Merge "Use PermissionUtils" am: 584e907d

 */

package android.net;

import static android.Manifest.permission.NETWORK_STACK;

import static android.content.pm.PackageManager.PERMISSION_GRANTED;

import android.annotation.NonNull;

import android.annotation.Nullable;

import android.annotation.SystemApi;

import android.os.IBinder;

import android.os.ServiceManager;

import java.util.ArrayList;

import java.util.Arrays;

import com.android.net.module.util.PermissionUtils;

/**

 * Constants and utilities for client code communicating with the network stack service.

 * @hide

     * @param context {@link android.content.Context} for the process.

     *

     * @hide

     *

     * @deprecated Use {@link PermissionUtils#enforceNetworkStackPermission} instead.

     *

     * TODO: remove this method and let the users call to PermissionUtils directly.

     */

    @Deprecated

    public static void checkNetworkStackPermission(final @NonNull Context context) {

        checkNetworkStackPermissionOr(context);

        PermissionUtils.enforceNetworkStackPermission(context);

    }

    /**

     * @param otherPermissions The set of permissions that could be the candidate permissions , or

     *                         empty string if none of other permissions needed.

     * @hide

     *

     * @deprecated Use {@link PermissionUtils#enforceNetworkStackPermissionOr} instead.

     *

     * TODO: remove this method and let the users call to PermissionUtils directly.

     */

    @Deprecated

    public static void checkNetworkStackPermissionOr(final @NonNull Context context,

            final @NonNull String... otherPermissions) {

        ArrayList<String> permissions = new ArrayList<String>(Arrays.asList(otherPermissions));

        permissions.add(NETWORK_STACK);

        permissions.add(PERMISSION_MAINLINE_NETWORK_STACK);

        enforceAnyPermissionOf(context, permissions.toArray(new String[0]));

    }

    private static void enforceAnyPermissionOf(final @NonNull Context context,

            final @NonNull String... permissions) {

        if (!checkAnyPermissionOf(context, permissions)) {

            throw new SecurityException("Requires one of the following permissions: "

                + String.join(", ", permissions) + ".");

        PermissionUtils.enforceNetworkStackPermissionOr(context, otherPermissions);

    }

}

    private static boolean checkAnyPermissionOf(final @NonNull Context context,

            final @NonNull String... permissions) {

        for (String permission : permissions) {

            if (context.checkCallingOrSelfPermission(permission) == PERMISSION_GRANTED) {

                return true;

            }

        }

        return false;

    }

}

import com.android.net.module.util.CollectionUtils;

import com.android.net.module.util.LinkPropertiesUtils.CompareOrUpdateResult;

import com.android.net.module.util.LinkPropertiesUtils.CompareResult;

import com.android.net.module.util.PermissionUtils;

import com.android.server.am.BatteryStatsService;

import com.android.server.connectivity.AutodestructReference;

import com.android.server.connectivity.DataConnectionStats;

    @Override

    public Network getActiveNetworkForUid(int uid, boolean ignoreBlocked) {

        NetworkStack.checkNetworkStackPermission(mContext);

        PermissionUtils.enforceNetworkStackPermission(mContext);

        return getActiveNetworkForUidInternal(uid, ignoreBlocked);

    }

    @Override

    public NetworkInfo getActiveNetworkInfoForUid(int uid, boolean ignoreBlocked) {

        NetworkStack.checkNetworkStackPermission(mContext);

        PermissionUtils.enforceNetworkStackPermission(mContext);

        final NetworkState state = getUnfilteredActiveNetworkState(uid);

        filterNetworkStateForUid(state, uid, ignoreBlocked);

        return state.networkInfo;

    @Override

    public NetworkState[] getAllNetworkState() {

        // This contains IMSI details, so make sure the caller is privileged.

        NetworkStack.checkNetworkStackPermission(mContext);

        PermissionUtils.enforceNetworkStackPermission(mContext);

        final ArrayList<NetworkState> result = new ArrayList<>();

        for (Network network : getAllNetworks()) {

    // Public because it's used by mLockdownTracker.

    public void sendConnectedBroadcast(NetworkInfo info) {

        NetworkStack.checkNetworkStackPermission(mContext);

        PermissionUtils.enforceNetworkStackPermission(mContext);

        sendGeneralBroadcast(info, CONNECTIVITY_ACTION);

    }

    @Override

    public void setGlobalProxy(final ProxyInfo proxyProperties) {

        NetworkStack.checkNetworkStackPermission(mContext);

        PermissionUtils.enforceNetworkStackPermission(mContext);

        mProxyTracker.setGlobalProxy(proxyProperties);

    }

    @Override

    public void setRequireVpnForUids(boolean requireVpn, UidRange[] ranges) {

        NetworkStack.checkNetworkStackPermission(mContext);

        PermissionUtils.enforceNetworkStackPermission(mContext);

        mHandler.sendMessage(mHandler.obtainMessage(EVENT_SET_REQUIRE_VPN_FOR_UIDS,

                encodeBool(requireVpn), 0 /* arg2 */, ranges));

    }

 */

package android.net;

import static android.Manifest.permission.NETWORK_STACK;

import static android.content.pm.PackageManager.PERMISSION_DENIED;

import static android.content.pm.PackageManager.PERMISSION_GRANTED;

import static android.net.NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK;

import static android.net.NetworkStack.checkNetworkStackPermission;

import static android.net.NetworkStack.checkNetworkStackPermissionOr;

import static org.junit.Assert.assertEquals;

import static org.junit.Assert.fail;

import static org.mockito.ArgumentMatchers.eq;

import static org.mockito.Mockito.any;

import static org.mockito.Mockito.when;

import android.content.Context;

import android.os.Build;

import android.os.IBinder;

@RunWith(AndroidJUnit4.class)

public class NetworkStackTest {

    private static final String [] OTHER_PERMISSION = {"otherpermission1", "otherpermission2"};

    @Rule

    public DevSdkIgnoreRule mDevSdkIgnoreRule = new DevSdkIgnoreRule();

    @Mock Context mCtx;

    @Mock private IBinder mConnectorBinder;

    @Before public void setUp() throws Exception {

        MockitoAnnotations.initMocks(this);

    }

    @Test

    public void testCheckNetworkStackPermission() throws Exception {

        when(mCtx.checkCallingOrSelfPermission(eq(NETWORK_STACK))).thenReturn(PERMISSION_GRANTED);

        when(mCtx.checkCallingOrSelfPermission(eq(PERMISSION_MAINLINE_NETWORK_STACK)))

                .thenReturn(PERMISSION_DENIED);

        checkNetworkStackPermission(mCtx);

        checkNetworkStackPermissionOr(mCtx, OTHER_PERMISSION);

        when(mCtx.checkCallingOrSelfPermission(eq(NETWORK_STACK))).thenReturn(PERMISSION_DENIED);

        when(mCtx.checkCallingOrSelfPermission(eq(PERMISSION_MAINLINE_NETWORK_STACK)))

                .thenReturn(PERMISSION_GRANTED);

        checkNetworkStackPermission(mCtx);

        checkNetworkStackPermissionOr(mCtx, OTHER_PERMISSION);

        when(mCtx.checkCallingOrSelfPermission(any())).thenReturn(PERMISSION_DENIED);

        try {

            checkNetworkStackPermissionOr(mCtx, OTHER_PERMISSION);

        } catch (SecurityException e) {

            // Expect to get a SecurityException

            return;

        }

        fail("Expect fail but permission granted.");

    }

    @Test @IgnoreUpTo(Build.VERSION_CODES.Q)

    public void testGetService() {

        NetworkStack.setServiceForTest(mConnectorBinder);