server

package

v0.0.6 Latest Latest Go to latest Published: Mar 29, 2026 License: CC0-1.0 Imports: 364 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/AndroidGoLab/jni-proxy

Links

Open Source Insights

Documentation ¶

Index ¶

func RegisterAll(s grpc.ServiceRegistrar, ctx *app.Context, handles *handlestore.HandleStore)
func StreamAuthInterceptor(auth Authorizer) grpc.StreamServerInterceptor
func StreamBinderInterceptor(vm *jni.VM) grpc.StreamServerInterceptor
func StreamLooperInterceptor(vm *jni.VM) grpc.StreamServerInterceptor
func UnaryAuthInterceptor(auth Authorizer) grpc.UnaryServerInterceptor
func UnaryBinderInterceptor(vm *jni.VM) grpc.UnaryServerInterceptor
func UnaryLooperInterceptor(vm *jni.VM) grpc.UnaryServerInterceptor
type ACLAuth
- func (a ACLAuth) Authorize(ctx context.Context, fullMethod string) error
type AuthServiceServer
type Authorizer
type PermissionRequestNotifier

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func RegisterAll ¶

func RegisterAll(s grpc.ServiceRegistrar, ctx *app.Context, handles *handlestore.HandleStore)

RegisterAll registers all generated gRPC service servers. The handles parameter provides the shared object handle store for services that pass JNI object references over gRPC.

func StreamAuthInterceptor ¶

func StreamAuthInterceptor(auth Authorizer) grpc.StreamServerInterceptor

StreamAuthInterceptor returns a gRPC stream interceptor that checks authorization before handling each stream.

func StreamBinderInterceptor ¶ added in v0.0.6

func StreamBinderInterceptor(vm *jni.VM) grpc.StreamServerInterceptor

StreamBinderInterceptor returns a gRPC stream interceptor that sets the Binder calling identity to system_server (uid 1000) on the current thread before each stream handler runs. See UnaryBinderInterceptor for rationale.

func StreamLooperInterceptor ¶ added in v0.0.4

func StreamLooperInterceptor(vm *jni.VM) grpc.StreamServerInterceptor

StreamLooperInterceptor returns a gRPC stream interceptor that pins the handler goroutine to its OS thread, attaches it to the JVM for the entire handler lifetime, and ensures an Android Looper is prepared before the handler executes.

func UnaryAuthInterceptor ¶

func UnaryAuthInterceptor(auth Authorizer) grpc.UnaryServerInterceptor

UnaryAuthInterceptor returns a gRPC unary interceptor that checks authorization before handling each request.

func UnaryBinderInterceptor ¶ added in v0.0.6

func UnaryBinderInterceptor(vm *jni.VM) grpc.UnaryServerInterceptor

UnaryBinderInterceptor returns a gRPC unary interceptor that sets the Binder calling identity to system_server (uid 1000) on the current thread before each RPC handler runs.

Binder identity is per-thread. gRPC methods run on different goroutines (and therefore different OS threads). The startup-time identity change in runServer only affects the main thread. Each gRPC worker thread needs its own identity set so that Android API calls see the system_server identity instead of "uid 0".

This interceptor MUST be chained AFTER the Looper interceptor (which pins the goroutine to an OS thread and attaches it to the JVM) but BEFORE interceptors that perform Android API calls.

func UnaryLooperInterceptor ¶ added in v0.0.4

func UnaryLooperInterceptor(vm *jni.VM) grpc.UnaryServerInterceptor

UnaryLooperInterceptor returns a gRPC unary interceptor that pins the handler goroutine to its OS thread, attaches it to the JVM for the entire handler lifetime, and ensures an Android Looper is prepared before the handler executes.

Keeping the JVM attachment alive is critical: if the thread detaches between Looper.prepare() and the handler's JNI calls, the JVM destroys the thread-local Looper state (sets mQueue = null), causing NPEs in services like InputMethodManager and WindowManager.

This must be chained BEFORE the auth interceptor or any interceptor that performs JNI work, but after interceptors that don't need JNI.

Note: LockOSThread pins one OS thread per concurrent RPC. This is acceptable for the expected single-device workload but could exhaust threads under extreme concurrency.

