diff options
| -rw-r--r-- | libs/binder/BpBinder.cpp | 6 | ||||
| -rw-r--r-- | libs/binder/RpcState.cpp | 8 | ||||
| -rw-r--r-- | libs/binder/tests/Android.bp | 38 | ||||
| -rw-r--r-- | libs/binder/tests/RpcAuthTesting.h | 49 | ||||
| -rw-r--r-- | libs/binder/tests/RpcCertificateVerifierSimple.cpp | 53 | ||||
| -rw-r--r-- | libs/binder/tests/RpcTlsTestUtils.cpp (renamed from libs/binder/tests/RpcAuthTesting.cpp) | 37 | ||||
| -rw-r--r-- | libs/binder/tests/RpcTlsUtilsTest.cpp | 3 | ||||
| -rw-r--r-- | libs/binder/tests/binderRpcBenchmark.cpp | 13 | ||||
| -rw-r--r-- | libs/binder/tests/binderRpcTest.cpp | 3 | ||||
| -rw-r--r-- | libs/binder/tests/include_tls_test_utils/binder/RpcTlsTestUtils.h (renamed from libs/binder/tests/RpcCertificateVerifierSimple.h) | 41 |
10 files changed, 120 insertions, 131 deletions
diff --git a/libs/binder/BpBinder.cpp b/libs/binder/BpBinder.cpp index 92df874b1f..06542f064d 100644 --- a/libs/binder/BpBinder.cpp +++ b/libs/binder/BpBinder.cpp @@ -48,10 +48,6 @@ uint32_t BpBinder::sBinderProxyCountHighWatermark = 2500; // Another arbitrary value a binder count needs to drop below before another callback will be called uint32_t BpBinder::sBinderProxyCountLowWatermark = 2000; -// Once the limit has been exceeded, keep calling the limit callback for every this many new proxies -// created over the limit. -constexpr uint32_t REPEAT_LIMIT_CALLBACK_INTERVAL = 1000; - enum { LIMIT_REACHED_MASK = 0x80000000, // A flag denoting that the limit has been reached COUNTING_VALUE_MASK = 0x7FFFFFFF, // A mask of the remaining bits for the count value @@ -129,7 +125,7 @@ sp<BpBinder> BpBinder::create(int32_t handle) { uint32_t lastLimitCallbackAt = sLastLimitCallbackMap[trackedUid]; if (trackedValue > lastLimitCallbackAt && - (trackedValue - lastLimitCallbackAt > REPEAT_LIMIT_CALLBACK_INTERVAL)) { + (trackedValue - lastLimitCallbackAt > sBinderProxyCountHighWatermark)) { ALOGE("Still too many binder proxy objects sent to uid %d from uid %d (%d proxies " "held)", getuid(), trackedUid, trackedValue); diff --git a/libs/binder/RpcState.cpp b/libs/binder/RpcState.cpp index df935fe9e3..1e86104392 100644 --- a/libs/binder/RpcState.cpp +++ b/libs/binder/RpcState.cpp @@ -427,12 +427,16 @@ status_t RpcState::transact(const sp<RpcSession::RpcConnection>& connection, const sp<IBinder>& binder, uint32_t code, const Parcel& data, const sp<RpcSession>& session, Parcel* reply, uint32_t flags) { if (!data.isForRpc()) { - ALOGE("Refusing to send RPC with parcel not crafted for RPC"); + ALOGE("Refusing to send RPC with parcel not crafted for RPC call on binder %p code " + "%" PRIu32, + binder.get(), code); return BAD_TYPE; } if (data.objectsCount() != 0) { - ALOGE("Parcel at %p has attached objects but is being used in an RPC call", &data); + ALOGE("Parcel at %p has attached objects but is being used in an RPC call on binder %p " + "code %" PRIu32, + &data, binder.get(), code); return BAD_TYPE; } diff --git a/libs/binder/tests/Android.bp b/libs/binder/tests/Android.bp index 71c0e86460..680f0edd51 100644 --- a/libs/binder/tests/Android.bp +++ b/libs/binder/tests/Android.bp @@ -134,6 +134,37 @@ aidl_interface { }, } +cc_library_static { + name: "libbinder_tls_test_utils", + host_supported: true, + target: { + darwin: { + enabled: false, + }, + }, + defaults: [ + "binder_test_defaults", + "libbinder_tls_shared_deps", + ], + shared_libs: [ + "libbinder", + "libbase", + "liblog", + ], + static_libs: [ + "libbinder_tls_static", + ], + srcs: [ + "RpcTlsTestUtils.cpp", + ], + export_include_dirs: [ + "include_tls_test_utils", + ], + visibility: [ + ":__subpackages__", + ], +} + cc_test { name: "binderRpcTest", host_supported: true, @@ -153,8 +184,6 @@ cc_test { srcs: [ "binderRpcTest.cpp", - "RpcAuthTesting.cpp", - "RpcCertificateVerifierSimple.cpp", ], shared_libs: [ "libbinder", @@ -166,6 +195,7 @@ cc_test { ], static_libs: [ "libbinder_tls_static", + "libbinder_tls_test_utils", "binderRpcTestIface-cpp", "binderRpcTestIface-ndk", ], @@ -189,7 +219,6 @@ cc_test { "libbinder_tls_shared_deps", ], srcs: [ - "RpcAuthTesting.cpp", "RpcTlsUtilsTest.cpp", ], shared_libs: [ @@ -199,6 +228,7 @@ cc_test { "liblog", ], static_libs: [ + "libbinder_tls_test_utils", "libbinder_tls_static", ], test_suites: ["general-tests", "device-tests"], @@ -219,7 +249,6 @@ cc_benchmark { srcs: [ "binderRpcBenchmark.cpp", "IBinderRpcBenchmark.aidl", - "RpcAuthTesting.cpp", ], shared_libs: [ "libbase", @@ -228,6 +257,7 @@ cc_benchmark { "libutils", ], static_libs: [ + "libbinder_tls_test_utils", "libbinder_tls_static", ], } diff --git a/libs/binder/tests/RpcAuthTesting.h b/libs/binder/tests/RpcAuthTesting.h deleted file mode 100644 index c3c2df4c29..0000000000 --- a/libs/binder/tests/RpcAuthTesting.h +++ /dev/null @@ -1,49 +0,0 @@ -/* - * Copyright (C) 2021 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#pragma once - -#include <binder/RpcAuth.h> - -namespace android { - -constexpr const uint32_t kCertValidSeconds = 30 * (60 * 60 * 24); // 30 days -bssl::UniquePtr<EVP_PKEY> makeKeyPairForSelfSignedCert(); -bssl::UniquePtr<X509> makeSelfSignedCert(EVP_PKEY* pKey, uint32_t validSeconds); - -// An implementation of RpcAuth that generates a key pair and a self-signed -// certificate every time configure() is called. -class RpcAuthSelfSigned : public RpcAuth { -public: - RpcAuthSelfSigned(uint32_t validSeconds = kCertValidSeconds) : mValidSeconds(validSeconds) {} - status_t configure(SSL_CTX* ctx) override; - -private: - const uint32_t mValidSeconds; -}; - -class RpcAuthPreSigned : public RpcAuth { -public: - RpcAuthPreSigned(bssl::UniquePtr<EVP_PKEY> pkey, bssl::UniquePtr<X509> cert) - : mPkey(std::move(pkey)), mCert(std::move(cert)) {} - status_t configure(SSL_CTX* ctx) override; - -private: - bssl::UniquePtr<EVP_PKEY> mPkey; - bssl::UniquePtr<X509> mCert; -}; - -} // namespace android diff --git a/libs/binder/tests/RpcCertificateVerifierSimple.cpp b/libs/binder/tests/RpcCertificateVerifierSimple.cpp deleted file mode 100644 index 1f74adc465..0000000000 --- a/libs/binder/tests/RpcCertificateVerifierSimple.cpp +++ /dev/null @@ -1,53 +0,0 @@ -/* - * Copyright (C) 2021 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#define LOG_TAG "RpcCertificateVerifierSimple" -#include <log/log.h> - -#include <binder/RpcTlsUtils.h> - -#include "RpcCertificateVerifierSimple.h" - -namespace android { - -status_t RpcCertificateVerifierSimple::verify(const SSL* ssl, uint8_t* outAlert) { - const char* logPrefix = SSL_is_server(ssl) ? "Server" : "Client"; - bssl::UniquePtr<X509> peerCert(SSL_get_peer_certificate(ssl)); // Does not set error queue - LOG_ALWAYS_FATAL_IF(peerCert == nullptr, - "%s: libssl should not ask to verify non-existing cert", logPrefix); - - std::lock_guard<std::mutex> lock(mMutex); - for (const auto& trustedCert : mTrustedPeerCertificates) { - if (0 == X509_cmp(trustedCert.get(), peerCert.get())) { - return OK; - } - } - *outAlert = SSL_AD_CERTIFICATE_UNKNOWN; - return PERMISSION_DENIED; -} - -status_t RpcCertificateVerifierSimple::addTrustedPeerCertificate(RpcCertificateFormat format, - const std::vector<uint8_t>& cert) { - bssl::UniquePtr<X509> x509 = deserializeCertificate(cert, format); - if (x509 == nullptr) { - ALOGE("Certificate is not in the proper format %s", PrintToString(format).c_str()); - return BAD_VALUE; - } - std::lock_guard<std::mutex> lock(mMutex); - mTrustedPeerCertificates.push_back(std::move(x509)); - return OK; -} - -} // namespace android diff --git a/libs/binder/tests/RpcAuthTesting.cpp b/libs/binder/tests/RpcTlsTestUtils.cpp index c0587a2367..6119313e78 100644 --- a/libs/binder/tests/RpcAuthTesting.cpp +++ b/libs/binder/tests/RpcTlsTestUtils.cpp @@ -13,7 +13,14 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -#include "RpcAuthTesting.h" + +#define LOG_TAG "RpcTlsTestUtils" +#include <log/log.h> + +#include <binder/RpcTlsTestUtils.h> + +#include <binder/RpcTlsUtils.h> + #include "../Utils.h" // for TEST_AND_RETURN namespace android { @@ -80,4 +87,32 @@ status_t RpcAuthPreSigned::configure(SSL_CTX* ctx) { return OK; } +status_t RpcCertificateVerifierSimple::verify(const SSL* ssl, uint8_t* outAlert) { + const char* logPrefix = SSL_is_server(ssl) ? "Server" : "Client"; + bssl::UniquePtr<X509> peerCert(SSL_get_peer_certificate(ssl)); // Does not set error queue + LOG_ALWAYS_FATAL_IF(peerCert == nullptr, + "%s: libssl should not ask to verify non-existing cert", logPrefix); + + std::lock_guard<std::mutex> lock(mMutex); + for (const auto& trustedCert : mTrustedPeerCertificates) { + if (0 == X509_cmp(trustedCert.get(), peerCert.get())) { + return OK; + } + } + *outAlert = SSL_AD_CERTIFICATE_UNKNOWN; + return PERMISSION_DENIED; +} + +status_t RpcCertificateVerifierSimple::addTrustedPeerCertificate(RpcCertificateFormat format, + const std::vector<uint8_t>& cert) { + bssl::UniquePtr<X509> x509 = deserializeCertificate(cert, format); + if (x509 == nullptr) { + ALOGE("Certificate is not in the proper format %s", PrintToString(format).c_str()); + return BAD_VALUE; + } + std::lock_guard<std::mutex> lock(mMutex); + mTrustedPeerCertificates.push_back(std::move(x509)); + return OK; +} + } // namespace android diff --git a/libs/binder/tests/RpcTlsUtilsTest.cpp b/libs/binder/tests/RpcTlsUtilsTest.cpp index 9b3078d5d9..530606c44a 100644 --- a/libs/binder/tests/RpcTlsUtilsTest.cpp +++ b/libs/binder/tests/RpcTlsUtilsTest.cpp @@ -14,11 +14,10 @@ * limitations under the License. */ +#include <binder/RpcTlsTestUtils.h> #include <binder/RpcTlsUtils.h> #include <gtest/gtest.h> -#include "RpcAuthTesting.h" - namespace android { std::string toDebugString(EVP_PKEY* pkey) { diff --git a/libs/binder/tests/binderRpcBenchmark.cpp b/libs/binder/tests/binderRpcBenchmark.cpp index 0477d50395..6bf6e9287f 100644 --- a/libs/binder/tests/binderRpcBenchmark.cpp +++ b/libs/binder/tests/binderRpcBenchmark.cpp @@ -25,6 +25,7 @@ #include <binder/RpcCertificateVerifier.h> #include <binder/RpcServer.h> #include <binder/RpcSession.h> +#include <binder/RpcTlsTestUtils.h> #include <binder/RpcTlsUtils.h> #include <binder/RpcTransportRaw.h> #include <binder/RpcTransportTls.h> @@ -37,8 +38,6 @@ #include <sys/types.h> #include <unistd.h> -#include "RpcAuthTesting.h" - using android::BBinder; using android::defaultServiceManager; using android::IBinder; @@ -50,6 +49,7 @@ using android::ProcessState; using android::RpcAuthPreSigned; using android::RpcCertificateFormat; using android::RpcCertificateVerifier; +using android::RpcCertificateVerifierNoOp; using android::RpcServer; using android::RpcSession; using android::RpcTransportCtxFactory; @@ -90,13 +90,6 @@ static const std::initializer_list<int64_t> kTransportList = { Transport::RPC_TLS, }; -// Certificate validation happens during handshake and does not affect the result of benchmarks. -// Skip certificate validation to simplify the setup process. -class RpcCertificateVerifierNoOp : public RpcCertificateVerifier { -public: - status_t verify(const SSL*, uint8_t*) override { return OK; } -}; - std::unique_ptr<RpcTransportCtxFactory> makeFactoryTls() { auto pkey = android::makeKeyPairForSelfSignedCert(); CHECK_NE(pkey.get(), nullptr); @@ -109,6 +102,8 @@ std::unique_ptr<RpcTransportCtxFactory> makeFactoryTls() { } static sp<RpcSession> gSession = RpcSession::make(); +// Certificate validation happens during handshake and does not affect the result of benchmarks. +// Skip certificate validation to simplify the setup process. static sp<RpcSession> gSessionTls = RpcSession::make(makeFactoryTls()); #ifdef __BIONIC__ static const String16 kKernelBinderInstance = String16(u"binderRpcBenchmark-control"); diff --git a/libs/binder/tests/binderRpcTest.cpp b/libs/binder/tests/binderRpcTest.cpp index aad01621c7..a2558f5aaf 100644 --- a/libs/binder/tests/binderRpcTest.cpp +++ b/libs/binder/tests/binderRpcTest.cpp @@ -31,6 +31,7 @@ #include <binder/ProcessState.h> #include <binder/RpcServer.h> #include <binder/RpcSession.h> +#include <binder/RpcTlsTestUtils.h> #include <binder/RpcTlsUtils.h> #include <binder/RpcTransport.h> #include <binder/RpcTransportRaw.h> @@ -51,8 +52,6 @@ #include "../RpcSocketAddress.h" // for testing preconnected clients #include "../RpcState.h" // for debugging #include "../vm_sockets.h" // for VMADDR_* -#include "RpcAuthTesting.h" -#include "RpcCertificateVerifierSimple.h" using namespace std::chrono_literals; using namespace std::placeholders; diff --git a/libs/binder/tests/RpcCertificateVerifierSimple.h b/libs/binder/tests/include_tls_test_utils/binder/RpcTlsTestUtils.h index bdb2426df7..cbf11bf50d 100644 --- a/libs/binder/tests/RpcCertificateVerifierSimple.h +++ b/libs/binder/tests/include_tls_test_utils/binder/RpcTlsTestUtils.h @@ -16,17 +16,44 @@ #pragma once +#include <memory> #include <mutex> -#include <string_view> -#include <vector> - -#include <openssl/ssl.h> +#include <binder/RpcAuth.h> #include <binder/RpcCertificateFormat.h> #include <binder/RpcCertificateVerifier.h> +#include <binder/RpcTransport.h> +#include <openssl/ssl.h> +#include <utils/Errors.h> namespace android { +constexpr const uint32_t kCertValidSeconds = 30 * (60 * 60 * 24); // 30 days +bssl::UniquePtr<EVP_PKEY> makeKeyPairForSelfSignedCert(); +bssl::UniquePtr<X509> makeSelfSignedCert(EVP_PKEY* pKey, uint32_t validSeconds); + +// An implementation of RpcAuth that generates a key pair and a self-signed +// certificate every time configure() is called. +class RpcAuthSelfSigned : public RpcAuth { +public: + RpcAuthSelfSigned(uint32_t validSeconds = kCertValidSeconds) : mValidSeconds(validSeconds) {} + status_t configure(SSL_CTX* ctx) override; + +private: + const uint32_t mValidSeconds; +}; + +class RpcAuthPreSigned : public RpcAuth { +public: + RpcAuthPreSigned(bssl::UniquePtr<EVP_PKEY> pkey, bssl::UniquePtr<X509> cert) + : mPkey(std::move(pkey)), mCert(std::move(cert)) {} + status_t configure(SSL_CTX* ctx) override; + +private: + bssl::UniquePtr<EVP_PKEY> mPkey; + bssl::UniquePtr<X509> mCert; +}; + // A simple certificate verifier for testing. // Keep a list of leaf certificates as trusted. No certificate chain support. // @@ -50,4 +77,10 @@ private: std::vector<bssl::UniquePtr<X509>> mTrustedPeerCertificates; }; +// A RpcCertificateVerifier that does not verify anything. +class RpcCertificateVerifierNoOp : public RpcCertificateVerifier { +public: + status_t verify(const SSL*, uint8_t*) override { return OK; } +}; + } // namespace android |