1,70 @@
+/*
+ * Copyright 2022 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.binder;
+
+import static com.google.common.base.Preconditions.checkNotNull;
+
+import android.content.ComponentName;
+import io.grpc.ChannelCredentials;
+import io.grpc.ExperimentalApi;
+import javax.annotation.Nullable;
+
+/** Additional arbitrary arguments to establish a Android binder connection channel. */
+@ExperimentalApi("https://github.com/grpc/grpc-java/issues/10173")
+public final class BinderChannelCredentials extends ChannelCredentials {
+
+  /**
+   * Creates the default BinderChannelCredentials.
+   *
+   * @return a BinderChannelCredentials
+   */
+  public static BinderChannelCredentials forDefault() {
+    return new BinderChannelCredentials(null);
+  }
+
+  /**
+   * Creates a BinderChannelCredentials to be used with DevicePolicyManager API.
+   *
+   * @param devicePolicyAdminComponentName the admin component to be specified with
+   *     DevicePolicyManager.bindDeviceAdminServiceAsUser API.
+   * @return a BinderChannelCredentials
+   */
+  public static BinderChannelCredentials forDevicePolicyAdmin(
+      ComponentName devicePolicyAdminComponentName) {
+    return new BinderChannelCredentials(devicePolicyAdminComponentName);
+  }
+
+  @Nullable private final ComponentName devicePolicyAdminComponentName;
+
+  private BinderChannelCredentials(@Nullable ComponentName devicePolicyAdminComponentName) {
+    this.devicePolicyAdminComponentName = devicePolicyAdminComponentName;
+  }
+
+  @Override
+  public ChannelCredentials withoutBearerTokens() {
+    return this;
+  }
+
+  /** 
+   * Returns the admin component to be specified with DevicePolicyManager
+   * bindDeviceAdminServiceAsUser API. 
+   */
+  @Nullable
+  public ComponentName getDevicePolicyAdminComponentName() {
+    return devicePolicyAdminComponentName;
+  }
+}

binder/src/main/java/io/grpc/binder/internal/BinderTransport.java

@@ -28,6 +28,7 @@
 import android.os.Process;
 import android.os.RemoteException;
 import android.os.TransactionTooLargeException;
+import android.os.UserHandle;
 import com.google.common.annotations.VisibleForTesting;
 import com.google.common.base.Ticker;
 import com.google.common.util.concurrent.ListenableFuture;
@@ -46,6 +47,7 @@
 import io.grpc.StatusException;
 import io.grpc.binder.AndroidComponentAddress;
 import io.grpc.binder.BindServiceFlags;
+import io.grpc.binder.BinderChannelCredentials;
 import io.grpc.binder.InboundParcelablePolicy;
 import io.grpc.binder.SecurityPolicy;
 import io.grpc.internal.ClientStream;
@@ -568,7 +570,9 @@ public static final class BinderClientTransport extends BinderTransport
 
     public BinderClientTransport(
         Context sourceContext,
+        BinderChannelCredentials channelCredentials,
         AndroidComponentAddress targetAddress,
+        @Nullable UserHandle targetUserHandle,
         BindServiceFlags bindServiceFlags,
         Executor mainThreadExecutor,
         ObjectPool<ScheduledExecutorService> executorServicePool,
@@ -590,7 +594,9 @@ public BinderClientTransport(
           new ServiceBinding(
               mainThreadExecutor,
               sourceContext,
+              channelCredentials,
               targetAddress.asBindIntent(),
+              targetUserHandle,
               bindServiceFlags.toInteger(),
               this);
     }