am be6910e7
: Merge "Properly handle unsupported encryption policy" into honeycomb
* commit 'be6910e7a40b4bffb7e917ffa89c539733545548': Properly handle unsupported encryption policy
This commit is contained in:
commit
907094ebe3
@ -187,7 +187,7 @@ public class SecurityPolicy {
|
||||
/**
|
||||
* Get the dpm. This mainly allows us to make some utility calls without it, for testing.
|
||||
*/
|
||||
private synchronized DevicePolicyManager getDPM() {
|
||||
/* package */ synchronized DevicePolicyManager getDPM() {
|
||||
if (mDPM == null) {
|
||||
mDPM = (DevicePolicyManager) mContext.getSystemService(Context.DEVICE_POLICY_SERVICE);
|
||||
}
|
||||
@ -216,7 +216,7 @@ public class SecurityPolicy {
|
||||
/**
|
||||
* API: Query if the proposed set of policies are supported on the device.
|
||||
*
|
||||
* @param policies requested
|
||||
* @param policies the polices that were requested
|
||||
* @return boolean if supported
|
||||
*/
|
||||
public boolean isSupported(PolicySet policies) {
|
||||
@ -232,6 +232,34 @@ public class SecurityPolicy {
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* API: Remove any unsupported policies
|
||||
*
|
||||
* This is used when we have a set of polices that have been requested, but the server
|
||||
* is willing to allow unsupported policies to be considered optional.
|
||||
*
|
||||
* @param policies the polices that were requested
|
||||
* @return the same PolicySet if all are supported; A replacement PolicySet if any
|
||||
* unsupported policies were removed
|
||||
*/
|
||||
public PolicySet clearUnsupportedPolicies(PolicySet policies) {
|
||||
PolicySet result = policies;
|
||||
// IMPLEMENTATION: At this time, the only policy which might not be supported is
|
||||
// encryption (which requires low-level systems support). Other policies are fully
|
||||
// supported by the framework and do not need to be checked.
|
||||
if (policies.mRequireEncryption) {
|
||||
int encryptionStatus = getDPM().getStorageEncryptionStatus();
|
||||
if (encryptionStatus == DevicePolicyManager.ENCRYPTION_STATUS_UNSUPPORTED) {
|
||||
// Make new PolicySet w/o encryption
|
||||
result = new PolicySet(policies.mMinPasswordLength, policies.mPasswordMode,
|
||||
policies.mMaxPasswordFails, policies.mMaxScreenLockTime,
|
||||
policies.mRequireRemoteWipe, policies.mPasswordExpirationDays,
|
||||
policies.mPasswordHistory, policies.mPasswordComplexChars, false);
|
||||
}
|
||||
}
|
||||
return result;
|
||||
}
|
||||
|
||||
/**
|
||||
* API: Query used to determine if a given policy is "active" (the device is operating at
|
||||
* the required security level).
|
||||
|
@ -1527,7 +1527,12 @@ public class EasSyncService extends AbstractSyncService {
|
||||
String policyKey = acknowledgeProvision(pp.getPolicyKey(),
|
||||
PROVISION_STATUS_PARTIAL);
|
||||
// Return either the parser (success) or null (failure)
|
||||
return (policyKey != null) ? pp : null;
|
||||
if (policyKey != null) {
|
||||
pp.clearUnsupportedPolicies();
|
||||
return pp;
|
||||
} else {
|
||||
return null;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -2190,7 +2195,7 @@ public class EasSyncService extends AbstractSyncService {
|
||||
/**
|
||||
* Common code to sync E+PIM data
|
||||
*
|
||||
* @param target, an EasMailbox, EasContacts, or EasCalendar object
|
||||
* @param target an EasMailbox, EasContacts, or EasCalendar object
|
||||
*/
|
||||
public void sync(AbstractSyncAdapter target) throws IOException {
|
||||
Mailbox mailbox = target.mMailbox;
|
||||
|
@ -60,6 +60,12 @@ public class ProvisionParser extends Parser {
|
||||
return (mPolicySet != null) && mIsSupportable;
|
||||
}
|
||||
|
||||
public void clearUnsupportedPolicies() {
|
||||
mPolicySet = SecurityPolicy.getInstance(mService.mContext)
|
||||
.clearUnsupportedPolicies(mPolicySet);
|
||||
mIsSupportable = true;
|
||||
}
|
||||
|
||||
private void parseProvisionDocWbxml() throws IOException {
|
||||
int minPasswordLength = 0;
|
||||
int passwordMode = PolicySet.PASSWORD_MODE_NONE;
|
||||
|
@ -19,13 +19,14 @@ package com.android.email;
|
||||
import com.android.email.SecurityPolicy.PolicySet;
|
||||
import com.android.email.provider.ContentCache;
|
||||
import com.android.email.provider.EmailContent;
|
||||
import com.android.email.provider.EmailProvider;
|
||||
import com.android.email.provider.ProviderTestUtils;
|
||||
import com.android.email.provider.EmailContent.Account;
|
||||
import com.android.email.provider.EmailContent.AccountColumns;
|
||||
import com.android.email.provider.EmailContent.Mailbox;
|
||||
import com.android.email.provider.EmailContent.Message;
|
||||
import com.android.email.provider.EmailProvider;
|
||||
import com.android.email.provider.ProviderTestUtils;
|
||||
|
||||
import android.app.admin.DevicePolicyManager;
|
||||
import android.content.ContentUris;
|
||||
import android.content.ContentValues;
|
||||
import android.content.Context;
|
||||
@ -73,7 +74,7 @@ public class SecurityPolicyTests extends ProviderTestCase2<EmailProvider> {
|
||||
/**
|
||||
* Private context wrapper used to add back getPackageName() for these tests.
|
||||
*
|
||||
* This class also implements {@link Context} method(s) that is called during tests.
|
||||
* This class also implements {@link Context} method(s) that are called during tests.
|
||||
*/
|
||||
private static class MockContext2 extends ContextWrapper {
|
||||
|
||||
@ -93,6 +94,11 @@ public class SecurityPolicyTests extends ProviderTestCase2<EmailProvider> {
|
||||
public String getPackageName() {
|
||||
return mRealContext.getPackageName();
|
||||
}
|
||||
|
||||
@Override
|
||||
public Object getSystemService(String name) {
|
||||
return mRealContext.getSystemService(name);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
@ -606,4 +612,32 @@ public class SecurityPolicyTests extends ProviderTestCase2<EmailProvider> {
|
||||
account = Account.restoreAccountWithId(mMockContext, account3Id);
|
||||
assertEquals(Account.FLAGS_SECURITY_HOLD, account.mFlags & Account.FLAGS_SECURITY_HOLD);
|
||||
}
|
||||
|
||||
/**
|
||||
* Test the code that clears unsupported policies
|
||||
* TODO inject a mock DPM so we can directly control & test all cases, no matter what device
|
||||
*/
|
||||
public void testClearUnsupportedPolicies() {
|
||||
PolicySet p1 = new PolicySet(1, PolicySet.PASSWORD_MODE_STRONG, 3, 4, true, 7, 8, 9, false);
|
||||
PolicySet p2 = new PolicySet(1, PolicySet.PASSWORD_MODE_STRONG, 3, 4, true, 7, 8, 9, true);
|
||||
|
||||
SecurityPolicy sp = getSecurityPolicy();
|
||||
DevicePolicyManager dpm = sp.getDPM();
|
||||
boolean hasEncryption =
|
||||
dpm.getStorageEncryptionStatus() != DevicePolicyManager.ENCRYPTION_STATUS_UNSUPPORTED;
|
||||
|
||||
PolicySet p1Result = sp.clearUnsupportedPolicies(p1);
|
||||
PolicySet p2Result = sp.clearUnsupportedPolicies(p2);
|
||||
|
||||
// No changes expected when encryptionRequested was false
|
||||
assertEquals(p1, p1Result);
|
||||
if (hasEncryption) {
|
||||
// No changes expected
|
||||
assertEquals(p2, p2Result);
|
||||
} else {
|
||||
PolicySet p2Expect =
|
||||
new PolicySet(1, PolicySet.PASSWORD_MODE_STRONG, 3, 4, true, 7, 8, 9, false);
|
||||
assertEquals(p2Expect, p2Result);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user