Types ¶

type ACLAuth ¶

type ACLAuth struct {
	Store *acl.Store
}

ACLAuth checks client identity from mTLS peer cert and verifies method permissions against the ACL store.

func (ACLAuth) Authorize ¶

func (a ACLAuth) Authorize(ctx context.Context, fullMethod string) error

Authorize extracts the client CN from the TLS peer certificate and checks the ACL store for a matching method grant. The Register RPC is always allowed (unauthenticated enrollment), and all AuthService RPCs are allowed for any authenticated client.

type AuthServiceServer ¶

type AuthServiceServer struct {
	pb.UnimplementedAuthServiceServer
	CA                  *certauth.CA
	Store               *acl.Store
	OnPermissionRequest PermissionRequestNotifier
}

AuthServiceServer implements pb.AuthServiceServer.

func (*AuthServiceServer) ListMyPermissions ¶

func (s *AuthServiceServer) ListMyPermissions(
	ctx context.Context,
	_ *pb.ListMyPermissionsRequest,
) (*pb.ListMyPermissionsResponse, error)

ListMyPermissions returns all granted method patterns for the calling client (identified via mTLS peer certificate CN).

func (*AuthServiceServer) Register ¶

func (s *AuthServiceServer) Register(
	_ context.Context,
	req *pb.RegisterRequest,
) (*pb.RegisterResponse, error)

Register handles unauthenticated registration: it signs the submitted CSR and registers the resulting client in the ACL store.

func (*AuthServiceServer) RequestPermission ¶

func (s *AuthServiceServer) RequestPermission(
	ctx context.Context,
	req *pb.RequestPermissionRequest,
) (*pb.RequestPermissionResponse, error)

RequestPermission creates a pending permission request for the calling client (identified via mTLS peer certificate CN).

type Authorizer ¶

type Authorizer interface {
	Authorize(ctx context.Context, fullMethod string) error
}

Authorizer checks whether a gRPC call is allowed.

type PermissionRequestNotifier ¶

type PermissionRequestNotifier func(requestID int64, clientID string, methods []string)

PermissionRequestNotifier is called when a new permission request is created. The implementation should notify the device user (e.g. launch a dialog Activity or push a notification).

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
accessibility
accessibilityservice
accounts
acl
actions
ad
adid
admin
adselection
advancedprotection
alarm
altitude
animation
app
appfunctions
appsearch
appsetid
appwidget
assist
audiofx
audiomanager
audiorecord
autofill
aware
backup
battery
biometric
biometrics
blob
bluetooth
browse
build
camera
camera2
carrier
cdma
certauth
chooser
classification
clipboard
common
companion
contacts
content
contentcapture
credentials
customaudience
data
database
datatypes
display
displayhash
domain
download
drawable
dreams
drm
environment
euicc
exceptions
fingerprint
flagging
fonts
format
gesture
graphics
gsm
hardware
health
health_connect
hotspot2
hpke
http
identity
ike
ims
input
inputmethod
inputmethodservice
inspector
interactive
ir
jank
jni_raw Package jni_raw implements a gRPC server that exposes the raw JNI Env surface over gRPC.	Package jni_raw implements a gRPC server that exposes the raw JNI Env surface over gRPC.
job
keyguard
keystore
le
loader
location
math
mbms
media
mediastore
method
metrics
midi
models
mtp
net
nfc
notification
nsd
observer
om
omapi
ondevicepersonalization
opengl
os
p2p
params
pdf
people
persistentdata
player
pm
power
pps
preference
preferences
print
projection
proto
provider
quality
quickaccesswallet
quicksettings
recorder
renderscript
res
ringtone
role
rtp
satellite
sax
sdksandbox
security
selection
session
settings
shapes
sip
slice
speech
sqlite
storage
strictmode
style
system
telecom
telephony
templates
text
textclassifier
textservice
toast
topics
transition
translation
tts
tv
usage
usb
util
vibrator
view
virtual
voice
vpn
wallpaper
webkit
widget
wifi
wifi_p2p
wifi_rtt
window

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL