Merge "Properly handle unsupported encryption policy" into honeycomb

2011-01-19 12:01:56 -08:00 · 2011-01-19 12:01:56 -08:00 · be6910e7a4
commit be6910e7a4
parent 3db3e4b795 a0d080558f
4 changed files with 80 additions and 7 deletions
--- a/src/com/android/email/SecurityPolicy.java
+++ b/src/com/android/email/SecurityPolicy.java
@ -187,7 +187,7 @@ public class SecurityPolicy {
    /**
     * Get the dpm.  This mainly allows us to make some utility calls without it, for testing.
     */
-    private synchronized DevicePolicyManager getDPM() {
+    /* package */ synchronized DevicePolicyManager getDPM() {
        if (mDPM == null) {
            mDPM = (DevicePolicyManager) mContext.getSystemService(Context.DEVICE_POLICY_SERVICE);
        }
@ -216,7 +216,7 @@ public class SecurityPolicy {
    /**
     * API: Query if the proposed set of policies are supported on the device.
     *
-     * @param policies requested
+     * @param policies the polices that were requested
     * @return boolean if supported
     */
    public boolean isSupported(PolicySet policies) {
@ -232,6 +232,34 @@ public class SecurityPolicy {
        return true;
    }

+    /**
+     * API: Remove any unsupported policies
+     *
+     * This is used when we have a set of polices that have been requested, but the server
+     * is willing to allow unsupported policies to be considered optional.
+     *
+     * @param policies the polices that were requested
+     * @return the same PolicySet if all are supported;  A replacement PolicySet if any
+     *   unsupported policies were removed
+     */
+    public PolicySet clearUnsupportedPolicies(PolicySet policies) {
+        PolicySet result = policies;
+        // IMPLEMENTATION:  At this time, the only policy which might not be supported is
+        // encryption (which requires low-level systems support).  Other policies are fully
+        // supported by the framework and do not need to be checked.
+        if (policies.mRequireEncryption) {
+            int encryptionStatus = getDPM().getStorageEncryptionStatus();
+            if (encryptionStatus == DevicePolicyManager.ENCRYPTION_STATUS_UNSUPPORTED) {
+                // Make new PolicySet w/o encryption
+                result = new PolicySet(policies.mMinPasswordLength, policies.mPasswordMode,
+                        policies.mMaxPasswordFails, policies.mMaxScreenLockTime,
+                        policies.mRequireRemoteWipe, policies.mPasswordExpirationDays,
+                        policies.mPasswordHistory, policies.mPasswordComplexChars, false);
+            }
+        }
+        return result;
+    }
+
    /**
     * API: Query used to determine if a given policy is "active" (the device is operating at
     * the required security level).
--- a/src/com/android/exchange/EasSyncService.java
+++ b/src/com/android/exchange/EasSyncService.java
@ -1527,7 +1527,12 @@ public class EasSyncService extends AbstractSyncService {
                        String policyKey = acknowledgeProvision(pp.getPolicyKey(),
                                PROVISION_STATUS_PARTIAL);
                        // Return either the parser (success) or null (failure)
-                        return (policyKey != null) ? pp : null;
+                        if (policyKey != null) {
+                            pp.clearUnsupportedPolicies();
+                            return pp;
+                        } else {
+                            return null;
+                        }
                    }
                }
            }
@ -2190,7 +2195,7 @@ public class EasSyncService extends AbstractSyncService {
    /**
     * Common code to sync E+PIM data
     *
-     * @param target, an EasMailbox, EasContacts, or EasCalendar object
+     * @param target an EasMailbox, EasContacts, or EasCalendar object
     */
    public void sync(AbstractSyncAdapter target) throws IOException {
        Mailbox mailbox = target.mMailbox;
--- a/src/com/android/exchange/adapter/ProvisionParser.java
+++ b/src/com/android/exchange/adapter/ProvisionParser.java
@ -60,6 +60,12 @@ public class ProvisionParser extends Parser {
        return (mPolicySet != null) && mIsSupportable;
    }

