Add checking NetworkStack permission methods and tests

These methods migrate from android.net.NetworkStack.

checkNetworkStackPermission()
checkNetworkStackPermissionOr()

Bug: 178352309
Test: atest NetworkStaticLibTests
Change-Id: Iba4daaac3c662b87fec038f7c557e4fd6544c069
diff --git a/staticlibs/framework/com/android/net/module/util/PermissionUtils.java b/staticlibs/framework/com/android/net/module/util/PermissionUtils.java
index ce8a745..10eda57 100644
--- a/staticlibs/framework/com/android/net/module/util/PermissionUtils.java
+++ b/staticlibs/framework/com/android/net/module/util/PermissionUtils.java
@@ -16,11 +16,16 @@
 
 package com.android.net.module.util;
 
+import static android.Manifest.permission.NETWORK_STACK;
 import static android.content.pm.PackageManager.PERMISSION_GRANTED;
+import static android.net.NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK;
 
 import android.annotation.NonNull;
 import android.content.Context;
 
+import java.util.ArrayList;
+import java.util.Arrays;
+
 /**
  * Collection of permission utilities.
  * @hide
@@ -49,4 +54,30 @@
                     + String.join(", ", permissions) + ".");
         }
     }
+
+    /**
+     * If the NetworkStack, MAINLINE_NETWORK_STACK are not allowed for a particular process, throw a
+     * {@link SecurityException}.
+     *
+     * @param context {@link android.content.Context} for the process.
+     */
+    public static void enforceNetworkStackPermission(final @NonNull Context context) {
+        enforceNetworkStackPermissionOr(context);
+    }
+
+    /**
+     * If the NetworkStack, MAINLINE_NETWORK_STACK or other specified permissions are not allowed
+     * for a particular process, throw a {@link SecurityException}.
+     *
+     * @param context {@link android.content.Context} for the process.
+     * @param otherPermissions The set of permissions that could be the candidate permissions , or
+     *                         empty string if none of other permissions needed.
+     */
+    public static void enforceNetworkStackPermissionOr(final @NonNull Context context,
+            final @NonNull String... otherPermissions) {
+        ArrayList<String> permissions = new ArrayList<String>(Arrays.asList(otherPermissions));
+        permissions.add(NETWORK_STACK);
+        permissions.add(PERMISSION_MAINLINE_NETWORK_STACK);
+        enforceAnyPermissionOf(context, permissions.toArray(new String[0]));
+    }
 }
diff --git a/staticlibs/tests/unit/src/com/android/net/module/util/PermissionUtilsTest.kt b/staticlibs/tests/unit/src/com/android/net/module/util/PermissionUtilsTest.kt
new file mode 100644
index 0000000..6da5e7d
--- /dev/null
+++ b/staticlibs/tests/unit/src/com/android/net/module/util/PermissionUtilsTest.kt
@@ -0,0 +1,93 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.net.module.util
+
+import android.Manifest.permission.NETWORK_STACK
+import android.content.Context
+import android.content.pm.PackageManager.PERMISSION_DENIED
+import android.content.pm.PackageManager.PERMISSION_GRANTED
+import android.net.NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK
+import androidx.test.filters.SmallTest
+import androidx.test.runner.AndroidJUnit4
+import com.android.net.module.util.PermissionUtils.checkAnyPermissionOf
+import com.android.net.module.util.PermissionUtils.enforceNetworkStackPermission
+import com.android.net.module.util.PermissionUtils.enforceNetworkStackPermissionOr
