/*
* Copyright (C) 2010 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.android.email;
import android.app.admin.DevicePolicyManager;
import android.content.Context;
import android.content.ContextWrapper;
import android.test.ProviderTestCase2;
import android.test.suitebuilder.annotation.MediumTest;
import android.test.suitebuilder.annotation.SmallTest;
import com.android.email.provider.ContentCache;
import com.android.email.provider.EmailProvider;
import com.android.email.provider.ProviderTestUtils;
import com.android.emailcommon.provider.Account;
import com.android.emailcommon.provider.EmailContent;
import com.android.emailcommon.provider.EmailContent.Message;
import com.android.emailcommon.provider.Mailbox;
import com.android.emailcommon.provider.Policy;
import com.android.emailcommon.service.LegacyPolicySet;
/**
* This is a series of unit tests for backup/restore of the SecurityPolicy class.
*
* You can run this entire test case with:
* runtest -c com.android.email.SecurityPolicyTests email
*/
@MediumTest
public class SecurityPolicyTests extends ProviderTestCase2<EmailProvider> {
private Context mMockContext;
private SecurityPolicy mSecurityPolicy;
public SecurityPolicyTests() {
super(EmailProvider.class, EmailContent.AUTHORITY);
}
private static final Policy EMPTY_POLICY = new Policy();
@Override
protected void setUp() throws Exception {
super.setUp();
mMockContext = new MockContext2(getMockContext(), mContext);
// Invalidate all caches, since we reset the database for each test
ContentCache.invalidateAllCaches();
Controller.getInstance(mMockContext).markForTest(true);
}
/**
* Delete any dummy accounts we set up for this test
*/
@Override
protected void tearDown() throws Exception {
Controller.getInstance(mMockContext).markForTest(false);
super.tearDown();
}
/**
* Private context wrapper used to add back getPackageName() for these tests.
*
* This class also implements {@link Context} method(s) that are called during tests.
*/
private static class MockContext2 extends ContextWrapper {
private final Context mRealContext;
public MockContext2(Context mockContext, Context realContext) {
super(mockContext);
mRealContext = realContext;
}
@Override
public Context getApplicationContext() {
return this;
}
@Override
public String getPackageName() {
return mRealContext.getPackageName();
}
@Override
public Object getSystemService(String name) {
return mRealContext.getSystemService(name);
}
}
/**
* Create a Policy using the arguments formerly used to create a PolicySet; this minimizes the
* changes needed for re-using the PolicySet unit test logic
*/
private Policy setupPolicy(int minPasswordLength, int passwordMode, int maxPasswordFails,
int maxScreenLockTime, boolean requireRemoteWipe, int passwordExpirationDays,
int passwordHistory, int passwordComplexChars, boolean requireEncryption,
boolean dontAllowCamera)
throws IllegalArgumentException {
Policy policy = new Policy();
policy.mPasswordMinLength = minPasswordLength;
policy.mPasswordMode = passwordMode;
policy.mPasswordMaxFails = maxPasswordFails;
policy.mMaxScreenLockTime = maxScreenLockTime;
policy.mRequireRemoteWipe = requireRemoteWipe;
policy.mPasswordExpirationDays = passwordExpirationDays;
policy.mPasswordHistory = passwordHistory;
policy.mPasswordComplexChars = passwordComplexChars;
policy.mRequireEncryption = requireEncryption;
policy.mDontAllowCamera = dontAllowCamera;
return policy;
}
/**
* Test business logic of aggregating accounts with policies
*/
public void testAggregator() {
mSecurityPolicy = SecurityPolicy.getInstance(mMockContext);
// with no accounts, should return empty set
assertEquals(EMPTY_POLICY, mSecurityPolicy.computeAggregatePolicy());
// with accounts having no security, empty set
ProviderTestUtils.setupAccount("no-sec-1", true, mMockContext);