+    public void clearUnsupportedPolicies() {
+        mPolicySet = SecurityPolicy.getInstance(mService.mContext)
+                .clearUnsupportedPolicies(mPolicySet);
+        mIsSupportable = true;
+    }
+
    private void parseProvisionDocWbxml() throws IOException {
        int minPasswordLength = 0;
        int passwordMode = PolicySet.PASSWORD_MODE_NONE;
--- a/tests/src/com/android/email/SecurityPolicyTests.java
+++ b/tests/src/com/android/email/SecurityPolicyTests.java
@ -19,13 +19,14 @@ package com.android.email;
 import com.android.email.SecurityPolicy.PolicySet;
 import com.android.email.provider.ContentCache;
 import com.android.email.provider.EmailContent;
-import com.android.email.provider.EmailProvider;
-import com.android.email.provider.ProviderTestUtils;
 import com.android.email.provider.EmailContent.Account;
 import com.android.email.provider.EmailContent.AccountColumns;
 import com.android.email.provider.EmailContent.Mailbox;
 import com.android.email.provider.EmailContent.Message;
+import com.android.email.provider.EmailProvider;
+import com.android.email.provider.ProviderTestUtils;

+import android.app.admin.DevicePolicyManager;
 import android.content.ContentUris;
 import android.content.ContentValues;
 import android.content.Context;
@ -73,7 +74,7 @@ public class SecurityPolicyTests extends ProviderTestCase2<EmailProvider> {
    /**
     * Private context wrapper used to add back getPackageName() for these tests.
     *
-     * This class also implements {@link Context} method(s) that is called during tests.
+     * This class also implements {@link Context} method(s) that are called during tests.
     */
    private static class MockContext2 extends ContextWrapper {

@ -93,6 +94,11 @@ public class SecurityPolicyTests extends ProviderTestCase2<EmailProvider> {
        public String getPackageName() {
            return mRealContext.getPackageName();
        }
+
+        @Override
+        public Object getSystemService(String name) {
+            return mRealContext.getSystemService(name);
+        }
    }

    /**
@ -606,4 +612,32 @@ public class SecurityPolicyTests extends ProviderTestCase2<EmailProvider> {
        account = Account.restoreAccountWithId(mMockContext, account3Id);
        assertEquals(Account.FLAGS_SECURITY_HOLD, account.mFlags & Account.FLAGS_SECURITY_HOLD);
    }
+
+    /**
+     * Test the code that clears unsupported policies
+     * TODO inject a mock DPM so we can directly control & test all cases, no matter what device
+     */
+    public void testClearUnsupportedPolicies() {
+        PolicySet p1 = new PolicySet(1, PolicySet.PASSWORD_MODE_STRONG, 3, 4, true, 7, 8, 9, false);
+        PolicySet p2 = new PolicySet(1, PolicySet.PASSWORD_MODE_STRONG, 3, 4, true, 7, 8, 9, true);
+
+        SecurityPolicy sp = getSecurityPolicy();
+        DevicePolicyManager dpm = sp.getDPM();
+        boolean hasEncryption =
+            dpm.getStorageEncryptionStatus() != DevicePolicyManager.ENCRYPTION_STATUS_UNSUPPORTED;
+
+        PolicySet p1Result = sp.clearUnsupportedPolicies(p1);
+        PolicySet p2Result = sp.clearUnsupportedPolicies(p2);
+
+        // No changes expected when encryptionRequested was false
+        assertEquals(p1, p1Result);
+        if (hasEncryption) {
+            // No changes expected
+            assertEquals(p2, p2Result);
+        } else {
+            PolicySet p2Expect =
+                new PolicySet(1, PolicySet.PASSWORD_MODE_STRONG, 3, 4, true, 7, 8, 9, false);
+            assertEquals(p2Expect, p2Result);
+        }
+    }
 }