+import com.android.net.module.util.PermissionUtils.enforceAnyPermissionOf
+import org.junit.Assert.assertFalse
+import org.junit.Assert.assertTrue
+import org.junit.Test
+import org.junit.runner.RunWith
+import org.mockito.ArgumentMatchers.any
+import org.mockito.Mockito.doReturn
+import org.mockito.Mockito.mock
+import kotlin.test.assertFailsWith
+
+/** Tests for PermissionUtils */
+@RunWith(AndroidJUnit4::class)
+@SmallTest
+class PermissionUtilsTest {
+    private val TEST_PERMISSION1 = "android.permission.TEST_PERMISSION1"
+    private val TEST_PERMISSION2 = "android.permission.TEST_PERMISSION2"
+    private val context = mock(Context::class.java)
+
+    @Test
+    fun testEnforceAnyPermissionOf() {
+        doReturn(PERMISSION_GRANTED).`when`(context).checkCallingOrSelfPermission(TEST_PERMISSION1)
+        doReturn(PERMISSION_DENIED).`when`(context).checkCallingOrSelfPermission(TEST_PERMISSION2)
+        assertTrue(checkAnyPermissionOf(context, TEST_PERMISSION1, TEST_PERMISSION2))
+        enforceAnyPermissionOf(context, TEST_PERMISSION1, TEST_PERMISSION2)
+
+        doReturn(PERMISSION_DENIED).`when`(context).checkCallingOrSelfPermission(TEST_PERMISSION1)
+        doReturn(PERMISSION_GRANTED).`when`(context).checkCallingOrSelfPermission(TEST_PERMISSION2)
+        assertTrue(checkAnyPermissionOf(context, TEST_PERMISSION1, TEST_PERMISSION2))
+        enforceAnyPermissionOf(context, TEST_PERMISSION1, TEST_PERMISSION2)
+
+        doReturn(PERMISSION_DENIED).`when`(context).checkCallingOrSelfPermission(any())
+        assertFalse(checkAnyPermissionOf(context, TEST_PERMISSION1, TEST_PERMISSION2))
+        assertFailsWith<SecurityException>("Expect fail but permission granted.") {
+            enforceAnyPermissionOf(context, TEST_PERMISSION1, TEST_PERMISSION2) }
+    }
+
+    @Test
+    fun testEnforceNetworkStackPermissionOr() {
+        doReturn(PERMISSION_GRANTED).`when`(context).checkCallingOrSelfPermission(NETWORK_STACK)
+        doReturn(PERMISSION_DENIED).`when`(context)
+                .checkCallingOrSelfPermission(PERMISSION_MAINLINE_NETWORK_STACK)
+        enforceNetworkStackPermission(context)
+        enforceNetworkStackPermissionOr(context, TEST_PERMISSION1)
+
+        doReturn(PERMISSION_DENIED).`when`(context).checkCallingOrSelfPermission(NETWORK_STACK)
+        doReturn(PERMISSION_GRANTED).`when`(context)
+                .checkCallingOrSelfPermission(PERMISSION_MAINLINE_NETWORK_STACK)
+        enforceNetworkStackPermission(context)
+        enforceNetworkStackPermissionOr(context, TEST_PERMISSION2)
+
+        doReturn(PERMISSION_DENIED).`when`(context).checkCallingOrSelfPermission(NETWORK_STACK)
+        doReturn(PERMISSION_DENIED).`when`(context)
+                .checkCallingOrSelfPermission(PERMISSION_MAINLINE_NETWORK_STACK)
+        doReturn(PERMISSION_GRANTED).`when`(context).checkCallingOrSelfPermission(TEST_PERMISSION1)
+        assertFailsWith<SecurityException>("Expect fail but permission granted.") {
+            enforceNetworkStackPermission(context) }
+        enforceNetworkStackPermissionOr(context, TEST_PERMISSION1)
+
+        doReturn(PERMISSION_DENIED).`when`(context).checkCallingOrSelfPermission(any())
+        assertFailsWith<SecurityException>("Expect fail but permission granted.") {
+            enforceNetworkStackPermission(context) }
+        assertFailsWith<SecurityException>("Expect fail but permission granted.") {
+            enforceNetworkStackPermissionOr(context, TEST_PERMISSION2) }
+    }
+}