ProviderTestUtils.setupAccount("no-sec-2", true, mMockContext);
assertEquals(EMPTY_POLICY, mSecurityPolicy.computeAggregatePolicy());
// with a single account in security mode, should return same security as in account
// first test with partially-populated policies
Account a3 = ProviderTestUtils.setupAccount("sec-3", true, mMockContext);
Policy p3ain = setupPolicy(10, Policy.PASSWORD_MODE_SIMPLE, 0, 0, false, 0, 0, 0,
false, false);
Policy.setAccountPolicy(mMockContext, a3, p3ain, null);
Policy p3aout = mSecurityPolicy.computeAggregatePolicy();
assertNotNull(p3aout);
assertEquals(p3ain, p3aout);
// Repeat that test with fully-populated policies
Policy p3bin = setupPolicy(10, Policy.PASSWORD_MODE_SIMPLE, 15, 16, false, 6, 2, 3,
false, false);
Policy.setAccountPolicy(mMockContext, a3, p3bin, null);
Policy p3bout = mSecurityPolicy.computeAggregatePolicy();
assertNotNull(p3bout);
assertEquals(p3bin, p3bout);
// add another account which mixes it up (some fields will change, others will not)
// pw length and pw mode - max logic - will change because larger #s here
// fail count and lock timer - min logic - will *not* change because larger #s here
// wipe required - OR logic - will *not* change here because false
// expiration - will not change because 0 (unspecified)
// max complex chars - max logic - will change
// encryption required - OR logic - will *not* change here because false
// don't allow camera - OR logic - will change here because it's true
Policy p4in = setupPolicy(20, Policy.PASSWORD_MODE_STRONG, 25, 26, false, 0, 5, 7,
false, true);
Account a4 = ProviderTestUtils.setupAccount("sec-4", true, mMockContext);
Policy.setAccountPolicy(mMockContext, a4, p4in, null);
Policy p4out = mSecurityPolicy.computeAggregatePolicy();
assertNotNull(p4out);
assertEquals(20, p4out.mPasswordMinLength);
assertEquals(Policy.PASSWORD_MODE_STRONG, p4out.mPasswordMode);
assertEquals(15, p4out.mPasswordMaxFails);
assertEquals(16, p4out.mMaxScreenLockTime);
assertEquals(6, p4out.mPasswordExpirationDays);
assertEquals(5, p4out.mPasswordHistory);
assertEquals(7, p4out.mPasswordComplexChars);
assertFalse(p4out.mRequireRemoteWipe);
assertFalse(p4out.mRequireEncryption);
assertFalse(p4out.mRequireEncryptionExternal);
assertTrue(p4out.mDontAllowCamera);
// add another account which mixes it up (the remaining fields will change)
// pw length and pw mode - max logic - will *not* change because smaller #s here
// fail count and lock timer - min logic - will change because smaller #s here
// wipe required - OR logic - will change here because true
// expiration time - min logic - will change because lower here
// history & complex chars - will not change because 0 (unspecified)
// encryption required - OR logic - will change here because true
// don't allow camera - OR logic - will *not* change here because it's already true
Policy p5in = setupPolicy(4, Policy.PASSWORD_MODE_SIMPLE, 5, 6, true, 1, 0, 0,
true, false);
Account a5 = ProviderTestUtils.setupAccount("sec-5", true, mMockContext);
Policy.setAccountPolicy(mMockContext, a5, p5in, null);
Policy p5out = mSecurityPolicy.computeAggregatePolicy();
assertNotNull(p5out);
assertEquals(20, p5out.mPasswordMinLength);
assertEquals(Policy.PASSWORD_MODE_STRONG, p5out.mPasswordMode);
assertEquals(5, p5out.mPasswordMaxFails);
assertEquals(6, p5out.mMaxScreenLockTime);
assertEquals(1, p5out.mPasswordExpirationDays);
assertEquals(5, p5out.mPasswordHistory);
assertEquals(7, p5out.mPasswordComplexChars);
assertTrue(p5out.mRequireRemoteWipe);
assertFalse(p5out.mRequireEncryptionExternal);
assertTrue(p5out.mDontAllowCamera);
}
private long assertAccountPolicyConsistent(long accountId, long oldKey) {
Account account = Account.restoreAccountWithId(mMockContext, accountId);
long policyKey = account.mPolicyKey;
assertTrue(policyKey > 0);
// Found a policy. Ensure it matches.
