File tree Expand file tree Collapse file tree
binder/src/main/java/io/grpc/binder/internal Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -677,13 +677,14 @@ private void preAuthorizeServer() {
677677 return ;
678678 }
679679
680- // It's unlikely, but the server identity/existence of this Service could change by the time
681- // we actually connect. It doesn't matter though, because:
682- // - If pre-auth fails (but would succeed for the new identity), grpc-core will retry
683- // against the replacement server using a new instance of BinderClientTransport.
684- // - If pre-auth succeeds (but would fail for the new identity), we might incorrectly bind
685- // to an unauthorized server, but we'll notice when we check SecurityPolicy again as part of
686- // the usual handshake.
680+ // It's unlikely, but the identity/existence of this Service could change by the time we
681+ // actually connect. It doesn't matter though, because:
682+ // - If pre-auth fails (but would succeed against the server's new state), the grpc-core layer
683+ // will eventually retry using a new transport instance that will see the Service's new state.
684+ // - If pre-auth succeeds (but would fail against the server's new state), we might give an
685+ // unauthorized server a chance to run, but the connection will still fail by SecurityPolicy
686+ // check later in handshake. Pre-auth remains effective at mitigating abuse because malware
687+ // can't typically control the exact timing of its installation.
687688 preAuthResultFuture = checkServerAuthorizationAsync (serviceInfo .applicationInfo .uid );
688689 Futures .addCallback (
689690 preAuthResultFuture ,
You can’t perform that action at this time.
0 commit comments