grpc-java

History

John Cormie 94532a6b56 binder: Introduce server pre-authorization (#12127 ) grpc-binder clients authorize servers by checking the UID of the sender of the SETUP_TRANSPORT Binder transaction against some SecurityPolicy. But merely binding to an unauthorized server to learn its UID can enable "keep-alive" and "background activity launch" abuse, even if security policy ultimately decides the connection is unauthorized. Pre-authorization mitigates this kind of abuse by looking up and authorizing a candidate server Application's UID before binding to it. Pre-auth is especially important when the server's address is not fixed in advance but discovered by PackageManager lookup.	2025-07-10 14:14:36 -07:00
..
src	binder: Introduce server pre-authorization (#12127 )	2025-07-10 14:14:36 -07:00
build.gradle	binder: Introduce server pre-authorization (#12127 )	2025-07-10 14:14:36 -07:00

binder: Introduce server pre-authorization (#12127 )

grpc-binder clients authorize servers by checking the UID of the sender of the SETUP_TRANSPORT Binder transaction against some SecurityPolicy. But merely binding to an unauthorized server to learn its UID can enable "keep-alive" and "background activity launch" abuse, even if security policy ultimately decides the connection is unauthorized. Pre-authorization mitigates this kind of abuse by looking up and authorizing a candidate server Application's UID before binding to it. Pre-auth is especially important when the server's address is not fixed in advance but discovered by PackageManager lookup.

2025-07-10 14:14:36 -07:00

src

binder: Introduce server pre-authorization (#12127 )

2025-07-10 14:14:36 -07:00

build.gradle

binder: Introduce server pre-authorization (#12127 )

2025-07-10 14:14:36 -07:00