am 9382eb9f: am a30631da: Clear password related policies in PolicySet when p/w not required

Merge commit '9382eb9ff21855e98b67392f99d721a78a4cfab0' into gingerbread-plus-aosp

* commit '9382eb9ff21855e98b67392f99d721a78a4cfab0':
  Clear password related policies in PolicySet when p/w not required
This commit is contained in:
Andrew Stadler 2010-08-12 15:18:24 -07:00 committed by Android Git Automerger
commit c263134492
2 changed files with 42 additions and 28 deletions

View File

@ -453,23 +453,30 @@ public class SecurityPolicy {
*/
public PolicySet(int minPasswordLength, int passwordMode, int maxPasswordFails,
int maxScreenLockTime, boolean requireRemoteWipe) throws IllegalArgumentException {
// Check against hard limits
// EAS doesn't generate values outside these limits anyway
if (minPasswordLength > PASSWORD_LENGTH_MAX) {
throw new IllegalArgumentException("password length");
// If we're not enforcing passwords, make sure we clean up related values, since EAS
// can send non-zero values for any or all of these
if (passwordMode == PASSWORD_MODE_NONE) {
maxPasswordFails = 0;
maxScreenLockTime = 0;
minPasswordLength = 0;
} else {
if ((passwordMode != PASSWORD_MODE_SIMPLE) &&
(passwordMode != PASSWORD_MODE_STRONG)) {
throw new IllegalArgumentException("password mode");
}
// The next value has a hard limit which cannot be supported if exceeded.
if (minPasswordLength > PASSWORD_LENGTH_MAX) {
throw new IllegalArgumentException("password length");
}
// This value can be reduced (which actually increases security) if necessary
if (maxPasswordFails > PASSWORD_MAX_FAILS_MAX) {
maxPasswordFails = PASSWORD_MAX_FAILS_MAX;
}
// This value can be reduced (which actually increases security) if necessary
if (maxScreenLockTime > SCREEN_LOCK_TIME_MAX) {
maxScreenLockTime = SCREEN_LOCK_TIME_MAX;
}
}
if (passwordMode < PASSWORD_MODE_NONE || passwordMode > PASSWORD_MODE_STRONG) {
throw new IllegalArgumentException("password mode");
}
// This value can be reduced (which actually increases security) if necessary
if (maxPasswordFails > PASSWORD_MAX_FAILS_MAX) {
maxPasswordFails = PASSWORD_MAX_FAILS_MAX;
}
// This value can be reduced (which actually increases security) if necessary
if (maxScreenLockTime > SCREEN_LOCK_TIME_MAX) {
maxScreenLockTime = SCREEN_LOCK_TIME_MAX;
}
mMinPasswordLength = minPasswordLength;
mPasswordMode = passwordMode;
mMaxPasswordFails = maxPasswordFails;