Policy policy = Policy.restorePolicyWithId(mMockContext, policyKey);
assertNotNull(policy);
assertEquals(account.mPolicyKey, policy.mId);
assertEquals(
accountId,
Policy.getAccountIdWithPolicyKey(mMockContext, policy.mId));
// Assert the old one isn't there.
if (oldKey > 0) {
assertNull("old policy not cleaned up",
Policy.restorePolicyWithId(mMockContext, oldKey));
}
return policyKey;
}
@SmallTest
public void testSettingAccountPolicy() {
Account account = ProviderTestUtils.setupAccount("testaccount", true, mMockContext);
long accountId = account.mId;
Policy initial = setupPolicy(10, Policy.PASSWORD_MODE_SIMPLE, 0, 0, false, 0, 0, 0,
false, false);
Policy.setAccountPolicy(mMockContext, accountId, initial, null);
long oldKey = assertAccountPolicyConsistent(account.mId, 0);
Policy updated = setupPolicy(10, Policy.PASSWORD_MODE_SIMPLE, 0, 0, false, 0, 0, 0,
false, false);
Policy.setAccountPolicy(mMockContext, accountId, updated, null);
oldKey = assertAccountPolicyConsistent(account.mId, oldKey);
// Remove the policy
Policy.clearAccountPolicy(
mMockContext, Account.restoreAccountWithId(mMockContext, accountId));
assertNull("old policy not cleaned up",
Policy.restorePolicyWithId(mMockContext, oldKey));
}
/**
* Test equality. Note, the tests for inequality are poor, as each field should
* be tested individually.
*/
@SmallTest
public void testEquals() {
Policy p1 =
setupPolicy(1, Policy.PASSWORD_MODE_STRONG, 3, 4, true, 7, 8, 9, false, false);
Policy p2 =
setupPolicy(1, Policy.PASSWORD_MODE_STRONG, 3, 4, true, 7, 8, 9, false, false);
Policy p3 =
setupPolicy(2, Policy.PASSWORD_MODE_SIMPLE, 5, 6, true, 7, 8, 9, false, false);
Policy p4 =
setupPolicy(1, Policy.PASSWORD_MODE_STRONG, 3, 4, true, 7, 8, 9, false, true);
assertTrue(p1.equals(p2));
assertFalse(p2.equals(p3));
assertFalse(p1.equals(p4));
}
/**
* Test the API to set/clear policy hold flags in an account
*/
public void testSetClearHoldFlag() {
Account a1 = ProviderTestUtils.setupAccount("holdflag-1", false, mMockContext);
a1.mFlags = Account.FLAGS_NOTIFY_NEW_MAIL;
a1.save(mMockContext);
Account a2 = ProviderTestUtils.setupAccount("holdflag-2", false, mMockContext);
a2.mFlags = Account.FLAGS_VIBRATE_ALWAYS | Account.FLAGS_SECURITY_HOLD;
a2.save(mMockContext);
// confirm clear until set
Account a1a = Account.restoreAccountWithId(mMockContext, a1.mId);
assertEquals(Account.FLAGS_NOTIFY_NEW_MAIL, a1a.mFlags);
SecurityPolicy.setAccountHoldFlag(mMockContext, a1, true);
assertEquals(Account.FLAGS_NOTIFY_NEW_MAIL | Account.FLAGS_SECURITY_HOLD, a1.mFlags);
Account a1b = Account.restoreAccountWithId(mMockContext, a1.mId);
assertEquals(Account.FLAGS_NOTIFY_NEW_MAIL | Account.FLAGS_SECURITY_HOLD, a1b.mFlags);
// confirm set until cleared
Account a2a = Account.restoreAccountWithId(mMockContext, a2.mId);
assertEquals(Account.FLAGS_VIBRATE_ALWAYS | Account.FLAGS_SECURITY_HOLD, a2a.mFlags);
SecurityPolicy.setAccountHoldFlag(mMockContext, a2, false);
assertEquals(Account.FLAGS_VIBRATE_ALWAYS, a2.mFlags);
Account a2b = Account.restoreAccountWithId(mMockContext, a2.mId);
assertEquals(Account.FLAGS_VIBRATE_ALWAYS, a2b.mFlags);
}
/**
* Test the response to disabling DeviceAdmin status
*/
public void testDisableAdmin() {
Account a1 = ProviderTestUtils.setupAccount("disable-1", true, mMockContext);
Policy p1 = setupPolicy(10, Policy.PASSWORD_MODE_SIMPLE, 0, 0, false, 0, 0, 0,
false, false);
Policy.setAccountPolicy(mMockContext, a1, p1, "security-sync-key-1");
Account a2 = ProviderTestUtils.setupAccount("disable-2", true, mMockContext);
Policy p2 = setupPolicy(20, Policy.PASSWORD_MODE_STRONG, 25, 26, false, 0, 0, 0,
false, false);
Policy.setAccountPolicy(mMockContext, a2, p2, "security-sync-key-2");
Account a3 = ProviderTestUtils.setupAccount("disable-3", true, mMockContext);
Policy.clearAccountPolicy(mMockContext, a3);
mSecurityPolicy = SecurityPolicy.getInstance(mMockContext);
// Confirm that "enabling" device admin does not change security status (policy & sync key)
Policy before = mSecurityPolicy.getAggregatePolicy();
mSecurityPolicy.onAdminEnabled(true); // "enabled" should not change anything
Policy after1 = mSecurityPolicy.getAggregatePolicy();
assertEquals(before, after1);
Account a1a = Account.restoreAccountWithId(mMockContext, a1.mId);
assertNotNull(a1a.mSecuritySyncKey);
assertTrue(a1a.mPolicyKey > 0);
Account a2a = Account.restoreAccountWithId(mMockContext, a2.mId);
assertNotNull(a2a.mSecuritySyncKey);
assertTrue(a2a.mPolicyKey > 0);
Account a3a = Account.restoreAccountWithId(mMockContext, a3.mId);
assertNull(a3a.mSecuritySyncKey);
assertTrue(a3a.mPolicyKey == 0);
mSecurityPolicy.deleteSecuredAccounts(mMockContext);
Policy after2 = mSecurityPolicy.getAggregatePolicy();
assertEquals(EMPTY_POLICY, after2);
Account a1b = Account.restoreAccountWithId(mMockContext, a1.mId);
assertNull(a1b);
Account a2b = Account.restoreAccountWithId(mMockContext, a2.mId);
assertNull(a2b);
Account a3b = Account.restoreAccountWithId(mMockContext, a3.mId);
assertNull(a3b.mSecuritySyncKey);
}
/**
* Test the scanner that finds expiring accounts
*/
public void testFindExpiringAccount() {
ProviderTestUtils.setupAccount("expiring-1", true, mMockContext);
// With no expiring accounts, this should return null.
long nextExpiringAccountId = SecurityPolicy.findShortestExpiration(mMockContext);
assertEquals(-1, nextExpiringAccountId);
// Add a single expiring account
Account a2 =
ProviderTestUtils.setupAccount("expiring-2", true, mMockContext);
Policy p2 = setupPolicy(20, Policy.PASSWORD_MODE_STRONG, 25, 26, false, 30, 0, 0,
false, true);
Policy.setAccountPolicy(mMockContext, a2, p2, null);
// The expiring account should be returned
nextExpiringAccountId = SecurityPolicy.findShortestExpiration(mMockContext);
assertEquals(a2.mId, nextExpiringAccountId);
// Add an account with a longer expiration
Account a3 = ProviderTestUtils.setupAccount("expiring-3", true, mMockContext);
Policy p3 = setupPolicy(20, Policy.PASSWORD_MODE_STRONG, 25, 26, false, 60, 0, 0,
false, true);
Policy.setAccountPolicy(mMockContext, a3, p3, null);
// The original expiring account (a2) should be returned
nextExpiringAccountId = SecurityPolicy.findShortestExpiration(mMockContext);
assertEquals(a2.mId, nextExpiringAccountId);
// Add an account with a shorter expiration
Account a4 = ProviderTestUtils.setupAccount("expiring-4", true, mMockContext);
Policy p4 = setupPolicy(20, Policy.PASSWORD_MODE_STRONG, 25, 26, false, 15, 0, 0,
false, true);
Policy.setAccountPolicy(mMockContext, a4, p4, null);
// The new expiring account (a4) should be returned
nextExpiringAccountId = SecurityPolicy.findShortestExpiration(mMockContext);
assertEquals(a4.mId, nextExpiringAccountId);
}
/**
* Lightweight subclass of the Controller class allows injection of mock context
*/
public static class TestController extends Controller {
protected TestController(Context providerContext, Context systemContext) {
super(systemContext);
setProviderContext(providerContext);
markForTest(true);
}
}
/**
* Test the scanner that wipes expiring accounts
*/
public void testWipeExpiringAccounts() {
mSecurityPolicy = SecurityPolicy.getInstance(mMockContext);
TestController testController = new TestController(mMockContext, getContext());
// Two accounts - a1 is normal, a2 has security (but no expiration)
Account a1 = ProviderTestUtils.setupAccount("expired-1", true, mMockContext);
Account a2 = ProviderTestUtils.setupAccount("expired-2", true, mMockContext);
Policy p2 = setupPolicy(20, Policy.PASSWORD_MODE_STRONG, 25, 26, false, 0, 0, 0,
false, true);
Policy.setAccountPolicy(mMockContext, a2, p2, null);
// Add a mailbox & messages to each account
long account1Id = a1.mId;
long account2Id = a2.mId;
Mailbox box1 = ProviderTestUtils.setupMailbox("box1", account1Id, true, mMockContext);
long box1Id = box1.mId;
ProviderTestUtils.setupMessage("message1", account1Id, box1Id, false, true, mMockContext);
ProviderTestUtils.setupMessage("message2", account1Id, box1Id, false, true, mMockContext);
Mailbox box2 = ProviderTestUtils.setupMailbox("box2", account2Id, true, mMockContext);
long box2Id = box2.mId;
ProviderTestUtils.setupMessage("message3", account2Id, box2Id, false, true, mMockContext);
ProviderTestUtils.setupMessage("message4", account2Id, box2Id, false, true, mMockContext);
// Run the expiration code - should do nothing
boolean wiped = SecurityPolicy.wipeExpiredAccounts(mMockContext, testController);
assertFalse(wiped);
// check mailboxes & messages not wiped
assertEquals(2, EmailContent.count(mMockContext, Account.CONTENT_URI));
assertEquals(2, EmailContent.count(mMockContext, Mailbox.CONTENT_URI));
assertEquals(4, EmailContent.count(mMockContext, Message.CONTENT_URI));
// Add 3rd account that really expires
Account a3 = ProviderTestUtils.setupAccount("expired-3", true, mMockContext);
Policy p3 = setupPolicy(20, Policy.PASSWORD_MODE_STRONG, 25, 26, false, 30, 0, 0,
false, true);
Policy.setAccountPolicy(mMockContext, a3, p3, null);
// Add mailbox & messages to 3rd account
long account3Id = a3.mId;
Mailbox box3 = ProviderTestUtils.setupMailbox("box3", account3Id, true, mMockContext);
long box3Id = box3.mId;
ProviderTestUtils.setupMessage("message5", account3Id, box3Id, false, true, mMockContext);
ProviderTestUtils.setupMessage("message6", account3Id, box3Id, false, true, mMockContext);
// check new counts
assertEquals(3, EmailContent.count(mMockContext, Account.CONTENT_URI));
assertEquals(3, EmailContent.count(mMockContext, Mailbox.CONTENT_URI));
assertEquals(6, EmailContent.count(mMockContext, Message.CONTENT_URI));
// Run the expiration code - wipe acct #3
wiped = SecurityPolicy.wipeExpiredAccounts(mMockContext, testController);
assertTrue(wiped);
// check new counts - account survives but data is wiped
assertEquals(3, EmailContent.count(mMockContext, Account.CONTENT_URI));
assertEquals(2, EmailContent.count(mMockContext, Mailbox.CONTENT_URI));
assertEquals(4, EmailContent.count(mMockContext, Message.CONTENT_URI));
// Check security hold states - only #3 should be in hold
Account account = Account.restoreAccountWithId(mMockContext, account1Id);
assertEquals(0, account.mFlags & Account.FLAGS_SECURITY_HOLD);
account = Account.restoreAccountWithId(mMockContext, account2Id);
assertEquals(0, account.mFlags & Account.FLAGS_SECURITY_HOLD);
account = Account.restoreAccountWithId(mMockContext, account3Id);
assertEquals(Account.FLAGS_SECURITY_HOLD, account.mFlags & Account.FLAGS_SECURITY_HOLD);
}
/**
* Test the code that clears unsupported policies
* TODO inject a mock DPM so we can directly control & test all cases, no matter what device
*/
public void testClearUnsupportedPolicies() {
Policy p1 =
setupPolicy(1, Policy.PASSWORD_MODE_STRONG, 3, 4, true, 7, 8, 9, false, false);
Policy p2 =
setupPolicy(1, Policy.PASSWORD_MODE_STRONG, 3, 4, true, 7, 8, 9, true, false);
mSecurityPolicy = SecurityPolicy.getInstance(mMockContext);
DevicePolicyManager dpm = mSecurityPolicy.getDPM();
boolean hasEncryption =
dpm.getStorageEncryptionStatus() != DevicePolicyManager.ENCRYPTION_STATUS_UNSUPPORTED;
Policy p1Result = mSecurityPolicy.clearUnsupportedPolicies(p1);
Policy p2Result = mSecurityPolicy.clearUnsupportedPolicies(p2);
// No changes expected when encryptionRequested was false
assertEquals(p1, p1Result);
if (hasEncryption) {
// No changes expected
assertEquals(p2, p2Result);
} else {
// If encryption is unsupported, encryption policy bits are cleared
Policy policyExpect =
setupPolicy(1, Policy.PASSWORD_MODE_STRONG, 3, 4, true, 7, 8, 9, false,
false);
assertEquals(policyExpect, p2Result);
}
}
/**
* Test the code that converts from exchange-style quality to DPM/Lockscreen style quality.
*/
public void testGetDPManagerPasswordQuality() {
// Policy.PASSWORD_MODE_NONE -> DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED
Policy p1 = setupPolicy(0, Policy.PASSWORD_MODE_NONE,
0, 0, false, 0, 0, 0, false, false);
assertEquals(DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED,
p1.getDPManagerPasswordQuality());
// PASSWORD_MODE_SIMPLE -> PASSWORD_QUALITY_NUMERIC
Policy p2 = setupPolicy(4, Policy.PASSWORD_MODE_SIMPLE,
0, 0, false, 0, 0, 0, false, false);
assertEquals(DevicePolicyManager.PASSWORD_QUALITY_NUMERIC,
p2.getDPManagerPasswordQuality());
// PASSWORD_MODE_STRONG -> PASSWORD_QUALITY_ALPHANUMERIC
Policy p3 = setupPolicy(4, Policy.PASSWORD_MODE_STRONG,
0, 0, false, 0, 0, 0, false, false);
