Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add allOf security policy and test #9125

Merged
merged 1 commit into from Apr 28, 2022
Merged

add allOf security policy and test #9125

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
31 changes: 31 additions & 0 deletions binder/src/main/java/io/grpc/binder/SecurityPolicies.java
View file
Open in desktop
Expand Up @@ -187,4 +187,35 @@ private static boolean checkPackageSignature(
}
return false;
}

/**
* Creates a {@link SecurityPolicy} that allows access if and only if *all* of the specified
* {@code securityPolicies} allow access.
*
* @param securityPolicies the security policies that all must allow access.
* @throws NullPointerException if any of the inputs are {@code null}.
* @throws IllegalArgumentException if {@code securityPolicies} is empty.
*/
public static SecurityPolicy allOf(SecurityPolicy... securityPolicies) {
Preconditions.checkNotNull(securityPolicies, "securityPolicies");
Preconditions.checkArgument(securityPolicies.length > 0, "securityPolicies must not be empty");

return allOfSecurityPolicy(securityPolicies);
}

private static SecurityPolicy allOfSecurityPolicy(SecurityPolicy... securityPolicies) {
return new SecurityPolicy() {
@Override
public Status checkAuthorization(int uid) {
for (SecurityPolicy policy : securityPolicies) {
Status checkAuth = policy.checkAuthorization(uid);
if (!checkAuth.isOk()) {
return checkAuth;
}
}

return Status.OK;
}
};
}
}
20 changes: 20 additions & 0 deletions binder/src/test/java/io/grpc/binder/SecurityPoliciesTest.java
View file
Open in desktop
Expand Up @@ -171,4 +171,24 @@ public void testHasSignature_failsIfUidUnknown() throws Exception {
assertThat(policy.checkAuthorization(OTHER_UID_UNKNOWN).getCode())
.isEqualTo(Status.UNAUTHENTICATED.getCode());
}

@Test
public void testAllOf_succeedsIfAllSecurityPoliciesAllowed() throws Exception {
policy = SecurityPolicies.allOf(SecurityPolicies.internalOnly());

assertThat(policy.checkAuthorization(MY_UID).getCode()).isEqualTo(Status.OK.getCode());
}

@Test
public void testAllOf_failsIfOneSecurityPoliciesNotAllowed() throws Exception {
policy =
SecurityPolicies.allOf(
SecurityPolicies.internalOnly(),
SecurityPolicies.permissionDenied("Not allowed SecurityPolicy"));

assertThat(policy.checkAuthorization(MY_UID).getCode())
.isEqualTo(Status.PERMISSION_DENIED.getCode());
assertThat(policy.checkAuthorization(MY_UID).getDescription())
.contains("Not allowed SecurityPolicy");
}
}