server

package

v0.0.4 Latest Latest Go to latest Published: Mar 22, 2026 License: CC0-1.0 Imports: 85 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/AndroidGoLab/jni-proxy

Links

Open Source Insights

Documentation ¶

Index ¶

func RegisterAll(s grpc.ServiceRegistrar, ctx *app.Context, handles *handlestore.HandleStore)
func StreamAuthInterceptor(auth Authorizer) grpc.StreamServerInterceptor
func StreamLooperInterceptor(vm *jni.VM) grpc.StreamServerInterceptor
func UnaryAuthInterceptor(auth Authorizer) grpc.UnaryServerInterceptor
func UnaryLooperInterceptor(vm *jni.VM) grpc.UnaryServerInterceptor
type ACLAuth
- func (a ACLAuth) Authorize(ctx context.Context, fullMethod string) error
type AuthServiceServer
type Authorizer
type PermissionRequestNotifier

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func RegisterAll ¶

func RegisterAll(s grpc.ServiceRegistrar, ctx *app.Context, handles *handlestore.HandleStore)

RegisterAll registers all generated gRPC service servers. The handles parameter provides the shared object handle store for services that pass JNI object references over gRPC.

func StreamAuthInterceptor ¶

func StreamAuthInterceptor(auth Authorizer) grpc.StreamServerInterceptor

StreamAuthInterceptor returns a gRPC stream interceptor that checks authorization before handling each stream.

func StreamLooperInterceptor ¶ added in v0.0.4

func StreamLooperInterceptor(vm *jni.VM) grpc.StreamServerInterceptor

StreamLooperInterceptor returns a gRPC stream interceptor that pins the handler goroutine to its OS thread, attaches it to the JVM for the entire handler lifetime, and ensures an Android Looper is prepared before the handler executes.

func UnaryAuthInterceptor ¶

func UnaryAuthInterceptor(auth Authorizer) grpc.UnaryServerInterceptor

UnaryAuthInterceptor returns a gRPC unary interceptor that checks authorization before handling each request.

func UnaryLooperInterceptor ¶ added in v0.0.4

func UnaryLooperInterceptor(vm *jni.VM) grpc.UnaryServerInterceptor

UnaryLooperInterceptor returns a gRPC unary interceptor that pins the handler goroutine to its OS thread, attaches it to the JVM for the entire handler lifetime, and ensures an Android Looper is prepared before the handler executes.

Keeping the JVM attachment alive is critical: if the thread detaches between Looper.prepare() and the handler's JNI calls, the JVM destroys the thread-local Looper state (sets mQueue = null), causing NPEs in services like InputMethodManager and WindowManager.

This must be chained BEFORE the auth interceptor or any interceptor that performs JNI work, but after interceptors that don't need JNI.

Note: LockOSThread pins one OS thread per concurrent RPC. This is acceptable for the expected single-device workload but could exhaust threads under extreme concurrency.

Types ¶

type ACLAuth ¶

type ACLAuth struct {
	Store *acl.Store
}

ACLAuth checks client identity from mTLS peer cert and verifies method permissions against the ACL store.

func (ACLAuth) Authorize ¶

func (a ACLAuth) Authorize(ctx context.Context, fullMethod string) error

Authorize extracts the client CN from the TLS peer certificate and checks the ACL store for a matching method grant. The Register RPC is always allowed (unauthenticated enrollment), and all AuthService RPCs are allowed for any authenticated client.

type AuthServiceServer ¶

type AuthServiceServer struct {
	pb.UnimplementedAuthServiceServer
	CA                  *certauth.CA
	Store               *acl.Store
	OnPermissionRequest PermissionRequestNotifier
}

AuthServiceServer implements pb.AuthServiceServer.

func (*AuthServiceServer) ListMyPermissions ¶

func (s *AuthServiceServer) ListMyPermissions(
	ctx context.Context,
	_ *pb.ListMyPermissionsRequest,
) (*pb.ListMyPermissionsResponse, error)

ListMyPermissions returns all granted method patterns for the calling client (identified via mTLS peer certificate CN).

func (*AuthServiceServer) Register ¶

func (s *AuthServiceServer) Register(
	_ context.Context,
	req *pb.RegisterRequest,
) (*pb.RegisterResponse, error)

Register handles unauthenticated registration: it signs the submitted CSR and registers the resulting client in the ACL store.

func (*AuthServiceServer) RequestPermission ¶

func (s *AuthServiceServer) RequestPermission(
	ctx context.Context,
	req *pb.RequestPermissionRequest,
) (*pb.RequestPermissionResponse, error)

RequestPermission creates a pending permission request for the calling client (identified via mTLS peer certificate CN).

type Authorizer ¶

type Authorizer interface {
	Authorize(ctx context.Context, fullMethod string) error
}

Authorizer checks whether a gRPC call is allowed.

type PermissionRequestNotifier ¶

type PermissionRequestNotifier func(requestID int64, clientID string, methods []string)

PermissionRequestNotifier is called when a new permission request is created. The implementation should notify the device user (e.g. launch a dialog Activity or push a notification).

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
accounts
acl
admin
alarm
audiomanager
battery
biometric
blob
camera
certauth
clipboard
companion
display
download
inputmethod
ir
jni_raw Package jni_raw implements a gRPC server that exposes the raw JNI Env surface over gRPC.	Package jni_raw implements a gRPC server that exposes the raw JNI Env surface over gRPC.
job
keyguard
location
net
notification
nsd
power
print
projection
role
session
storage
telecom
telephony
usage
usb
vibrator
wifi
wifi_p2p
wifi_rtt

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL