[devragrin] [GmsCore] Implement guardWithRequest service path (#2851)#3524
Open
kwanter wants to merge 1 commit into
Open
[devragrin] [GmsCore] Implement guardWithRequest service path (#2851)#3524kwanter wants to merge 1 commit into
kwanter wants to merge 1 commit into
Conversation
The IDroidGuardService.guardWithRequest method was previously stubbed with TODO, which caused request-backed DroidGuard flows (e.g. Play Integrity multi-step attestation) to throw NotImplementedError. This wires the missing entry point to the existing handle lifecycle: - call getHandle() to obtain the active handle (embedded or remote) - try initWithRequest(flow, request) with fallback to init(flow) - deliver the snapshot result through IDroidGuardCallbacks.onResult - always close the handle in a finally block - on error, deliver an empty byte array (matching the existing KeyRetrievalService error convention) to avoid binder exceptions This is the minimal change to unblock the request-backed flow while keeping behavior aligned with the existing one-shot guard() entry point.
Author
|
Update / implementation note: This PR intentionally keeps #2851 narrow: it only replaces the missing Runtime flow implemented: If Reason for the small diff:
Happy to expand this if maintainers want explicit multi-step session APIs, but this should address the immediate |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
/claim #2851
Summary
IDroidGuardService.guardWithRequestso request-backed DroidGuard flows (e.g. Play Integrity multi-step attestation) can execute.getHandle()→initWithRequestwith fallback toinit→snapshot→onResult, withclosein afinallyblock.callbacks.onResult(...)to match the existingKeyRetrievalServiceerror convention and avoid binder exceptions.Why
guardWithRequestwas a literalTODO("Not yet implemented"), causing any caller that uses the request-backed path to throwNotImplementedError. The remote DroidGuard path is the only way to obtain Play Integrity tokens at a higher level on a microG-only device, and multi-step Play Integrity flows (the common case for Firebase AppCheck-backed apps such as Dott) hit this exact code path.Test Plan
./gradlew :play-services-droidguard-core:compileDebugKotlin./gradlew :play-services-droidguard-core:testDebugUnitTestguard()path and are unaffected.Metadata note
Public issue/repo context only. No private prompts, memory, credentials, or hidden runtime context are disclosed. PR is intended to be evaluated on its own merits against issue #2851.
Bounty: claimed via BountyHub for the
$100total listed on this issue.