From 4fa12e52fc464185a08b93db3f92510c7a54d3a4 Mon Sep 17 00:00:00 2001
From: Marc Blank <mblank@google.com>
Date: Thu, 13 Jan 2011 13:27:30 -0800
Subject: [PATCH] Support encryption in EAS provisioning

* Confirmed that policies enforcing encryption are rejected as
  unsupported (since full encryption plumbing is not in place)

Bug: 334652

Change-Id: I82340cfbd68a9663714a98824a5d8395f2c0da74
---
 .../exchange/adapter/ProvisionParser.java      | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/src/com/android/exchange/adapter/ProvisionParser.java b/src/com/android/exchange/adapter/ProvisionParser.java
index 076a4caef..1744bc0a1 100644
--- a/src/com/android/exchange/adapter/ProvisionParser.java
+++ b/src/com/android/exchange/adapter/ProvisionParser.java
@@ -68,6 +68,7 @@ public class ProvisionParser extends Parser {
         int passwordExpirationDays = 0;
         int passwordHistory = 0;
         int passwordComplexChars = 0;
+        boolean encryptionRequired = false;
 
         while (nextTag(Tags.PROVISION_EAS_PROVISION_DOC) != END) {
             boolean tagIsSupported = true;
@@ -129,10 +130,18 @@ public class ProvisionParser extends Parser {
                         tagIsSupported = false;
                     }
                     break;
+                // We may now support device (internal) encryption; we'll check this capability
+                // below with the call to SecurityPolicy.isSupported()
+                case Tags.PROVISION_REQUIRE_DEVICE_ENCRYPTION:
+                    if (getValueInt() == 1) {
+                        encryptionRequired = true;
+                    }
+                    break;
                 // The following policies, if true, can't be supported at the moment
+                // Note that DEVICE_ENCRYPTION_ENABLED refers to SD card encryption, which we do
+                // not yet support.
                 case Tags.PROVISION_DEVICE_ENCRYPTION_ENABLED:
                 case Tags.PROVISION_PASSWORD_RECOVERY_ENABLED:
-                case Tags.PROVISION_REQUIRE_DEVICE_ENCRYPTION:
                 case Tags.PROVISION_REQUIRE_SIGNED_SMIME_MESSAGES:
                 case Tags.PROVISION_REQUIRE_ENCRYPTED_SMIME_MESSAGES:
                 case Tags.PROVISION_REQUIRE_SIGNED_SMIME_ALGORITHM:
@@ -196,7 +205,12 @@ public class ProvisionParser extends Parser {
 
         mPolicySet = new SecurityPolicy.PolicySet(minPasswordLength, passwordMode,
                 maxPasswordFails, maxScreenLockTime, true, passwordExpirationDays, passwordHistory,
-                passwordComplexChars, false);
+                passwordComplexChars, encryptionRequired);
+        // We can only determine whether encryption is supported on device by using isSupported here
+        if (!SecurityPolicy.getInstance(mService.mContext).isSupported(mPolicySet)) {
+            log("SecurityPolicy reports PolicySet not supported.");
+            mIsSupportable = false;
+        }
     }
 
     /**