Eth Management APIs to Support TEST Interfaces

Updating Ethernet Network Management APIs to allow support for test
interfaces when the caller has the MANAGE_TEST_NETWORKS permission, test
interfaces are being tracked in ethernet and if updating a network's
capabilities, they include the TEST transport.

Bug: 210487893
Test: atest EthernetServiceTests
atest CtsNetTestCasesLatestSdk
:android.net.cts.EthernetManagerTest

Change-Id: I0e0bc9632d9b3d5d61f23e74150586f42c0b5bd2

2 files changed, 44 insertions, 4 deletions

diff --git a/java/com/android/server/ethernet/EthernetServiceImpl.java b/java/com/android/server/ethernet/EthernetServiceImpl.java
index f80f6a0..7f77e5e 100644
--- a/java/com/android/server/ethernet/EthernetServiceImpl.java
+++ b/java/com/android/server/ethernet/EthernetServiceImpl.java
@@ -16,6 +16,8 @@
 
 package com.android.server.ethernet;
 
+import static android.net.NetworkCapabilities.TRANSPORT_TEST;
+
 import android.annotation.NonNull;
 import android.annotation.Nullable;
 import android.content.Context;
@@ -26,6 +28,7 @@ import android.net.IEthernetNetworkManagementListener;
 import android.net.ITetheredInterfaceCallback;
 import android.net.EthernetNetworkUpdateRequest;
 import android.net.IpConfiguration;
+import android.net.NetworkCapabilities;
 import android.os.Binder;
 import android.os.Handler;
 import android.os.RemoteException;
@@ -206,6 +209,12 @@ public class EthernetServiceImpl extends IEthernetManager.Stub {
                 "EthernetServiceImpl");
     }
 
+    private void enforceManageTestNetworksPermission() {
+        mContext.enforceCallingOrSelfPermission(
+                android.Manifest.permission.MANAGE_TEST_NETWORKS,
+                "EthernetServiceImpl");
+    }
+
     /**
      * Validate the state of ethernet for APIs tied to network management.
      *
@@ -217,18 +226,35 @@ public class EthernetServiceImpl extends IEthernetManager.Stub {
         Objects.requireNonNull(iface, "Pass a non-null iface.");
         Objects.requireNonNull(methodName, "Pass a non-null methodName.");
 
-        enforceAutomotiveDevice(methodName);
-        enforceNetworkManagementPermission();
+        // Only bypass the permission/device checks if this is a valid test interface.
+        if (mTracker.isValidTestInterface(iface)) {
+            enforceManageTestNetworksPermission();
+            Log.i(TAG, "Ethernet network management API used with test interface " + iface);
+        } else {
+            enforceAutomotiveDevice(methodName);
+            enforceNetworkManagementPermission();
+        }
         logIfEthernetNotStarted();
     }
 
+    private void validateTestCapabilities(@NonNull final NetworkCapabilities nc) {
+        if (nc.hasTransport(TRANSPORT_TEST)) {
+            return;
+        }
+        throw new IllegalArgumentException(
+                "Updates to test interfaces must have NetworkCapabilities.TRANSPORT_TEST.");
+    }
+
     @Override
     public void updateConfiguration(@NonNull final String iface,
             @NonNull final EthernetNetworkUpdateRequest request,
             @Nullable final IEthernetNetworkManagementListener listener) {
-        Log.i(TAG, "updateConfiguration called with: iface=" + iface
-                + ", request=" + request + ", listener=" + listener);
         validateNetworkManagementState(iface, "updateConfiguration()");
+        if (mTracker.isValidTestInterface(iface)) {
+            validateTestCapabilities(request.getNetworkCapabilities());
+            // TODO: use NetworkCapabilities#restrictCapabilitiesForTestNetwork when available on a
+            //  local NetworkCapabilities copy to pass to mTracker.updateConfiguration.
+        }
         // TODO: validate that iface is listed in overlay config_ethernet_interfaces
 
         mTracker.updateConfiguration(
diff --git a/java/com/android/server/ethernet/EthernetTracker.java b/java/com/android/server/ethernet/EthernetTracker.java
index 794b5d1..9070a7e 100644
--- a/java/com/android/server/ethernet/EthernetTracker.java
+++ b/java/com/android/server/ethernet/EthernetTracker.java
@@ -86,6 +86,9 @@ public class EthernetTracker {
      * if setIncludeTestInterfaces is true, any test interfaces.
      */
     private String mIfaceMatch;
+    /**
+     * Track test interfaces if true, don't track otherwise.
+     */
     private boolean mIncludeTestInterfaces = false;
 
     /** Mapping between {iface name | mac address} -> {NetworkCapabilities} */
@@ -738,6 +741,17 @@ public class EthernetTracker {
         Log.d(TAG, "Interface match regexp set to '" + mIfaceMatch + "'");
     }
 
+    /**
+     * Validate if a given interface is valid for testing.
+     *
+     * @param iface the name of the interface to validate.
+     * @return {@code true} if test interfaces are enabled and the given {@code iface} has a test
+     * interface prefix, {@code false} otherwise.
+     */
+    public boolean isValidTestInterface(@NonNull final String iface) {
+        return mIncludeTestInterfaces && iface.matches(TEST_IFACE_REGEXP);
+    }
+
     private void postAndWaitForRunnable(Runnable r) {
         final ConditionVariable cv = new ConditionVariable();
         if (mHandler.post(() -> {