View File

@ -95,7 +95,7 @@ public class SecurityPolicyTests extends ProviderTestCase2<EmailProvider> {
// We know that EMPTY_POLICY_SET doesn't generate an Exception or we wouldn't be here
// Try some illegal parameters
try {
new PolicySet(100, PolicySet.PASSWORD_MODE_NONE, 0, 0, false);
new PolicySet(100, PolicySet.PASSWORD_MODE_SIMPLE, 0, 0, false);
fail("Too-long password allowed");
} catch (IllegalArgumentException e) {
}
@ -104,12 +104,19 @@ public class SecurityPolicyTests extends ProviderTestCase2<EmailProvider> {
fail("Illegal password mode allowed");
} catch (IllegalArgumentException e) {
}
PolicySet ps = new PolicySet(0, PolicySet.PASSWORD_MODE_NONE, 0,
PolicySet ps = new PolicySet(0, PolicySet.PASSWORD_MODE_SIMPLE, 0,
PolicySet.SCREEN_LOCK_TIME_MAX + 1, false);
assertEquals(PolicySet.SCREEN_LOCK_TIME_MAX, ps.getMaxScreenLockTime());
ps = new PolicySet(0, PolicySet.PASSWORD_MODE_NONE,
ps = new PolicySet(0, PolicySet.PASSWORD_MODE_SIMPLE,
PolicySet.PASSWORD_MAX_FAILS_MAX + 1, 0, false);
assertEquals(PolicySet.PASSWORD_MAX_FAILS_MAX, ps.getMaxPasswordFails());
// All password related fields should be zero when password mode is NONE
// Illegal values for these fields should be ignored
ps = new PolicySet(999/*length*/, PolicySet.PASSWORD_MODE_NONE,
999/*fails*/, 9999/*screenlock*/, false);
assertEquals(0, ps.mMinPasswordLength);
assertEquals(0, ps.mMaxScreenLockTime);
assertEquals(0, ps.mMaxPasswordFails);
}
/**
@ -165,7 +172,7 @@ public class SecurityPolicyTests extends ProviderTestCase2<EmailProvider> {
// pw length and pw mode - max logic - will *not* change because smaller #s here
// fail count and lock timer - min logic - will change because smaller #s here
// wipe required - OR logic - will change here because true
PolicySet p5in = new PolicySet(4, PolicySet.PASSWORD_MODE_NONE, 5, 6, true);
PolicySet p5in = new PolicySet(4, PolicySet.PASSWORD_MODE_SIMPLE, 5, 6, true);
Account a5 = ProviderTestUtils.setupAccount("sec-5", false, mMockContext);
p5in.writeAccount(a5, null, true, mMockContext);
PolicySet p5out = sp.computeAggregatePolicy();
@ -202,9 +209,9 @@ public class SecurityPolicyTests extends ProviderTestCase2<EmailProvider> {
*/
@SmallTest
public void testFieldIsolation() {
PolicySet p = new PolicySet(PolicySet.PASSWORD_LENGTH_MAX, 0, 0, 0, false);
PolicySet p = new PolicySet(PolicySet.PASSWORD_LENGTH_MAX, PolicySet.PASSWORD_MODE_SIMPLE,
0, 0, false);
assertEquals(PolicySet.PASSWORD_LENGTH_MAX, p.mMinPasswordLength);
assertEquals(0, p.mPasswordMode);
assertEquals(0, p.mMaxPasswordFails);
assertEquals(0, p.mMaxScreenLockTime);
assertFalse(p.mRequireRemoteWipe);
@ -212,27 +219,27 @@ public class SecurityPolicyTests extends ProviderTestCase2<EmailProvider> {
p = new PolicySet(0, PolicySet.PASSWORD_MODE_STRONG, 0, 0, false);
assertEquals(0, p.mMinPasswordLength);
assertEquals(PolicySet.PASSWORD_MODE_STRONG, p.mPasswordMode);
assertEquals(0, p.mMinPasswordLength);
assertEquals(0, p.mMaxPasswordFails);
assertEquals(0, p.mMaxScreenLockTime);
assertFalse(p.mRequireRemoteWipe);
p = new PolicySet(0, 0, PolicySet.PASSWORD_MAX_FAILS_MAX, 0, false);
p = new PolicySet(0, PolicySet.PASSWORD_MODE_SIMPLE, PolicySet.PASSWORD_MAX_FAILS_MAX, 0,
false);
assertEquals(0, p.mMinPasswordLength);
assertEquals(0, p.mPasswordMode);
assertEquals(PolicySet.PASSWORD_MAX_FAILS_MAX, p.mMaxPasswordFails);
assertEquals(0, p.mMaxScreenLockTime);
assertFalse(p.mRequireRemoteWipe);
p = new PolicySet(0, 0, 0, PolicySet.SCREEN_LOCK_TIME_MAX, false);
p = new PolicySet(0, PolicySet.PASSWORD_MODE_SIMPLE, 0, PolicySet.SCREEN_LOCK_TIME_MAX,
false);
assertEquals(0, p.mMinPasswordLength);
assertEquals(0, p.mPasswordMode);
assertEquals(0, p.mMaxPasswordFails);
assertEquals(PolicySet.SCREEN_LOCK_TIME_MAX, p.mMaxScreenLockTime);
assertFalse(p.mRequireRemoteWipe);
p = new PolicySet(0, 0, 0, 0, true);
p = new PolicySet(0, PolicySet.PASSWORD_MODE_NONE, 0, 0, true);
assertEquals(0, p.mMinPasswordLength);
assertEquals(0, p.mPasswordMode);
assertEquals(0, p.mMaxPasswordFails);
assertEquals(0, p.mMaxScreenLockTime);
assertTrue(p.mRequireRemoteWipe);