resolve() throws

Author: jdcormie

binder/src/main/java/io/grpc/binder/internal/Bindable.java

@@ -20,7 +20,9 @@
 import android.os.IBinder;
 import androidx.annotation.AnyThread;
 import androidx.annotation.MainThread;
+import com.google.common.util.concurrent.ListenableFuture;
 import io.grpc.Status;
+import io.grpc.StatusException;
 
 /** An interface for managing a {@code Binder} connection. */
 interface Bindable {
@@ -48,7 +50,7 @@ interface Observer {
 
   /** Fetches details about the remote service from PackageManager *before* binding to it. */
   @AnyThread
-  ServiceInfo resolve();
+  ServiceInfo resolve() throws StatusException;
 
   /**
    * Attempt to bind with the remote service.

binder/src/main/java/io/grpc/binder/internal/BinderTransport.java

@@ -670,22 +670,22 @@ public synchronized Runnable start(ManagedClientTransport.Listener clientTranspo
 
     @GuardedBy("this")
     private void preAuthorizeServer() {
-      ServiceInfo serviceInfo = serviceBinding.resolve();
+      ServiceInfo serviceInfo;
+      try {
+        serviceInfo = serviceBinding.resolve();
+      } catch (StatusException e) {
+        shutdownInternal(e.getStatus(), true);
+        return;
+      }
 
-      // It's unlikely, but in theory the server identity/existence represented by this ServiceInfo
-      // could change by the time we actually bind/connect. It doesn't matter though, because:
+      // It's unlikely, but the server identity/existence of this Service could change by the time
+      // we actually connect. It doesn't matter though, because:
       // - If pre-auth fails (but would succeed for the new identity), grpc-core will retry
       // against the replacement server using a new instance of BinderClientTransport.
       // - If pre-auth succeeds (but would fail for the new identity), we might incorrectly bind
-      // to an unauthorized server, but we'll notice when we the SecurityPolicy again as part of the
-      // usual handshake.
-      if (serviceInfo == null) {
-        preAuthResultFuture =
-            Futures.immediateFuture(
-                Status.UNIMPLEMENTED.withDescription("resolveService() was null"));
-      } else {
-        preAuthResultFuture = checkServerAuthorizationAsync(serviceInfo.applicationInfo.uid);
-      }
+      // to an unauthorized server, but we'll notice when we check SecurityPolicy again as part of
+      // the usual handshake.
+      preAuthResultFuture = checkServerAuthorizationAsync(serviceInfo.applicationInfo.uid);
       Futures.addCallback(
           preAuthResultFuture,
           new FutureCallback<Status>() {

binder/src/main/java/io/grpc/binder/internal/ServiceBinding.java

@@ -33,6 +33,7 @@
 import com.google.common.annotations.VisibleForTesting;
 import com.google.errorprone.annotations.concurrent.GuardedBy;
 import io.grpc.Status;
+import io.grpc.StatusException;
 import io.grpc.binder.BinderChannelCredentials;
 import java.lang.reflect.Method;
 import java.util.concurrent.Executor;
@@ -275,12 +276,18 @@ private static ResolveInfo resolveServiceAsUser(
   }
 
   @AnyThread
-  public ServiceInfo resolve() {
+  public ServiceInfo resolve() throws StatusException {
     checkState(sourceContext != null);
     try {
       ResolveInfo resolveInfo =
           resolveServiceAsUser(sourceContext.getPackageManager(), bindIntent, 0, targetUserHandle);
-      return resolveInfo != null ? resolveInfo.serviceInfo : null;
+      if (resolveInfo == null) {
+        // Same code as when bindService() returns false.
+        throw Status.UNIMPLEMENTED
+            .withDescription("resolveService(" + bindIntent + ") returned null")
+            .asException();
+      }
+      return resolveInfo.serviceInfo;
     } catch (ReflectiveOperationException e) {
       throw Status.fromThrowable(e).asRuntimeException();
     }