binder: Add SecurityPolicies#anyOf(), similar to allOf()

binder/src/main/java/io/grpc/binder/SecurityPolicies.java

@@ -29,7 +29,10 @@
 import com.google.errorprone.annotations.CheckReturnValue;
 import io.grpc.ExperimentalApi;
 import io.grpc.Status;
+import java.util.ArrayList;
 import java.util.Collection;
+import java.util.Iterator;
+import java.util.List;
 
 /** Static factory methods for creating standard security policies. */
 @CheckReturnValue
@@ -191,6 +194,12 @@ private static boolean checkPackageSignature(
    * Creates a {@link SecurityPolicy} that allows access if and only if *all* of the specified
    * {@code securityPolicies} allow access.
    *
+   * <p>Policies will be checked in the order that they are passed. If a policy denies access,
+   * subsequent policies will not be checked.
+   *
+   * <p>If a policy denies access, the {@link io.grpc.Status} returned by {@code checkAuthorization}
+   * will be that of the failed policy.
+   *
    * @param securityPolicies the security policies that all must allow access.
    * @throws NullPointerException if any of the inputs are {@code null}.
    * @throws IllegalArgumentException if {@code securityPolicies} is empty.
@@ -218,6 +227,60 @@ public Status checkAuthorization(int uid) {
     };
   }
 
+  /**
+   * Creates a {@link SecurityPolicy} that allows access if *any* of the specified {@code
+   * securityPolicies} allow access.
+   *
+   * <p>Policies will be checked in the order that they are passed. If a policy allows access,
+   * subsequent policies will not be checked.
+   *
+   * <p>If all policies deny access, the {@link io.grpc.Status} returned by {@code
+   * checkAuthorization} will included the concatenated descriptions of the failed policies and
+   * attach any additional causes as suppressed throwables. The status code will be that of the
+   * first failed policy.
+   *
+   * @param securityPolicies the security policies that will be checked.
+   * @throws NullPointerException if any of the inputs are {@code null}.
+   * @throws IllegalArgumentException if {@code securityPolicies} is empty.
+   */
+  public static SecurityPolicy anyOf(SecurityPolicy... securityPolicies) {
+    Preconditions.checkNotNull(securityPolicies, "securityPolicies");
+    Preconditions.checkArgument(securityPolicies.length > 0, "securityPolicies must not be empty");
+
+    return anyOfSecurityPolicy(securityPolicies);
+  }
+
+  private static SecurityPolicy anyOfSecurityPolicy(SecurityPolicy... securityPolicies) {
+    return new SecurityPolicy() {
+      @Override
+      public Status checkAuthorization(int uid) {
+        List<Status> failed = new ArrayList<>();
+        for (SecurityPolicy policy : securityPolicies) {
+          Status checkAuth = policy.checkAuthorization(uid);
+          if (checkAuth.isOk()) {
+            return checkAuth;
+          }
+          failed.add(checkAuth);
+        }
+
+        Iterator<Status> iter = failed.iterator();
+        Status toReturn = iter.next();
+        while (iter.hasNext()) {
+          Status append = iter.next();
+          toReturn = toReturn.augmentDescription(append.getDescription());
+          if (append.getCause() != null) {
+            if (toReturn.getCause() != null) {
+              toReturn.getCause().addSuppressed(append.getCause());
+            } else {
+              toReturn = toReturn.withCause(append.getCause());
+            }
+          }
+        }
+        return toReturn;
+      }
+    };
+  }
+
   /**
    * Creates a {@link SecurityPolicy} which checks if the caller has all of the given permissions
    * from {@code permissions}.

binder/src/test/java/io/grpc/binder/SecurityPoliciesTest.java

@@ -34,6 +34,7 @@
 import com.google.common.collect.ImmutableSet;
 import io.grpc.Status;
 import java.util.HashMap;
+import java.util.concurrent.atomic.AtomicBoolean;
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
@@ -382,14 +383,64 @@ public void testAllOf_succeedsIfAllSecurityPoliciesAllowed() throws Exception {
 
   @Test
   public void testAllOf_failsIfOneSecurityPoliciesNotAllowed() throws Exception {
+    final AtomicBoolean policyCalled = new AtomicBoolean(false);
     policy =
         SecurityPolicies.allOf(
             SecurityPolicies.internalOnly(),
-            SecurityPolicies.permissionDenied("Not allowed SecurityPolicy"));
+            SecurityPolicies.permissionDenied("Not allowed SecurityPolicy"),
+            new SecurityPolicy() {
+              @Override
+              public Status checkAuthorization(int uid) {
+                policyCalled.set(true);
+                throw new AssertionError();
+              }
+            });
 
     assertThat(policy.checkAuthorization(MY_UID).getCode())
         .isEqualTo(Status.PERMISSION_DENIED.getCode());
     assertThat(policy.checkAuthorization(MY_UID).getDescription())
         .contains("Not allowed SecurityPolicy");
+    assertThat(policyCalled.get()).isFalse();
+  }
+
+  @Test
+  public void testAnyOf_succeedsIfAnySecurityPoliciesAllowed() throws Exception {
+    final AtomicBoolean policyCalled = new AtomicBoolean(false);
+    policy =
+        SecurityPolicies.anyOf(
+            SecurityPolicies.internalOnly(),
+            new SecurityPolicy() {
+              @Override
+              public Status checkAuthorization(int uid) {
+                policyCalled.set(true);
+                throw new AssertionError();
+              }
+            });
+
+    assertThat(policy.checkAuthorization(MY_UID).getCode()).isEqualTo(Status.OK.getCode());
+    assertThat(policyCalled.get()).isFalse();
+  }
+
+  @Test
+  public void testAnyOf_failsIfNoSecurityPolicyIsAllowed() throws Exception {
+    policy =
+        SecurityPolicies.anyOf(
+            new SecurityPolicy() {
+              @Override
+              public Status checkAuthorization(int uid) {
+                return Status.PERMISSION_DENIED.withDescription("Not allowed: first");
+              }
+            },
+            new SecurityPolicy() {
+              @Override
+              public Status checkAuthorization(int uid) {
+                return Status.UNAUTHENTICATED.withDescription("Not allowed: second");
+              }
+            });
+
+    assertThat(policy.checkAuthorization(MY_UID).getCode())
+        .isEqualTo(Status.PERMISSION_DENIED.getCode());
+    assertThat(policy.checkAuthorization(MY_UID).getDescription()).contains("Not allowed: first");
+    assertThat(policy.checkAuthorization(MY_UID).getDescription()).contains("Not allowed: second");
   }
 }