Skip to content

feat: normalize failed authorization future status#12899

Open
Zhengcy05 wants to merge 1 commit into
grpc:masterfrom
Zhengcy05:feat/binder-opaque-auth-failure-status
Open

feat: normalize failed authorization future status#12899
Zhengcy05 wants to merge 1 commit into
grpc:masterfrom
Zhengcy05:feat/binder-opaque-auth-failure-status

Conversation

@Zhengcy05

Copy link
Copy Markdown
Contributor

Background

fixed #12873

This PR makes binder server authorization failures report a uniform opaque status to peers.

Previously, BinderTransportSecurity.ServerAuthInterceptor handled failed authorization futures differently depending on whether the future was already completed. The pending path returned an opaque INTERNAL failure, but the Futures.getDone() path reused the underlying exception message as the status description. That allowed later calls to expose messages like "ouch".

Changes

  • Centralized failed-authorization-future to Status mapping in BinderTransportSecurity
  • Made both the pending callback path and the already-completed Futures.getDone() path return the same opaque INTERNAL status with description "Authorization future failed"
  • Added regression assertions for failed future descriptions in RobolectricBinderSecurityTest
  • Added coverage for the cached/already-completed failed future case to ensure later calls do not leak the underlying exception message

Validation

  • ./gradlew :grpc-binder:testDebugUnitTest --tests io.grpc.binder.RobolectricBinderSecurityTest

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

binder: SecurityPolicy *failure* (not auth rejection) should be described to peers in a uniform opaque way

1 participant