Updating Eth Service to use Eth Network Permission

Updating Ethernet Service network management APIs to
require the manage ethernet networks permission.

Bug: 210485380
Test: atest EthernetServiceTests
Change-Id: Ibc9b2930fc0069efd7c6f4b833aba7d6c8e93311

service-t/src/com/android/server/ethernet/EthernetServiceImpl.java

@@ -208,6 +208,12 @@ public class EthernetServiceImpl extends IEthernetManager.Stub {
         pw.decreaseIndent();
     }
 
+    private void enforceNetworkManagementPermission() {
+        mContext.enforceCallingOrSelfPermission(
+                android.Manifest.permission.MANAGE_ETHERNET_NETWORKS,
+                "EthernetServiceImpl");
+    }
+
     /**
      * Validate the state of ethernet for APIs tied to network management.
      *
@@ -216,12 +222,12 @@ public class EthernetServiceImpl extends IEthernetManager.Stub {
      */
     private void validateNetworkManagementState(@NonNull final String iface,
             final @NonNull String methodName) {
+        enforceAutomotiveDevice(methodName);
+        enforceNetworkManagementPermission();
         logIfEthernetNotStarted();
 
-        // TODO: add permission check here for MANAGE_INTERNAL_NETWORKS when it's available.
         Objects.requireNonNull(iface, "Pass a non-null iface.");
         Objects.requireNonNull(methodName, "Pass a non-null methodName.");
-        enforceAutomotiveDevice(methodName);
         enforceInterfaceIsTracked(iface);
     }
 

tests/ethernet/java/com/android/server/ethernet/EthernetNetworkFactoryTest.java

@@ -362,7 +362,7 @@ public class EthernetNetworkFactoryTest {
 
         assertFalse(ret);
         verifyNoStopOrStart();
-        assertFailedListener(listener, "can't be updated as it is not configured");
+        assertFailedListener(listener, "can't be updated as it is not available");
     }
 
     @Test

tests/ethernet/java/com/android/server/ethernet/EthernetServiceImplTest.java

@@ -18,10 +18,13 @@ package com.android.server.ethernet;
 
 import static org.junit.Assert.assertThrows;
 
+import static org.mockito.ArgumentMatchers.anyString;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.Mockito.doReturn;
+import static org.mockito.Mockito.doThrow;
 import static org.mockito.Mockito.verify;
 
+import android.Manifest;
 import android.annotation.NonNull;
 import android.content.Context;
 import android.content.pm.PackageManager;
@@ -176,6 +179,36 @@ public class EthernetServiceImplTest {
         });
     }
 
+    private void denyManageEthPermission() {
+        doThrow(new SecurityException("")).when(mContext)
+                .enforceCallingOrSelfPermission(
+                        eq(Manifest.permission.MANAGE_ETHERNET_NETWORKS), anyString());
+    }
+
+    @Test
+    public void testUpdateConfigurationRejectsWithoutManageEthPermission() {
+        denyManageEthPermission();
+        assertThrows(SecurityException.class, () -> {
+            mEthernetServiceImpl.updateConfiguration(TEST_IFACE, UPDATE_REQUEST, NULL_LISTENER);
+        });
+    }
+
+    @Test
+    public void testConnectNetworkRejectsWithoutManageEthPermission() {
+        denyManageEthPermission();
+        assertThrows(SecurityException.class, () -> {
+            mEthernetServiceImpl.connectNetwork(TEST_IFACE, NULL_LISTENER);
+        });
+    }
+
+    @Test
+    public void testDisconnectNetworkRejectsWithoutManageEthPermission() {
+        denyManageEthPermission();
+        assertThrows(SecurityException.class, () -> {
+            mEthernetServiceImpl.disconnectNetwork(TEST_IFACE, NULL_LISTENER);
+        });
+    }
+
     @Test
     public void testUpdateConfiguration() {
         mEthernetServiceImpl.updateConfiguration(TEST_IFACE, UPDATE_REQUEST, NULL_LISTENER);