assertEquals(DevicePolicyManager.PASSWORD_QUALITY_ALPHANUMERIC,
p3.getDPManagerPasswordQuality());
// PASSWORD_MODE_STRONG + complex chars -> PASSWORD_QUALITY_COMPLEX
Policy p4 = setupPolicy(4, Policy.PASSWORD_MODE_STRONG,
0, 0, false, 0, 0 , 2, false, false);
assertEquals(DevicePolicyManager.PASSWORD_QUALITY_COMPLEX,
p4.getDPManagerPasswordQuality());
}
private boolean policySetEqualsPolicy(PolicySet ps, Policy policy) {
if ((ps.mPasswordMode >> LegacyPolicySet.PASSWORD_MODE_SHIFT) != policy.mPasswordMode) {
return false;
}
if (ps.mMinPasswordLength != policy.mPasswordMinLength) return false;
if (ps.mPasswordComplexChars != policy.mPasswordComplexChars) return false;
if (ps.mPasswordHistory != policy.mPasswordHistory) return false;
if (ps.mPasswordExpirationDays != policy.mPasswordExpirationDays) return false;
if (ps.mMaxPasswordFails != policy.mPasswordMaxFails) return false;
if (ps.mMaxScreenLockTime != policy.mMaxScreenLockTime) return false;
if (ps.mRequireRemoteWipe != policy.mRequireRemoteWipe) return false;
if (ps.mRequireEncryption != policy.mRequireEncryption) return false;
if (ps.mRequireEncryptionExternal != policy.mRequireEncryptionExternal) return false;
return true;
}
public void testPolicyFlagsToPolicy() {
// Policy flags; the three sets included here correspond to policies for three test
// accounts that, between them, use all of the possible policies
long flags = 67096612L;
PolicySet ps = new PolicySet(flags);
Policy policy = LegacyPolicySet.flagsToPolicy(flags);
assertTrue(policySetEqualsPolicy(ps, policy));
flags = 52776591691846L;
ps = new PolicySet(flags);
policy = LegacyPolicySet.flagsToPolicy(flags);
assertTrue(policySetEqualsPolicy(ps, policy));
flags = 1689605957029924L;
ps = new PolicySet(flags);
policy = LegacyPolicySet.flagsToPolicy(flags);
assertTrue(policySetEqualsPolicy(ps, policy));
}
/**
* The old PolicySet class fields and constructor; we use this to test conversion to the
* new Policy table scheme
*/
private static class PolicySet {
private final int mMinPasswordLength;
private final int mPasswordMode;
private final int mMaxPasswordFails;
private final int mMaxScreenLockTime;
private final boolean mRequireRemoteWipe;
private final int mPasswordExpirationDays;
private final int mPasswordHistory;
private final int mPasswordComplexChars;
private final boolean mRequireEncryption;
private final boolean mRequireEncryptionExternal;
/**
* Create from values encoded in an account flags int
*/
private PolicySet(long flags) {
mMinPasswordLength = (int) ((flags & LegacyPolicySet.PASSWORD_LENGTH_MASK)
>> LegacyPolicySet.PASSWORD_LENGTH_SHIFT);
mPasswordMode =
(int) (flags & LegacyPolicySet.PASSWORD_MODE_MASK);
mMaxPasswordFails = (int) ((flags & LegacyPolicySet.PASSWORD_MAX_FAILS_MASK)
>> LegacyPolicySet.PASSWORD_MAX_FAILS_SHIFT);
mMaxScreenLockTime = (int) ((flags & LegacyPolicySet.SCREEN_LOCK_TIME_MASK)
>> LegacyPolicySet.SCREEN_LOCK_TIME_SHIFT);
mRequireRemoteWipe = 0 != (flags & LegacyPolicySet.REQUIRE_REMOTE_WIPE);
mPasswordExpirationDays = (int) ((flags & LegacyPolicySet.PASSWORD_EXPIRATION_MASK)
>> LegacyPolicySet.PASSWORD_EXPIRATION_SHIFT);
mPasswordHistory = (int) ((flags & LegacyPolicySet.PASSWORD_HISTORY_MASK)
>> LegacyPolicySet.PASSWORD_HISTORY_SHIFT);
mPasswordComplexChars = (int) ((flags & LegacyPolicySet.PASSWORD_COMPLEX_CHARS_MASK)
>> LegacyPolicySet.PASSWORD_COMPLEX_CHARS_SHIFT);
mRequireEncryption = 0 != (flags & LegacyPolicySet.REQUIRE_ENCRYPTION);
mRequireEncryptionExternal = 0 != (flags & LegacyPolicySet.REQUIRE_ENCRYPTION_EXTERNAL);
}
}
}